[cryptography] Fwd: [gsc] Fwd: OpenBSD IPSEC backdoor(s)
jon at callas.org
Fri Dec 17 12:34:39 EST 2010
Let's get back to the matter at hand.
I believe that there's another principle, which is that he who proposes, disposes. I'll repeat -- it's up to the person who says there was/is a back door to find it.
Searching the history for stupid-ass bugs is carrying their paranoid water. *Finding* a bug is not only carrying their water, but accusing someone of being underhanded. The difference between a stupid bug and a back door is intent. By calling a bug a back door, or considering it, we're also accusing that coder of being underhanded. You're doing precisely what the person throwing the paranoia wants. You're sowing fear and paranoia.
Of course there are stupid bugs in the IPsec code. There's stupid bugs in every large system. It is difficult to assign intent to bugs, though, as that ends up being a discussion of the person.
I also think that in this case, the accusation is laughable. I'll be happy to laugh in anyone's face who needs makes it, in person.
More information about the cryptography