[cryptography] Fwd: [gsc] Fwd: OpenBSD IPSEC backdoor(s)
marsh at extendedsubset.com
Wed Dec 15 04:13:10 EST 2010
On 12/15/2010 01:38 AM, Peter Gutmann wrote:
> This is one of those things where those who know the truth won't be able to
> talk about it, and those who can openly talk about it don't know the truth.
> Having pointed out that distinction, I'll now talk about it :-). It violates
> the principle of least surprise, why on earth would the FBI show their hand in
> violating the integrity of an OSS product,
Note that everyone official, if it's even real, has maintained plausible
But there at least some of the details check out - I mean, the stormy
affair between OpenBSD and DARPA isn't exactly a secret.
> especially something of such
> relatively low value when, even in 2000/2001, the real crypto action was in
That was my first thought too: OpenBSD IPsec?! They sure know how to
But the guy did implicate the general crypto framework. Searching around
for various identifiers, it looks like pieces of that code have ended up
Connecting unsubstantiated rumor with unrelated speculation, this post
is dated the day before the Perry email. Basically it suggests there was
some connection between Wikileaks and BSD, but it's hard to tell the
degree to which the author is serious.
> My guess is that this arose from one of two things:
> 1. Someone seriously got their wires crossed (knotted, more like it).
I have no idea if this is relevant:
No mention of Mr. Perry being CTO here about the time this was alleged
to have occurred:
> 2. Someone has it in for OpenBSD (or Theo), and a spooky backdoor conspiracy
> would be an ideal vehicle for it.
You mean he might have made somebody angry?! :-O
> I'm going for (1).
Or even (3) somebody was bored over the holidays and got carried away
with exaggerated memories of past grandeur.
Still, with the accusations he's throwing around, I imagine a few people
who have professional reputations to uphold may be considering a call to
More information about the cryptography