Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Allegations regarding OpenBSD IPSEC

20 views
Skip to first unread message

Theo de Raadt

unread,
Dec 14, 2010, 5:24:39 PM12/14/10
to
I have received a mail regarding the early development of the OpenBSD
IPSEC stack. It is alleged that some ex-developers (and the company
they worked for) accepted US government money to put backdoors into
our network stack, in particular the IPSEC stack. Around 2000-2001.

Since we had the first IPSEC stack available for free, large parts of
the code are now found in many other projects/products. Over 10
years, the IPSEC code has gone through many changes and fixes, so it
is unclear what the true impact of these allegations are.

The mail came in privately from a person I have not talked to for
nearly 10 years. I refuse to become part of such a conspiracy, and
will not be talking to Gregory Perry about this. Therefore I am
making it public so that
(a) those who use the code can audit it for these problems,
(b) those that are angry at the story can take other actions,
(c) if it is not true, those who are being accused can defend themselves.

Of course I don't like it when my private mail is forwarded. However
the "little ethic" of a private mail being forwarded is much smaller
than the "big ethic" of government paying companies to pay open source
developers (a member of a community-of-friends) to insert
privacy-invading holes in software.

----

From: Gregory Perry <Gregor...@GoVirtual.tv>
To: "der...@openbsd.org" <der...@openbsd.org>
Subject: OpenBSD Crypto Framework
Thread-Topic: OpenBSD Crypto Framework
Thread-Index: AcuZjuF6cT4gcSmqQv+Fo3/+2m80eg==
Date: Sat, 11 Dec 2010 23:55:25 +0000
Message-ID: <8D3222F9EB68474DA381...@mbx021-e2-nj-5.exch021.domain.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Status: RO

Hello Theo,

Long time no talk. If you will recall, a while back I was the CTO at
NETSEC and arranged funding and donations for the OpenBSD Crypto
Framework. At that same time I also did some consulting for the FBI,
for their GSA Technical Support Center, which was a cryptologic
reverse engineering project aimed at backdooring and implementing key
escrow mechanisms for smart card and other hardware-based computing
technologies.

My NDA with the FBI has recently expired, and I wanted to make you
aware of the fact that the FBI implemented a number of backdoors and
side channel key leaking mechanisms into the OCF, for the express
purpose of monitoring the site to site VPN encryption system
implemented by EOUSA, the parent organization to the FBI. Jason
Wright and several other developers were responsible for those
backdoors, and you would be well advised to review any and all code
commits by Wright as well as the other developers he worked with
originating from NETSEC.

This is also probably the reason why you lost your DARPA funding, they
more than likely caught wind of the fact that those backdoors were
present and didn't want to create any derivative products based upon
the same.

This is also why several inside FBI folks have been recently
advocating the use of OpenBSD for VPN and firewalling implementations
in virtualized environments, for example Scott Lowe is a well
respected author in virtualization circles who also happens top be on
the FBI payroll, and who has also recently published several tutorials
for the use of OpenBSD VMs in enterprise VMware vSphere deployments.

Merry Christmas...

Gregory Perry
Chief Executive Officer
GoVirtual Education

"VMware Training Products & Services"

540-645-6955 x111 (local)
866-354-7369 x111 (toll free)
540-931-9099 (mobile)
877-648-0555 (fax)

http://www.facebook.com/GregoryVPerry
http://www.facebook.com/GoVirtual

Bob Beck

unread,
Dec 14, 2010, 5:52:39 PM12/14/10
to
I wonder a lot about the motives of the original sender sending that message.

Is it simply a way to spread FUD and discredit openbsd?
Is it a personal gripe with the accused?
Is it an attempt to manipulate what is used in the market?
Is it outright lies
Is it outright truth and genuine altruism?

While I suspect we'll never know completely for sure, it makes an
interesting point. Is it genuine? partially genuine? how much truth is
in there? if it's true how much of this mattered and has it since been
fixed? (as that code when through a lot of fixes since that time)

Of course in these days of binary only blob drivers, I don't think the
government need resort to this sort of tactic these days. Those nice
binary-only drivers everyone loves running for video and wireless will
ensure that there are nice places in your favorite Open Source project
that can be coopted quietly by government organizations and have
access to your entire kernel. No need to be subtle.

Damien Miller

unread,
Dec 14, 2010, 8:30:19 PM12/14/10
to
On Tue, 14 Dec 2010, Bob Beck wrote:

> I wonder a lot about the motives of the original sender sending that message.

Ignoring motive, and looking at opportunity:

We have never allowed US citizens or foreign citizens working in the US
to hack on crypto code (Niels Provos used to make trips to Canada to
develop OpenSSH for this reason), so direct interference in the crypto
code is unlikely. It would also be fairly obvious - the crypto code
works as pretty basic block transform API, and there aren't many places
where one could smuggle key bytes out. We always used arcrandom() for
generating random numbers when we needed them, so deliberate biases of
key material, etc would be quite visible.

