[cryptography] Fwd: [gsc] Fwd: OpenBSD IPSEC backdoor(s)

Marsh Ray marsh at extendedsubset.com
Thu Dec 16 17:09:05 EST 2010


On 12/15/2010 02:36 PM, Jon Callas wrote:
>
> Facts. I want facts. Failing facts, I want a *testable* accusation.
> Failing that, I want a specific accusation.

How's this:

OpenBSD shipped with a bug which prevented effective IPsec ESP 
authentication for a few releases overlapping the time period in question:

> http://code.bsd64.org/cvsweb/openbsd/src/sys/netinet/ip_esp.c.diff?r1=1.74;r2=1.75;f=h

No advisory was made.

The developer who added it, and the developer who later reverted it, 
were said to be funded by NETSEC

> http://monkey.org/openbsd/archive/misc/0004/msg00583.html

I think there's more. I'm out of time to describe it right now, BBIAB.

- Marsh



More information about the cryptography mailing list