| ▲ | bogantech 8 hours ago | |
> The point of the WireGuard design is to be agnostic to "upper-layer" concerns like this; And there will probably never be any standard (non-commercial) "upper-layer" because of this. The project prides itself on being much simpler than IPSEC etc but that's easy when you leave out half of the functionality | ||
| ▲ | tptacek 8 hours ago | parent [-] | |
That's a good thing. The higher up the stack you go, the less value there is in standardizing, and more painful the costs (of being constrained in implementation). Also: it is much simpler than IPSEC. Pretty much everybody can get WireGuard working in minutes. It's approximately as easy as setting up SSH. That's simply not true of IPSEC. Anyways, I think the jury is in on this one. | ||