> The point of the WireGuard design is to be agnostic to "upper-layer" concerns like this;

And there will probably never be any standard (non-commercial) "upper-layer" because of this.

The project prides itself on being much simpler than IPSEC etc but that's easy when you leave out half of the functionality

▲

tptacek 7 months ago | parent [-]

That's a good thing. The higher up the stack you go, the less value there is in standardizing, and more painful the costs (of being constrained in implementation).

Also: it is much simpler than IPSEC. Pretty much everybody can get WireGuard working in minutes. It's approximately as easy as setting up SSH. That's simply not true of IPSEC.

Anyways, I think the jury is in on this one.

▲

bogantech 7 months ago | parent [-]

> Pretty much everybody can get WireGuard working in minutes.

You can get anything working in minutes, even IPSEC if you are using static keys with no authentication or authorization involved

	▲	tptacek 7 months ago \| parent [-]
		If you've done it a bunch before. People coming to WireGuard cold can get it set up in minutes. That's why it won: because it's much, much simpler.