Subject: Allegations regarding OpenBSD IPSEC Every urban lengend is made more real by the inclusion of real names, dates, and times. Gregory Perry's email falls into this category. I cannot fathom his motivation for writing such falsehood (delusions of grandeur or a self-promotion attempt perhaps?)
I will state clearly that I did not add backdoors to the OpenBSD operating system or the OpenBSD crypto framework (OCF). The code I touched during that work relates mostly to device drivers to support the framework. I don't believe I ever touched isakmpd or photurisd (userland key management programs), and I rarely touched the ipsec internals (cryptodev and cryptosoft, yes). However, I welcome an audit of everything I committed to OpenBSD's tree. I demand an apology from Greg Perry (cc'd) for this accusation. Do not use my name to add credibility to your cloak and dagger fairy tales. I will point out that Greg did not even work at NETSEC while the OCF development was going on. Before January of 2000 Greg had left NETSEC. The timeline for my involvement with IPSec can be clearly demonstrated by looking at the revision history of: src/sys/dev/pci/hifn7751.c (Dec 15, 1999) src/sys/crypto/cryptosoft.c (March 2000) The real work on OCF did not begin in earnest until February 2000. Theo, a bit of warning would have been nice (an hour even... especially since you had the allegations on Dec 11, 2010 and did not post them until Dec 14, 2010). The first notice I got was an email from a friend at 6pm (MST) on Dec 14, 2010 with a link to the already posted message. So, keep my name out of the rumor mill. It is a baseless accusation the reason for which I cannot understand. --Jason L. Wright