nanog mailing list archives
Re: Alleged backdoor in OpenBSD's IPSEC implementation.
From: sthaug () nethelp no
Date: Wed, 15 Dec 2010 20:02:15 +0100 (CET)
More to the point, I think it wouldn't be an NDA, but a security classification on the knowledge of the backdoors, and probably one not subject to automatic downgrading.Please pardon my ignorance on the matter as I am not involved in any way with Open Source development, but it stands to reason that anything of this sort would have been scrutinized by the many developers involved with OpenBSD and surely would have been discovered at some point. And to further that point, is this not something that can be verified now if this code is still in the public domain? Or is writing a crypto stack such an esoteric task that only a relegated few can possibly decipher the inner workings?
See Ken Thompson's classic paper "Reflections on trusting trust", http://en.wikipedia.org/wiki/Backdoor_(computing)#Reflections_on_Trusting_Trust http://cm.bell-labs.com/who/ken/trust.html
Not that I don't love a good government conspiracy theory, and yes I do believe there are a fair amount of backdoors in most code (including that of many private and publicly held corporations)... but open source? Just seems unlikely to me based on my limited understanding...
The world is not that simple. Steinar Haug, Nethelp consulting, sthaug () nethelp no
Current thread:
- Re: Alleged backdoor in OpenBSD's IPSEC implementation., (continued)
- Re: Alleged backdoor in OpenBSD's IPSEC implementation. Ken Chase (Dec 14)
- Re: Alleged backdoor in OpenBSD's IPSEC implementation. Michael J Wise (Dec 14)
- Re: Alleged backdoor in OpenBSD's IPSEC implementation. mikea (Dec 15)
- RE: Alleged backdoor in OpenBSD's IPSEC implementation. Stefan Fouant (Dec 15)
- Re: Alleged backdoor in OpenBSD's IPSEC implementation. 'mikea' (Dec 15)
- Re: Alleged backdoor in OpenBSD's IPSEC implementation. Ben (Dec 15)
- Re: Alleged backdoor in OpenBSD's IPSEC implementation. Mike. (Dec 15)
- Re: Alleged backdoor in OpenBSD's IPSEC implementation. Bryan Irvine (Dec 15)
- Re: Alleged backdoor in OpenBSD's IPSEC implementation. Mike. (Dec 15)
- RE: Alleged backdoor in OpenBSD's IPSEC implementation. Stefan Fouant (Dec 15)
- Re: Alleged backdoor in OpenBSD's IPSEC implementation. Ken Chase (Dec 14)
- Re: Alleged backdoor in OpenBSD's IPSEC implementation. sthaug (Dec 15)
- Re: Alleged backdoor in OpenBSD's IPSEC implementation. Eitan Adler (Dec 15)
- Re: Alleged backdoor in OpenBSD's IPSEC implementation. Greg Whynott (Dec 15)
- Re: Alleged backdoor in OpenBSD's IPSEC implementation. Jimmy Hess (Dec 15)