http://marc.info/?l=openbsd-tech&m=129236621626462&w=2 is a post from Theo De Raadt, the main OpenBSD developer (OpenBSD's claim to fame is that it has had Only two remote holes in the default install). The email alleges that the IPSEC (IP Security) stack in OpenBSD includes some back-door(s) knowingly inserted by the US FBI. The confessor's NDA with the FBI has recently expired, which apparently allows him to confess the subversion. If so, that differs from my understanding of the UK Official Secrets Act, but so be it. He has alleged, on the OpenBSD mailing list, that
"the FBI implemented a number of backdoors and side channel key leaking mechanisms into the OCF, for the express
purpose of monitoring the site to site VPN encryption system
implemented by EOUSA, the parent organization to the FBI. Jason
Wright and several other developers were responsible for those
backdoors, and you would be well advised to review any and all code
commits by Wright as well as the other developers he worked with
originating from NETSEC."
This is very serious stuff, as OpenBSD is largely treated as being the most trustworthy firewall OS available.
Comments for 'Allegations regarding OpenBSD IPSEC'
You could post a comment if you were logged in.
You are logged in as 0