From: Willy Tarreau <w@1wt.eu>
To: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
davem@davemloft.net, linux-crypto@vger.kernel.org
Subject: Re: [PATCH v1 0/3] WireGuard: Secure Network Tunnel
Date: Mon, 13 Aug 2018 17:53:58 +0200 [thread overview]
Message-ID: <20180813155358.GK14633@1wt.eu> (raw)
In-Reply-To: <1534174811.7872.3.camel@HansenPartnership.com>
On Mon, Aug 13, 2018 at 08:40:11AM -0700, James Bottomley wrote:
> Could we please build planning for this crypto failure day into
> wireguard now rather than have to do it later? It doesn't need to be
> full cipher agility, it just needs to be the ability to handle multiple
> protocol versions ... two should do it because that gives a template to
> follow (and test version to try to find bugs in the implementation).
It's also what provides a *real* upgrade path to future versions :
before deploying you need something which works, and the only way to
get something working at a large scale is to have early adopters. Those
willing to deploy a beta version will not do it if it requires to lose
all their users and possibly to make rollbacks impossible. At least for
this it's important to support an optionnal new version on top of the
existing one (i.e. prod + beta together).
Cheers,
Willy
next prev parent reply other threads:[~2018-08-13 15:53 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-31 19:10 [PATCH v1 0/3] WireGuard: Secure Network Tunnel Jason A. Donenfeld
2018-07-31 19:11 ` [PATCH v1 1/3] random: Make crng state queryable Jason A. Donenfeld
2018-08-02 21:35 ` Theodore Y. Ts'o
2018-07-31 19:11 ` [PATCH v1 2/3] zinc: Introduce minimal cryptography library Jason A. Donenfeld
2018-07-31 19:11 ` [PATCH v1 3/3] net: WireGuard secure network tunnel Jason A. Donenfeld
2018-07-31 20:02 ` Andrew Lunn
2018-07-31 20:22 ` Stephen Hemminger
2018-08-21 23:41 ` Jason A. Donenfeld
2018-08-21 23:54 ` David Miller
2018-08-21 23:59 ` Jason A. Donenfeld
2018-08-22 0:23 ` Andrew Lunn
2018-07-31 20:27 ` Stephen Hemminger
2018-08-03 0:35 ` Jason A. Donenfeld
2018-08-03 14:39 ` Andrew Lunn
2018-08-01 1:21 ` Shawn Landden
2018-08-13 15:40 ` [PATCH v1 0/3] WireGuard: Secure Network Tunnel James Bottomley
2018-08-13 15:53 ` Willy Tarreau [this message]
2018-08-13 17:02 ` Jason A. Donenfeld
2018-08-13 17:37 ` James Bottomley
2018-08-13 17:55 ` Jason A. Donenfeld
2018-08-13 18:04 ` James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180813155358.GK14633@1wt.eu \
--to=w@1wt.eu \
--cc=James.Bottomley@HansenPartnership.com \
--cc=Jason@zx2c4.com \
--cc=davem@davemloft.net \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).