Reflections on WireGuard Design Goals
jungle Boogie
jungleboogie0 at gmail.com
Fri Aug 10 18:40:36 CEST 2018
On 10 August 2018 at 09:03, Brian Candler <b.candler at pobox.com> wrote:
> On 10/08/2018 16:03, Roman Mamedov wrote:
>
> But I'd feel a lot happier if a second level of authentication were
> required to establish a wireguard connection, if no packets had been
> flowing for more than a configurable amount of time - say, an hour. It
> would give some comfort around lost/stolen devices.
>
> Couldn't you just encrypt your home directory? Or even the root FS entirely.
> Either of those should be a must on a portable device storing valuable
> information.
>
> But by analogy, would you say that SSH keys and PGP keys don't need
> protection by a passphrase?
>
If someone already has my ssh key, I'd revoke it - regardless if they
had the password or not.
Same with the WG key - shutdown the tunnel, remove the affected peer
and start it back up.
More information about the WireGuard
mailing list