Which protocol?
Put more generally, WireGuard very intentionally binds together the key exchange and record protocol. It's part of the design to reduce complexity and make it both securely implementable and reliable on the network.
-
-
Yes, but with only small tweaks you could have kept about the same complexity and gotten a full security proof in a strong model. That’s the bummer.
-
No. "Only small tweaks" is a gross misunderstanding of the benefits afforded by putting the confirmation in the transport layer. "Kept about the same complexity" simply is a false statement.
- 2 more replies
New conversation -
-
-
-- Some older systems believe in "pluggable key exchanges", like IPsec where you could use IKE or JFK or a different one, but that's been explicitly avoided in WireGuard. The argument for that is in the NDSS paper and various talks etc.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.