Full Disclosure mailing list archives

Re: OpenBSD Paradox

From: Benji <me () b3nji com>
Date: Wed, 15 Dec 2010 23:52:06 +0000

Out-of-troll-mode;

Although I do see that it is probably all FUD, musnt live makes some valid
points.

At the moment OpenBSD just lost a few (more, if you count cvs's being
rooted) trustworthyness-points, which can only be rectified with an audit of
IPSEC coden (initially). Until this is done, OpenBSD will have a hard time
regaining reputation.

On Wed, Dec 15, 2010 at 8:43 PM, musnt live <musntlive () gmail com> wrote:

On Wed, Dec 15, 2010 at 3:22 PM, Theo de Raadt <deraadt () cvs openbsd org>
wrote:

We has OpenBSD tell us:

"We have never allowed US citizens or foreign citizens working in the
US to hack on crypto code"
http://marc.info/?l=3Dopenbsd-tech&m=3D129237675106730&w=3D2


That statement remains true.

Our project permitted American developers to work on any part of the
tree which was not specifically cryptography; in this particular
instance that includes the parts of IPSEC which are 'dual use' or 'not
related to cryptography'.  We did not permit them to work on the
crypto-specific parts.


Military is clever at words and dual use for is example, dual use of
technology.

So is your approach: "He is not backdoor crypto! Only the portion on
the network - so is your data sniffable"

In all wording from OpenBSD, there is not one denial: "IPSEC is not
backdoored" only word trickery:

"We is full disclosing someone say IPSEC is backdoor"
"We is full disclosing IPSEC is not worked on by Americans"
"We is receive strange email"
"We is have DARPA funding cut!"

Never have we see:

"OpenBSD is not backdoored"
"OpenBSD audited is this code in the past"
"OpenBSD is currently going back to is audit"

Furthermore is fact that is as developer, one developer can seek help
from another developer and this is developer who put backdoor:

CryptoDeveloper = I has no idea how is to make this work
RogueDeveloper = I is has this special piece of code is for you
CryptoDeveloper = Is thanks!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

OpenBSD Paradox musnt live (Dec 15)
- Re: OpenBSD Paradox BMF (Dec 15)
  - Re: OpenBSD Paradox Greg Whynott (Dec 15)
  - Re: OpenBSD Paradox Randal T. Rioux (Dec 15)
- Re: OpenBSD Paradox Theo de Raadt (Dec 15)
  - Re: OpenBSD Paradox musnt live (Dec 15)
    - Re: OpenBSD Paradox Benji (Dec 15)
  - Re: OpenBSD Paradox Larry Seltzer (Dec 15)
    - Re: OpenBSD Paradox musnt live (Dec 15)
  - Re: OpenBSD Paradox Rob Wilcox (Dec 15)
    - Re: OpenBSD Paradox Jeffrey Walton (Dec 15)
    - Re: OpenBSD Paradox Michal Zalewski (Dec 15)
    - Re: OpenBSD Paradox Jeffrey Walton (Dec 15)
  - Re: OpenBSD Paradox coderman (Dec 20)
    - Re: OpenBSD Paradox Marsh Ray (Dec 20)
    - Re: OpenBSD Paradox coderman (Dec 20)