Cryptographer Nadim Kobeissi has filed a complaint with The Rust Foundation alleging retaliation after raising concerns about critical vulnerabilities in Rust cryptography libraries and a perceived lack of response from maintainers. The complaint, filed Tuesday, came just hours before Kobeissi was banned from Rust Project Zulip spaces, according to his account of events.
Kobeissi, an applied cryptographer, claims he discovered critical flaws in the hpke-rs crate, including a vulnerability that could allow for full AES-GCM plaintext recovery and message forgery. He asserts that his repeated attempts to publish security advisories through RustSec were dismissed and ultimately led to his banishment from Rust security channels.
“I am an applied cryptographer who discovered critical cryptographic vulnerabilities in the hpke-rs crate, including a nonce-reuse vulnerability enabling full AES-GCM plaintext recovery and forgery,” Kobeissi wrote in his complaint to the Rust Moderation Team and Leadership Council. He further stated that he felt it “extremely important” to have an advisory issued due to the potential impact on widely used software like Signal, OpenMLS, Google products, SSH, and even the Linux kernel.
The dispute extends to Cryspen, a Paris-based cryptographic software firm, and its libcrux-ml-dsa library. Kobeissi publicly criticized Cryspen in a February 5 blog post for fixing a bug without public disclosure or a security advisory, arguing that this lack of transparency was unacceptable for a library marketed as “formally verified.”
Filippo Valsorda, a cryptographer who reported a separate flaw in libcrux-ml-dsa v0.0.3 in November, disputes Kobeissi’s characterization of the situation. According to an email to The Register, Valsorda believes Kobeissi’s handling of the matter was “not in excellent faith or proportional,” and accuses him of attacking Cryspen maintainers. Valsorda and Kobeissi have reportedly been at odds for over a decade.
Cryspen acknowledged Kobeissi’s vulnerability reports, stating in a response cited in his presentation slides that no bugs were found in its verified code. Kobeissi, however, maintains that four vulnerabilities were identified. In an email to The Register, Cryspen conceded, “we did not do great with these advisories,” but emphasized the importance of precise guarantees regarding formal verification.
Kobeissi alleges that RustSec maintainers closed his advisory pull requests without technical justification, silently blocked him from the RustSec GitHub organization, and closed a pending advisory after he discovered he was blocked. He claims the ban message cited “harassment,” a characterization he rejects, stating, “there aren’t any documented instances of me harassing anyone anywhere.”
Valsorda, however, suggests the ban may have been warranted, stating that if the RustSec maintainers chose not to merge Kobeissi’s report or banned him, they likely had a reason. He characterized Kobeissi’s actions as potentially amounting to the harassment of open-source maintainers.
The Rust Foundation acknowledged Kobeissi’s complaint on Friday, stating it would be assessed in line with the Rust Foundation Code of Conduct Policy. As of Friday, The Register had not received a response to a request for comment made to the Rust Foundation on Thursday.
The core of the disagreement centers on the severity of the vulnerabilities and the appropriate response. Valsorda downplayed the hpke-rs vulnerability, stating it only affects applications performing more than four billion encryptions with a single HPKE setup. Kobeissi, however, insists the vulnerability is critical and warrants a public security advisory to allow users to audit their systems.
Kobeissi argues that the lack of transparency and responsiveness from both Cryspen and RustSec highlights a broader challenge in open-source software development: harmonizing behavioral norms and adjudicating disputes within a decentralized community lacking the formal structures of legal recourse. He points to a conflict of interest within the Rust Project’s moderation system, noting that the representative on the Leadership Council is the same individual who issued a public moderation warning against him.
Leave a Reply