[cryptography] Fwd: [gsc] Fwd: OpenBSD IPSEC backdoor(s)
marsh at extendedsubset.com
Thu Dec 16 17:09:05 EST 2010
On 12/15/2010 02:36 PM, Jon Callas wrote:
> Facts. I want facts. Failing facts, I want a *testable* accusation.
> Failing that, I want a specific accusation.
OpenBSD shipped with a bug which prevented effective IPsec ESP
authentication for a few releases overlapping the time period in question:
No advisory was made.
The developer who added it, and the developer who later reverted it,
were said to be funded by NETSEC
I think there's more. I'm out of time to describe it right now, BBIAB.
More information about the cryptography