[Openswan Users] openbsd ipsec backdoor rumors

Michael H. Warfield mhw at WittsEnd.com
Tue Dec 14 19:47:31 EST 2010

On Tue, 2010-12-14 at 18:49 -0500, Paul Wouters wrote: 
> FYI.
> As a side note, I do think the freeswan IPsec stack pre-dated the
> openbsd one, I would have to closely verify release dates.

According to John Gilmore's post years ago, it looks like FreeS/WAN 1.0
was released back in April of 1999 which probably predated the BSD stack
but it's unclear from Theo's post if he is saying the contributions were
made in 2000-2001 or that their first release was.

IIRC...  There were a number of pre-1.0 releases before that as well...

That was back in the bad old days of ITAR pre EAR when I was not even
allowed to contribute code for fear of contaminating the code base with
US based code and subjected it to US restrictions per Canadian
regulations and treaties.

In April 1999, we released version 1.00 of the software, which is
suitable for setting up Virtual Private Networks using shared secrets
for authentication

Actually, a little extra digging and the first OpenBSD release with
IPSec incorporated into the kernel was back in 1997 so my guess is that
he has us there.  I would have to give him that one.  Especially
considering that his was incorporated into the OpenBSD kernel while the
FreeS/WAN could not be incorporated into Linux due to export
restrictions on the US based mirrors and servers.


> http://marc.info/?l=openbsd-tech&m=129236621626462&w=2
> List:       openbsd-tech
> Subject:    Allegations regarding OpenBSD IPSEC
> From:       Theo de Raadt <deraadt () cvs ! openbsd ! org>
> Date:       2010-12-14 22:24:39
> Message-ID: 201012142224.oBEMOdWM031222 () cvs ! openbsd ! org
> [Download message RAW]
> I have received a mail regarding the early development of the OpenBSD
> IPSEC stack.  It is alleged that some ex-developers (and the company
> they worked for) accepted US government money to put backdoors into
> our network stack, in particular the IPSEC stack.  Around 2000-2001.
> Since we had the first IPSEC stack available for free, large parts of
> the code are now found in many other projects/products.  Over 10
> years, the IPSEC code has gone through many changes and fixes, so it
> is unclear what the true impact of these allegations are.
> [...]
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/users/attachments/20101214/464aab0d/attachment.bin 

More information about the Users mailing list