From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: strigeus@gmail.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id c9801824 for ; Tue, 6 Mar 2018 01:35:44 +0000 (UTC) Received: from mail-ot0-f177.google.com (mail-ot0-f177.google.com [74.125.82.177]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 620c9f42 for ; Tue, 6 Mar 2018 01:35:44 +0000 (UTC) Received: by mail-ot0-f177.google.com with SMTP id g97so16883738otg.13 for ; Mon, 05 Mar 2018 17:45:02 -0800 (PST) MIME-Version: 1.0 From: Ludvig Strigeus Date: Tue, 6 Mar 2018 02:44:31 +0100 Message-ID: Subject: Re: Tunsafe Windows client for wireguard (not opensource yet they say To: wireguard@lists.zx2c4.com Content-Type: multipart/alternative; boundary="94eb2c1c1ce2493a530566b497f9" List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --94eb2c1c1ce2493a530566b497f9 Content-Type: text/plain; charset="UTF-8" Jason A. Donenfeld wrote: > Please stay away from this software, and generally be wary of > closed-source WireGuard implementations trying to fill the void.* This **> one was written by a community-unfriendly proprietary author*, and > we've got little way of ensuring protocol compliance or basic > security. *Especially from my discussions from him, it's clear what **> he's up to, and this seems like some nastiness.* Should I spend my time > reverse engineering this software and discovering zero-days? Probably > not a good use of my time, despite my usual love of this sort of thing. First of all could you change tone a little bit, personal attacks and rudeness do not have a place in those discussions unless you actually back them up with facts. Never once during our IRC chat did I say something negative about you, instead I wrote several times that WireGuard was fanastic and you're an inspiring person. I'd be happy to share IRC logs of our brief communication with this list to prove my point, but your attitude appears to be that everything that is not open source, and hosted under the WireGuard brand/webpage, is community-unfriendly and nasty. Is that what you mean by community unfriendly? I said that if I release TunSafe I probably want it under my own name, on my own website, where I'm free to develop the project in any direction I want, without pressure to release it as open source. I don't want to spend weeks or months building a client for it to end up on some semi-hidden place on wireguard.com just because you prefer Rust or Go, where my contribution may get diminished into nothing at all. How would you deal with Microsoft if they wanted to add a closed source implementation of WireGuard in Windows. Would they also be considered a community-unfriendly proprietary author with a clear agenda of nastiness? Is this how you envision how things would work should WireGuard become a future RFC / Internet Standard? The only accepted implementation would be that one from yourself? No companies would be allowed to implement it or take part in discussions? This is not how Internet protocols typically work. Given these constraints, I'm happy to participate in whatever protocol discussions or community related questions that I'm in the capacity to answer or contribute to. I totally understand your point about open source applications being easier to audit, especially important when it's related to security. I share this view, and will address it eventually, in some way. Either just the wireguard protocol layer or the whole UI too. Though, your behavior this past day has confirmed even more that I'm not interested in being a slave in a dictatorship. You've ignored my attempts at communications for 2 weeks. You ban me from #wireguard IRC even though I haven't talked there for weeks, but just because I'm in there and not being as much of a die-hard open-source evangelist as you are. Jason A. Donenfeld wrote: > This isn't the source code of tunsafe. This is the source code of the > OpenVPN Windows tuntap kernel driver, *which has been hacked up in **> various ways for tunsafe*. That's a super scary driver, by the way. Incorrect. The driver files are not modified at all. They still carry OpenVPN's codesigning signature. You can see this on the driver install prompt: https://tunsafe.com/img/quickstart-driver-confirm.png I agree that the driver is scary, I think I even found some potential OOB memory accesses in it from a quick glance. However, this is the best driver the community has at this point in time, and even your own userspace implementations of WG use it. I'd be happy to improve it but then I need an expensive driver codesigning certificate in order to load it into the kernel. /Ludde --94eb2c1c1ce2493a530566b497f9 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Jason A. Donenfeld wrote:
=
> Please stay away from this software, and generally be= wary of > closed-source WireGuard implementations trying to fi= ll the void. This > one was written by a community-unfriendly pro= prietary author, and > we've got little way of ensuring protocol compli= ance or basic > security. Especially from my discussions from him= , it's clear what > he's up to, and this seems like some nast= iness. Should I spend my time > reverse engineering this software and discovering ze= ro-days? Probably > not a good use of my time, despite my usual love of = this sort of thing.

First of all could you change tone a lit= tle bit, personal attacks and
ruden= ess do not have a place in those discussions unles= s you actually
back them up = with facts.

= Never once during our IRC chat did I say something negative= about you,
instead I wrote several= times that WireGuard was fanastic and you're
<= font color=3D"#000000" face=3D"monospace, monospace">an inspiring person.

I'd be happy to share IR= C logs of our brief communication with this list
to prove my point, but your attitude= appears to be that everything that
is not open= source, and hosted under the WireGuard brand/webpage, is=
community-unfriendly and nas= ty. Is that what you mean by community
unfriend= ly?

I said tha= t if I release TunSafe I probably want it under my own = name,
on my own website, where I'm free= to develop the project in any
direction I want= , without pressure to release it as open source.
I don't want to spend weeks or <= /span>months building a clie= nt for it to end
up on so= me semi-hidden place on wireguard.com=C2=A0just because you
prefer Rust or Go,=C2=A0where= my contribution may get diminished int= o
nothing at all.

<= div>How would you deal with Microsoft if they wanted to add a cl= osed
source implementation of WireGuard in = Windows. Would they also
be considered a commun= ity-unfriendly proprietary author with a
clear= agenda of nastiness?

Is this how you envision how things would work should WireGuard
become a future RFC / Internet S= tandard? The only accepted
implementation would= be that one from yourself? No companies
would = be allowed to implement it or take part in discussions?
This is not how Internet protocols typically wor= k.

Given these constraints, I= 9;m happy to participate in whatever
proto= col discussions or community related questions that I'm
in the capacity to answer or contribute to.
=
I totally understand you= r point about open source applications
being easier to audit, especially important when= it's related
to security. I share this view, and will address it eventually,
in some way. Eith= er just the wireguard protocol layer or the
whole UI too.

Though, your behavi= or this past day has confirmed even more that
= I'm not interested in being a slave in a dictatorship= . You've
ignored my attem= pts at communications for 2 weeks. You ban me
= from #wireguard IRC even though I haven't talked ther= e for weeks,
but just because I'm in there = and not being as much of a die-hard
open-source evangelist as you are.

Jason A. D= onenfeld wrote:
> This isn't the sou= rce code of tunsafe. This is the source code of the > OpenVPN Windows tuntap kernel driver, which has been hacked up in > various ways for tunsafe. That's a supe= r scary driver, by the way.

Incorrect. The driver files are not modified at all. They still
carry OpenVPN's codesigning s= ignature. You can see this on the
driver install prompt:

I agree that the driver is scary, I think I even found some=C2= =A0
potent= ial OOB=C2=A0memory = accesses in it from a quick glance. However,=C2=A0
this is the best driver the=C2=A0<= /span>community has at this= point in time,
and even your own userspace=C2=A0implementations of WG use it. I'd
<= span style=3D"font-family:monospace,monospace">be happy to improve it but t= hen I need an expensive driver
codesigning=C2=A0certificate in order to load it into the kernel.<= /font>

/Ludde


--94eb2c1c1ce2493a530566b497f9--