|
|
|
|
|
|
by wahern
2681 days ago
|
|
|
A fairer assessment is that it replaces ESP (the stream encryption portion of IPSec) and a small subset of IKE features. If you look at the ecosystem of software arising around the core Wireguard protocol, much of it is a [poor] recapitulation of IKE. Key management and PKI in particular, not bulk encryption, is the hard part of IPSec (in so far as its hard), and Wireguard doesn't actually solve that. I wouldn't be surprised if someone eventually hacked Wireguard configuration management into an existing IKE daemon. |
|
|