Jason A. Donenfeld wrote:
=

> Please stay away from this software, and generally be= wary of > closed-source WireGuard implementations trying to fi= ll the void. This > one was written by a community-unfriendly pro= prietary author, and > we've got little way of ensuring protocol compli= ance or basic > security. Especially from my discussions from him= , it's clear what > he's up to, and this seems like some nast= iness. Should I spend my time > reverse engineering this software and discovering ze= ro-days? Probably > not a good use of my time, despite my usual love of = this sort of thing.

First of all could you change tone a lit= tle bit, personal attacks and

ruden= ess do not have a place in those discussions unles= s you actually

back them up = with facts.

= Never once during our IRC chat did I say something negative= about you,

instead I wrote several= times that WireGuard was fanastic and you're

<= font color=3D"#000000" face=3D"monospace, monospace">an inspiring person.

I'd be happy to share IR= C logs of our brief communication with this list

to prove my point, but your attitude= appears to be that everything that

is not open= source, and hosted under the WireGuard brand/webpage, is=

community-unfriendly and nas= ty. Is that what you mean by community

unfriend= ly?

I said tha= t if I release TunSafe I probably want it under my own = name,

on my own website, where I'm free= to develop the project in any

direction I want= , without pressure to release it as open source.

I don't want to spend weeks or <= /span>months building a clie= nt for it to end

up on so= me semi-hidden place on wireguard.com=C2=A0just because you

prefer Rust or Go,=C2=A0where= my contribution may get diminished int= o

nothing at all.

<= div>How would you deal with Microsoft if they wanted to add a cl= osed

source implementation of WireGuard in = Windows. Would they also

be considered a commun= ity-unfriendly proprietary author with a

clear= agenda of nastiness?

Is this how you envision how things would work should WireGuard

become a future RFC / Internet S= tandard? The only accepted

implementation would= be that one from yourself? No companies

would = be allowed to implement it or take part in discussions?

This is not how Internet protocols typically wor= k.

Given these constraints, I= 9;m happy to participate in whatever

proto= col discussions or community related questions that I'm

in the capacity to answer or contribute to.

I totally understand you= r point about open source applications

being easier to audit, especially important when= it's related

to security. I share this view, and will address it eventually,

in some way. Eith= er just the wireguard protocol layer or the

whole UI too.

Though, your behavi= or this past day has confirmed even more that

= I'm not interested in being a slave in a dictatorship= . You've

ignored my attem= pts at communications for 2 weeks. You ban me

= from #wireguard IRC even though I haven't talked ther= e for weeks,

but just because I'm in there = and not being as much of a die-hard

open-source evangelist as you are.

Jason A. D= onenfeld wrote:

> This isn't the sou= rce code of tunsafe. This is the source code of the > OpenVPN Windows tuntap kernel driver, which has been hacked up in > various ways for tunsafe. That's a supe= r scary driver, by the way.

Incorrect. The driver files are not modified at all. They still

carry OpenVPN's codesigning s= ignature. You can see this on the

driver install prompt:

https://tunsafe.com/img/quickstart-d= river-confirm.png

I agree that the driver is scary, I think I even found some=C2= =A0

potent= ial OOB=C2=A0memory = accesses in it from a quick glance. However,=C2=A0

this is the best driver the=C2=A0<= /span>community has at this= point in time,

and even your own userspace=C2=A0implementations of WG use it. I'd

<= span style=3D"font-family:monospace,monospace">be happy to improve it but t= hen I need an expensive driver

