>> and the bit about TLS having been around for 20 years already and it >> being past time to do something. > https://www.openssl.org/news/vulnerabilities.html#y2015
i might list the interminable vuln i get in the mail from juniper and cisco, but it would be a major project to find even a majority of them. the operational fact of life is that nobody deploys ipsec under any routing or pretty much anything else other than some vpns. i should not have to waste pixels on this. ipsec clauses in sec cons are a cheap farce that should be stopped at the wg level, or at the iesg if the wgs are gutless. thanks to browsers, email, and a hoard of other apps, tls is what is deployed and therefore more easily deployable. it ain't perfect, but not much we do is. and it beats the crap outta ipsec, which was <insert sick ietf sec behavior here> and then frozen in time. randy _______________________________________________ GROW mailing list [email protected] https://www.ietf.org/mailman/listinfo/grow
