Key distribution and rotation tools?

David Woodhouse dwmw2 at
Wed May 23 11:30:58 CEST 2018

On Wed, 2018-05-23 at 00:06 +0200, Jason A. Donenfeld wrote:
> On Tue, May 22, 2018 at 3:42 PM, Giacomo Bernardi <mino at> wrote:
> > rotate pre-shared secrets by design [1].
> Ahh, my apologies, I read "pre-shared" and assumed you were talking
> about PSK mode. But I think you're really interested in more general
> key distribution.
> Some people are just doing this over TLS with basic rest APIs
> beforehand.

If you have established a TLS session from A to B then you can just
derive your PSK from the master secret of that TLS session.

That's exactly what the Cisco AnyConnect protocol does, for "upgrading"
its HTTPS connection to DTLS. It first connects via HTTPS and does all
the authentication and client configuration that way, and then
establishes a UDP connection *if* it isn't prevented by stupid

In OpenConnect we've already extended the UDP connectivity to support
*standard* DTLS1.2 and saner ciphersuites like chacha20/poly1305,
rather than Cisco's pre-v1.0 version of DTLS.

I'm toying with the idea of extending it to use WireGuard too. It seems
like a good complement — WireGuard gives us a very efficient UDP
transport with kernel acceleration, and what's left is all the bits
that are explicitly out of scope for WireGuard — configuration and
authentication and key exchange. It fills in all the gaps and turns
WireGuard into the basis of a complete client VPN solution.

Is anyone interested in that?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5213 bytes
Desc: not available
URL: <>

More information about the WireGuard mailing list