Wireguard Security Specification

[Ivan Labáth]

Hello,

I have read the wireguard submission, read or skimmed most
of the website and whitepaper, but I have not found any
firm commitment on its high-level security characteristics.
It is good to know high-level characteristics when choosing
a solution to a problem. What does wireguard do, what does
it provide, under what assumptions and what are the limitations?

To illustrate, if evaluating from an infrastructure/sysadmin/
devops/whatever perspective, I would come up with:
Wireguard claims to be a fast <marketing> secure .. tunnel,
mentions a bunch of keywords, it's trendy, explains how
it has a good development methodology and someone proved
some aspect of it to be "secure". No disrespect intended.

It would be very helpful to know what secure tunnel
means in the context of what wireguard provides.
E.g.

Assuming a wireguard connection A <-> B.
1) What can a passive observer see (or deduce)?
  - is it a apparently a wireguard connection? -> yes?
  - packet
    - count -> yes?
    - size -> byte level?
    - timing -> ? no/hardware limit?
    - classification -> data vs. protocol, message type?
    - transported(inner) header/data bits -> 2?
  - other info
    e.g. host name/software/version/architecture/speed/..

2) What can an active attacker do?
  - malleability
    - transported header/data -> limited?
    - wg protocol packets -> ?
    - outer headers -> no protection
        IP source -> temporarily deflects traffic?
  - replay
   ..
  - spoofing
  ..

3) What does B learn about A? (e.g. if B is a service provider)
  - all listed in (1)
  - pubkey? should be random
  ..


Regards,
Ivan Labáth