Allegations regarding OpenBSD IPSEC
Rob Farmer
rfarmer at predatorlabs.net
Thu Dec 16 05:20:22 UTC 2010
On Wed, Dec 15, 2010 at 14:09, Andy Kosela <akosela at andykosela.com> wrote:
> Would you publically say: "yes, I was on the FBI payroll and planted
> those backdoors". Let's be honest here.
Yes, let's. What is your motive for bringing up this issue? Are you on
an intelligence agency's payroll, which has inserted backdoors into
another OS (say Linux), and are trying to get people to switch from
BSD? Can you prove this isn't true?
The problem with this, and other conspiracy theories, is they are
characterized by vague accusations that are hard to verify, one way or
another.
Governments (and virtually all large organizations) have done
unethical things in the past and will do so in the future. As I see
it, either this type of thing is widespread, in which all OSes (open
and proprietary) are probably affected, or it is BS.
Security experts may audit the code, but since they could be in on it,
their results can't be trusted. And if you can't trust the reputation
of the developers, then what? Audit the entire thing yourself? How
many people have the time and skills to do so? There's nothing average
people can do with these allegations, other than accept (without
evidence) that those named are sleazes, which is unfair, to say the
least - how does one prove they aren't involved in such a thing? And
why should they have to? What happened to "innocent until proven
guilty?"
> We need to witness what Greg
> Perry has more to say about this. If he claims this is true I guess
> he still got the code for that -- let him publish it or at least point
> us in the right direction in the OpenBSD source code.
That should have been done at the start.
--
Rob Farmer
More information about the freebsd-security
mailing list