Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Allegations regarding OpenBSD IPSEC

From: phil () jabea net
Date: Wed, 15 Dec 2010 14:59:41 -0500
In my own opinion, when the code hit the stable release, I doubt that
after the code is audited at 100% unless someone add a new feature to that
part or a bug is found in that code part. All that due to the complexity
to understand the code, all that energy is better invested to make new
features and to remove existing bug.

Thats why IMO for that disclosure. (to put the focust on that code part)



-phil


--On December 14, 2010 8:40:14 PM -0500 bugs () fbi dhs org wrote:


Hi,

Has anyone read this yet?

http://www.downspout.org/?q=node/3

Seems IPSEC might have a back door written into it by the FBI?



So for 10 years IPSEC has had a backdoor in it and not one person
examining
the code has noticed it?  Or even questioned it?  That's a bit hard to
believe.  It's along the same lines as the stories that Microsoft captures
all your packets and harvests your personal information.

Read The Cathedral and The Bazaar.

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
"It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead." Thomas Jefferson
"There are some ideas so wrong that only a very
intelligent person could believe in them." George Orwell

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: