FreeBSD IPSec stack contains backdoors?
freebsd at qeng-ho.org
Wed Dec 15 20:46:29 UTC 2010
[Top posting edited out, with heavy elisions]
On 12/15/10 17:55, bsd wrote:
> Le 15 déc. 2010 à 15:23, Victor Lyapunov a écrit :
>> Recently OpenBSD developer Gregory Perry disclosed information about
>> possible backdoors in OpenBSD IPSec stack
>> As far as I am aware, FreeBSD contains considerable amount of code
>> ported from OpenBSD. The question is: was the FreeBSD's ipsec code
>> ported from OpenBSD's implementation? If so, what might be the impact
>> of this?
> This is not so clear !
Possibly a little more information:
> We should ask competent persons like Colin Percival… the FreeBSD Security Officer since 2005.
> He would have a point of view much more precise than anyone of us could have.
I have no doubt he's looking at it, but waiting until he knows something
before making an announcement. Let him take as much time as he needs.
Auditing the code seems a good idea, panicking about it a bad one.
How many people actually use IPSec anyway? The one time I was forced to
use it, it seemed like a hideous, designed by committee nightmare.
(Having to set up incoming and outgoing crypto independently, who
thought that was a good idea?) I'd always use something like OpenVPN by
"Although the wombat is real and the dragon is not, few know what a
wombat looks like, but everyone knows what a dragon looks like."
-- Avram Davidson, _Adventures in Unhistory_
More information about the freebsd-questions