Cryptographers engage in war of words over RustSec bug reports and subsequent ban

Summary

Since February, cryptographer Nadim Kobeissi has been trying to get code fixes applied to Rust cryptography libraries to address what he says are critical bugs. For his efforts, he's been dismissed, ignored, and banned from Rust security channels. On Tuesday, Kobeissi filed a complaint with the Rust Moderation Team and Leadership Council over the conduct of RustSec advisory database maintainers. Five hours later, he was banned from Rust Project Zulip spaces. He then escalated his complaint to The Rust Foundation, claiming a Code of Conduct violation and citing the exhaustion of other avenues of redress. "I am an applied cryptographer who discovered critical cryptographic vulnerabilities in the hpke-rs crate, including a nonce-reuse vulnerability enabling full AES-GCM plaintext recovery and forgery," he wrote. "Over the past month, I have made repeated good-faith attempts to publish RustSec advisories for these vulnerabilities." Not everyone agrees with that assessment. Cryptographer Filippo Valsorda, whose November 2 bug report about a flaw affecting libcrux-ml-dsa v0.0.3 "sparked this whole saga," told The Register in an email, "Kobeissi's entire handling of the situation never seemed to be in good faith or proportional to me. He's been attacking the Cryspen maintainers accusing them of 'burying' issues, for what in my opinion was unobjectionable behavior." Kobeissi took aim at Cryspen, a cryptographic software firm based in Paris, in a February 5 blog post, complaining that the company fixed the bug without "any public disclosure, security advisory, or acknowledgment that their 'formally verified' library had shipped with a defect that caused silent cryptographic failures in production environments." After Kobeissi published a link for his post to the Lobste.rs discussion forum, Valsorda acknowledged Kobeissi's arguments about testing and engineering practices delivering better results for high assurance software than formal verification. But Valsorda also took is...