On Mon, May 21, 2018 at 05:34:42PM +0200, Matthias Urlichs wrote: > I might also wonder why you'd peer with somebody whom you don't trust > not to collect and/or abuse the information that you just rebooted …
You might wish to connect with someone because he provides services. Active monitoring can provide similar information, but there is no need to send your running reboot count and time since last reboot in every handshake message. It seems wireguard requires external/persistent state (time is state) to prevent replays, because of its 1-RTT key exchange. A 2-RTT design wouldn't require such dependencies. How about allowing counter wrapping, if it has been at least 2 * REKEY_TIMEOUT from last handshake? Perhaps reusing the cookie protocol for a 2-RTT handshake? Losing access to a device, because its clock has gone wonky is not pleasant. -- Ivan Labáth _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
