From: Kalin KOZHUHAROV <me.kalin@gmail.com>
To: Brian Candler <b.candler@pobox.com>
Cc: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: Reflections on WireGuard Design Goals
Date: Fri, 10 Aug 2018 19:38:19 +0300 [thread overview]
Message-ID: <CAKXLc7faAQ1-a_U1DJQU1HWYmq3f=Xy4SZPHVNtG8ZUe4VYA4g@mail.gmail.com> (raw)
In-Reply-To: <1dfc3b75-5737-0961-ba41-81d07e1e5c14@pobox.com>
[-- Attachment #1: Type: text/plain, Size: 839 bytes --]
On Fri, 10 Aug 2018, 19:04 Brian Candler, <b.candler@pobox.com> wrote:
> On 10/08/2018 16:03, Roman Mamedov wrote:
>
> But I'd feel a lot happier if a second level of authentication were
> required to establish a wireguard connection, if no packets had been
> flowing for more than a configurable amount of time - say, an hour. It
> would give some comfort around lost/stolen devices.
>
> Couldn't you just encrypt your home directory? Or even the root FS entirely.
> Either of those should be a must on a portable device storing valuable
> information.
>
> But by analogy, would you say that SSH keys and PGP keys don't need
> protection by a passphrase?
>
Yes, I will say so. I (almost) never use it, it is either too unsecure yet
cumbersome, so I use separate devices (nFA), encrypted FS, etc. where
needed. Or nothing at all.
Kalin.
[-- Attachment #2: Type: text/html, Size: 1494 bytes --]
next prev parent reply other threads:[~2018-08-10 16:27 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <mailman.1318.1533866648.2201.wireguard@lists.zx2c4.com>
2018-08-10 13:35 ` Brian Candler
2018-08-10 14:09 ` Matthias Urlichs
2018-08-10 14:09 ` Kalin KOZHUHAROV
2018-08-10 14:42 ` Eisfunke
2018-08-10 14:47 ` Konstantin Ryabitsev
2018-08-10 15:03 ` Roman Mamedov
2018-08-10 16:03 ` Brian Candler
2018-08-10 16:38 ` Kalin KOZHUHAROV [this message]
2018-08-10 16:40 ` jungle Boogie
2018-08-10 17:12 ` Aaron Jones
2018-08-10 17:25 ` jungle Boogie
2018-08-10 20:15 ` em12345
2018-08-10 23:07 ` Reuben Martin
2018-08-11 19:18 ` Jason A. Donenfeld
2018-08-11 22:52 ` Luiz Angelo Daros de Luca
2018-08-12 0:15 ` Aaron Jones
2018-08-12 0:46 ` Jason A. Donenfeld
2018-08-12 1:07 ` Aaron Jones
2018-08-09 21:52 Jason A. Donenfeld
2018-08-10 15:19 ` nicolas prochazka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAKXLc7faAQ1-a_U1DJQU1HWYmq3f=Xy4SZPHVNtG8ZUe4VYA4g@mail.gmail.com' \
--to=me.kalin@gmail.com \
--cc=b.candler@pobox.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).