Hi Matt,
Matt Dunwoodie wrote on Wed, May 13, 2020 at 01:56:51AM +1000:
> On Tue, 12 May 2020 17:36:15 +0200
> Ingo Schwarze <schwa...@usta.de> wrote:
>> I feel somewhat concerned that you recommend the openssl(1) command
>> for production use. As far as i understand, the LibreSSL developers
>> consider openssl(1) as a low-quality program purely intended for
>> testing purposes that should not be used for production. But that
>> does not need to be addressed now, it can be improved later.
> This is news to me, but what we are using it for very simply is calling
> arc4random_buf, and then base64 encoding. If this isn't appropriate,
> then perhaps a dedicated utility, or ifconfig integration could work.
>
> wg (from wireguard-tools) also fills this functionality, however
> getting that vs a simple key generator in base would be more work.
>
> I'm open to suggestions here.
I'm not saying it is necessarily dangerous in this particular case,
i honestly can't judge that. But i worry that it might perhaps set
a dubious example.
>From a very naive user perspective, it seems to me there are two
practical use cases:
1) Bring up an interface once more that already was up at some
point in the past and that some peers already know about, so
it matters to use the same private key again. In that case,
the existing syntax seems just fine to me, and openssl(1)
isn't needed because you already have the private key.
2) Bring up a completely new interface, desiring a new, randomly
generated private key. In that use case, a syntax like
ifconfig wg0 wgkey random wgpeer ... wgaip ... [wgpsk random]
would seem simple, clear, and user-friendly to me,
similar to:
ifconfig foobar0 lladdr random
Then again, i may be wrong. I don't think it is necessary to
sort this out before the initial commit. But it might be worth
thinking about in the long term.
Yours,
Ingo
