Full Disclosure mailing list archives

Re: Allegations regarding OpenBSD IPSEC

From: clément Game <clement () digi-nation com>
Date: Thu, 16 Dec 2010 00:46:52 +0100

i second that...yet we obviously need to figure out better ways to audit the code...maybe some kind of 
security-oriented unit-test framework ? ( dont'know if it exists already, and if it does, maybe that it's already 
employed  for the OpenBSD project...dunno )

WintermeW

Le 15 déc. 2010 à 20:59, phil () jabea net a écrit :

In my own opinion, when the code hit the stable release, I doubt that
after the code is audited at 100% unless someone add a new feature to that
part or a bug is found in that code part. All that due to the complexity
to understand the code, all that energy is better invested to make new
features and to remove existing bug.

Thats why IMO for that disclosure. (to put the focust on that code part)



-phil

--On December 14, 2010 8:40:14 PM -0500 bugs () fbi dhs org wrote:

Hi,

Has anyone read this yet?

http://www.downspout.org/?q=node/3

Seems IPSEC might have a back door written into it by the FBI?


So for 10 years IPSEC has had a backdoor in it and not one person
examining
the code has noticed it?  Or even questioned it?  That's a bit hard to
believe.  It's along the same lines as the stories that Microsoft captures
all your packets and harvests your personal information.

Read The Cathedral and The Bazaar.

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
"It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead." Thomas Jefferson
"There are some ideas so wrong that only a very
intelligent person could believe in them." George Orwell

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Allegations regarding OpenBSD IPSEC, (continued)
- Re: Allegations regarding OpenBSD IPSEC Paul Schmehl (Dec 15)
  - Re: Allegations regarding OpenBSD IPSEC musnt live (Dec 15)
  - Re: Allegations regarding OpenBSD IPSEC bk (Dec 15)
    - Re: Allegations regarding OpenBSD IPSEC Paul Schmehl (Dec 15)
    - Re: Allegations regarding OpenBSD IPSEC J. Oquendo (Dec 15)
    - Re: Allegations regarding OpenBSD IPSEC Aldis Berjoza (Dec 15)
  - Re: Allegations regarding OpenBSD IPSEC Steve Pinkham (Dec 15)
  - Re: Allegations regarding OpenBSD IPSEC Michal Zalewski (Dec 15)
  - Re: Allegations regarding OpenBSD IPSEC Valdis . Kletnieks (Dec 15)
  - Re: Allegations regarding OpenBSD IPSEC phil (Dec 15)
    - Re: Allegations regarding OpenBSD IPSEC clément Game (Dec 15)
    - Re: Allegations regarding OpenBSD IPSEC BMF (Dec 15)
  - Re: Allegations regarding OpenBSD IPSEC Larry Seltzer (Dec 15)
    - Re: Allegations regarding OpenBSD IPSEC Graham Gower (Dec 15)
    - Re: Allegations regarding OpenBSD IPSEC mark seiden (Dec 15)
    - Re: Allegations regarding OpenBSD IPSEC Abuse007 (Dec 16)
    - Re: Allegations regarding OpenBSD IPSEC Valdis . Kletnieks (Dec 16)
    - Re: Allegations regarding OpenBSD IPSEC malfy (Dec 16)
    - Re: Allegations regarding OpenBSD IPSEC Larry Seltzer (Dec 16)
    - Re: Allegations regarding OpenBSD IPSEC Paul Schmehl (Dec 16)
    - Re: Allegations regarding OpenBSD IPSEC John Horn (Dec 16)

(Thread continues...)