Allegations regarding OpenBSD IPSEC

b. f. bf1783 at
Wed Dec 15 16:48:14 UTC 2010

On 12/15/10, Rob Farmer <rfarmer at> wrote:
> On Wed, Dec 15, 2010 at 07:36, Garrett Wollman <wollman at>
> wrote:
>> <<On Wed, 15 Dec 2010 06:26:20 -0800, Rob Farmer
>> <rfarmer at> said:
>>> If his allegations are correct, they should be easy to verify. He
>>> could post a copy of the NDA and a Freedom of Information Act request
>>> could be submitted to verify it. If, as claimed, the NDA expired and
>>> this can be discussed freely by the general public, then they would
>>> not be able to deny the request.
>> Actually, they would, because it would fall under the "internal
>> personnel matter" exemption from FOIA.
>> -GAWollman
> I'm not a lawyer, but couldn't he exempt himself and they black out
> the other people's names? If he could provide some evidence that this
> isn't a publicity stunt and interest a major media organization or a
> civil rights group (like the ACLU or EFF), I suspect they could apply
> enough political and legal pressure to avoid getting brushed off.
> Besides, if this were legitimate, it could benefit the Democrats
> (given that it supposedly occurred during the Bush administration), so
> how hard would they really fight it?

I don't think that your reasoning about the government's willingness
to release this information, or the extent to which this is a partisan
issue, is correct.  But the details of who was involved, and what
agreements were in place, are secondary to the issue of whether there
are vulnerabilities, intentional or otherwise, in the code.  For those
who have the time and ability to audit the code, there are some
possible problems to look for:


More information about the freebsd-security mailing list