So a subverted developer would probably need to work on the network stack.
I can think of a few obvious ways that they could leak plaintext or key
material:

1. Ensure that key bytes somehow wind up as padding. This would be pretty
obvious, since current IPsec standards require deterministic padding.
Our legacy random padding uses arc4random_buf().

2. Arrange for particular structures to be adjacent to interesting data,
like raw or scheduled keys and "accidentally" copy too much.

3. Arrange for mbufs that previously contained plaintext or other
interesting material to be "accidentally" reused. This seems to me the
most likely avenue, and there have been bugs of this type found before.
It's a pretty common mistake, so it is attractive for deniability, but
it seems difficult to make this a reliable exploit. If I was doing it,
I'd try to make the reuse happen on something like ICMP errors, so I
could send error-inducing probe packets at times I thought were
interesting :)

4. Introduce timing side-channel leaks. These weren't widely talked about
back in 2000 (at least not in the public domain), but have been well
researched in the years since then. We have already introduced
countermeasures against the obvious memcmp() leaks using
timingsafe_bcmp(), but more subtle leaks could still remain.

If anyone is concerned that a backdoor may exist and is keen to audit the
network stack, then these are the places I'd recommend starting from.

-d

Brandon Mercer

unread,
Dec 14, 2010, 10:26:44 PM12/14/10
to
If this type of thing really did happen and this actually is going on
something as simple as systrace or dtrace would have found it correct?
Surely folks have monitored and audited the actual function and traffic that
goes across the wire... conversely amd has a "debugger" that'll get you
access to more goodies than you could imagine and just recently I discovered
a similar "debugger" on the wifi chip on my phone. Guess its better it
doesn't work anyhow ;)
Brandon

Otto Moerbeek

unread,
Dec 15, 2010, 1:48:46 AM12/15/10
to
On Tue, Dec 14, 2010 at 10:26:44PM -0500, Brandon Mercer wrote:

> If this type of thing really did happen and this actually is going on
> something as simple as systrace or dtrace would have found it correct?
> Surely folks have monitored and audited the actual function and traffic that
> goes across the wire... conversely amd has a "debugger" that'll get you
> access to more goodies than you could imagine and just recently I discovered
> a similar "debugger" on the wifi chip on my phone. Guess its better it
> doesn't work anyhow ;)

It's generally impossible to see from a datastream if it leaks key
data. It can be pretty damn hard to verify code to show it does not
leak key data

-Otto

Gregory Edigarov

unread,
Dec 15, 2010, 5:20:27 AM12/15/10
to
On Wed, 15 Dec 2010 07:48:46 +0100
Otto Moerbeek <ot...@drijf.net> wrote:

> On Tue, Dec 14, 2010 at 10:26:44PM -0500, Brandon Mercer wrote:
>
> > If this type of thing really did happen and this actually is going
> > on something as simple as systrace or dtrace would have found it
> > correct? Surely folks have monitored and audited the actual
> > function and traffic that goes across the wire... conversely amd
> > has a "debugger" that'll get you access to more goodies than you
> > could imagine and just recently I discovered a similar "debugger"
> > on the wifi chip on my phone. Guess its better it doesn't work
> > anyhow ;)
>
> It's generally impossible to see from a datastream if it leaks key
> data. It can be pretty damn hard to verify code to show it does not
> leak key data

I think if it leaks data, it must leak data somewhere, i.e. there must
be a server somewhere, and this server must have an ip.
so if you look at your traffic, and you will find an ip other then ip
of your server, you will know where the leak goes.

just my 0.5 cents


--
With best regards,
Gregory Edigarov

Brandon Mercer

unread,
Dec 15, 2010, 5:40:26 AM12/15/10
to
Unless of course someone was capturing the entire stream as it traversed the
internet and then simply extracted the keys later on.

Stuart Henderson

unread,
Dec 15, 2010, 5:54:30 AM12/15/10
to
On 2010/12/15 12:20, Gregory Edigarov wrote:
> On Wed, 15 Dec 2010 07:48:46 +0100
> Otto Moerbeek <ot...@drijf.net> wrote:
>
> > On Tue, Dec 14, 2010 at 10:26:44PM -0500, Brandon Mercer wrote:
> >
> > > If this type of thing really did happen and this actually is going
> > > on something as simple as systrace or dtrace would have found it
> > > correct? Surely folks have monitored and audited the actual
> > > function and traffic that goes across the wire... conversely amd

I think you misunderstand what systrace does.

> > > has a "debugger" that'll get you access to more goodies than you
> > > could imagine and just recently I discovered a similar "debugger"
> > > on the wifi chip on my phone. Guess its better it doesn't work
> > > anyhow ;)
> >
> > It's generally impossible to see from a datastream if it leaks key
> > data. It can be pretty damn hard to verify code to show it does not
> > leak key data
>
> I think if it leaks data, it must leak data somewhere, i.e. there must
> be a server somewhere, and this server must have an ip.
> so if you look at your traffic, and you will find an ip other then ip
> of your server, you will know where the leak goes.
>
> just my 0.5 cents

That's not necessary, key data can be leaked in or alongside the
encrypted datastream itself, there's no need to send it anywhere.
And it doesn't have to be a whole key, just something that makes
things cryptanalysis simpler.

