From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qt0-x235.google.com (mail-qt0-x235.google.com [IPv6:2607:f8b0:400d:c0d::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 8A4363B29E for ; Thu, 2 Aug 2018 15:04:26 -0400 (EDT) Received: by mail-qt0-x235.google.com with SMTP id f18-v6so3506850qtp.10 for ; Thu, 02 Aug 2018 12:04:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=MEMik7nXTT6T+iamCEqTBbkTUSOo8uklsKB8SvHrVb4=; b=GI8eoihpq3ErXHEjoaZHE9MbbKbarZR201MoqeaoA1jVyyCvJfm+SJ5FpIx1Vy1Te+ xRLN6G+m7fAmDK6e9noPuQpdH6WzXiZD9DUGo9wxvx18z+E/9PMeaYvzBIJoOByRxXiZ dLDZ8K7u40iJt5c01Zohb1TJjNqOl+iSNRPgs8D/quncn01rOrXwG0paLMwsSNEl1mr5 Dd84z8XLeaM3SSwlskJ1d7z6FwvrcB916XRvv7DZdV0tEY+taERcZJ6GhJqMsuQXBVEJ /yBAOPG0DnzxP59J+LsRbmK6nVMFZgxflV1tR5vDIE32lvkDbqkll5+YGAwtz3QEd7A5 y9bg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=MEMik7nXTT6T+iamCEqTBbkTUSOo8uklsKB8SvHrVb4=; b=O7AgiHRn22MVTMGCPCClx1DNyhD1i1crmhgsxMgoMLm5NmaseDVkRM8GjBtAAWrhFn Fg9riZb+3/uUt2VcVrMm5+vVCNxvDv3zLoiJzKGX4/DIAkPq8H8yOWUiujQp1ZDSPjYb XGInr4gMHNQ3hMFMjokJvXelFEpXIcmysx7M4bhOGCZ0HTSCd7NTbjsPXicb2CfWsEab JdsiTD7EnCQo5RCDo6q1uaLdFrg/2vxoIuKiL3eYwQTF2SNv0oW9K0DgCbGuOtfXxFWd x/u2cveGqAoLBX6H+l4cBjm3MwrYunA6LPB7FmAAX17SgV9HFoaKuCaFg1H2/C3daAqB wQ4A== X-Gm-Message-State: AOUpUlG4E6Lf3F+hXdOM+gRPn8PPP8w8UZJ/XYVa4+n2Jz+cxJzcPZP0 mnpwDwgfUy5mYH0Aj+aRJX3KpfcRWLxSoKOr55w= X-Google-Smtp-Source: AAOMgpcDbnMBOEJJxV2YBGCxvTgBR50ea5abf3VrO1H1c4jzVmzqXR2qm90nxsIJl+IsEpWwltHxlu+r42Jl8/xYyKk= X-Received: by 2002:ac8:354e:: with SMTP id z14-v6mr769910qtb.261.1533236666107; Thu, 02 Aug 2018 12:04:26 -0700 (PDT) MIME-Version: 1.0 References: <20180801.213753.1303803168352407122.davem@davemloft.net> <1533235812.1032775@apps.rackspace.com> In-Reply-To: <1533235812.1032775@apps.rackspace.com> From: Dave Taht Date: Thu, 2 Aug 2018 12:04:47 -0700 Message-ID: To: dpreed@deepplum.com Cc: cerowrt-devel@lists.bufferbloat.net, "Jason A. Donenfeld" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: Re: [Cerowrt-devel] linus vs wireguard X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2018 19:04:26 -0000 Dear David: I would dearly like to find some folk to redteam wireguard before it hits the kernel. Know anyone? In particular I wonder how the container-space can be attacked. ( https://www.wireguard.com/#ready-for-containers ) On Thu, Aug 2, 2018 at 11:50 AM dpreed@deepplum.com w= rote: > > Please note that my comments are from someone who, unlike Edge Security, = has been involved in secure systems design off and on since 1973, not 2003 = which is the level of expertise claimed by Edge Security. And I think I am = the first person to write an automated system kernel exploit generation too= l at about that time, working on the Multics Security Kernel project. The e= xplotss generated searched for cases where the kernel entry points were sen= sitive to concurrent changes in other processors, just like Spectre and Mel= tdown exploit concurrent microarchitecture stuff. > > This is why putting complexint in the hands of kernel developers who shar= e a single protection domain (the kernel) is REALLY dangerous. It's not a t= heoretical pedantic issue. > > But hey, Linus doesn't give a shit. > > -----Original Message----- > From: "Dave Taht" > Sent: Thursday, August 2, 2018 2:26pm > To: cerowrt-devel@lists.bufferbloat.net > Subject: [Cerowrt-devel] linus vs wireguard > > ---------- Forwarded message --------- > From: Linus Torvalds > Date: Thu, Aug 2, 2018 at 11:19 AM > Subject: Re: [GIT] Networking > To: David Miller > Cc: Andrew Morton , Network Development > , Linux Kernel Mailing List > > > > On Wed, Aug 1, 2018 at 9:37 PM David Miller wrote: > > > > Fixes keep trickling in: > > Pulled. > > Btw, on an unrelated issue: I see that Jason actually made the pull > request to have wireguard included in the kernel. > > Can I just once again state my love for it and hope it gets merged > soon? Maybe the code isn't perfect, but I've skimmed it, and compared > to the horrors that are OpenVPN and IPSec, it's a work of art. > > Linus > > > -- > > Dave T=C3=A4ht > CEO, TekLibre, LLC > http://www.teklibre.com > Tel: 1-669-226-2619 > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel > > --=20 Dave T=C3=A4ht CEO, TekLibre, LLC http://www.teklibre.com Tel: 1-669-226-2619