Tunsafe Windows client for wireguard (not opensource yet they say

[Ludvig Strigeus]

Jason A. Donenfeld wrote:
> Please stay away from this software, and generally be wary of >
closed-source WireGuard implementations trying to fill the void.* This **>
one was written by a community-unfriendly proprietary author*, and > we've
got little way of ensuring protocol compliance or basic > security. *Especially
from my discussions from him, it's clear what **> he's up to, and this
seems like some nastiness.* Should I spend my time > reverse engineering
this software and discovering zero-days? Probably > not a good use of my
time, despite my usual love of this sort of thing.

First of all could you change tone a little bit, personal attacks and
rudeness do not have a place in those discussions unless you actually
back them up with facts.

Never once during our IRC chat did I say something negative about you,
instead I wrote several times that WireGuard was fanastic and you're
an inspiring person.

I'd be happy to share IRC logs of our brief communication with this list
to prove my point, but your attitude appears to be that everything that
is not open source, and hosted under the WireGuard brand/webpage, is
community-unfriendly and nasty. Is that what you mean by community
unfriendly?

I said that if I release TunSafe I probably want it under my own name,
on my own website, where I'm free to develop the project in any
direction I want, without pressure to release it as open source.
I don't want to spend weeks or months building a client for it to end
up on some semi-hidden place on wireguard.com just because you
prefer Rust or Go, where my contribution may get diminished into
nothing at all.

How would you deal with Microsoft if they wanted to add a closed
source implementation of WireGuard in Windows. Would they also
be considered a community-unfriendly proprietary author with a
clear agenda of nastiness?

Is this how you envision how things would work should WireGuard
become a future RFC / Internet Standard? The only accepted
implementation would be that one from yourself? No companies
would be allowed to implement it or take part in discussions?
This is not how Internet protocols typically work.

Given these constraints, I'm happy to participate in whatever
protocol discussions or community related questions that I'm
in the capacity to answer or contribute to.

I totally understand your point about open source applications
being easier to audit, especially important when it's related
to security. I share this view, and will address it eventually,
in some way. Either just the wireguard protocol layer or the
whole UI too.

Though, your behavior this past day has confirmed even more that
I'm not interested in being a slave in a dictatorship. You've
ignored my attempts at communications for 2 weeks. You ban me
from #wireguard IRC even though I haven't talked there for weeks,
but just because I'm in there and not being as much of a die-hard
open-source evangelist as you are.

Jason A. Donenfeld wrote:
> This isn't the source code of tunsafe. This is the source code of the >
OpenVPN Windows tuntap kernel driver, *which has been hacked up in **>
various ways for tunsafe*. That's a super scary driver, by the way.

Incorrect. The driver files are not modified at all. They still
carry OpenVPN's codesigning signature. You can see this on the
driver install prompt:
https://tunsafe.com/img/quickstart-driver-confirm.png

I agree that the driver is scary, I think I even found some
potential OOB memory accesses in it from a quick glance. However,
this is the best driver the community has at this point in time,
and even your own userspace implementations of WG use it. I'd
be happy to improve it but then I need an expensive driver
codesigning certificate in order to load it into the kernel.

/Ludde
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20180306/67113464/attachment.html>