FreeBSD IPSec stack contains backdoors?

Arthur Chance freebsd at
Wed Dec 15 20:46:29 UTC 2010

[Top posting edited out, with heavy elisions]

On 12/15/10 17:55, bsd wrote:
> Le 15 déc. 2010 à 15:23, Victor Lyapunov a écrit :

>> Recently OpenBSD developer Gregory Perry disclosed information about
>> possible backdoors in OpenBSD IPSec stack
>> As far as I am aware, FreeBSD contains considerable amount of code
>> ported from OpenBSD. The question is: was the FreeBSD's ipsec code
>> ported from OpenBSD's implementation? If so, what might be the impact
>> of this?

> This is not so clear !

Possibly a little more information:

> We should ask competent persons like Colin Percival… the FreeBSD Security Officer since 2005.
> He would have a point of view much more precise than anyone of us could have.

I have no doubt he's looking at it, but waiting until he knows something 
before making an announcement. Let him take as much time as he needs.

Auditing the code seems a good idea, panicking about it a bad one.

How many people actually use IPSec anyway? The one time I was forced to 
use it, it seemed like a hideous, designed by committee nightmare. 
(Having to set up incoming and outgoing crypto independently, who 
thought that was a good idea?) I'd always use something like OpenVPN by 

"Although the wombat is real and the dragon is not, few know what a
wombat looks like, but everyone knows what a dragon looks like."

	-- Avram Davidson, _Adventures in Unhistory_

More information about the freebsd-questions mailing list