codesigning=C2=A0certificate in order to load it into the kernel.<= /font>

/Ludde

--94eb2c1c1ce2493a530566b497f9-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Jason@zx2c4.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id de075416 for ; Tue, 6 Mar 2018 09:07:31 +0000 (UTC) Received: from frisell.zx2c4.com (frisell.zx2c4.com [192.95.5.64]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 55f6973f for ; Tue, 6 Mar 2018 09:07:31 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 165f689c for ; Tue, 6 Mar 2018 08:58:39 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id d4967cf9 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO) for ; Tue, 6 Mar 2018 08:58:38 +0000 (UTC) Received: by mail-ot0-f182.google.com with SMTP id n74so17708692ota.1 for ; Tue, 06 Mar 2018 01:16:50 -0800 (PST) MIME-Version: 1.0 In-Reply-To: References: From: "Jason A. Donenfeld" Date: Tue, 6 Mar 2018 10:16:49 +0100 Message-ID: Subject: Re: Tunsafe Windows client for wireguard (not opensource yet they say To: Ludvig Strigeus Content-Type: text/plain; charset="UTF-8" Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , On Tue, Mar 6, 2018 at 2:44 AM, Ludvig Strigeus wrote: > The driver files are not modified at all. They still > carry OpenVPN's codesigning signature. Both good and bad to hear. That's a really really flaky driver, and it _does_ need to be hacked to pieces, removing tons of things, in order for it to be real software someone would want to run. On the other hand, at least you get code signing for free. > First of all could you change tone a little bit, personal attacks and > rudeness do not have a place in those discussions unless you actually > back them up with facts. There are no personal attacks. I don't know much about you, beyond uTorrent and adware. Rather, my comments are in relation to your software -- which doesn't implement the protocol correctly and has security issues. (Your stripped binaries really wasted way too much time, by the way.) It's not safe for users to use. I've got a duty to such users to inform them when these types of security and interoperability issues crop up. > but your attitude appears to be that everything that > is not open source, and hosted under the WireGuard brand/webpage, is > community-unfriendly and nasty. Is that what you mean by community > unfriendly? No I think the notion is a bit different than that. This community here looks very closely at design decisions and implementations, making sure we deliver secure software of high quality. Part of that means working together and doing extensive code reviews and sharing source code. Another part of that is keeping things unified as one single project. From the beginning you've seemed interested in bifurcation, and releasing hastily written software with little review quickly. > probably want it under my own name, > on my own website, where I'm free to develop the project in any > direction I want Sounds to be like an interoperability and compatibility disaster in the making, NIH gone bad. > I don't want to spend weeks or months building a client for it to end > up on some semi-hidden place on wireguard.com just because you > prefer Rust or Go, where my contribution may get diminished into > nothing at all. Actually that's not the case at all. On a personal note, I've spent decades writing C++, and I'm surprisingly fond of it, despite its warts. I used to keep Stroustrup's book on the back of the toilet for casual perusing. We have a Rust and a Go implementation because those are what's been contributed by volunteers, and have the nice aspect of being somewhat "safer" to write code in, especially Rust. Aside from your flamebait email here, I (and other developers working on WireGuard) still would be happy to work with you on the codebase to ensure that it's written securely and compatibly, doing regular releases as WireGuard software. But indeed that would mean working with the community and doing things under one roof, not running off and shipping bad bits. > How would you deal with Microsoft if they wanted to add a closed > source implementation of WireGuard in Windows. Would they also > be considered a community-unfriendly proprietary author with a > clear agenda of nastiness? I'm pretty confident Microsoft would pick a reasonable strategy for working with us here and releasing code responsibility. It's true they have that classic history of "embrace, extend, extinguish" (is the new CEO different? maybe?), but knowing some people working on their security teams and crypto teams who would likely be implementing this kind of thing, maybe this wouldn't happen? Or that's being too optimistic? I oscillate between thinking recent github-friendly and linuxsubsystem-writing Microsoft has really changed itself since the 2000s, and thinking this is just naivete on my part. So, who knows what they'd do. One can dream I suppose. > The only accepted > implementation would be that one from yourself? No companies > would be allowed to implement it or take part in discussions? > This is not how Internet protocols typically work. Actually no. There are several people working on several implementations. This list here has extensive discussion about different features, and the design of the protocol has, in extremely large part, been driven by this mailing list. We're a quite open community. > to security. I share this view, and will address it eventually, > in some way. Either just the wireguard protocol layer or the > whole UI too. That's great to hear. I look forward to you open sourcing your project, and we can get to work in earnest on it once this happens. > I'm not interested in being a slave in a dictatorship. That's a pretty offensive and outrageous way of describing any of this. We're an open source project of volunteers. Lots of people are doing their invaluable part and contributing invaluable time. At least two of us are doing this more or less full-time, because we want to. Others are doing this between jobs or between classes or between military deployments. We're all volunteers, working to do this the best we can. > You've > ignored my attempts at communications for 2 weeks. That's an odd thing to say. The last messages I have from you are you indicating to me you're going to go the closed source way, and then nothing after that for quite some time. In case IRC is irreliable for me or for you, I prefer we speak privately over email -- jason@zx2c4.com usually works well these days. > You ban me > from #wireguard IRC even though I haven't talked there for weeks As said prior, there's little interest in inundating users with proprietary insecure software, not to mention freenode having some policies about proprietary software. If you decide you'd like to open source it at some point, rather than putting ads on it or selling it like you've done in the past with software, we can talk. But insofar as you're putting users in harm's way and fragmenting the project, I ask that you stay away from these parts. Nobody is interested in insecure software. Yet in spite of your to-date brazenness, I'm still willing to work with you if you'd like to turn things around. Shoot me an email if you'd like to talk about open sourcing this work and integrating with the community. Regards, Jason From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: steffan@karger.me Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 2f197bbf for ; Tue, 6 Mar 2018 12:23:38 +0000 (UTC) Received: from mail-qt0-f176.google.com (mail-qt0-f176.google.com [209.85.216.176]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 97adb50f for ; Tue, 6 Mar 2018 12:23:37 +0000 (UTC) Received: by mail-qt0-f176.google.com with SMTP id c7so24305560qtn.3 for ; Tue, 06 Mar 2018 04:32:59 -0800 (PST) MIME-Version: 1.0 In-Reply-To: References: From: Steffan Karger Date: Tue, 6 Mar 2018 13:32:39 +0100 Message-ID: Subject: Re: Tunsafe Windows client for wireguard (not opensource yet they say To: Ludvig Strigeus Content-Type: text/plain; charset="UTF-8" Cc: wireguard@lists.zx2c4.com List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Hi Ludvig, On 6 March 2018 at 02:44, Ludvig Strigeus wrote: > Jason A. Donenfeld wrote: >> This isn't the source code of tunsafe. This is the source code of the > >> OpenVPN Windows tuntap kernel driver, which has been hacked up in > various >> ways for tunsafe. That's a super scary driver, by the way. > > Incorrect. The driver files are not modified at all. They still > carry OpenVPN's codesigning signature. You can see this on the > driver install prompt: > https://tunsafe.com/img/quickstart-driver-confirm.png > > I agree that the driver is scary, I think I even found some > potential OOB memory accesses in it from a quick glance. However, > this is the best driver the community has at this point in time, > and even your own userspace implementations of WG use it. I'd > be happy to improve it but then I need an expensive driver > codesigning certificate in order to load it into the kernel. Please report any issues you find in the tap-windows driver to security@openvpn.net, so those can be fixed and many more people can profit from your work. In the same train of thought: you don't need a code signing certificate to improve the driver, you are more than welcome to work with the openvpn community to improve it (I expect, I don't actually work on tap-windows myself). Just send your patches to openvpn-devel@lists.sourceforge.net, or discuss your plans beforehand on the list if you want confirmation that your plans are okay with the community. Then wait for the next OpenVPN release to get your signed binary :) -Steffan