On 10/08/2018 16:03, Roman Mamedov wrote:
>> But I'd feel a lot happier if a second level of authentication were
>> required to establish a wireguard connection, if no packets had been
>> flowing for more than a configurable amount of time - say, an hour. It
>> would give some comfort around lost/stolen devices.
> Couldn't you just encrypt your home directory? Or even the root FS entirely.
> Either of those should be a must on a portable device storing valuable
> information.

But by analogy, would you say that SSH keys and PGP keys don't need 
protection by a passphrase?