From: Phil Hofer <phil@sunfi.sh>
To: Nicolas Stalder <n+wireguard@stalder.io>
Cc: "wireguard@lists.zx2c4.com" <wireguard@lists.zx2c4.com>
Subject: Re: Support FIDO2/CTAP2 security tokens as keystore
Date: Fri, 30 Aug 2019 18:00:58 +0000 [thread overview]
Message-ID: <IbEVN_YV6xE7Vh_wFFWoxkYMb8EjgKtSRUXP3Zs0IWDS51pGuSCjwLxAyuBZR8sweVVHN-V2gctoBYEgxUr_v15pHnRjpMELrzGo1XG3wN0=@sunfi.sh> (raw)
In-Reply-To: <CACzkAFoO3==OiS0jgu1rHuHBo5_F-6XkcDW=gBN8p81F70bmKg@mail.gmail.com>
[-- Attachment #1.1.1: Type: text/plain, Size: 890 bytes --]
> If my understanding is correct, the bare minimum functionality is:
>
> - store key non-extractably on device (unless you're Colin O'Flynn...)
> (if there is an issue, just rotate the key)
>
> - periodically do Curve25519 Diffie-Hellman to generate sessions keys
> (that are revealed to the client, possibly with some sort of
> transport layer security)
Are there HSMs out there that performs ECDHE fast enough
to make this reasonably DoS-proof?
The last HSM I worked with was a ("cheap," $650) YubiHSM that still
took a pretty long time (~250ms) to do ECDHE. Fine for cert
management, but no good for pointing at the internet.
An alternative that would tolerate slow HSMs would be to
periodically rotate the Wireguard host key with an attestation
from the HSM, but then you'd need an out-of-band key distribution
solution.
- Phil
[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 477 bytes --]
[-- Attachment #2: Type: text/plain, Size: 148 bytes --]
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
next prev parent reply other threads:[~2019-08-30 18:01 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-30 11:42 Support FIDO2/CTAP2 security tokens as keystore Nicolas Stalder
2019-08-30 18:00 ` Phil Hofer [this message]
-- strict thread matches above, loose matches on Subject: below --
2019-08-18 14:22 Rene 'Renne' Bartsch, B.Sc. Informatics
2019-08-18 17:09 ` Reto
2019-08-22 8:54 ` Rene 'Renne' Bartsch, B.Sc. Informatics
2019-08-23 6:19 ` Reto
2019-08-24 14:08 ` Matthias Urlichs
2019-08-24 19:01 ` Andreas Karlsson
2019-08-25 19:30 ` Derrick Lyndon Pallas
2019-08-26 14:34 ` Andreas Karlsson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='IbEVN_YV6xE7Vh_wFFWoxkYMb8EjgKtSRUXP3Zs0IWDS51pGuSCjwLxAyuBZR8sweVVHN-V2gctoBYEgxUr_v15pHnRjpMELrzGo1XG3wN0=@sunfi.sh' \
--to=phil@sunfi.sh \
--cc=n+wireguard@stalder.io \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).