I'm looking for a nice way to rotate keypairs with Wireguard. How much time do you have to update the initiator and responder with new keypairs before handshakes fail?
If I understood the whitepaper correctly, sessions aren't immediately invalid when you change a peers identity. Instead, you have up to 5 minutes to update both sides, or else the session keys are exhausted. Is this correct? Thanks, John
