> - Therefore, it's not necessary to check the IP checksum on ingress because:
There is actually a really good reason. There are various counters (of all packets) which people observe to debug network problems. Now, if lower-level packets carrying wg with corruption don't increment those counters, the statistics will be incorrect. I think you are arguying to elide mandatory work in a lower layer of network stack, isn't it a layer violation to insist like that?