Hmm... Really good high level theory ...
> Don't forget we need two more things: > * A --> C (over UDP) > * C --> A (over UDP) >Throw a few weird NAT/PAT and other ACLs in between and try again. In one direction there is no need, because that's how we established the tunnel. See below, we could make exposed endpoints a requirement. >> First. A can talk to C just fine on the VPN. Thats all the >> authentication required. >> >Yes, but in the background A only talks to B over UDP... and B to C >over UDP. Sorry I don't get what you mean. Anyone /could/ talk to anyone, firewalls permitting. >I think there may be cases where such situation is possible and highly >desirable. >The logic being, try to talk directly (using the protocol described >above), if it doesn't work, continue talking via B. >Reminds me of STUN and friends. Actually we can simplify it further. Just make it a requirement of overlaying that you have a valid listener. Then no UDP magic. Overly works or it doesn't. >And an alternative will be centralized database/service advertising >public keys and endpoints (think PGP keyserver). >And then comes the WoT and then... Jason will shoot us for bringing >the complexity he is so fond of avoiding (and I am supporting him) :-D Agreed. I don't think Jason will be more than mildly interested and it shouldn't be a part of Wireguard itself. >Since this functionality can be implemented outside of Wireguard, as a >simple script (I guess 5 lines of Bash, but will leave the challenge >open), it is all a matter of convenience. >Nothing can be gained by "building it in", may be except tiny >convenience. >If you try to script it, then provide clean documentation/test cases, >I am sure it can be included in >https://git.zx2c4.com/WireGuard/plain/contrib/examples/ Agreed. >Also consider the trust model you are changing, because security DOES >matter :-) >As an example, think buying on Amazon from 3rd party, vs. talking to >them directly: >(1st -> 2nd case may be possible, 2nd ->1st is highly improbable) If you are on the VPN, you are by definition, trusted as much as anyone is. "Improbable" is a policy decision. Overlaying might not even be of benefit. If C is on bad, slow connection, an overlay to C isn't going to help. Policy needs to figure that out. >* 1st case is more secure, but more expensive >* 1st provides a way to find your party, plus it provides some >mediatior/trust relationship (at cost) >* How often did you buy something via Amazon an then went directly to >the seller to buy more? This isn't the use case I'm considering. I'm not quite sure what you mean. >It is all about balancing security/cost and convenience of setup a >transaction, within some (implicit) trust/insurance model. Definitely don't know what you mean. Regards -Dad _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
