Re: Allegations regarding OpenBSD IPSEC

On Wed, Dec 15, 2010 at 14:09, Andy Kosela <akosela@andykosela.com> wrote:
> Would you publically say: "yes, I was on the FBI payroll and planted
> those backdoors". =A0Let's be honest here.

Yes, let's. What is your motive for bringing up this issue? Are you on
an intelligence agency's payroll, which has inserted backdoors into
another OS (say Linux), and are trying to get people to switch from
BSD? Can you prove this isn't true?

The problem with this, and other conspiracy theories, is they are
characterized by vague accusations that are hard to verify, one way or
another.

Governments (and virtually all large organizations) have done
unethical things in the past and will do so in the future. As I see
it, either this type of thing is widespread, in which all OSes (open
and proprietary) are probably affected, or it is BS.

Security experts may audit the code, but since they could be in on it,
their results can't be trusted. And if you can't trust the reputation
of the developers, then what? Audit the entire thing yourself? How
many people have the time and skills to do so? There's nothing average
people can do with these allegations, other than accept (without
evidence) that those named are sleazes, which is unfair, to say the
least - how does one prove they aren't involved in such a thing? And
why should they have to? What happened to "innocent until proven
guilty?"

>=A0We need to witness what Greg
> Perry has more to say about this. =A0If he claims this is true I guess
> he still got the code for that -- let him publish it or at least point
> us in the right direction in the OpenBSD source code.

That should have been done at the start.

--=20
Rob Farmer
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"