*If there's something there*. Remember these are still just
allegations at this stage.

Jason L. Wright

unread,
Dec 15, 2010, 1:27:31 PM12/15/10
to
Subject: Allegations regarding OpenBSD IPSEC

Every urban lengend is made more real by the inclusion of real names,
dates, and times. Gregory Perry's email falls into this category. I
cannot fathom his motivation for writing such falsehood (delusions
of grandeur or a self-promotion attempt perhaps?)

I will state clearly that I did not add backdoors to the OpenBSD
operating system or the OpenBSD crypto framework (OCF). The code I
touched during that work relates mostly to device drivers to support
the framework. I don't believe I ever touched isakmpd or photurisd
(userland key management programs), and I rarely touched the ipsec
internals (cryptodev and cryptosoft, yes). However, I welcome an
audit of everything I committed to OpenBSD's tree.

I demand an apology from Greg Perry (cc'd) for this accusation. Do
not use my name to add credibility to your cloak and dagger fairy
tales.

I will point out that Greg did not even work at NETSEC while the OCF
development was going on. Before January of 2000 Greg had left NETSEC.
The timeline for my involvement with IPSec can be clearly demonstrated
by looking at the revision history of:
src/sys/dev/pci/hifn7751.c (Dec 15, 1999)
src/sys/crypto/cryptosoft.c (March 2000)
The real work on OCF did not begin in earnest until February 2000.

Theo, a bit of warning would have been nice (an hour even... especially
since you had the allegations on Dec 11, 2010 and did not post them
until Dec 14, 2010). The first notice I got was an email from a
friend at 6pm (MST) on Dec 14, 2010 with a link to the already posted
message.

So, keep my name out of the rumor mill. It is a baseless accusation
the reason for which I cannot understand.

--Jason L. Wright

Peter N. M. Hansteen

unread,
Dec 15, 2010, 2:33:43 PM12/15/10
to
The IPSEC allegations have produced a flurry of blog posts and
suchlike, mostly just rehashing the contents of Theo's original
message. However, I've found two followups that are interesting for
their own separate reasons:

in http://blogs.csoonline.com/1296/an_fbi_backdoor_in_openbsd , there
appears to be some additional veribage from Gregory Perry, but IMHO it
does not really add much in the way of useful information.

The other item,

http://maycontaintracesofbolts.blogspot.com/2010/12/openbsd-ipsec-backdoor-allegations.html

is quite a bit more interesting, since it's a public challenge (with a
cash bounty) to come up with actual evidence of backdoor code in the
relevant parts of OpenBSD. There have been offers to match original 3
* USD 100 bounty, so with a little more circulation the bounty could
turn into a good amount.

I would say the second post here deserves more attention; if you
agree, please make that URL visible via whatever news sites you can
think of (yup, it's in the /. submissions queue).

- Peter
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

patrick keshishian

unread,
Dec 15, 2010, 3:25:05 PM12/15/10
to
On Wed, Dec 15, 2010 at 11:33 AM, Peter N. M. Hansteen <pe...@bsdly.net>
wrote:

> The IPSEC allegations have produced a flurry of blog posts and
> suchlike, mostly just rehashing the contents of Theo's original
> message. However, I've found two followups that are interesting for
> their own separate reasons:
>
> in http://blogs.csoonline.com/1296/an_fbi_backdoor_in_openbsd , there
> appears to be some additional veribage from Gregory Perry, but IMHO it
> does not really add much in the way of useful information.
>
> The other item,
>
>
http://maycontaintracesofbolts.blogspot.com/2010/12/openbsd-ipsec-backdoor-al
legations.html
>
> is quite a bit more interesting, since it's a public challenge (with a
> cash bounty) to come up with actual evidence of backdoor code in the
> relevant parts of OpenBSD. There have been offers to match original 3
> * USD 100 bounty, so with a little more circulation the bounty could
> turn into a good amount.

It is easy to shoot one's mouth off like that about bounty offered,
given the ridiculously constrained "conditions" the bounty is offered
under. He might as well offered a million USD. No one will be able to
prove this under these restrictions.

--patrick

Peter N. M. Hansteen

unread,
Dec 15, 2010, 3:31:02 PM12/15/10
to
patrick keshishian <pkes...@gmail.com> writes:
> It is easy to shoot one's mouth off like that about bounty offered,
> given the ridiculously constrained "conditions" the bounty is offered
> under. He might as well offered a million USD. No one will be able to
> prove this under these restrictions.

I won't get into a discussion about DES' stated requirements, but I do
think it's a good-faith effort. Then again, as Jason Dixon points out in
his blog http://obfuscurity.com/2010/12/Updates-on-the-OpenBSD-IPsec-Gossip ,
making a donation to the OpenBSD project is likely to give you more bang
for the buck.

