> If my understanding is correct, the bare minimum functionality is: >
> - store key non-extractably on device (unless you're Colin O'Flynn...)
> (if there is an issue, just rotate the key)
>
> - periodically do Curve25519 Diffie-Hellman to generate sessions keys
> (that are revealed to the client, possibly with some sort of
> transport layer security)
Are there HSMs out there that performs ECDHE fast enough
to make this reasonably DoS-proof?
The last HSM I worked with was a ("cheap," $650) YubiHSM that still
took a pretty long time (~250ms) to do ECDHE. Fine for cert
management, but no good for pointing at the internet.
An alternative that would tolerate slow HSMs would be to
periodically rotate the Wireguard host key with an attestation
from the HSM, but then you'd need an out-of-band key distribution
solution.
- Phil
signature.asc
Description: OpenPGP digital signature
_______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
