Remix.run Logo
bogantech 7 months ago

> The point of the WireGuard design is to be agnostic to "upper-layer" concerns like this;

And there will probably never be any standard (non-commercial) "upper-layer" because of this.

The project prides itself on being much simpler than IPSEC etc but that's easy when you leave out half of the functionality

tptacek 7 months ago | parent [-]

That's a good thing. The higher up the stack you go, the less value there is in standardizing, and more painful the costs (of being constrained in implementation).

Also: it is much simpler than IPSEC. Pretty much everybody can get WireGuard working in minutes. It's approximately as easy as setting up SSH. That's simply not true of IPSEC.

Anyways, I think the jury is in on this one.

bogantech 7 months ago | parent [-]

> Pretty much everybody can get WireGuard working in minutes.

You can get anything working in minutes, even IPSEC if you are using static keys with no authentication or authorization involved

tptacek 7 months ago | parent [-]

If you've done it a bunch before. People coming to WireGuard cold can get it set up in minutes. That's why it won: because it's much, much simpler.