Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

All of our internal communication already is secured via wireguard and communication can only flow through the wireguard interface. Does adding cockroach's own encryption on top of this add anything?


What happens when someone compromises your wireguard overlay network?

The cert business is not just about encryption, it's also about authentication over an untrusted network.


Not much if it’s set up in a standard way because each node will only communicate directly with the node it’s expecting too. The communications are secured with the other node’s public key.


So if you have 10 boxes interconnected in a full mesh, and one of those boxes gets compromised, then it's all fine even if you have been relying on the wireguard vpn being secure?


I am unfamiliar with how setups like these usually work, but it could an active attacker MITM your network?


You wouldn't be able to decrypt the wireguard packets unless you had each party's private keys




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: