[Cryptography] A seemingly simple question ...
Alfie John
alfie at alfie.wtf
Wed Feb 20 17:38:43 EST 2019
On Wed, Feb 20, 2019 at 02:55:05PM +0000, Thierry Moreau wrote:
> What is the typical secure protocol deployed in this context? Obviously,
> "TLS" or "IPsec" is a partial answer due to the many protocol versions,
> options, configurations, ...
Typically, TLS if machines are exposed on the Internet, and IPsec when called
for (tunneling, plaintext legacy traffic). However, Noise and Wireguard have
recently caught my attention:
http://noiseprotocol.org/noise.html
https://www.wireguard.com/
> Also, if the answer is a transport layer protocol (e.g. TLS in a given
> profile) or a network layer protocol (e.g. IPsec in a given profile), is
> there any notable vulnerability originating from the fact that the security
> requirement is at the application layer? If so, what are the
> countermeasures?
Both with TLS and Ipsec, it's hard to get the configs right to know you're
safe. Getting an F on Qualys' ssltest is easy to do :(
Now take a look at what's needed for the configuration of Wireguard. Beautiful!
It's 2019... let's take the footguns away from users and make safe defaults!
Alfie
--
Alfie John
https://www.alfie.wtf
More information about the cryptography
mailing list