I don't know how reasonable it is, but the attitude of the WireGuard maintainer in that thread really puts me off using it. Call it the de Raadt effect.
Did it put you off using openssh/openvpn/libressl/etc? Is there the Torvalds effect? Let maintainers express their discontent in the form they prefer.
I see how @zx2c4 might be concerned about possible reputation risks due to the release of this closed-source implementation at the earliest WireGuard stage. Given that the author of TunSafe is not a security expert. Especially if (suddenly) TunSafe turns out to have security flaws, right before the WireGuard team releases an official open-sourced implementation. However, WG is an open protocol, and @ludde has the right to develop and sell whatever he wants on its basis.
It didn't stop me using them, but it certainly is off-putting. It's not a black and white issue though. The value I get from Linux easily outweighs any issues from Linus being a bit of a knob. I'm also unlikely to have to deal with Linus as a user. WireGuard, on the other hand, is a small project where the maintainer jumps in to discussions on HN. If that's how he behaves here, I'd rather not have to deal with that if I have a support question.
How, specifically? Are they immature for suggesting against using a closed-source implementation of the WireGuard protocol? Is your concern their tone about said implementation?
You are not alone, see the following exchange on LKML, where Donenfeld immediately "disciplines" another subscriber for asking some minor question that was not 100% on topic:
Same here. I was planning on using WG for personal infra and was actively routing for it in a corp environment, but his attitude has put me off. I'm sticking with OpenVPN for the time being.
I use viscosity as my openvpn client on macs. I love Viscosity and was planning on asking them to support WG. Not anymore though... The author seems to be stuck in a past where closed source vs open source was a binary decision. We've gone past that point in history.
It's one thing to say "I can't or won't vet a closed source client, so I can't officially support it" and another to actively advise against it.
On the other had TunSafe could hire a well-known third party agency to go through the source and vet the agency for security holes. That would add back and credibility taken away by the way the author responded. Since the project is open-source, if I had the resources, I might go as far as pay the same agency to vet both close-source client and the open source server implementation... But we're not talking about Cisco/Juniper/Major-Vendor here, so I don't see that happening.
@ptacek (or anyone else working on this space) how much would it cost to vet wireguard for security holes? Is there a standard way of charging (e.g. per lines of code) or depends on multiple variables?
ps. Asking ptacek because of his prev comments [1].
I didn't realize there were some real efforts underway for cross platform support - that makes wg much more interesting (for my use-cases). Good to know! (I can live with higher performance linux-linux than linux-windows, mac-linux, linux-bsd etc; but forcing the need for a Linux "vpn router" as a vm or physical box is a tough sell. Not to mention a need for a real client for smart phones, though I suppose it should be possible to run wg on a rooted/custom rom Android phone, it'd be nice to have regular Android and ios clients).
Subscribed to the Wireguard mailing list for a while and the author seems very friendly, even to help requests that are really .. stretching what a mailing list should be for.
Yes, this reply was rather harsh, but if there's someone who jumps on a somewhat popular project and implements (competing, it seems cross platform clients are 'coming soon') commercial/closed source clients than I do understand some .. frustration.
On top of that: Both the author of TunSafe and Wireguard seems to agree that - at least on Windows - TunSafe requires a rather scary tun driver?
If you've created a new open protocol I'd imagine most people would welcome new implementations, especially on platforms that you don't currently support.
He doesn't seem to feel good about a closed source implementation completely disconnected from the project, for a protocol that is as of now unreleased, only releases snapshots with large warnings to not yet depend on it.
The attitude makes sense to me, from a developer's point of view (Will TunSafe follow Wireguard changes closely? How sound is it, compared to the project's own codebase?) and a project's/personal point of view: Someone invests a lot of time into Wireguard and before it's "ready" someone else builds closed source clients with a fancy website for the two biggest operating systems. YMMV.
There’s a difference between liking someone (which doesn’t really matter) and trusting their judgement (which is what I think folks mean here). I feel it’s somewhat important for the later to be true, especially with security related software.
Is there evidence that this generally leads to more security vulnerabilities? Is there evidence that specifically in WG, Jason's (technical) judgement has been flawed?
(I think the answer is "no" in both cases. Disclaimer: my company also donated to WG development, specifically to get cross-platform support :))