From: "Ivan Labáth" <labawi-wg@matrix-dream.net>
To: Matthias Urlichs <matthias@urlichs.de>
Cc: wireguard@lists.zx2c4.com
Subject: Re: WG: Need for HW-clock independent timestamps
Date: Tue, 22 May 2018 21:25:37 +0100 [thread overview]
Message-ID: <20180522202537.GA18356@matrix-dream.net> (raw)
In-Reply-To: <c1fb2c8b-12f1-7e98-8291-a63c1eb91682@urlichs.de>
On Mon, May 21, 2018 at 05:34:42PM +0200, Matthias Urlichs wrote:
> I might also wonder why you'd peer with somebody whom you don't trust
> not to collect and/or abuse the information that you just rebooted …
You might wish to connect with someone because he provides services.
Active monitoring can provide similar information, but there is no need
to send your running reboot count and time since last reboot in every
handshake message.
It seems wireguard requires external/persistent state (time is state)
to prevent replays, because of its 1-RTT key exchange. A 2-RTT design
wouldn't require such dependencies.
How about allowing counter wrapping, if it has been at least
2 * REKEY_TIMEOUT from last handshake? Perhaps reusing the cookie
protocol for a 2-RTT handshake?
Losing access to a device, because its clock has gone wonky is not pleasant.
--
Ivan Labáth
next prev parent reply other threads:[~2018-05-22 20:24 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-11 22:07 WG: Need for HW-clock independent timestamps Axel Neumann
2018-05-11 22:45 ` Kalin KOZHUHAROV
2018-05-12 0:05 ` Glen Bojsza
2018-05-12 19:29 ` Axel Neumann
2018-05-12 19:41 ` Aaron Jones
2018-05-15 20:21 ` Devan Carpenter
2018-05-15 20:49 ` Kalin KOZHUHAROV
2018-05-16 7:10 ` Matthias Urlichs
2018-05-16 19:32 ` Axel Neumann
2018-05-16 20:32 ` Steve Gilberd
2018-05-17 3:40 ` Paul
2018-05-17 5:03 ` Roman Mamedov
2018-05-17 5:53 ` Matthias Urlichs
2018-05-17 7:07 ` Axel Neumann
2018-05-17 8:28 ` Matthias Urlichs
2018-05-16 20:35 ` Kalin KOZHUHAROV
2018-05-12 22:10 ` Toke Høiland-Jørgensen
2018-05-12 23:05 ` Reuben Martin
2018-05-13 6:11 ` Matthias Urlichs
2018-05-13 12:37 ` Toke Høiland-Jørgensen
2018-05-16 7:01 ` Axel Neumann
2018-05-16 9:38 ` Toke Høiland-Jørgensen
2018-05-16 11:08 ` Matthias Urlichs
2018-05-16 11:12 ` Axel Neumann
2018-05-13 14:21 ` Wang Jian
2018-05-21 10:07 ` WG: " Axel Neumann
2018-05-21 11:22 ` Reto Brunner
2018-05-21 11:52 ` Axel Neumann
2018-05-21 12:31 ` Axel Neumann
2018-05-21 12:35 ` Reto Brunner
2018-05-21 13:53 ` Matthias Urlichs
2018-05-21 14:56 ` Bruno Wolff III
2018-05-21 15:34 ` Matthias Urlichs
2018-05-22 20:25 ` Ivan Labáth [this message]
2018-05-23 2:51 ` Matthias Urlichs
2019-02-04 14:56 ` Jason A. Donenfeld
2019-02-23 4:00 ` Axel Neumann
2019-02-23 12:35 ` Ivan Labáth
[not found] <1522499692.6109802.1526903933505.ref@mail.yahoo.com>
2018-05-21 11:58 ` reiner otto
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180522202537.GA18356@matrix-dream.net \
--to=labawi-wg@matrix-dream.net \
--cc=matthias@urlichs.de \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.