I don't think that the implicit entanglement of Wireguard's data transport phase and key exchange, if secure, is a deal breaker.
It's a Noise/WireGuard _feature_ to do this, not a bug, anyway. It creates a protocol that's easy to implement in a secure defense-in-depth way, as well as having reliable network characteristics. Computational models will catch up in due time.
-
-
Until then, we do in fact have good proofs that the WireGuard protocol and NoiseIK are secure, so there's not much to worry about.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.