On Thu, Jun 30, 2022 at 06:47:38AM -0400, tlhackque wrote: > FWIW: Having watched the discussion about CONFIG_ANDROID, it occurs to > me that there's an alternative for WireGuard that sidesteps the issue. > > From the last patcheset, it seems that the only use in WireGuard is to > avoid clearing keys on every wake-up.
No, it clears keys before sleeping. > > So: Why not timestamp key-clear events, and establish a minimum interval? Because we don't know when we're going to wake up again, and the objective is to maintain forward secrecy. Jason
