Comment by dowlingbj
3 years ago
For sure, if a standardization process had been called to design a VPN protocol, I'd agree that the resulting design would almost certainly be less than WireGuard. I think that the competitive nature of the PQC process as well as soliciting completed submissions as opposed to a process to build from the ground-up helps in this regard. I don't think that engages with the point I was making, however: the original submission of WireGuard made claims that were incorrect, which would have arguably been caught sooner if it were a part of a formal standardization process, since researchers would have been incentivized to analyse it sooner.
Having come from a community that is often cleanup duty for unfounded claims (PL) and having to spend ~decade+ $100M+ efforts to do so... I didn't realize that about wireguard. That's pretty strange to read in 2022.
To be clear, WireGuard is a good VPN protocol, and definitely a secure design. I wouldn't recommend another over it. It's just the initial claims of security in the NDSS paper were incompatible with its design.
I'm sure it's a pretty good one, but it's quite hard to trust more than that both on the design + impl side if you ever have tried to verify (vs just test) such a system. Think the years of pain for something much more trivial like paxos + an impl of it.
In this case, looks like the community does value backing up its claims, and the protocol is verified: https://www.wireguard.com/formal-verification/ . Pretty awesome! The implementation itself seems to be written unsafely, so TBD there.