wirehub - decentralized, peer-to-peer and secure overlay networks built with WireGuard

[Rene 'Renne' Bartsch, B.Sc. Informatics]

Am 30.01.19 um 00:55 schrieb Steve Gilberd:
> I very much like the idea of this project - I've been looking for a decent full-mesh L3 VPN for ages, and have never found a solution I've been properly happy with. Thanks for your work in developing this solution :-).

Me, too - Thanks! :-)

> However - I'm concerned about some of the potential increased attack surface that your architecture introduces:
>   - uses extra crypto functionality which is not already part of wireguard; and
>   - passes messages across public networks using that functionality; and
>   - clamps the wireguard keys in some unspecified way to embed a proof-of-work (in fairness, I haven't read the code, so please correct me if I have misunderstood).
> 
> For what it's worth, if it would be possible to also encapsulate your control protocol inside wireguard, that would be vastly preferable: it allows the transport cryptography to be implemented in one place, once (i.e. in wireguard), and lets wirehub be a 
purely organisational overlay for managing links, rather than touching the crypto and introducing troubling extra complexities.

I agree. Piggybacking Wirehub communication on Wireguard encryption instead of custom UDP saves an additional layer of encryption an thus superfluous code.
Wirehub should only use ZINC functions to sign/validate the DHT entries with the Wireguard private/public key.

I suggest to use a cryptographically generated IPv6 address (128-bit hash of Wiregurad public key with first n bits replaced by a Wireguard-specific IPv6 prefix)
for routing and management purposes. Adding a reverse-lookup IPv6-address -> Wireguard public key via DHT would allow a public IPv6 overlay network
with authorization via firewall rules. Nodes should also be able to announce their subnets via DHT.

> 
> I would also love to see some sort of PKI option with this project, to avoid having to explicitly trust all the peers. I'd prefer to be able to simply provide the peers with a signature they can present to other peers that proves they can be trusted (or even better, have that signature generated by a nominated host at connect / setup time for each peer, which avoids much of the shenanigans involved with handling expiry, revocations etc.) Having the ability to tell all peers on the network to immediately terminate all connections with a specific compromised peer would also be handy.

A PKI increases complexity a lot. I suggest using the cryptographically generated IPv6 address approach with distributed firewall rules.

Regards,

Renne