From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: Ximin Luo <ximin@dfinity.org>
Cc: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: Using WG for transport security in a p2p network
Date: Fri, 20 Apr 2018 21:27:27 +0200 [thread overview]
Message-ID: <CAHmME9rx25_zK+6QkgRfDjHE5Hy_T7tuyn_C=K5RSBSU0W2iwA@mail.gmail.com> (raw)
In-Reply-To: <CADX+UFiHhwCrWk3t5PARVbTh9EcMMe=TjdUkZuQ4450J2eYvBQ@mail.gmail.com>
Hey Ximin,
Nice to see that you're thinking through these issues in a concrete setting.
For a while I had some notions about allowing WireGuard to pop up
initiaton messages from unauthenticated peers to userspace for userspace to
then validate in one way or another asynchornously, followed by userspace
adding that peer's key to the list of peers (or not), and initiating the
handshake back the other way reusing the initial UDP port. This wouldn't add
that much complexity and I think it'd be fairly reliable. However, I've held
off on implementing it because I'm skepical that people would actually use it
in a way that makes sense. For example, in your case, you already have some
other aspect of the protocol which seeks to exchange this information; in
that case, doing the exchange there makes most sense, since you can morph and
change that for your particular requirements. In other words, I like the idea
you presented in your follow up email. Does that seem like a okay solution for
you? Or do you think you do have a compelling reason for adding the above
semantics?
Jason
prev parent reply other threads:[~2018-04-20 19:27 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-05 3:22 Ximin Luo
2018-04-05 7:13 ` Matthias Urlichs
2018-04-05 16:06 ` Tim Sedlmeyer
2018-04-05 19:00 ` Ximin Luo
2018-04-05 18:07 ` Ximin Luo
2018-04-05 19:49 ` Matthias Urlichs
2018-04-14 16:01 ` Bruno Wolff III
2018-04-14 18:33 ` Matthias Urlichs
2018-04-05 15:32 ` Kalin KOZHUHAROV
2018-04-05 18:17 ` Ximin Luo
2018-04-06 17:59 ` Jason A. Donenfeld
2018-04-20 15:20 ` Ximin Luo
2018-04-20 15:44 ` Ximin Luo
2018-04-20 19:27 ` Jason A. Donenfeld [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHmME9rx25_zK+6QkgRfDjHE5Hy_T7tuyn_C=K5RSBSU0W2iwA@mail.gmail.com' \
--to=jason@zx2c4.com \
--cc=wireguard@lists.zx2c4.com \
--cc=ximin@dfinity.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).