Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp3415620imm; Mon, 13 Aug 2018 11:15:59 -0700 (PDT) X-Google-Smtp-Source: AA+uWPxlj+/653C0unXDZ0pa70J6d7I7ypXSUW3c4vz9TXcJ6UlTPiXReZOTWmozQ0BsVWA/kpmw X-Received: by 2002:a17:902:209:: with SMTP id 9-v6mr17646100plc.270.1534184159038; Mon, 13 Aug 2018 11:15:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1534184159; cv=none; d=google.com; s=arc-20160816; b=b2A0JPiLZyXdAcWFXmbNhDzc87nnk4cliETYmM0HiAEp+4gSTvfJEp4l9ZUMfnp8Ef IavDuxAZrS7QPjCLhs+IE1xIRiTjgYcdrCq74JSF9gUtGAvkwvx1jgFaUCuc6fcSC+WD 1mpphA9ZR9HNev+AH7CNzSzH+6tresbJC5QqH+gapUFBkTRaTVAYvgfvBvg2Tg2ELJWv /OM3LYKXAp1y84Mk/6ROBiiftn510zXu+ZXWOPX17N5x23ypUk6j6bKPfJD63U1T18ZO Y0l31o8dmOmwj+aKaUQ/kS57l5RGllNdwdAfF+GFXmHvTJ5w25sI3n0L3fLnLPSptr7N ZBOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=LIAKdtus7WyPHMA17zvJfx9wJVH6CmFIWz862nCtorg=; b=lCUnl5bYE5NinrL0DdcYmNMfv+QokFIF41dUqvlwpEBrw/tQ+rKB1jffTlpnWWik8o K1ao/5Kn/clr4VdSfbdrUEVXu+mT47AbVFbYuldK5+miI9u/oOFzDQoyU8Hq5t0PqdBG YjOve1v/zG+ZjqqxG9ix/Nd6Py01kHGaokqauOdOBqXAjFYPQpID7jCJatckujM+Cm8R OR/FZPEGvKWPzOiP3arlwlHaHt86M7AwW7GsnZnP/SRbTuWiZ4e/syYGR4BaPwkpqc/K guvNKASYW7BCmk9yGwMXwcMNDp3/UKk3UJjheolQW+xMKZOrppWU/zPr/1CHF5e4ObTP PEGQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b=y40NGeN9; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y18-v6si15793460pll.82.2018.08.13.11.15.44; Mon, 13 Aug 2018 11:15:59 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b=y40NGeN9; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730664AbeHMUi1 (ORCPT + 99 others); Mon, 13 Aug 2018 16:38:27 -0400 Received: from frisell.zx2c4.com ([192.95.5.64]:51687 "EHLO frisell.zx2c4.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728661AbeHMUi1 (ORCPT ); Mon, 13 Aug 2018 16:38:27 -0400 Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 7505206a; Mon, 13 Aug 2018 17:42:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=mime-version :in-reply-to:references:from:date:message-id:subject:to:cc :content-type; s=mail; bh=q5/OgsqGWfSWINvOijzS0RjkkBU=; b=y40NGe N9Q660lP1Ox3b8NS+COlJAY7idr+8Ryk0d/+/u3i/FhzCWKGVjVbcizXTaA0z9pZ 8Y5KS7PPWAckLB5INAA9obLekrCNiegCGMNMEEg0VCjjf+mAFyT/TSbQmw7k8yTW Nzdcg6czP7AOU4Id492NpfubY7azJeLptIHpEJNQwC5Vx2Cxc9IM6onZtUHgiK6R WFZvVqKlp4566jix16TpJUlQzGG8IzUrRDh7K8AvveZsOMUPDOx86u3ZqqoMC6xf P6FFpi1E+YonzUBEwQ575cbASc07O39Vsb96PZoSG/gJarKZP0gHNYF3DueiuLHF kMf4BkR+UOPMEG0Q== Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id ac2c62a6 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO); Mon, 13 Aug 2018 17:42:10 +0000 (UTC) Received: by mail-oi0-f45.google.com with SMTP id q11-v6so28759270oic.12; Mon, 13 Aug 2018 10:55:10 -0700 (PDT) X-Gm-Message-State: AOUpUlEHQ7bJDIHBrZDexwVVIQMtmchLh0fb0/UMYGr3sV95ySlWRezi LbxGNFyPZEleEBmyMDun7XUGa0GFLAErSFUbWJY= X-Received: by 2002:aca:f189:: with SMTP id p131-v6mr18163386oih.14.1534182910088; Mon, 13 Aug 2018 10:55:10 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a4a:a025:0:0:0:0:0 with HTTP; Mon, 13 Aug 2018 10:55:09 -0700 (PDT) In-Reply-To: <1534181830.7872.10.camel@HansenPartnership.com> References: <20180731191102.2434-1-Jason@zx2c4.com> <1534174811.7872.3.camel@HansenPartnership.com> <1534181830.7872.10.camel@HansenPartnership.com> From: "Jason A. Donenfeld" Date: Mon, 13 Aug 2018 10:55:09 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v1 0/3] WireGuard: Secure Network Tunnel To: James Bottomley Cc: linux-kernel@vger.kernel.org, netdev@vger.kernel.org, davem@davemloft.net, linux-crypto@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > but it's very hard for a flow classifier because you have to The construction and identifier strings might not obviously help with the extremely narrow idea you've brought up, but it is very important for safely introducing additional versions. Namely, it prevents against cross-protocol key reuse attacks and type confusion bugs. So don't be too quick to dismiss the importance of these for accomplishing what we're after. > so lets pick one of the above and try it out. We have, multiple times, and it's absolutely trivial to do and works well. The exact thing you're concerned about has already been researched and worked with on live systems quite a bit over the last 3 years, and it works in a pretty straight forward way. I'm not sure there's much more to add here: the thing you want is already there and has been tested extensively. At this point the "pick one and let's try it out!" is an old story, and the focus now is on making sure the code quality and netdev api usage is correct for merging