[zarvox]

Thanks for the detailed reply!

I agree that there are certainly a number of tradeoffs involved, and reading the design goals you linked, I see that (in particular) the desire to be able to run fwknop on OpenWRT and other particularly resource-constrained setups makes a strong argument for your implementation strategy.

Your comments on MITM and synchronization are well-received. It's clear that you take the security of the fwknop implementation seriously, and I apologize if I was overly negative. I should have read more about the design goals before criticizing the project so harshly.

For what it's worth, in place of my first comment, I should probably instead say that fwknop was not a good fit for my needs at the time, but that there certainly exist cases where it will be an excellent solution, and to watch out for a practical gotcha I learned the hard way. :)