SoylentNews is people
SoylentNews
WireGuard VPN is a step closer to mainstream adoption
As of this morning, Linux network stack maintainer David Miller has committed the WireGuard VPN project into the Linux "net-next" source tree. Miller maintains both net and net-next—the source trees governing the current implementation of the Linux kernel networking stack and the implementation of the next Linux kernel's networking stack, respectively.
This is a major step forward for the WireGuard VPN project. Net-next gets pulled into the new Linux kernel during its two-week merge window, where it becomes net. With WireGuard already a part of net-next, this means that—barring unexpected issues—there should be a Linux kernel 5.6 release candidate with built-in WireGuard in early 2020. Mainline kernel inclusion of WireGuard should lead to significantly higher uptake in projects and organizations requiring virtual private network capability.
[Ed. addition] Wireguard implements a fast, modern, secure VPN tunnel. According to Wikipedia:
WireGuard is a free and open-source software application and communication protocol that implements virtual private network (VPN) techniques to create secure point-to-point connections in routed or bridged configurations. It is run as a module inside the Linux kernel and aims for better performance than the IPsec and OpenVPN tunneling protocols. It was written by Jason A. Donenfeld and is published under the second version of the GNU General Public License (GPL).
(Score: 0) by Anonymous Coward on Friday December 13 2019, @09:00AM (1 child)
I think the former is more appropriate if there is some reason to think it were any good, e.g. if it were from someone with a reasonable track record in the security field, or is built on top of already known and trusted security systems. IPsec had this since it was the work of a lot of well-known experts in cryptography and security. OpenVPN had this since it uses the already tried and tested SSL/TLS protocols. The latter though, seems like the more appropriate response for WireGuard though, given how Mr. Donenfeld seems to be a relative unknown in the security field, has no academic credentials that can be easily found, and does not have much in the way of peer-reviewed scholarship. Is there any reason why we laypeople ought to think that his design is sound?
(Score: 0) by Anonymous Coward on Friday December 13 2019, @09:23PM
Well, it is in next-net, which means that the cryptographic primitives are required to come from the crypto tree. The maintainers of the crypto tree are quite well-known, and that code has been examined heavily over the years, and used in almost every cryptographic function, regardless of where, in the Linux kernel for that reason. In addition, the formal verification means that if you have a valid specification and good pieces, then you have a good implementation. In addition, the maintainers of the various trees in the kernel are no slouches when it comes to this stuff either and there has been almost a year of back and forth on the various mailing lists, so if it looks good to the experts after all that with a better picture of how the kernel and the software works than any layperson, then that is a much better signal to a layperson than any sort of academic credentials or notoriety of the author.