Re: passtos patch - Daniel Kahn Gillmor

Development discussion of WireGuard
 help / color / mirror / Atom feed

From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>, Vadim Zotov <z@zenit.ru>
Cc: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: passtos patch
Date: Thu, 18 Jan 2018 23:04:39 -0500	[thread overview]
Message-ID: <87y3ku4hpk.fsf@fifthhorseman.net> (raw)
In-Reply-To: <CAHmME9rL9Koi2-vctwmTjCf2DCMCTEOcueJJNLsprO03-3gwMQ@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 1015 bytes --]

On Thu 2018-01-18 17:11:16 +0100, Jason A. Donenfeld wrote:
> Not sure the infoleak is worth it.
>
> List: thoughts?

I don't think the infoleak is worth it.  Certainly not by default.

and i know wg doesn't want to have a lot of fiddly knobs, so if it's not
by default, please don't add a fiddly knob here.

As just one scenario where it's harmful, consider the case where your
ISP wants to sell you VoIP service.  They have a concrete financial
incentive to delay or add jitter to packets coming from you marked with
common VoIP ToS markings if your VoIP connections are not made through
their competing service.  If your VoIP traffic goes out via wireguard,
your ISP will damage it to try to convince you that their service is
what you should be using :/

The goal of wireguard-style tunnelling is to avoid leaking information
about what the user is actively doing.  Let's not introduce exceptions
where we actively try to export otherwise-confidential information
outside the encrypted envelope.

        --dkg

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

     prev parent reply	other threads:[~2018-01-19  4:01 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-18 11:30 Vadim Zotov
2018-01-18 11:56 ` Kalin KOZHUHAROV
2018-01-18 13:03   ` Matthias Urlichs
2018-01-18 20:57   ` Ivan Labáth
2018-01-18 16:11 ` Jason A. Donenfeld
2018-01-18 21:10   ` Eric Light
2018-01-19  4:04   ` Daniel Kahn Gillmor [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87y3ku4hpk.fsf@fifthhorseman.net \
    --to=dkg@fifthhorseman.net \
    --cc=Jason@zx2c4.com \
    --cc=wireguard@lists.zx2c4.com \
    --cc=z@zenit.ru \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).