On Fri, Jul 3, 2020 at 11:47 AM Klemens Nanni <k...@openbsd.org> wrote: > Is there any particular reason why an interface's *public* key is only > shown to the root user in ifconfig?
Yes, there is a reason for this. The WireGuard protocol has a property called "identity hiding". See section 3.4 and 4.3.4 lemma 7 of <https://www.wireguard.com/papers/wireguard-formal-verification.pdf> or section 7.8 of <http://www.noiseprotocol.org/noise.html#identity-hiding>. The mac1 value also relies on this identity hiding property. In other words, public keys should not be easily broadcasted and should not be accessible to unprivileged users.