[cryptography] Fwd: [gsc] Fwd: OpenBSD IPSEC backdoor(s)
James A. Donald
jamesd at echeque.com
Thu Dec 16 18:02:27 EST 2010
On 2010-12-17 8:09 AM, Marsh Ray wrote:
> On 12/15/2010 02:36 PM, Jon Callas wrote:
>> Facts. I want facts. Failing facts, I want a *testable* accusation.
>> Failing that, I want a specific accusation.
> How's this:
> OpenBSD shipped with a bug which prevented effective IPsec ESP
> authentication for a few releases overlapping the time period in question:
> No advisory was made.
> The developer who added it, and the developer who later reverted it,
> were said to be funded by NETSEC
This sounds like a bug, which was then fixed, not a sinister plot. I
have done the same thing myself an alarming number of times.
(Moral, always have a good automatic test suite, especially for crypto,
since crypto bugs are frequently non obvious.)
More information about the cryptography