From 60816eaa4809155f3a61d7dc2ac54e99e24b3443 Mon Sep 17 00:00:00 2001
From: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
Date: Wed, 22 Mar 2017 14:18:16 -0700
Subject: [PATCH] wireguard: more details in roadmap

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
---
 projects/wireguard/roadmap.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/projects/wireguard/roadmap.md b/projects/wireguard/roadmap.md
index abd9be7f9..c10c616e4 100644
--- a/projects/wireguard/roadmap.md
+++ b/projects/wireguard/roadmap.md
@@ -40,4 +40,10 @@ WireGuard has a [network namespace integration](https://www.wireguard.io/netns/)
 
 - We have yet to determine the best way to integrate WireGuard into Moby - at the node level or service level isolation.
   - Node level: it's plausible that Moby's provisioner could allocate keys per Moby node
-  - Service level: swarmkit could set up WireGuard on a per-service basis, handing the container the wireguard interface
\ No newline at end of file
+  - Service level: swarmkit could set up WireGuard on a per-service basis, handing the container the wireguard interface
+
+*Service Level*: one proposal is to use WireGuard between container network [`links`](https://docs.docker.com/compose/networking/#links).
+This is a natural fit because WireGuard associates public keys to IP addresses: a docker-compose link would simply need
+a reference to a key in addition to the existing IP address info for this to work.  However there are some open questions:
+  - `containerd` does not intend to support networks from the roadmap
+  - `links` are not currently supported on swarm stack deploys at present
\ No newline at end of file