Damien Miller

unread,
Dec 15, 2010, 3:36:41 PM12/15/10
to
On Wed, 15 Dec 2010, patrick keshishian wrote:

> It is easy to shoot one's mouth off like that about bounty offered,
> given the ridiculously constrained "conditions" the bounty is offered
> under. He might as well offered a million USD. No one will be able to
> prove this under these restrictions.

His conditions aren't "ridiculously constrained", they seem to be pretty
much approproiate for the allegations.

-d

Ted Unangst

unread,
Dec 15, 2010, 3:54:48 PM12/15/10
to

The requirement that the bug still be exploitable in the current code
is a little much. A hidden side channel might possibly be quite
fragile and easily disarmed by accident without fixing the underlying
flaw, but that wouldn't invalidate the allegation. That part did read
a lot like hedging the bet.

An exploit like this that only worked pre-4.4 (to pick a random older
release for example) would still be very valuable.

Kevin Chadwick

unread,
Dec 15, 2010, 2:04:27 PM12/15/10
to
On Wed, 15 Dec 2010 10:27:31 -0800
"Jason L. Wright" <ja...@thought.net> wrote:

> I
> cannot fathom his motivation for writing such falsehood (delusions
> of grandeur or a self-promotion attempt perhaps?)

Perhaps,

Promote his domains rank in google or the facebook link? (Does anyone
know if he always puts facebook links in mails)

Wants IPSEC audited for some reason?

Divert devs attention from something else?

If it's one of these reasons or any other alterior motive then that's
just dispicible.

However, NDAs often last for 10 years which either adds weight to
the well thought urban myth theory or to the possibility that it may be
the truth.

>The real work on OCF did not begin in earnest until February 2000.

I can't see how this gives you credibility but maybe the people who
worked with you at the time can understand how your evidence supports
what you say.

patrick keshishian

unread,
Dec 15, 2010, 4:01:08 PM12/15/10
to
On Wed, Dec 15, 2010 at 12:36 PM, Damien Miller <d...@mindrot.org> wrote:
> On Wed, 15 Dec 2010, patrick keshishian wrote:
>
>> It is easy to shoot one's mouth off like that about bounty offered,
>> given the ridiculously constrained "conditions" the bounty is offered
>> under. He might as well offered a million USD. No one will be able to
>> prove this under these restrictions.
>
> His conditions aren't "ridiculously constrained", they seem to be pretty
> much approproiate for the allegations.

seriously?

# - that the OpenBSD Crypto Framework contains vulnerabilities
# which can be exploited by an eavesdropper to recover plaintext
# from an IPSec stream,

There is a big assumption about the alleged backdoor or
leak; i.e., that it is used to directly extract "plaintext"
out of an IPSEC stream. OK. Maybe reasonable.

# - that these vulnerabilities can be traced directly to code
# submitted by Jason Wright and / or other developers linked
# to Perry, and

Do they really have to be linked back to Perry? Is that
really the important factor in the alleged backdoor's
existence?

# - that the nature of these vulnerabilities is such that there
# is reason to suspect, independently of Perry's allegations,
# that they were inserted intentionally-for instance, if the
# surrounding code is unnecessarily awkward or obfuscated and
# the obvious and straightforward alternative would either not
# be vulnerable or be immediately recognizable as vulnerable

Oh, so the alleged backdoor if present _must_ be in
the form of obfuscated code. Oooookay...


# - Finally, I pledge USD 100 to the first person to present
# convincing evidence showing that a government agency
# successfully planted a backdoor in a security-critical
# portion of the Linux kernel.

So not only one has to find the alleged backdoor, but
also link its author to a "government agency" .. via
how I wonder, payroll stub, signed contract, confession?
OK, Maybe not too unreasonable, but it still gives a nice
loophole for blogger to recant on his bounty.

# - In all three cases, the vulnerability must still be present
# and exploitable when the evidence is assembled and presented
# to the affected parties. Allowances will be made for the
# responsible disclosure process.

Must still exist? So proving that at some point the
alleged backdoor existed and was placed in there by
an FBI/NSA pawn isn't good enough, but the alleged
backdoor must still exist. Nice...

# - Exploitability must be demonstrated, not theorized.

Ahh... must be demonstrated. So not only you need
to show there is an alleged leak but also you must
know the means by which the NSA or FBI intended to
use the alleged leak.

But OK.
--patrick

Tobias Weingartner

unread,
Dec 15, 2010, 4:57:24 PM12/15/10
to
On Wednesday, December 15, Kevin Chadwick wrote:
> >The real work on OCF did not begin in earnest until February 2000.
>
> I can't see how this gives you credibility but maybe the people who
> worked with you at the time can understand how your evidence supports
> what you say.

I've known Jason for quite a while, and nothing has ever
let me believe that I should question his character, motives
or otherwise make me believe he was not a straightforward
and honest person.

I think even in the USA a person is INNOCENT, until PROVEN
guilty. So in this case, you're the one that is out of
line. You're the one the onus of proof is on. Jason has
no need to give you evidence.

