Bruno,
thanks for raising 2 very important points: Bruno Wolff III <br...@wolff.to> writes: > On Mon, Sep 27, 2021 at 09:53:08 +0900, > Nico Schottelius <nico.schottel...@ungleich.ch> wrote: >> >>I'd appreciate if wireguard upstream would take this in, maybe even >>supporting multiple / dynamic listen ports. > > The problem is mostly orthogonal to Wireguard. There isn't going to be > a one size fits all solution for hiding traffic. Failures in hiding > traffic are potentially very bad for individuals. As such general > solutions are not something you can recommend universally to people, > as amateurs are not going to be able to make good decisions about the > risks and some may get themselves tortured and killed. 1) being able to communicate for non-tech savvy users This is a very important point, especially a failure to do so might be critical in reality like you pointed out. So the easier we make it for non-tech people to "just get it working", many more life's will be saved from torture. Because the alternative are insecure communication channels. > This may not be something the developers for Wireguard want to be > responsible for. 2) The responsibility of software developers As usual with GPL/similar licenses, software is provided AS-IS. We are not selling a "fully autonomous car" here that is actually not able to drive on its own, but instead giving a warranty free software to people. It's important to raise these points, but from what I can see the easier we make it for people to securely communicate, the less likely threats arrive. Outside of the scope of wireguard I see tunnel combinations like moving wireguard traffic through udp+tcp/53, tcp/80+443, which are also interesting options, but are probably solved with other tunneling tools. Cheers, Nico -- Sustainable and modern Infrastructures by ungleich.ch