Hi folks, We're probably not going to do this, for two reasons:
1. The security model of hashing keys down to tiny hash lengths is dubious, and opens us up to all manner of interesting collision attacks. Cryptkey routing implies a strong binding between IP and pubkey. A hash with collisions means a weak binding. 2. There is very little practical utility. In WireGuard, both sides must _already_ preshare their public keys, and there's no way around this. So, at the same time that they preshare their public keys, they can also exchange randomly generated LL or ULA addresses. (Notably, this is how wg-dynamic works.) In other words, both sides are already required to know 32 bytes about each other in order to communicate; tagging on an additional 16 to whatever mechanism exchanges those 32 should not be a problem anywhere. Trying to shave off 16 bytes of an initial communications setup by adding complicated hashing schemes and collision issues seems like not good decision making. Jason