[cryptography] Fwd: [gsc] Fwd: OpenBSD IPSEC backdoor(s)

Steven Bellovin smb at cs.columbia.edu
Thu Dec 16 17:46:28 EST 2010


On Dec 16, 2010, at 5:09 05PM, Marsh Ray wrote:

> On 12/15/2010 02:36 PM, Jon Callas wrote:
>> 
>> Facts. I want facts. Failing facts, I want a *testable* accusation.
>> Failing that, I want a specific accusation.
> 
> How's this:
> 
> OpenBSD shipped with a bug which prevented effective IPsec ESP authentication for a few releases overlapping the time period in question:
> 
>> http://code.bsd64.org/cvsweb/openbsd/src/sys/netinet/ip_esp.c.diff?r1=1.74;r2=1.75;f=h
> 
> No advisory was made.
> 
> The developer who added it, and the developer who later reverted it, were said to be funded by NETSEC
> 
>> http://monkey.org/openbsd/archive/misc/0004/msg00583.html
> 
> I think there's more. I'm out of time to describe it right now, BBIAB.
> 
I've known Angelos Keromytis since about 1997; he's now a colleague of mine on the faculty at Columbia.  I've known John Ioannidis -- the other name attached to that code -- for considerably longer.  I've written papers with both of them.  To anyone who knows them, the thought that either would insert a bug at the FBI's behest is, shall we say, preposterous.


		--Steve Bellovin, http://www.cs.columbia.edu/~smb








More information about the cryptography mailing list