End-to-end encryption

[xkcd386at]

Apologies, this is not an "issue" per se, more like a question and I did not see any other place it can go (e.g., "Discussions").

The way I interpret the documentation, routers cannot see the data that they are shuttling. First of all, am I correct in this?

If that is correct, then you have a huge difference from plain wireguard (though I don't know if this is true for tools like tailscale and netbird).

My suggestion/request is that you mention this in the README, even if briefly, to make things clear.

thanks!

[encodeous]

Thanks for reminding me of that feature, I just made this discussion section 👌

I guess I didn't really go into it in the README, but it is not the case that data is encrypted end-to-end along multiple hops. You can think of nylon as connecting a bunch of individual wireguard tunnels together, so if you send a packet from A to B to C, the packet will be decrypted when it reaches B, and re-encrypted when B sends it to C.

Technically, this traffic would be private by default (and I use private loosely here), as the packets are routed in-process without entering the systems routing table (unless it is destined for the current server). It's still possible to dump the processes memory and leak the packets in transit, so you'd have to trust the node you are routing data through.

Note: You can also change it so that packets always go through your system routing table, but you have to configure the routing correctly. This is what you would expect running normal wireguard. In your node config, set usesystemrouting: true

Currently, I don't see an elegant way to implement true end-to-end encryption through multiple nodes, for the following reasons:

• We send an unencrypted packet header for routing, so this would be leaked to the public
• We can do double encryption, i.e send encrypted packets + unencrypted headers within the wireguard tunnels, but this adds overhead
  • Also, just adding on here, you can just run WireGuard on top of nylon, if you have some really sensitive data. (Simply spin up a wireguard tunnel, and connect via an endpoint using a nylon IP)
• We can fundamentally change how nylon works, and make every node peer with every other node (at least from WireGuard's perspective), then do routing on the encrypted UDP packets. However, this seems complicated, and is much better suited for a mesh vpn like tailscale or netbird. (for the record, they can do e2e encryption, as peers are connected directly)

There is also the unfortunate fact that we would lose the ability to run traceroute (or inspect packets) on our nylon network, making it harder to diagnose some issues. (With the current implementation, we stamp the TTL in-process, without entering the system routing table)

If you can think of any neat way to do this, that would be cool! And I will update the readme when I get time to better reflect this.

[xkcd386at]

I see. I guess I was misled by a combination of two things:

• sample-central.yaml shows all nodes (even those don't have an endpoint) with a public key
• documentation indicates this file is to be distributed to all nodes

I think I read too much into those two, so thanks for clarifying!