Date: Wed, 15 Dec 2010 20:46:27 +0000 From: Arthur Chance <freebsd@qeng-ho.org> To: FreeBSD-Questions <freebsd-questions@freebsd.org> Subject: Re: FreeBSD IPSec stack contains backdoors? Message-ID: <4D092923.8070709@qeng-ho.org> In-Reply-To: <C6BD1E5D-CB95-49F4-BE69-F25C2B6D421C@todoo.biz> References: <AANLkTimQAZ5J5CB4ub7RAQZw93cKD6UxBaYa%2BU6M597Q@mail.gmail.com> <C6BD1E5D-CB95-49F4-BE69-F25C2B6D421C@todoo.biz>
next in thread | previous in thread | raw e-mail | index | archive | help
[Top posting edited out, with heavy elisions] On 12/15/10 17:55, bsd wrote: > Le 15 déc. 2010 à 15:23, Victor Lyapunov a écrit : >> Recently OpenBSD developer Gregory Perry disclosed information about >> possible backdoors in OpenBSD IPSec stack >> >> As far as I am aware, FreeBSD contains considerable amount of code >> ported from OpenBSD. The question is: was the FreeBSD's ipsec code >> ported from OpenBSD's implementation? If so, what might be the impact >> of this? > This is not so clear ! > > http://www.itworld.com/open-source/130820/openbsdfbi-allegations-denied-named-participant Possibly a little more information: http://www.theregister.co.uk/2010/12/15/openbsd_backdoor_claim/ > We should ask competent persons like Colin Percival… the FreeBSD Security Officer since 2005. > He would have a point of view much more precise than anyone of us could have. I have no doubt he's looking at it, but waiting until he knows something before making an announcement. Let him take as much time as he needs. Auditing the code seems a good idea, panicking about it a bad one. How many people actually use IPSec anyway? The one time I was forced to use it, it seemed like a hideous, designed by committee nightmare. (Having to set up incoming and outgoing crypto independently, who thought that was a good idea?) I'd always use something like OpenVPN by preference. -- "Although the wombat is real and the dragon is not, few know what a wombat looks like, but everyone knows what a dragon looks like." -- Avram Davidson, _Adventures in Unhistory_
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D092923.8070709>