Thanks - I wouldn’t have seen that. Interesting that they decided to keep their implementation independent, but I don’t think I’m quite as pessimistic as Jason about that. I think there’s value to the Wireguard ecosystem to have truly independent implementations, it keeps everyone true to the spec rather than letting the protocol drift to implementation defined.
Maybe? Or cloudflare could implement something that looks/smells like wireguard but is less secure, or includes cloudflare-specific features that are not in the spec, causing incompatibilities/confusion for users. I could see this easily going both ways. Only time will tell.
For sure, I hear you and I do think the concern you and Jason have is valid. I’m trying to be a bit less skeptical in this case if for no other reason than to be consistent with my view on web (HTML/CSS) implementations. I’d be the first to jump to advocate for Firefox as our defense against a monopolistic implementation of the Web as defined by Chromium/Google. Here certainly Jason is the smaller player so the power dynamics are different but I still think there’s positive opportunities from having two independent implementations in the ecosystem.
However, benchmarks quickly showed that wireguard-go falls very short of the performance offered by the kernel module. This is because while the Go language is very good for writing servers, it is not so good for raw packet processing, which a VPN essentially does.
Is the difference between Go versus Rust really that big? I would suspect the difference between kernel and userland is way bigger.
Rust is a modern, safe language that is both as fast as C++ and is arguably safer than Go (it is memory safe and also imposes rules that allow for safer concurrency), […].
Interesting point about Rust being arguably safer than Go.
Go is pretty fast and more than enough for lots of tasks, especially in its niche of higher-level network-bound servers.
However, in this case there’s a bunch of cryptography, packet parsing and shuffling of data from one place to another, where LLVM optimized code, zero-cost abstractions and no-GC memory slices shine.
It just means they can’t call it “wireguard”, which I suspect is why the name is BoringTun and not something more wireguard-ey. Trademark prevents other people from using your name (or logo or whatever) to make it seem as if something they’re selling came from you. It prevents me from calling my webmail service “gmail”, but it doesn’t prevent me from saying “gmail-compatible” or whatever.
See https://lists.zx2c4.com/pipermail/wireguard/2019-March/004048.html for Jason Donenfeld’s response.
Thanks - I wouldn’t have seen that. Interesting that they decided to keep their implementation independent, but I don’t think I’m quite as pessimistic as Jason about that. I think there’s value to the Wireguard ecosystem to have truly independent implementations, it keeps everyone true to the spec rather than letting the protocol drift to implementation defined.
Maybe? Or cloudflare could implement something that looks/smells like wireguard but is less secure, or includes cloudflare-specific features that are not in the spec, causing incompatibilities/confusion for users. I could see this easily going both ways. Only time will tell.
For sure, I hear you and I do think the concern you and Jason have is valid. I’m trying to be a bit less skeptical in this case if for no other reason than to be consistent with my view on web (HTML/CSS) implementations. I’d be the first to jump to advocate for Firefox as our defense against a monopolistic implementation of the Web as defined by Chromium/Google. Here certainly Jason is the smaller player so the power dynamics are different but I still think there’s positive opportunities from having two independent implementations in the ecosystem.
Is the difference between Go versus Rust really that big? I would suspect the difference between kernel and userland is way bigger.
Interesting point about Rust being arguably safer than Go.
Go is pretty fast and more than enough for lots of tasks, especially in its niche of higher-level network-bound servers.
However, in this case there’s a bunch of cryptography, packet parsing and shuffling of data from one place to another, where LLVM optimized code, zero-cost abstractions and no-GC memory slices shine.
Does that mean Jason Donenfeld can legally sue them for a noncompliant implementation?
It just means they can’t call it “wireguard”, which I suspect is why the name is BoringTun and not something more wireguard-ey. Trademark prevents other people from using your name (or logo or whatever) to make it seem as if something they’re selling came from you. It prevents me from calling my webmail service “gmail”, but it doesn’t prevent me from saying “gmail-compatible” or whatever.
No, that’s not how trademark works. You are thinking about patent and licensing of patented API.