From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: David Miller <davem@davemloft.net>
Cc: Netdev <netdev@vger.kernel.org>,
WireGuard mailing list <wireguard@lists.zx2c4.com>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: WireGuard Upstreaming Roadmap (November 2017)
Date: Fri, 8 Dec 2017 19:19:23 +0100 [thread overview]
Message-ID: <CAHmME9rMfC6xkXO8_-E2Pqf-FMxec98crzkfEcyymZ8yGUhORg@mail.gmail.com> (raw)
In-Reply-To: <20171208.103841.516344129530992484.davem@davemloft.net>
Hi Dave,
On Fri, Dec 8, 2017 at 4:38 PM, David Miller <davem@davemloft.net> wrote:
> Sorry, you cannot force the discussion of a feature which will be submitted
> upstream to occur on a private mailing list.
>
> It is _ABSOLUTELY_ appropriate to discss this on netdev since it is the
> netdev community which must consider issues like this when looking at
> whether to accept WireGuard upstream.
>
> Jason, this action and response was entirely inappropriate, and please
> I'd like you to reply properly to questions about your feature here.
Whoops, okay! Very sorry. I'm actually kind of happy to hear that. I
had assumed that you'd be annoyed if WireGuard crypto discussion
spewed over into netdev adding even more message volume there for
something perhaps not directly relevant. But in fact, you're
interested and find it important to discuss there. So, good news. And
sorry for trying to shew it away before. I'll copy and paste the
response I had made on the other list:
> This is covered in the paper:
> https://www.wireguard.com/papers/wireguard.pdf
>
> The basic answer is that WireGuard has message type identifiers, and
> the handshake also hashes into it an identifier of the primitives
> used. If there's ever a problem with those primitives chosen, it will
> be possible to introduce new message type identifiers, if that kind of
> "support everything even the broken garbage" approach is desired by
> misguided people. However, a better approach, of course, is to keep
> your secure network separate from your insecure network, and to not
> allow insecure nodes on secure segments; when you mix the two,
> disaster tends to strike. So, in other words, both approaches to "upgrading"
> are possible, in this fantasy wireguardalypse. Take note, though, that
> neither one of these approaches (support new and retain old protocol
> too for old nodes, or only support new) are "agile" or are anything at
> all like the 90s "cipher agility" -- the user still is not permitted
> to "choose" ciphers.
Regards,
Jason
prev parent reply other threads:[~2017-12-08 18:12 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-11 4:48 Jason A. Donenfeld
2017-12-07 10:22 ` Stefan Tatschner
2017-12-07 13:37 ` Bruno Wolff III
2017-12-07 21:57 ` Daniel Kahn Gillmor
2017-12-08 2:25 ` Jason A. Donenfeld
2017-12-08 6:58 ` Stefan Tatschner
[not found] ` <CAHmME9rhB-w=EoUJ-EiT1cgJKS44Uz=uJdphsud-BEN1zHtB9A@mail.gmail.com>
[not found] ` <20171208.103841.516344129530992484.davem@davemloft.net>
2017-12-08 18:19 ` Jason A. Donenfeld [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAHmME9rMfC6xkXO8_-E2Pqf-FMxec98crzkfEcyymZ8yGUhORg@mail.gmail.com \
--to=jason@zx2c4.com \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).