[Cryptography] WireGuard
jamesd at echeque.com
jamesd at echeque.com
Sun Sep 9 01:49:06 EDT 2018
On 05/09/2018 17:47, Raphael Jacquot wrote:
>
>
> On 09/05/2018 04:47 AM, Paul Wouters wrote:
>
>> Anyway, I wish them luck in making and keeping a simple and strong
>> remote access VPN implementation, and urge them to be friendlier in
>> their community so as to not end up as loved as the systemd crowd :)
>
> I tested it and it works great, I do have one beef with it however, that
> is, it is UDP only (for the sake of simplicity, I get it), which makes
> it not work with broken ISPs that do shitty NAT, and only pass TCP (heck
> sometimes only http(s) works correctly) properly (and even then, the
> underlying connection is not stable so it needs automatic restart and
> stuff)...
IPSec relies on public keys, but identifies computers by their IP address.
Thus anything using IPSec has to provide a bunch of additional moving
parts which are not exactly part of the standard.
IPSec is incomplete without a Zooko to network address translation
standard, or a human readable name to Zooko plus network address standard.
And thus gets completed by everyone gluing their own matchsticks
together in their own way
More information about the cryptography
mailing list