Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://hachyderm.io/users/dalias/statuses/114026264952260195">Rich Felker (dalias@hachyderm.io)'s status on Wednesday, 19-Feb-2025 03:18:46 JST</a><a href="https://hachyderm.io/@dalias" title="dalias@hachyderm.io"><img src="https://gnusocial.jp/avatar/40873-48-20221207231635.webp" width="48" height="48" alt="Rich Felker" style="position: absolute; left: 0; top: 0;">Rich Felker</a><div><a href="https://mastodon.chaosfield.at/@dequbed/114025640241827071" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/79514" title="dequbed@mastodon.chaosfield.at">nadja</a></li></ul></div></section><article><p><a href="https://mastodon.chaosfield.at/@dequbed">@dequbed</a> <a href="https://furry.engineer/@soatok">@soatok</a> Unless you're just using IPsec as a tunnel encapsulating layer, the reason it's "the wrong layer" is that applications have to know about it to use it, but they can only use it if they're on a system &amp; network configuration that supports it. This is stupid, because applications don't want encryption at the network layer, they want it at the transport layer and possibly also application layer.</p><p>If you are just using it to encapsulate a tunnel, it's a less compatible, more stateful, more painful to setup version of wireguard.</p><p>Ultimately, encryption at the network layer is not something that benefits application privacy/security. It's just a way to bypass draconian firewalls and metadata harvesting.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4587517#notice-8982429">In conversation</a><time datetime="2025-02-19T03:18:46+09:00" title="Wednesday, 19-Feb-2025 03:18:46 JST">about 4 days ago</time> <span>from <span><a href="https://gnusocial.jp/notice/8982429" rel="external" title="Sent from gnusocial.jp via ActivityPub">gnusocial.jp</a></span></span><a href="https://gnusocial.jp/notice/8982429">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Wednesday, 19-Feb-2025 03:18:46 JSTRich Felker
in reply to
- Soatok Dreamseeker
- nadja
@dequbed @soatok Unless you're just using IPsec as a tunnel encapsulating layer, the reason it's "the wrong layer" is that applications have to know about it to use it, but they can only use it if they're on a system & network configuration that supports it. This is stupid, because applications don't want encryption at the network layer, they want it at the transport layer and possibly also application layer.
If you are just using it to encapsulate a tunnel, it's a less compatible, more stateful, more painful to setup version of wireguard.
Ultimately, encryption at the network layer is not something that benefits application privacy/security. It's just a way to bypass draconian firewalls and metadata harvesting.
In conversationabout 4 days ago from gnusocial.jppermalink

Public

Embed Notice

HTML Code

Corresponding Notice