* CONFIG_ANDROID
[not found] <23929467-11c2-cdf2-3841-2a837ba58b51.ref@yahoo.com>
@ 2022-06-30 10:47 ` tlhackque
2022-06-30 11:41 ` CONFIG_ANDROID Jason A. Donenfeld
0 siblings, 1 reply; 4+ messages in thread
From: tlhackque @ 2022-06-30 10:47 UTC (permalink / raw)
To: WireGuard Mailing list
[-- Attachment #1.1: Type: text/plain, Size: 961 bytes --]
FWIW: Having watched the discussion about CONFIG_ANDROID, it occurs to
me that there's an alternative for WireGuard that sidesteps the issue.
From the last patcheset, it seems that the only use in WireGuard is to
avoid clearing keys on every wake-up.
So: Why not timestamp key-clear events, and establish a minimum interval?
It seems to me that this would make WireGuard tolerant of the peculiar
behavior of the Android (handheld) platforms, and expresses what
WireGuard needs - a minimum time between key clearing events. It's also
completely under WireGuard's control, is platform agnostic, and avoids
an inevitable discussion about whether 2 seconds between wakeups is
immutable and satisfies everyone. (If you wait long enough, every
constant eventually becomes a variable...)
Then WireGuard can watch the duststorm over CONFIG_ANDROID's fate settle
out at leisure.
I have no dog in this fight - just an observer.
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: CONFIG_ANDROID
2022-06-30 10:47 ` CONFIG_ANDROID tlhackque
@ 2022-06-30 11:41 ` Jason A. Donenfeld
2022-06-30 15:50 ` CONFIG_ANDROID tlhackque
0 siblings, 1 reply; 4+ messages in thread
From: Jason A. Donenfeld @ 2022-06-30 11:41 UTC (permalink / raw)
To: tlhackque; +Cc: WireGuard Mailing list
On Thu, Jun 30, 2022 at 06:47:38AM -0400, tlhackque wrote:
> FWIW: Having watched the discussion about CONFIG_ANDROID, it occurs to
> me that there's an alternative for WireGuard that sidesteps the issue.
>
> From the last patcheset, it seems that the only use in WireGuard is to
> avoid clearing keys on every wake-up.
No, it clears keys before sleeping.
>
> So: Why not timestamp key-clear events, and establish a minimum interval?
Because we don't know when we're going to wake up again, and the
objective is to maintain forward secrecy.
Jason
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: CONFIG_ANDROID
2022-06-30 11:41 ` CONFIG_ANDROID Jason A. Donenfeld
@ 2022-06-30 15:50 ` tlhackque
2022-06-30 15:56 ` CONFIG_ANDROID Jason A. Donenfeld
0 siblings, 1 reply; 4+ messages in thread
From: tlhackque @ 2022-06-30 15:50 UTC (permalink / raw)
Cc: WireGuard Mailing list
[-- Attachment #1.1: Type: text/plain, Size: 2293 bytes --]
On 30-Jun-22 07:41, Jason A. Donenfeld wrote:
> On Thu, Jun 30, 2022 at 06:47:38AM -0400, tlhackque wrote:
>> FWIW: Having watched the discussion about CONFIG_ANDROID, it occurs to
>> me that there's an alternative for WireGuard that sidesteps the issue.
>>
>> From the last patcheset, it seems that the only use in WireGuard is to
>> avoid clearing keys on every wake-up.
> No, it clears keys before sleeping.
>
>> So: Why not timestamp key-clear events, and establish a minimum interval?
> Because we don't know when we're going to wake up again, and the
> objective is to maintain forward secrecy.
>
> Jason
Thanks for the explanation. One more attempt.
If I understand what's happening:
You're really trying to establish a maximum key lifetime - sleep being a
proxy for "too long to keep using". On conventional platforms, that's
been good enough. On these Android platforms, it's not.
You're clearing the key before sleeping so that after a presumably
longish time, you'll negotiate a new one. But on some platforms, the
sleeps are so frequent that "longish" is inconveniently short. And the
renegotiations are expensive. On those platforms, you don't clear the
key to avoid the frequent renegotiations. This keeps the old key in use
across the sleeps.
Alternatively, why not make the maximum key lifetime explicit. E.g. On
all platforms you could set a renegotiate time when a key is
established, and if it has expired on wake (or on use) trigger
renegotiation. This guarantees a maximum key lifetime, independent of
the frequency or duration of sleeps. And you don't need to know when
you'll wake.
If you also want to make sure that the key isn't in memory longer than
that time (e.g. to avoid capture on a dump or device loss), you could
also set a timer (of the sort that wakes the CPU from sleep) that clears
the key at that time.
There are obvious optimizations if necessary.
The point I'm trying to make is that rather than thinking about the
annoying platform behavior's effect on the implementation, it's probably
better to think about what WireGuard is really trying to do and express
it in the implementation.
I hope this perspective helps. I'll step out of your way now.
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: CONFIG_ANDROID
2022-06-30 15:50 ` CONFIG_ANDROID tlhackque
@ 2022-06-30 15:56 ` Jason A. Donenfeld
0 siblings, 0 replies; 4+ messages in thread
From: Jason A. Donenfeld @ 2022-06-30 15:56 UTC (permalink / raw)
To: tlhackque; +Cc: WireGuard Mailing list
On Thu, Jun 30, 2022 at 5:53 PM tlhackque <tlhackque@yahoo.com> wrote:
> If you also want to make sure that the key isn't in memory longer than
> that time (e.g. to avoid capture on a dump or device loss), you could
> also set a timer (of the sort that wakes the CPU from sleep) that clears
> the key at that time.
Waking up the CPU some time later to clear a key sounds like a bad
waste of power. And such wakeup timers aren't universally available
and dependable. Plus, the last thing people want is having WireGuard
wake up your laptop from sleep while it's in your bag. You're now
proposing all sorts of terrible complexity, instead of the much more
simple and covers-all-real-practical-cases of "is it android or is it
not?" KISS.
Jason
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-06-30 15:58 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <23929467-11c2-cdf2-3841-2a837ba58b51.ref@yahoo.com>
2022-06-30 10:47 ` CONFIG_ANDROID tlhackque
2022-06-30 11:41 ` CONFIG_ANDROID Jason A. Donenfeld
2022-06-30 15:50 ` CONFIG_ANDROID tlhackque
2022-06-30 15:56 ` CONFIG_ANDROID Jason A. Donenfeld
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).