Otto Moerbeek <otto <at> drijf.net> writes: > Please also check what djm@ wrote in one of the first replies to Theo > original mail: > > http://marc.info/?l=openbsd-tech&m=129237675106730&w=2 > > -Otto
Yep, I did see that one, though that one does focus on (intentional) bugs in the the main crypto stuff, and my suggestion is that's not the location where to look for backdoors. To obvious, to complicated, to much coding required to realize something usefull, etc. There is no need to "break" the crypto stuff, if you can convince the IPSec stack to send you the keys. When you do have the keys, the only thing you have to do is decode the recorded crypted stream. When you are the FBI, you definately have access to intermediate nodes, there's no need to let one of the end-nodes generate the traffic to you. You only need the keys, just take care the IPSec stack will tell you when you ask for it and only when you ask for it with a crafted IPSec init packet.