WireGuard Upstreaming Roadmap (November 2017)

Bruno Wolff III bruno at wolff.to
Thu Dec 7 14:37:59 CET 2017

On Thu, Dec 07, 2017 at 11:22:04 +0100,
  Stefan Tatschner <rumpelsepp at sevenbyte.org> wrote:
>Assuming I am right according the crypto agility, what's the upgrade
>path if any of the involved cryptographic algorithms will be declared
>insecure/broken? From my point of view wireguard tries to stay as
>simple as possible and in general that's a good idea. I am just a bit
>worrying about the possible lack of a clear upgrade path once
>wireguard is mainlined.

Having alternate crypto paths is also a weakness. There have been lots of 
downgrade attacks against systems that incorporate agility.

More information about the WireGuard mailing list