On Tue, Nov 15, 2005 at 01:37:04PM +0100, Dries Schellekens wrote:
> 
> OpenBSD has audited their IKE parsing code early 2004 and thus is not 
> vunerable:
> http://marc.theaimsgroup.com/?l=openbsd-misc&m=113199092403670&w=2

Is this merely their claim, or do they pass the test suite?  We've seen
cases of OpenBSD not just missing but _introducing_ bugs during audit
in the past.

Of more relevance here is the fact that OpenBSD uses a completely
different IKE implementation than IPsec-tools and KAME, so one would
not, at least, expect to find the _same_ bugs in both.

-- 
 Thor Lancelot Simon	                                      tls@rek.tjls.com

"The inconsistency is startling, though admittedly, if consistency is to be
 abandoned or transcended, there is no problem."		- Noam Chomsky