potential preshared-key changes
Kalin KOZHUHAROV
me.kalin at gmail.com
Fri Apr 28 12:15:05 CEST 2017
I finally read through all the thread :-D
(and very good write-up, Mathias!)
Obeying the KISS principle, while erring on security should lead to
"per-client PSK", the proposed method.
I see some scenarios where the current method (per-iface) works
better, mainly in small private VPNs, usually temporary and all
trusting each other; in such cases identity hiding is not an issue and
simple initial setup (one PSK) is a plus.
( think a bunch of short-lived VPC instances, started/owned by single person)
To eat the cake and have it whole, supporting both methods MAY be
possible, iff (=if-and-only-if) this does not introduce lots of
complexity in code.
Thinking about code, how would that be implemented, how do we define user?
I am wondering what happens after Alice establishes a connection to
SERVER_1 with PSK_A from IP_1:
* then someone (Eve?) establishes another connection with (stolen)
PSK_A from IP_2 ? -> log or ignore
* then Bob establishes another connection with own PSK_B from IP_1
(same company GW)? -> hopefully possible!
I guess part of the design of WG is to not keep state or logs, so
those will "simply work" (TM) :-D
Regards,
Kalin.
More information about the WireGuard
mailing list