Quite frankly, dragging Jason (or anyone else) through the
mud in this fashion is completely disgusting, deplorable,
and stinks. This will be the last I say on this subject.

--Toby.

Kevin Chadwick

unread,
Dec 15, 2010, 4:27:51 PM12/15/10
to
On Wed, 15 Dec 2010 14:57:24 -0700
Tobias Weingartner <wein...@tepid.org> wrote:

> So in this case, you're the one that is out of
> line.

If your talking to me then I tried to make it clear that I was sitting
on the fence. I was going to go further but then figured that would be
leaning in one direction. I certainly wouldn't want to offend anyone I
don't know but I'm not going to defend them or help their case if I
don't know whether they're guilty or not either.

If your putting evidence forward, then logic dictates that the same
reasoning applies in that it doesn't clear you unquestionably unless it
proves something which is why I asked if it did. Don't get me started
about law, because it's more about money than justice and please don't
read between my lines.

For what it's worth, my opinion which is irrelevant on the basis of next
to no evidence was that Jason is likely the one telling the truth and
I'm sure the people in the community that count to him will have a
better idea than me.

My intention was not to drag anyone through the mud but only help people
get to the truth, sorry if it also seemed like that to anyone else. If
he's wrongly accused for financial gain then that is truly terrible.

Joachim Schipper

unread,
Dec 16, 2010, 4:47:11 AM12/16/10
to
On Wed, Dec 15, 2010 at 07:04:27PM +0000, Kevin Chadwick wrote:
> "Jason L. Wright" <ja...@thought.net> wrote:
> >I cannot fathom his motivation for writing such falsehood

> >The real work on OCF did not begin in earnest until February 2000.


>
> I can't see how this gives you credibility but maybe the people who
> worked with you at the time can understand how your evidence supports
> what you say.

While the whole thing is most likely FUD, Perry did say

Jason Wright and several other developers were responsible for those
backdoors, and you would be well advised to review any and all code
commits by Wright as well as the other developers he worked with
originating from NETSEC.

so it's not like Jason is the only one.

Joachim

Marc Espie

unread,
Dec 16, 2010, 6:30:27 PM12/16/10
to
I'm not going to comment on the mail itself, but I've seen a lot of incredibly
dubious articles on the net over the last few days.

- use your brains, people. Just because a guy does say so doesn't mean there's
a backdoor. Ever heard about FUD ?

- of course OpenBSD is going to check. Geeez!! what do you think ?

- why would OpenBSD be in trouble ? where do you think *all the other IPsec
implementations* come from ? (hint: 10 years ago, what was the USofA view on
cryptography exports ? where is OpenBSD based. Second hint: Canada != UsOfA).

- why would the FBI only target OpenBSD ? if there's a backhole in OpenBSD,
which hosts some of the most paranoid Opensource developers alive, what do
you think is the likelyhood similar backholes exist in, say, Windows, or
MacOs, or Linux (check where their darn IPsec code comes from, damn it!)


I know that a lot of the guys reading tech@ are intelligent enough to *know*
all the rather obvious things I'm stating here, but it's looking like a lot
of stupid, stupid web sites are using this as their *only* source of
information, and do not engage their brain): if you read french, go check
http://www.macgeneration.com/news/voir/180982/un-systeme-espion-du-fbi-dans-openbsd
and be amazed at how clueless those writers are.

Just on the off chance that those idiots will read this, and realize how
stupid their generalizations are. Theo was careful enough to state facts,
and I'm a huge fan of what he's done (he's decided to go fully open with
this, which was a tough decision).
I don't see why this would impact OpenBSD negatively without affecting any
other OS... especially until we actually get proof...

Brandon Mercer

unread,
Dec 16, 2010, 7:10:54 PM12/16/10
to
I about talked myself out of believing that this happened after explaining
this to a cow-orker today. They were quite surprised i'd buy into something
this speculative and far fetched at all. After listening to him generalize
it back to me it seems even sillier.
Brandon

Rod Whitworth

unread,
Dec 16, 2010, 7:51:27 PM12/16/10
to
On Fri, 17 Dec 2010 00:30:27 +0100, Marc Espie wrote:

> if you read french, go check
>http://www.macgeneration.com/news/voir/180982/un-systeme-espion-du-fbi-dans-openbsd
>and be amazed at how clueless those writers are.

Gee, even the google page translation makes it clearer than my rusty
frangais (` mon icole secondaire de trop nombreuses annies il ya).

Thanks for the laughs, Marc.
*** NOTE *** Please DO NOT CC me. I <am> subscribed to the list.
Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou.

Rod/
---
This life is not the real thing.
It is not even in Beta.
If it was, then OpenBSD would already have a man page for it.

