On the other hand, IV chaining would make a fantastic backdoor if you were able to brute-force 56-bit keys. Let's see, EFF did that for $250,000 in 1998? That leaves one budget cycle between it being public knowledge and the alleged contract work. http://en.wikipedia.org/wiki/EFF_DES_cracker
I don't think OpenBSD ever recommended the use of single-DES. All the effort of having development outside the USA was to ensure that OpenBSD supported strong crypto without export encumbrances.
Good point, 56 bit crypto is so broken anyway it hardly needs a backdoor. But looking at the dates on the RFCs, 3DES had only been standardized for a couple of years. It's plausible that the intended users didn't know, or they could be convinced, that they were required to use 56-bit DES.
