[Cryptography] A seemingly simple question ...
Paul Wouters
paul at cypherpunks.ca
Wed Feb 20 22:50:27 EST 2019
On Wed, 20 Feb 2019, Alfie John wrote:
> On Wed, Feb 20, 2019 at 02:55:05PM +0000, Thierry Moreau wrote:
>> What is the typical secure protocol deployed in this context? Obviously,
>> "TLS" or "IPsec" is a partial answer due to the many protocol versions,
>> options, configurations, ...
TLS for netflows, IPsec for IP flows.
> Now take a look at what's needed for the configuration of Wireguard. Beautiful!
Check the previous iteration of the wireguard discussion. For raw public
key authentication, I showed both configs have 8 lines of basically
the same information, using the same ciphers.
> It's 2019... let's take the footguns away from users and make safe defaults!
Everything is so nice when you can claim version 0.x is not supported
and should not be used. And you have no backwards compatibility, or
defined RFC standard with multiple implementations and people
allowing and optimising for many different use cases.
But sure, it is 2019 and you go ahead and hard code IP addresses in your
wireguard configuration for each VPN client :P
Paul
More information about the cryptography
mailing list