Carson Harding

unread,
Dec 16, 2010, 9:27:51 PM12/16/10
to
The item I find interesting in all this is one I have not seen
commented on:

"the FBI implemented a number of backdoors and
side channel key leaking mechanisms into the OCF,
for the express purpose of monitoring the site to
site VPN encryption system implemented by EOUSA"

Two things come immediately to mind:

1. If I legitimately need access to monitor traffic over
a VPN I either have access to an endpoint, or I have
the keys. Or a warrant.
2. OpenBSD was (is) by this report used by at least one US
agency. There are lots of other little reports and
snippets over time that suggest use by many other
US government agencies.

Therefore, over and above any technical security issues, we have
the allegation that:

1. An agency is (possibly illegitimately) trying to sniff the
traffic of another agency.
2. To do so, that agency deliberately weakened a tool used
by other US government agencies, thereby compromising
their security.

I call fantasy. (On the other hand: prove a backdoor, create a
political tempest where OpenBSD's involvement is almost incidental.)

Carson

--
Carson Harding - harding (at) motd (dot) ca

(private) HKS

unread,
Dec 16, 2010, 10:02:26 PM12/16/10
to


OpenBSD is a great product, but y'all are too easily trolled.

His NDA with the FBI *expired* so he 1) discloses information that's
privileged at the very least and a political stick of dynamite at
worst, 2) discloses it in a private forum to an individual known for
his transparency and total lack of tact, 3) doesn't bother contacting
anyone in the press about it, 4) claims to know various other pundits
are "on the FBI payroll," and 5) claims that the FBI deliberately
compromised an open source project in order to spy on its parent
organization and other government agencies.

Here's a tip: when a government organization works with private
contractors to help them spy on other government organizations, those
NDAs don't fucking expire.

Jesus.

SJP Lists

unread,
Dec 16, 2010, 11:33:58 PM12/16/10
to

That is what I would expect.

From memory, in my part of the World if you did this sort of work for
an intelligence agency, your role and work is kept secret until 40
years *after* your death.

Theo de Raadt

unread,
Dec 16, 2010, 11:47:14 PM12/16/10
to
> I about talked myself out of believing that this happened after explaining
> this to a cow-orker today. They were quite surprised i'd buy into something
> this speculative and far fetched at all. After listening to him generalize
> it back to me it seems even sillier.

I think you are totally misreading espie.

It is an allegation in a world where we audit whether there is an
allegation or not.

If I read you right, what you are saying can be simplified to this:

Because this is an allegation, we need not audit. Hey, let's post
instead!

I am sorry, but even if you don't mean it exactly like that, what you
said will be interpreted by many people to mean that. What I see you
say above ridiculous.

You can say keep interpreting things so simplistically, but some of us
are not saying much because we are studying and re-learning the
workings of the ipsec and crypto layers works because that is what we
do.

Theo de Raadt

unread,
Dec 16, 2010, 11:55:28 PM12/16/10
to
> > Here's a tip: when a government organization works with private
> > contractors to help them spy on other government organizations, those
> > NDAs don't fucking expire.
> >
> > Jesus.
>
> That is what I would expect.
>
> >From memory, in my part of the World if you did this sort of work for
> an intelligence agency, your role and work is kept secret until 40
> years *after* your death.

Yes, and he's American, so he'd never be brave enough to break any
rules and risk certain death (or worse -- forclosure).

So we know for certain, or we don't.

Yeah, I know -- we live in an incredibly simple world inhabited by
extremely simple people, except when it isn't.

Pawel Veselov

unread,
Dec 17, 2010, 5:25:21 AM12/17/10
to
On Thu, Dec 16, 2010 at 3:30 PM, Marc Espie <es...@nerim.net> wrote:
> I'm not going to comment on the mail itself, but I've seen a lot of
incredibly
> dubious articles on the net over the last few days.
>
> - use your brains, people. Just because a guy does say so doesn't mean
there's
> a backdoor. B Ever heard about FUD ?

>
> - of course OpenBSD is going to check. Geeez!! what do you think ?

I'm really sorry to pitch in here, but...

The centerpiece of this thread, besides technical details of how/whether to
prove/disprove the so-called accusations, seems to be an argument on
whether Perry's purely FUD'ing, promoting his company/pages, creating
the buzz, or whether his words should be taken for their face value.

I have to say that Perry here is credited with one thing he actually did not
do -- publish this to the world. There has been talk of alterior motives
here,
but for any of these motives, Perry had to know or pretty damn well guessed
that the second thing Theo (hi, Theo) would do to his email was to publish
it.
Would you plan anything based on a predicted behavior of a person you
haven't communicated with in 10 years?

This is not to point finger at Theo for creating all this commotion, of
course;
this commotion can, however, be, an unintended accident, but the fact that
it came from Theo gave it a lot of credibility.

[skipped]

Kevin Chadwick

unread,
Dec 17, 2010, 6:11:12 AM12/17/10
to
Does anyone know if there was an ultimate outcome to the investigation
of side channels supposedly put into DSA by the NSA?

