Yes, to prevent certain types of DoS. Most packets only move around the timer state machine, but don't actually result in a direct action. Rather, a timer firing sometime later is what starts an action. In the case of cookies, the cookie is used in the subsequent message. See section 6.6 of https://www.wireguard.com/papers/wireguard.pdf _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
- Are cookie-required handshakes at least REKEY_TIMEOUT l... Reid Rankin
- Re: Are cookie-required handshakes at least REKEY_... Jason A. Donenfeld
