Presented by Jason A Donenfeld FOSDEM 2017

Recommendations

Info

Timers: A Stateless Interface for a Stateful Protocol ▪ As mentioned prior, WireGuard appears “stateless” to user space; you set up your peers, and then it just works. ▪ A series of timers manages session state internally, invisible to the user. ▪ Every transition of the state machine has been accounted for, so there are no undefined states or transitions. ▪ Event based.
Timers User space sends packet. • If no session has been established for 120 seconds, send handshake initiation. No handshake response after 5 seconds. • Resend handshake initiation. Successful authentication of incoming packet. • Send an encrypted empty packet after 10 seconds, if we don’t have anything else to send during that time. No successfully authenticated incoming packets after 15 seconds. • Send handshake initiation.
Page 1 and 2: Presented by Jason A. Donenfeld FOS
Page 3 and 4: What is WireGuard? ▪ Layer 3 secu
Page 5 and 6: Easily Auditable IPsec (XFRM+Strong
Page 7 and 8: Blasphemy! ▪ WireGuard is blasphe
Page 9 and 10: Cryptokey Routing PUBLIC KEY :: IP
Page 11 and 12: Cryptokey Routing User space send()
Page 13 and 14: Cryptokey Routing ▪ Makes system
Page 15 and 16: Demo
Page 17 and 18: Simple Composable Tools: wg-quick
Page 19 and 20: Namespaces: Containers # ip addr 1:
Page 21 and 22: Static Allocations, Guarded State,
Page 23 and 24: Solid Crypto ▪ ▪ ▪ ▪ ▪
Page 25 and 26: The Key Exchange ▪ In order for t
Page 27: The Key Exchange ▪ Very limited s
Page 31 and 32: Denial of Service Resistance ▪ Ha
Page 33 and 34: Cookies: DTLS-like and IKEv2-like
Page 35 and 36: Cookies: The WireGuard Variant ▪
Page 37 and 38: Cookies: The WireGuard Variant ▪
Page 39 and 40: Performance: Measurements Bandwidth
Page 41: More Information WireGuard ▪ Main

Presented by Jason A Donenfeld FOSDEM 2017

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?