Overly simplified vanity crypto protocols with no key management are much less secure then complex cryptonsystens #cutsbothwayshttps://twitter.com/RichFelker/status/875699196455727104 …
...if you can factor the key mgmt from the crypto system, you might make both simpler and more secure.
-
-
like IKE/IPsec? Unlike TLS framing :) People invent new symmetric crypto, leave out key management, and call it a crypto system
-
I consider ipsec more complex than TLS, because of bad interface boundary/layering.
-
Funny, I consider IPsec less complex than TLS because of the clear separation of command and data channels
-
I think that's because you're one of, like, 6 people who actually understand IPsec. /
@RichFelker -
honoured you say so but there are many more. And IKEv1 learned from SSL, and TLS 1.3 learned from IKEv2.
#openness -
just having some fun (and fully concur). FTR, I borrowed
@matthew_d_green's maxim: “Nobody actually understands IPsec” -
it's a bad myth though and why we see things like wireguard getting into the kernel

-
s/maxim/quip.
I know nothing about WG. In the commercial VPN IPsec space, things are… not good. - 1 more reply
New conversation -
-
-
For example https://www.wireguard.io/ which tells you how to manually insert private keys into the kernel for encryption.....
-
If kernel is involved it's hopelessly complex.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.