On Fri, Jul 3, 2020 at 11:47 AM Klemens Nanni <k...@openbsd.org> wrote:
> Is there any particular reason why an interface's *public* key is only
> shown to the root user in ifconfig?

Yes, there is a reason for this.

The WireGuard protocol has a property called "identity hiding". See
section 3.4 and 4.3.4 lemma 7 of
or section 7.8 of
<http://www.noiseprotocol.org/noise.html#identity-hiding>. The mac1
value also relies on this identity hiding property. In other words,
public keys should not be easily broadcasted and should not be
accessible to unprivileged users.

Reply via email to