[cryptography] Fwd: [gsc] Fwd: OpenBSD IPSEC backdoor(s)

James A. Donald jamesd at echeque.com
Thu Dec 16 18:02:27 EST 2010


On 2010-12-17 8:09 AM, Marsh Ray wrote:
> On 12/15/2010 02:36 PM, Jon Callas wrote:
>>
>> Facts. I want facts. Failing facts, I want a *testable* accusation.
>> Failing that, I want a specific accusation.
>
> How's this:
>
> OpenBSD shipped with a bug which prevented effective IPsec ESP
> authentication for a few releases overlapping the time period in question:
>
>> http://code.bsd64.org/cvsweb/openbsd/src/sys/netinet/ip_esp.c.diff?r1=1.74;r2=1.75;f=h
>>
>
> No advisory was made.
>
> The developer who added it, and the developer who later reverted it,
> were said to be funded by NETSEC
>
>> http://monkey.org/openbsd/archive/misc/0004/msg00583.html

This sounds like a bug, which was then fixed, not a sinister plot.  I 
have done the same thing myself an alarming number of times.

(Moral, always have a good automatic test suite, especially for crypto, 
since crypto bugs are frequently non obvious.)



More information about the cryptography mailing list