Subject: Allegations regarding OpenBSD IPSEC

Every urban lengend is made more real by the inclusion of real names,
dates, and times. Gregory Perry's email falls into this category.  I
cannot fathom his motivation for writing such falsehood (delusions
of grandeur or a self-promotion attempt perhaps?)

I will state clearly that I did not add backdoors to the OpenBSD
operating system or the OpenBSD crypto framework (OCF). The code I
touched during that work relates mostly to device drivers to support
the framework. I don't believe I ever touched isakmpd or photurisd
(userland key management programs), and I rarely touched the ipsec
internals (cryptodev and cryptosoft, yes).  However, I welcome an
audit of everything I committed to OpenBSD's tree.

I demand an apology from Greg Perry (cc'd) for this accusation.  Do
not use my name to add credibility to your cloak and dagger fairy
tales.

I will point out that Greg did not even work at NETSEC while the OCF
development was going on.  Before January of 2000 Greg had left NETSEC.
The timeline for my involvement with IPSec can be clearly demonstrated
by looking at the revision history of:
	src/sys/dev/pci/hifn7751.c (Dec 15, 1999)
	src/sys/crypto/cryptosoft.c (March 2000)
The real work on OCF did not begin in earnest until February 2000.

Theo, a bit of warning would have been nice (an hour even... especially
since you had the allegations on Dec 11, 2010 and did not post them
until Dec 14, 2010).  The first notice I got was an email from a
friend at 6pm (MST) on Dec 14, 2010 with a link to the already posted
message.

So, keep my name out of the rumor mill.  It is a baseless accusation
the reason for which I cannot understand.

--Jason L. Wright

[ message continues ]

On Wed, 15 Dec 2010 10:27:31 -0800

Perhaps,

Promote his domains rank in google or the facebook link? (Does anyone
know if he always puts facebook links in mails)

Wants IPSEC audited for some reason?

Divert devs attention from something else?

If it's one of these reasons or any other alterior motive then that's
just dispicible.

However, NDAs often last for 10 years which either adds weight to
the well thought urban myth theory or to the possibility that it may be

I can't see how this gives you credibility but maybe the people who
worked with you at the time can understand how your evidence supports
what you say.

[ message continues ]

While the whole thing is most likely FUD, Perry did say

  Jason Wright and several other developers were responsible for those
  backdoors, and you would be well advised to review any and all code
  commits by Wright as well as the other developers he worked with
  originating from NETSEC.

so it's not like Jason is the only one.

		Joachim

[ message continues ]

On Thu, Dec 16, 2010 at 4:47 AM, Joachim Schipper


OpenBSD is a great product, but y'all are too easily trolled.

His NDA with the FBI *expired* so he 1) discloses information that's
privileged at the very least and a political stick of dynamite at
worst, 2) discloses it in a private forum to an individual known for
his transparency and total lack of tact, 3) doesn't bother contacting
anyone in the press about it, 4) claims to know various other pundits
are "on the FBI payroll," and 5) claims that the FBI deliberately
compromised an open source project in order to spy on its parent
organization and other government agencies.

Here's a tip: when a government organization works with private
contractors to help them spy on other government organizations, those
NDAs don't fucking expire.

Jesus.

[ message continues ]

That is what I would expect.

From memory, in my part of the World if you did this sort of work for
an intelligence agency, your role and work is kept secret until 40
years *after* your death.

[ message continues ]