On 6/6/21, Christian McDonald <rcmcdonal...@gmail.com> wrote: > Would it not be better for wg to just fail outright instead of > transforming a poorly generated key entered by a user, regardless of > where the key came from? Especially if that problematic key passes the > regex validation that was provided in another thread in this email > list?
No, it would not be better. There is nothing wrong with using those keys. They're not "poorly generated" or "problematic" or dangerous in the least. This is only a concern with your UI. The kernel is doing the correct thing -- clamping keys -- and displaying an unambiguous identifier to the user: the key that it will actually be using. I suspect the best thing to do for your UI would be to hide private (and preshared) keys, and only show public keys, unless explicitly exported into a config file. This not only reduces potential confusion with this issue, but mitigates another potential footgun down the line. It's also what wg(8)'s show command does by default (while showconf will export all).
