WG interface to ipv4

Christophe-Marie Duquesne chmd at chmd.fr
Tue May 8 10:48:02 CEST 2018


On Mon, May 7, 2018 at 6:34 PM, ѽ҉ᶬḳ℠ <vtol at gmx.net> wrote:

>
> there is no (regular) external audit of WG, at least publicly available,
> neither confirming or contradicting.
>

You keep bringing this lack of security audit as if it was a big deal, but
you don't get any intrinsic security from an audit: It's just an paid
assessment that professionals have read the code and have not spotted
obviously hazardous constructs. What you really want is that hundreds of
people, as opposed to a handful of security analysts, can read the code and
analyze it. Openvpn is 100+ KLOC, which makes it impossible for a single
programmer to read in a reasonable amount of time, and it thus requires
this kind of paid assessment. On the other hand, Wireguard is less than
4KLOC, which is the real deal maker: no unnecessary bloat and an increased
likeliness that more people can read it. Keeping it small is a difficult
task and credits should be given to the authors for staying strong about
it. You claim that the lack of a security audit is a reason to add more
code for supporting binding to a particular interface/ip, but I bet a lot
of people on this list think that it would actually hurt security because
it would grow the code base for no good reason.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20180508/ff0874d9/attachment.html>


More information about the WireGuard mailing list