[nycbug-talk] Fwd: Allegations regarding OpenBSD IPSEC
mark.saad at ymail.com
Tue Dec 14 22:20:16 EST 2010
handkar <siraaj at khandkar.net> wrote:
> Anyone else noticed this? Any thoughts?
> Begin forwarded message:
>> From: Theo de Raadt <deraadt at cvs.openbsd.org>
>> Date: 14 December 2010 16:18:27 EST
>> To: security-announce at openbsd.org
>> Subject: Allegations regarding OpenBSD IPSEC
>> I have received a mail regarding the early development of the OpenBSD
>> IPSEC stack. It is alleged that some ex-developers (and the company
>> they worked for) accepted US government money to put backdoors into
>> our network stack, in particular the IPSEC stack. Around 2000-2001.
>> Since we had the first IPSEC stack available for free, large parts of
>> the code are now found in many other projects/products. Over 10
>> years, the IPSEC code has gone through many changes and fixes, so it
>> is unclear what the true impact of these allegations are.
>> The mail came in privately from a person I have not talked to for
>> nearly 10 years. I refuse to become part of such a conspiracy, and
>> will not be talking to Gregory Perry about this. Therefore I am
>> making it public so that
>> (a) those who use the code can audit it for these problems,
>> (b) those that are angry at the story can take other actions,
>> (c) if it is not true, those who are being accused can defend themselves.
>> Of course I don't like it when my private mail is forwarded. However
>> the "little ethic" of a private mail being forwarded is much smaller
>> than the "big ethic" of government paying companies to pay open source
>> developers (a member of a community-of-friends) to insert
>> privacy-invading holes in software.
>> From: Gregory Perry <Gregory.Perry at GoVirtual.tv>
>> To: "deraadt at openbsd.org" <deraadt at openbsd.org>
>> Subject: OpenBSD Crypto Framework
>> Thread-Topic: OpenBSD Crypto Framework
>> Thread-Index: AcuZjuF6cT4gcSmqQv+Fo3/+2m80eg==
>> Date: Sat, 11 Dec 2010 23:55:25 +0000
>> Message-ID: <8D3222F9EB68474DA381831A120B1023019AC034 at mbx021-e2-nj-5.exch021.domain.local>
>> Accept-Language: en-US
>> Content-Language: en-US
>> Content-Type: text/plain; charset="iso-8859-1"
>> Content-Transfer-Encoding: quoted-printable
>> MIME-Version: 1.0
>> Status: RO
>> Hello Theo,
>> Long time no talk. If you will recall, a while back I was the CTO at
>> NETSEC and arranged funding and donations for the OpenBSD Crypto
>> Framework. At that same time I also did some consulting for the FBI,
>> for their GSA Technical Support Center, which was a cryptologic
>> reverse engineering project aimed at backdooring and implementing key
>> escrow mechanisms for smart card and other hardware-based computing
>> My NDA with the FBI has recently expired, and I wanted to make you
>> aware of the fact that the FBI implemented a number of backdoors and
>> side channel key leaking mechanisms into the OCF, for the express
>> purpose of monitoring the site to site VPN encryption system
>> implemented by EOUSA, the parent organization to the FBI. Jason
>> Wright and several other developers were responsible for those
>> backdoors, and you would be well advised to review any and all code
>> commits by Wright as well as the other developers he worked with
>> originating from NETSEC.
>> This is also probably the reason why you lost your DARPA funding, they
>> more than likely caught wind of the fact that those backdoors were
>> present and didn't want to create any derivative products based upon
>> the same.
>> This is also why several inside FBI folks have been recently
>> advocating the use of OpenBSD for VPN and firewalling implementations
>> in virtualized environments, for example Scott Lowe is a well
>> respected author in virtualization circles who also happens top be on
>> the FBI payroll, and who has also recently published several tutorials
>> for the use of OpenBSD VMs in enterprise VMware vSphere deployments.
>> Merry Christmas...
>> Gregory Perry
>> Chief Executive Officer
>> GoVirtual Education
>> "VMware Training Products & Services"
Why are his phone numbers in here?
>> 540-645-6955 x111 (local)
>> 866-354-7369 x111 (toll free)
>> 540-931-9099 (mobile)
>> 877-648-0555 (fax)
Also a fun read as it has his personal
> talk mailing list
> talk at lists.nycbug.org
mark saad | nonesuch at longcount.org
More information about the talk