[cryptography] Fwd: [gsc] Fwd: OpenBSD IPSEC backdoor(s)

Kevin W. Wall kevin.w.wall at gmail.com
Fri Dec 17 19:25:10 EST 2010


On 12/17/2010 12:34 PM, Jon Callas wrote:
> <...snip...>
> Searching the history for stupid-ass bugs is carrying their paranoid
> water. *Finding* a bug is not only carrying their water, but accusing
> someone of being underhanded. The difference between a stupid bug and
> a back door is intent. By calling a bug a back door, or considering
> it, we're also accusing that coder of being underhanded. You're doing
> precisely what the person throwing the paranoia wants. You're sowing
> fear and paranoia.
>
> Of course there are stupid bugs in the IPsec code. There's stupid bugs
> in every large system. It is difficult to assign intent to bugs, though,
> as that ends up being a discussion of the person.

Oh put another way, when it comes to maliciousness versus human stupidity,
I'll pick human stupidity almost every time.

-kevin
-- 
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME



More information about the cryptography mailing list