Are cookie-required handshakes at least REKEY_TIMEOUT long?
Jason A. Donenfeld
Jason at zx2c4.com
Sun Aug 25 17:47:50 CEST 2019
Yes, to prevent certain types of DoS. Most packets only move around
the timer state machine, but don't actually result in a direct action.
Rather, a timer firing sometime later is what starts an action. In the
case of cookies, the cookie is used in the subsequent message. See
section 6.6 of https://www.wireguard.com/papers/wireguard.pdf
More information about the WireGuard