new rust implementation from cloudflare
Jason A. Donenfeld
Jason at zx2c4.com
Wed Mar 27 15:27:05 CET 2019
Hey folks,
Looks like Cloudflare finally let their WireGuard implementation drop:
https://github.com/cloudflare/boringtun
They've been working on it for some time, and we've discussed this
privately at various points along the way. Each time it came up, I
asked them if they'd consider working with the WireGuard project
itself, and they've repeatedly refused. They have insisted on
remaining separate and expressed that they don't want to work as part
upstream. I expressed various concerns about unity of community and
compatibility of implementations, as well as vision for simplicity and
security, but they were pretty adamant about remaining separate. I
thought the invitation to put their engineers as the head of a
WireGuard subproject was a cool invitation, but alas. That's a bummer,
but that's how it goes; folks are entitled to do what they wish with
software they make. I guess they'll make products or something and
control is important to them; I just hope they don't fragment or
otherwise yank WireGuard in unfortunate directions with their access
to vast engineering resources. It remains to be seen how they'll use
it or what their objectives are.
The reason I think this matters and why their project is relevant is
because WireGuard could really, really use a Rust implementation. Past
developers working on it have flaked out, and we've wound up instead
with a somewhat iffy Go codebase. I haven't read Cloudflare's
implementation yet, and maybe it's garbage, but based on the people
involved, I imagine it's going to turn out to be pretty decent. So,
given the unwillingness of Cloudflare to work as part of upstream and
join our project, and upstream's need for a solid Rust implementation,
we may very well wind up forking it into `wireguard-rs`, to create
something that matches our standards of security and vision. I think
there's significant value in having a first-party Rust implementation
that we can maintain and keep up to date with our ongoing research.
And naturally the door remains open to Cloudflare if they'd like to
work with us.
Reviewing this, assessing our options, and determining whether it's a
good base from which to start will take some time. But as usual, our
progress and development will be in the open, and you're more than
welcome to chime in here or #wireguard if you're interested in getting
involved in one way or another.
Regards,
Jason
More information about the WireGuard
mailing list