WG interface to ipv4
ѽ҉ᶬḳ℠
vtol at gmx.net
Tue May 8 11:35:53 CEST 2018
>
> You keep bringing this lack of security audit as if it was a big deal,
> but you don't get any intrinsic security from an audit: It's just an
> paid assessment that professionals have read the code and have not
> spotted obviously hazardous constructs. What you really want is that
> hundreds of people, as opposed to a handful of security analysts, can
> read the code and analyze it. Openvpn is 100+ KLOC, which makes it
> impossible for a single programmer to read in a reasonable amount of
> time, and it thus requires this kind of paid assessment. On the other
> hand, Wireguard is less than 4KLOC, which is the real deal maker: no
> unnecessary bloat and an increased likeliness that more people can
> read it. Keeping it small is a difficult task and credits should be
> given to the authors for staying strong about it. You claim that the
> lack of a security audit is a reason to add more code for supporting
> binding to a particular interface/ip, but I bet a lot of people on
> this list think that it would actually hurt security because it would
> grow the code base for no good reason.
Surely your bet would pay off and I would be a fool to contest it. ;)
A security audit may not stop short at just (academically) accessing the
codebase but also include an assessment of how of the code is actually
behaving in a (simulated) real world (complex network) scenario. It may
even be subjected to a bounty contest to put it through the wringer.
The current concept of WG has indeed certain pros over other VPN
solutions, but like most everything else in life, it has its cons too
and it will be determined by the user what suits best. Time will tell
the adoption/penetration level of WG is achieving. For me unfortunately
the cons (not just what is mentioned in this thread) are outweighing the
pros in WG's current state and thus departing from WG for the time being
but keeping an eye on future developments.
Nonetheless it has been a pleasure to engage with the enthusiastic
community of WG. Bon chance (as we French like to say)! ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4174 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20180508/ce1bf89e/attachment.p7s>
More information about the WireGuard
mailing list