Need for HW-clock independent timestamps

Axel Neumann neumann at cgws.de
Thu May 17 09:07:57 CEST 2018



Am 17. Mai 2018 07:53:17 MESZ schrieb Matthias Urlichs <matthias at urlichs.de>:
>On 17.05.2018 07:03, Roman Mamedov wrote:
>> Personally I am puzzled this is even an issue in WG. Not a single
>other VPN
>> protocol mandates every node to keep a monotonically increasing
>counter,
>> including even over reboots.
>
>Wireguard's connection setup is a whole lot simpler than most other

But only if you ignore the implications coming with NTP transmissions.
its like Outsourcing some state transfer to another service and then claim that remaining procedures are most simple. 
/axel

>protocols. It basically doesn't require a "real" handshake, just a
>request/reply pair. Thus it's vulnerable against disruption by replay
>attacks – a replayed rekey packet would disrupt conversation until the
>real sender times out, a minute later.
>
>-- 
>-- Matthias Urlichs
>
>_______________________________________________
>WireGuard mailing list
>WireGuard at lists.zx2c4.com
>https://lists.zx2c4.com/mailman/listinfo/wireguard

-- 
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.


More information about the WireGuard mailing list