Key distribution and rotation tools?

Paul Hedderly paul at
Wed May 23 13:37:21 CEST 2018

On Wed, 2018-05-23 at 10:30 +0100, David Woodhouse wrote:
> On Wed, 2018-05-23 at 00:06 +0200, Jason A. Donenfeld wrote:
> > On Tue, May 22, 2018 at 3:42 PM, Giacomo Bernardi <mino at>
> > wrote:
> > > rotate pre-shared secrets by design [1].
> > 
> > Ahh, my apologies, I read "pre-shared" and assumed you were talking
> > about PSK mode. But I think you're really interested in more
> > general
> > key distribution.
> > 
> > Some people are just doing this over TLS with basic rest APIs
> > beforehand.
> If you have established a TLS session from A to B then you can just
> derive your PSK from the master secret of that TLS session.
> That's exactly what the Cisco AnyConnect protocol does, for
> "upgrading"
> its HTTPS connection to DTLS. It first connects via HTTPS and does
> all
> the authentication and client configuration that way, and then
> establishes a UDP connection *if* it isn't prevented by stupid
> firewalls.
> In OpenConnect we've already extended the UDP connectivity to support
> *standard* DTLS1.2 and saner ciphersuites like chacha20/poly1305,
> rather than Cisco's pre-v1.0 version of DTLS.
> I'm toying with the idea of extending it to use WireGuard too. It
> seems
> like a good complement — WireGuard gives us a very efficient UDP
> transport with kernel acceleration, and what's left is all the bits
> that are explicitly out of scope for WireGuard — configuration and
> authentication and key exchange. It fills in all the gaps and turns
> WireGuard into the basis of a complete client VPN solution.
> Is anyone interested in that?

Very much so....

But I'm also interested after reading about a possible mash of WG and
Tinc... the mesh over WG model would be awesome.

More information about the WireGuard mailing list