From: "Rene 'Renne' Bartsch, B.Sc. Informatics" <ml@bartschnet.de>
To: wireguard@lists.zx2c4.com
Subject: Re: wirehub - decentralized, peer-to-peer and secure overlay networks built with WireGuard
Date: Wed, 30 Jan 2019 17:55:37 +0100 [thread overview]
Message-ID: <49a6d952-5f2e-afce-e503-47fbebba8ac0@bartschnet.de> (raw)
In-Reply-To: <CADjxVNp8JsMGfULG7pzJt3Cjbn9RzXyFmA1kx+vggr4J03nHcw@mail.gmail.com>
Am 30.01.19 um 16:46 schrieb Gawen ARAB:
> Hey Rene,
>
> > I suggest to use a cryptographically generated IPv6 address (128-bit hash of Wiregurad public key with first n bits replaced by a Wireguard-specific IPv6 prefix)
> > for routing and management purposes. Adding a reverse-lookup IPv6-address -> Wireguard public key via DHT would allow a public IPv6 overlay network
> > with authorization via firewall rules. Nodes should also be able to announce their subnets via DHT.
>
> I agree. I plan to use the subnet ORCHID as defined by RFC 4843.
> See command `wh orchid`.
>
Great! :-)
RFC 4843 has been obsoleted by RFC 7343. Please use RFC 7343 instead and re-use as much cryptographic code of Wireguard as possible to reduce possible bugs and weaknesses.
I suggest to omit the custom UDP protocol and libpcap by adding an ORCHIDv2 address to the wireguard network device and run the DHT via a port of the ORCHIDv2 address.
That way you can easily calculate the ORCHIDv2 address of a peer from the public key and connect the DHT.
Regards,
Renne
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
prev parent reply other threads:[~2019-01-30 16:55 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-29 21:12 wirehub - decentralized, peer-to-peer and secure overlay networks built with WireGuard Gawen ARAB
2019-01-29 23:55 ` Steve Gilberd
2019-01-30 11:35 ` Rene 'Renne' Bartsch, B.Sc. Informatics
2019-01-30 15:25 ` Gawen ARAB
2019-01-30 15:46 ` Gawen ARAB
2019-01-30 16:55 ` Rene 'Renne' Bartsch, B.Sc. Informatics [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49a6d952-5f2e-afce-e503-47fbebba8ac0@bartschnet.de \
--to=ml@bartschnet.de \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).