Comment by cryptonector
23 days ago
But the very nice thing about ESP (over UDP or not) is that it's much simpler to build HW offload than for TLS.
Using the long ago past as FUD here is not useful.
23 days ago
But the very nice thing about ESP (over UDP or not) is that it's much simpler to build HW offload than for TLS.
Using the long ago past as FUD here is not useful.
> IPSec is terrible, huge, and messy standard that company that made it took 20 years to stop getting CVE every year
This is fact, not FUD.
Microsoft has had multiple RCE vulns in their ipsec stack in the last two years.
The big vendors like Cisco had ipsec vulns for decades.
These days the issues are pretty well known and documented, but it really is a bad standard.