From owner-freebsd-security@FreeBSD.ORG Wed Dec 15 16:48:14 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C5404106579C for ; Wed, 15 Dec 2010 16:48:14 +0000 (UTC) (envelope-from bf1783@googlemail.com) Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com [209.85.161.172]) by mx1.freebsd.org (Postfix) with ESMTP id 7DFA28FC1C for ; Wed, 15 Dec 2010 16:48:14 +0000 (UTC) Received: by gxk28 with SMTP id 28so1677738gxk.17 for ; Wed, 15 Dec 2010 08:48:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:received:reply-to :in-reply-to:references:date:message-id:subject:from:to:cc :content-type; bh=0c8Kpm+tUS7zipyGTsR5mgvzrHq340TpZB/Tdt1Du9c=; b=qj1ZqpqXBWRFy1XTebt3GnjhSyjb9v3/eMtJoB3qRStmWn8kOAVC0Thbs+scbJzNv9 UTtDq8okilJqnfMXbwsmqlCSX/PEOblv0GxmI319MR3+g49+QMrjKvZU4lvAq6TDzu01 IwJfLZbh6MWmh0Pi/iUALWbmi1Z3DuhbOc5G0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; b=sdo/93a8eQBfLVx9vxsCTGbvNv61/tvDanrh+NNfoYJQrI+3OwZSL8itHpICs5VKwv dJrq+6ZtdEbUxCloukzcO0vKPRQhtrAD/6XfVNmup0hJsGlddu6w/GUVBMtq8qVlqYAp QCYbUUkROgRRX8k4rhW91EmHLHavMPWjf7XQk= MIME-Version: 1.0 Received: by 10.236.103.133 with SMTP id f5mr5903316yhg.14.1292430272684; Wed, 15 Dec 2010 08:24:32 -0800 (PST) Received: by 10.236.102.142 with HTTP; Wed, 15 Dec 2010 08:24:32 -0800 (PST) In-Reply-To: References: <4d08a854.w8rPywliRhHs/MXH%akosela@andykosela.com> <19720.57471.684530.72355@hergotha.csail.mit.edu> Date: Wed, 15 Dec 2010 16:24:32 +0000 Message-ID: From: "b. f." To: Rob Farmer Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-security@freebsd.org, Garrett Wollman Subject: Re: Allegations regarding OpenBSD IPSEC X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: bf1783@gmail.com List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Dec 2010 16:48:14 -0000 On 12/15/10, Rob Farmer wrote: > On Wed, Dec 15, 2010 at 07:36, Garrett Wollman > wrote: >> <> said: >> >>> If his allegations are correct, they should be easy to verify. He >>> could post a copy of the NDA and a Freedom of Information Act request >>> could be submitted to verify it. If, as claimed, the NDA expired and >>> this can be discussed freely by the general public, then they would >>> not be able to deny the request. >> >> Actually, they would, because it would fall under the "internal >> personnel matter" exemption from FOIA. >> >> -GAWollman >> > > I'm not a lawyer, but couldn't he exempt himself and they black out > the other people's names? If he could provide some evidence that this > isn't a publicity stunt and interest a major media organization or a > civil rights group (like the ACLU or EFF), I suspect they could apply > enough political and legal pressure to avoid getting brushed off. > > Besides, if this were legitimate, it could benefit the Democrats > (given that it supposedly occurred during the Bush administration), so > how hard would they really fight it? I don't think that your reasoning about the government's willingness to release this information, or the extent to which this is a partisan issue, is correct. But the details of who was involved, and what agreements were in place, are secondary to the issue of whether there are vulnerabilities, intentional or otherwise, in the code. For those who have the time and ability to audit the code, there are some possible problems to look for: http://marc.info/?l=openbsd-tech&m=129237675106730&w=2 b.