From owner-freebsd-security@FreeBSD.ORG Wed Dec 15 12:48:41 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9720710656C0 for ; Wed, 15 Dec 2010 12:48:41 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost1.sentex.ca (smarthost1-6.sentex.ca [IPv6:2607:f3e0:0:1::12]) by mx1.freebsd.org (Postfix) with ESMTP id 526C28FC0C for ; Wed, 15 Dec 2010 12:48:41 +0000 (UTC) Received: from [IPv6:2607:f3e0:0:4:5022:4efd:b73a:4846] ([IPv6:2607:f3e0:0:4:5022:4efd:b73a:4846]) by smarthost1.sentex.ca (8.14.4/8.14.4) with ESMTP id oBFCmcs6099114 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Wed, 15 Dec 2010 07:48:38 -0500 (EST) (envelope-from mike@sentex.net) Message-ID: <4D08B92A.1060902@sentex.net> Date: Wed, 15 Dec 2010 07:48:42 -0500 From: Mike Tancsa User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7 MIME-Version: 1.0 To: akosela@andykosela.com References: <4d08a854.w8rPywliRhHs/MXH%akosela@andykosela.com> In-Reply-To: <4d08a854.w8rPywliRhHs/MXH%akosela@andykosela.com> X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.67 on IPv6:2607:f3e0:0:1::12 Cc: freebsd-security@freebsd.org Subject: Re: Allegations regarding OpenBSD IPSEC X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Dec 2010 12:48:41 -0000 On 12/15/2010 6:36 AM, Andy Kosela wrote: > > Some of you probably already read this: > > http://marc.info/?l=openbsd-tech&m=129236621626462&w=2 > > Interesting...I wonder what is the impact of all this on FreeBSD code. > We may very well suppose that any government or corporation funded code > can theoretically have some kind of backdoor inside. Seems possible. However, not very probable IMHO. As others have said, would the guy really have a 10yr NDA, afterwords which would allow him to post such details ? Seems rather silly on that alone. The further unfortunate thing about this is that any number of potential implementation bugs can now be clouded in conspiracy theory. http://marc.info/?l=openbsd-tech&m=129237675106730&w=2 Hell, if people believe 9/11 was all staged, ipsec backdoors are a no brainer. I can see it now. The next bug that is found in the crypto system or network stack will draw a flood of discussion. "Is this the back door??" Seems to be getting industry reporting too http://napps.networkworld.com/news/2010/121510-former-contractor-says-fbi-put.html?hpg1=bn ---Mike