Theo de Raadt

unread,
Dec 17, 2010, 10:59:13 AM12/17/10
to
> On Thu, Dec 16, 2010 at 3:30 PM, Marc Espie <es...@nerim.net> wrote:
> > I'm not going to comment on the mail itself, but I've seen a lot of
> incredibly
> > dubious articles on the net over the last few days.
> >
> > - use your brains, people. Just because a guy does say so doesn't mean
> there's
> > a backdoor. B Ever heard about FUD ?
> >
> > - of course OpenBSD is going to check. Geeez!! what do you think ?
>
> I'm really sorry to pitch in here, but...
>
> The centerpiece of this thread, besides technical details of how/whether to
> prove/disprove the so-called accusations, seems to be an argument on
> whether Perry's purely FUD'ing, promoting his company/pages, creating
> the buzz, or whether his words should be taken for their face value.

As for promoting his company, someone yesterday showed me this:

http://www.sunbiz.org/scripts/ficidet.exe?action=DETREG&docnum=G09000158184&rdocnum=G09000158184

Look at the line marked Status.

> I have to say that Perry here is credited with one thing he actually did not
> do -- publish this to the world. There has been talk of alterior motives here,
> but for any of these motives, Perry had to know or pretty damn well guessed
> that the second thing Theo (hi, Theo) would do to his email was to publish it.
> Would you plan anything based on a predicted behavior of a person you
> haven't communicated with in 10 years?
>
> This is not to point finger at Theo for creating all this commotion, of course;
> this commotion can, however, be, an unintended accident, but the fact that
> it came from Theo gave it a lot of credibility.

Whoa, wait a second here. If you think I gave it credibility, you
need to go back and read my words again. I called it an allegation,
and I stick with that. I was extremely careful with my words, and you
are wrong to interpret them as you do.

Marc Espie

unread,
Dec 17, 2010, 12:39:53 PM12/17/10
to
On Fri, Dec 17, 2010 at 08:59:13AM -0700, Theo de Raadt wrote:
> > This is not to point finger at Theo for creating all this commotion, of course;
> > this commotion can, however, be, an unintended accident, but the fact that
> > it came from Theo gave it a lot of credibility.
>
> Whoa, wait a second here. If you think I gave it credibility, you
> need to go back and read my words again. I called it an allegation,
> and I stick with that. I was extremely careful with my words, and you
> are wrong to interpret them as you do.

Theo, it's hopeless. Kids these days. Can't read, can't code.

If you write anything, you can be certain they will take it out of context.
They don't understand what a context is.

Heck, they will use the excuse that they're "not native speakers" to say
they misunderstood.

I mean, why should they make the effort ? it's so easier to take a rumor
out of context, not verify the source, not verify what it says and run
with it.

There's NEVER an excuse for mediocrity. I'm not a native speaker, Theo
isn't either. That's not a good reason for not understanding/not writing
english.

That's the same with code, just because you learnt to program with a bad
crowd is no excuse for most of the linux and java code out there. ;-)

Pawel Veselov

unread,
Dec 17, 2010, 1:09:05 PM12/17/10
to
On Fri, Dec 17, 2010 at 7:59 AM, Theo de Raadt <der...@cvs.openbsd.org>
wrote:

[skipped]

> > I have to say that Perry here is credited with one thing he actually did
not
> > do -- publish this to the world. There has been talk of alterior motives
here,
> > but for any of these motives, Perry had to know or pretty damn well
guessed

> > that B the second thing Theo (hi, Theo) would do to his email was to


publish it.
> > Would you plan anything based on a predicted behavior of a person you
> > haven't communicated with in 10 years?
> >

> > This is not to point finger at Theo for creating all this commotion, of
course;
> > this commotion can, however, be, an unintended accident, but the fact
that
> > it came from Theo gave it a lot of credibility.
>

> Whoa, wait a second here. B If you think I gave it credibility, you
> need to go back and read my words again. B I called it an allegation,
> and I stick with that. B I was extremely careful with my words, and you


> are wrong to interpret them as you do.

Look, if somebody like me posted something like this here, it would be just
plain dismissed. If Perry posted his email here, he'd just be under fire to
show some or any proof. The reason this was so widely picked up
and generated so much flame and buzz, is because you posted it here.
It's an unfortunate consequence of a right action, really. I'm not even
remotely saying that you intended to give it weight, or that you
should've swept it under the rug.

Theo de Raadt

unread,
Dec 17, 2010, 1:23:32 PM12/17/10
to
> On Fri, Dec 17, 2010 at 7:59 AM, Theo de Raadt <der...@cvs.openbsd.org> wr=
> ote:
>
> [skipped]
>
> > > I have to say that Perry here is credited with one thing he actually di=
> d not
> > > do -- publish this to the world. There has been talk of alterior motive=
> s here,
> > > but for any of these motives, Perry had to know or pretty damn well gue=
> ssed
> > > that =C2=A0the second thing Theo (hi, Theo) would do to his email was t=
> o publish it.

