On 18.06.2018 14:08, Vivien Malerba wrote:
> However, for any organization which will use WireGuard, even if admins
> are very effective at applying updates, updating all the endpoint
> systems simultaneously is not realistic. At the same time, it may be
> the case that the organization can't afford the downtime, in which
> case using WireGuard will simply not be an option, which is too bad.

Fixing any crypto weakness will require kernel updates and configuration
changes. A very easy config change, compared to all the other work you'd
have to do if a flaw is discovered that forces a different crypto
algorithm, is "use a second WG instance with a different UDP port".

A script that monitors connections to the new WG instance and
auto-disables the associated peer keys in the old instance is easy
enough to write.

Problem solved, no downgrade attack possible.

-- 
-- Matthias Urlichs