On Wed, Jan 16, 2019 at 5:34 PM Jose Marinez <jedi_p...@yahoo.com> wrote: > I appreciate this proposition as well as your summary for the current state > of Wireguard for this particular case. I agree with you wholeheartedly that > before the mass adoption of Wireguard happens these use cases should be > addressed properly. I'd love to hear what Jason has to say about this and > what he proposes. > I agree. Let's see what Jason says.
> I too have been thinking about all the edge cases for Wireguard. My approach > has been to look at it from a penetration test perspective. Reality is that > Wireguard doesn't live in isolation. As a system - hardware, OS and all it's > settings + Wireguard - connected to the Internet and a user(s) presents many > hostile dynamics. > > Ultimately, whatever solution emerges needs to supplement the goals and > features of Wireguard, otherwise it deafts the purpose. > > Would it make sense to create a small group to tackle this and other use > cases - scaling, simplicity, etc? On my end, I'm not a cryptologist, but I > can write software that would test the security of any system. I'm sure other > members of this list have a ton of skills and experience to bring to this. > > Here's a list of things I'd like to see and would be willing to > participate/create if they don't exist yet: > > 1. A honeypot server with public logs for a small team to gather and record > real-time traffic as an authorized user of the server - root. > 2. A test suite that goes through all the domain specific scenarios from the > results of #1 and provides a verification at the end once completed. > 3. Provide feedback from all this back to Jason for enhancements, etc. in > upstream Wireguard. > Honestly I'm very focused on the two issues I brought up. Those are the most important things we don't see a clear solution to yet. Well, we'd also like userspace to be notified of new handshakes, and be able to reply to the kernel module whether it's a known pubkey or not. Or something. That's a different discussion though. Cheers, Fredrik _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