> > > Would you plan anything based on a predicted behavior of a person you
> > > haven't communicated with in 10 years?
> > >
> > > This is not to point finger at Theo for creating all this commotion, of=
> course;
> > > this commotion can, however, be, an unintended accident, but the fact t=

> hat
> > > it came from Theo gave it a lot of credibility.
> >
> > Whoa, wait a second here. =C2=A0If you think I gave it credibility, you
> > need to go back and read my words again. =C2=A0I called it an allegation,
> > and I stick with that. =C2=A0I was extremely careful with my words, and y=

> ou
> > are wrong to interpret them as you do.
>
> Look, if somebody like me posted something like this here, it would be just
> plain dismissed.

If that is the case -- that people would dismiss it automatically --
then the community is really stupid. You are almost arguing that that
is the way it should be.

Allegation of not, code should always be checked, and re-checked, and
re-checked.

What I am seeing is that we have a ridiculously upside-down trust
model -- "Trust the developers".

We never asked for people to trust us. We might have "earned some" in
some people's eyes, but if so it has always been false, even before
this. People should trust what they test, but the world has become
incredibly lazy.

We build this stuff by trusting each other as friends, and that is
done on an international level. If anything, the layers and volume of
trust involved in software development should decrease trust. Oh
right, let's hear some of that "many eyes" crap again. My favorite
part of the "many eyes" argument is how few bugs were found by the two
eyes of Eric (the originator of the statement). All the many eyes are
apparently attached to a lot of hands that type lots of words about
many eyes, and never actually audit code.

If anything, the collaborative model we use should _decrease_ trust,
except, well, unless you compare it to the other model -- corporate
software -- where they don't even start from any position of trust.
There you are trusting the money, here you are trusting people I've
never met.

> If Perry posted his email here, he'd just be under fire to
> show some or any proof.

OK, so I post it, and then noone asks him for proof, now it suddenly
has more strength? I am so bloody dissapointed in the community that
uses our stuff.

> The reason this was so widely picked up
> and generated so much flame and buzz, is because you posted it here.

How dismal.

> It's an unfortunate consequence of a right action, really. I'm not even
> remotely saying that you intended to give it weight, or that you
> should've swept it under the rug.

What a dismal world view.

Maxim Bourmistrov

unread,
Dec 17, 2010, 1:34:11 PM12/17/10
to
Theo,
this thread is DEAD. Drop it.

No one believes in "backdoors" planted into OpenBSD.

I se commits - you dig all over the place.
If "backdoor" existed, then it is gone cause of this digging.

Without proof its just a plain BS.

P.S.
I lost my interest for a while ago now.

Daniel E. Hassler

unread,
Dec 17, 2010, 2:21:21 PM12/17/10
to
I agree with Marc - "it's hopeless" We live in a world where spin is
king. Anything you say can and will be twisted against you.

On 12/17/10 9:39 AM, Marc Espie wrote:
> On Fri, Dec 17, 2010 at 08:59:13AM -0700, Theo de Raadt wrote:

>>> This is not to point finger at Theo for creating all this commotion, of course;
>>> this commotion can, however, be, an unintended accident, but the fact that


>>> it came from Theo gave it a lot of credibility.

>> Whoa, wait a second here. If you think I gave it credibility, you
>> need to go back and read my words again. I called it an allegation,
>> and I stick with that. I was extremely careful with my words, and you


>> are wrong to interpret them as you do.

Siju George

unread,
Dec 17, 2010, 10:16:35 PM12/17/10
to
On Fri, Dec 17, 2010 at 11:39 PM, Pawel Veselov <pawel....@gmail.com> wrote:
>
> > Whoa, wait a second here. B If you think I gave it credibility, you
> > need to go back and read my words again. B I called it an allegation,
> > and I stick with that. B I was extremely careful with my words, and you

> > are wrong to interpret them as you do.
>
> Look, if somebody like me posted something like this here, it would be just
> plain dismissed.
>

So it is good that Theo posted it here.
He is serious about this allegation. Serious about proving if it is
true or false.
He has opened the invitation to any in order to acheive the objective.
And he and others are dong the needful the outcome of which you will
be able to see in a a couple or more of days.

> If Perry posted his email here, he'd just be under fire to
> show some or any proof.
>

Well may be Theo does not fell the urge to push away responsibility on others?
Being the project leader he is doing just what a responsible and
accountable person will do.

>The reason this was so widely picked up
> and generated so much flame and buzz, is because you posted it here.
>

So would you prefer he kept it secret?

> It's an unfortunate consequence of a right action, really. I'm not even
> remotely saying that you intended to give it weight, or that you
> should've swept it under the rug.
>

Then waht are you tring to say?

thanks

--Siju

Andres Perera

unread,
Jan 3, 2011, 3:03:24 PM1/3/11
to
On Tue, Dec 14, 2010 at 5:54 PM, Theo de Raadt <der...@cvs.openbsd.org>
wrote:
> I have received a mail regarding the early development of the OpenBSD
> IPSEC stack. B It is alleged that some ex-developers (and the company
> they worked for) accepted US government money to put backdoors into
> our network stack, in particular the IPSEC stack. B Around 2000-2001.

Funny how this happened right after the massive wiki leaks.

It worked though, most people fell for it.

0 new messages