From: "Fredrik Strömberg" <stromberg@mullvad.net>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Kevin Milner <kamilner@kamilner.ca>,
WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: Preshared Key Rework Coming Soon
Date: Thu, 11 May 2017 23:25:14 +0200 [thread overview]
Message-ID: <CANTUoecFfOUqiyYiDdSY2TMeyMzGsobVYHrQ8Lk8d58xxMHt0g@mail.gmail.com> (raw)
In-Reply-To: <CAHmME9r1XFZsvMskbBD8N-_+9NU7GJn+weDLwCsNrpsGPcMqDA@mail.gmail.com>
Great to hear. Thank you all for your hard work.
Cheers,
Fredrik
On Thu, May 11, 2017 at 10:32 PM, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> Hey lazylist,
>
> Since the last discussion of preshared key mode in WireGuard, we've
> made some substantial progress. Trevor and I have been working out the
> cryptodetails [1], and Kevin and I have been tweaking our formal
> verification model. Everything is coming together quite nicely on that
> front.
>
> For those who are just catching up on this discussion, the gist is
> that the PresharedKey attribute is moving from being part of the
> Interface to part of the Peer. This will enable PSKs to be a pair-wise
> value, rather than having an Interface use one PSK for all its peers,
> a significant security improvement.
>
> I've written up the changes in the whitepaper [2] and the protocol doc
> [3]. I've implemented it in the latest git master, though probably you
> should wait for the next snapshot to try it out. I'm now in the
> progress of writing [4] patches [5] for various [6] WireGuard
> integrations, so that when I release the next snapshot, things can
> transition over smoothly, in addition to various Noise libraries [7].
>
> If all goes well, the Noise changes will be out on Tuesday, and the
> snapshot should happen minutes after that.
>
> Let me know if there are any questions.
>
> Regards,
> Jason
>
> [1] https://moderncrypto.org/mail-archive/noise/2017/001006.html
> [2] https://www.wireguard.io/papers/wireguard.pdf
> [3] https://www.wireguard.io/protocol/
> [4] https://github.com/openwrt/packages/pull/4341/files#diff-4fe54b567672346a15da55f1c6af8c9a
> [5] https://github.com/openwrt/luci/pull/1160/files
> [6] https://github.com/NixOS/nixpkgs/pull/25646/files#diff-110379e7db2311e8bef5a02392ac1495
> [7] https://github.com/flynn/noise/pull/11/files
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
next prev parent reply other threads:[~2017-05-11 21:14 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-11 20:32 Jason A. Donenfeld
2017-05-11 21:25 ` Fredrik Strömberg [this message]
2017-05-11 22:42 ` Bzzzz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CANTUoecFfOUqiyYiDdSY2TMeyMzGsobVYHrQ8Lk8d58xxMHt0g@mail.gmail.com \
--to=stromberg@mullvad.net \
--cc=Jason@zx2c4.com \
--cc=kamilner@kamilner.ca \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).