WireGuard.
-
-
Replying to @matthew_d_green
I am confused ... I thought it had a security proof?
2 replies 0 retweets 0 likes -
Replying to @BenLaurie
I don’t have the NDSS paper, but here’s a full version. Don’t see anything. https://www.wireguard.com/papers/wireguard.pdf …
2 replies 1 retweet 2 likes -
Replying to @matthew_d_green @BenLaurie
Dowling and Paterson just wrote one. But it seems to require changes to the protocol. https://eprint.iacr.org/2018/080
2 replies 0 retweets 4 likes -
Replying to @matthew_d_green @BenLaurie
That change (extra msg): is it a proof convenience only, or is it also necessary for achieving the desired properties?
1 reply 0 retweets 1 like -
Replying to @tobycmurray @BenLaurie
Who knows? My experience is that a broken proof often implies an attack.
2 replies 0 retweets 5 likes -
Ok, looking more closely I’d bet there’s a hack that would get you a proof of the original protocol. Maybe. But who knows.
1 reply 1 retweet 3 likes -
Replying to @matthew_d_green @BenLaurie
Thanks. Paul van Oorschot & I have been talking about this “who knows” issue. The theorem itself doesn’t help to figure it out, although the internal arguments of the proof might shed light. Hard for outsiders to weigh proof’s value when these changes are made
1 reply 0 retweets 0 likes -
Replying to @tobycmurray @BenLaurie
The general idea is that you want to analyze the key exchange and record protocol separately. But when protocols (like TLS and WireGuard) use record session keys in the key exchange, it screws all that up. Makes analysis that much harder.
2 replies 0 retweets 3 likes -
Put more generally, WireGuard very intentionally binds together the key exchange and record protocol. It's part of the design to reduce complexity and make it both securely implementable and reliable on the network.
2 replies 0 retweets 0 likes
-- Some older systems believe in "pluggable key exchanges", like IPsec where you could use IKE or JFK or a different one, but that's been explicitly avoided in WireGuard. The argument for that is in the NDSS paper and various talks etc.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.