Overly simplified vanity crypto protocols with no key management are much less secure then complex cryptonsystens #cutsbothwayshttps://twitter.com/RichFelker/status/875699196455727104 …
But yes, you need to be comparing functionally equivalent things. System with no key mgmt is not equv to one with, but...
-
-
...if you can factor the key mgmt from the crypto system, you might make both simpler and more secure.
-
like IKE/IPsec? Unlike TLS framing :) People invent new symmetric crypto, leave out key management, and call it a crypto system
-
I consider ipsec more complex than TLS, because of bad interface boundary/layering.
-
Funny, I consider IPsec less complex than TLS because of the clear separation of command and data channels
-
I think that's because you're one of, like, 6 people who actually understand IPsec. /
@RichFelker -
honoured you say so but there are many more. And IKEv1 learned from SSL, and TLS 1.3 learned from IKEv2.
#openness -
just having some fun (and fully concur). FTR, I borrowed
@matthew_d_green's maxim: “Nobody actually understands IPsec” -
it's a bad myth though and why we see things like wireguard getting into the kernel

- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.