WireGuard Upstreaming Roadmap (November 2017)
Bruno Wolff III
bruno at wolff.to
Thu Dec 7 14:37:59 CET 2017
On Thu, Dec 07, 2017 at 11:22:04 +0100,
Stefan Tatschner <rumpelsepp at sevenbyte.org> wrote:
>
>Assuming I am right according the crypto agility, what's the upgrade
>path if any of the involved cryptographic algorithms will be declared
>insecure/broken? From my point of view wireguard tries to stay as
>simple as possible and in general that's a good idea. I am just a bit
>worrying about the possible lack of a clear upgrade path once
>wireguard is mainlined.
Having alternate crypto paths is also a weakness. There have been lots of
downgrade attacks against systems that incorporate agility.
More information about the WireGuard
mailing list