> > More to the point, I think it wouldn't be an NDA, but a security > > classification on the knowledge of the backdoors, and probably one not > > subject to automatic downgrading. > > Please pardon my ignorance on the matter as I am not involved in any way > with Open Source development, but it stands to reason that anything of this > sort would have been scrutinized by the many developers involved with > OpenBSD and surely would have been discovered at some point. And to further > that point, is this not something that can be verified now if this code is > still in the public domain? Or is writing a crypto stack such an esoteric > task that only a relegated few can possibly decipher the inner workings?
See Ken Thompson's classic paper "Reflections on trusting trust", http://en.wikipedia.org/wiki/Backdoor_(computing)#Reflections_on_Trusting_Trust http://cm.bell-labs.com/who/ken/trust.html > Not that I don't love a good government conspiracy theory, and yes I do > believe there are a fair amount of backdoors in most code (including that of > many private and publicly held corporations)... but open source? Just seems > unlikely to me based on my limited understanding... The world is not that simple. Steinar Haug, Nethelp consulting, sth...@nethelp.no
