Hacker News new | past | comments | ask | show | jobs | submit login

Regarding the whole-protocol versions instead of mix and match negotiation: is there a reason that wouldn't have worked for TLS? At least technologically; I'm sure it was a non-starter politically.

I'm just wondering if there are any actual downsides to this scheme. It seems like such an obviously good idea that I'm second-guessing myself.

It would have worked fine for SSL (now TLS). Wireguard has the advantage of being able to learn from decades of experience with real world SSL/TLS vulnerabilities — the advantage of hindsight.

SSL and especially TLS are used in lots of different applications. So either most of them don't get the features they want in this scenario, or they all use mutually incompatible protocols.

The no-negotiation approach also means if things change you can't find out why you can't connect. Maybe you need to upgrade your software? Or downgrade it? Did you change any settings? It's a mystery!

I wonder if protocol agility was pushed through the IETF as part of the NSA’s intentional weakening of crypto protocols.

It was required to comply with US laws against exporting strong cryptography. In order to have a global standard the protocol had to be decoupled from the crypto implementation and clients had to be able to negotiate down to the (broken) crypto approved for export.


Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact