Comment Re:Many eyes make bugs / backdoors shallow (Score 1) 536
My apologies. In my haste I forgot to click the No Karma option.
My apologies. In my haste I forgot to click the No Karma option.
It seems that link may have been
Here is a dump of the information, last I had it.
IRC: irc.freenode.net #openbsd
Twitter: OpenBSDGate
The etherpad (most detailed and up to date):
OPENBSD IPSEC STACK VERIFICATION
Original Email:
http://marc.info/?l=openbsd-tech&m=129236621626462&w=2
The code:
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/ipsec_input.c
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/ipsec_output.c
Misc:
What other software includes the OpenBSD IPSEC implementation?
Not Linux:
Triaging Linux; git clone git://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git
Initial commit 6c55c29fa, Oct 2002, Alexey Kuznetsov
Does not appear to be derived from the above? (checking strings from ipsec_input.c version 1.54.2.3, Oct 2002). Neither copyright information nor comment strings match. Linux's IPSec implementation looks original.
'git log -p --grep=IPSEC' on the above clone shows complete history for the period.
Communications:
IRC: irc.freenode.net #openbsd
Twitter: OpenBSDGate
PublicPad (this document); http://piratenpad.de/condition-beige
Press:
http://blogs.forbes.com/taylorbuley/2010/12/14/fbi-accusedipsec-of-decade-old-cryptography-code-conspiracy/
http://bsd.slashdot.org/story/10/12/15/004235/FBI-Alleged-To-Have-Backd
We have never allowed US citizens or foreign citizens working in the US
to hack on crypto code (Niels Provos used to make trips to Canada to
develop OpenSSH for this reason), so direct interference in the crypto
code is unlikely. It would also be fairly obvious - the crypto code
works as pretty basic block transform API, and there aren't many places
where one could smuggle key bytes out. We always used arcrandom() for
generating random numbers when we needed them, so deliberate biases of
key material, etc would be quite visible.
oored-OpenBSDs-IPSEC-Stack
http://www.reddit.com/r/programming/comments/elw0x/allegations_regarding_openbsd_ipsec_fbi_backdoors/
http://www.metafilter.com/98547/Subject-Allegations-regarding-OpenBSD-IPSEC
Docs:
http://web.archive.org/web/20000621015208/www.netsec.net/gsa.html
https://www.gsaadvantage.gov/ref_text/GS35F0040K/GS35F0040K_online.htm
http://web.archive.org/web/19980101000000-20040101235959*sh_re_sr_1nr_30/http://www.netsec.net/*
http://web.archive.org/web/20000816024729/www.netsec.net/ltr_doj.html
Source Contributors:
Jason: http://www.linkedin.com/in/jasonwright
Possibility #1: (eldragon)
http://www.openbsd.org/cgi-bin/cvs
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/ipsec_output.c.diff?r1=1.25;r2=1.41;f=h
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/ipsec_output.c.diff?r1=1.28;r2=1.29;f=h
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/ipsec_output.c.diff?r1=1.30;r2=1.31;f=h
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/ipsec_output.c.diff?r1=1.40;r2=1.41;f=h
http://nixdoc.net/man-pages/openbsd/man9/m_inject.9.html
http://fxr.watson.org/fxr/source/kern/uipc_mbuf.c?v=OPENBSD#L925
The wiki:
OPENBSD IPSEC CODE AUDIT
Original Post http://marc.info/?l=openbsd-tech&m=129236621626462&w=2
inet code repo http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/
etherpad for collaboration http://piratenpad.de/condition-beige
Current Status: Backdoor is NOT confirmed. 2010/12/14 21:34
The allegations are very broad. They may not even be true. At this time, the authenticity of the e-mail from Mr. Perry has not been proven. (2010/12/14 22:01)
Please link to any information you may have so that the community can keep up with this important issue.
This wiki was set up by #openbsd IRC channel and is not “official.”
Reviews In Progress
Mephux and Terracotta http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/ip_ah.h?r1=1.24.2.1#rev1.24.2.1
Flagged For Concern
None Yet
Reviews With An Outcome
None Yet
It also makes any victory or defeat in this case entirely hollow. This case will not change what is legal in relation to copyright law, but merely what you get to weasel out of.
Duh. It's a courtroom, not the parliament. You don't make law there, you enforce it. Imagine if any random murder trial could legalize murder.
If you want to change law, you don't do it on the defentants' seat.
This is frankly not true in the United States. Jury Nullification, though obscure, is a very balancing and necessary part of trial by a jury of peers. http://en.wikipedia.org/wiki/Jury_nullification
"If I do not want others to quote me, I do not speak." -- Phil Wayne