Deterministic Cryptographically Authenticated Network Signatures on Windows NLA

zrm zrm at trustiosity.com
Fri Jun 28 18:25:51 CEST 2019


On 6/27/19 10:26, Jason A. Donenfeld wrote:
> So, now that we can control the GUID and hence the NetworkSignature,
> we have to decide what determines a network. It turns out that in
> WireGuard, we can do this with much higher cryptographic assurance
> than any of the crazy "authenticated dhcp" proposals of Microsoft.
> Specifically, we know our own interface public key, the public keys of
> everyone we're willing to talk to, and which IP addresses we'll accept
> from those peers. If that doesn't perfectly define a network, I don't
> know what else does.

The drawback of this approach is that if anything in the configuration 
changes at all, it becomes a different network. In theory that's the 
idea, but in practice changes to the configuration will sometimes happen 
that shouldn't change which network it is.

For example, if a peer suffers a key compromise then its key will have 
to change (and so thereby will the network GUID when calculated this 
way) but all of the firewall rules and things like that should remain as 
they are.

It may help to add a config option to allow the GUID for an interface to 
be manually assigned a specific value. That way it's possible to 
explicitly choose whether the configuration has changed in a way that 
should cause it to be treated as a different network or not.


More information about the WireGuard mailing list