* Key Management / Rotation and Monitoring
@ 2020-12-09 3:18 Adam Weiss
0 siblings, 0 replies; only message in thread
From: Adam Weiss @ 2020-12-09 3:18 UTC (permalink / raw)
To: wireguard
Hi All,
I've been following some recent threads regarding real life
deployments of WireGuard and it got me thinking about key management,
rotation and monitoring. Due to the seamless support for roaming
built into WireGuard these concerns are greater than typical setups as
a stolen key can be used seamlessly alongside its legitimate user.
In the interest of understanding best practices for secure deployment
of WireGuard and possibly identifying use cases for another project
that could aim to solve these issues, I'm curious:
1) What are people doing to get keys onto their endpoints?
2) What are people doing to rotate those keys regularly?
3) What sorts of monitoring have people constructed to try and detect
multiple users of the same key (I'm not sure how possible this is
today with the current WG releases, it's been a while since I've
looked closely at the project so please forgive me if this question is
nonsensical at this time).
Looking forward to any responses.
--adam
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-12-09 3:19 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-09 3:18 Key Management / Rotation and Monitoring Adam Weiss
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).