from Hacker News

Cloudflare's VPN Warp Is Switching from WireGuard to Masque

by aofeisheng on 6/22/23, 1:27 PM with 10 comments

  • by rcarmo on 6/22/23, 3:03 PM

    Title was editorialised - Cloudflare isn't switching, they are _adding_ Masque. There's even an "We’re not saying goodbye to Wireguard" heading in there.

  • by sevg on 6/22/23, 3:27 PM

    @dang can you please uneditorialize this title back to the original: "Donning a MASQUE: building a new protocol into Cloudflare WARP"

    @aofeisheng please see the HN guidelines: "Otherwise please use the original title, unless it is misleading or linkbait; don't editorialize."

  • by ignoramous on 6/22/23, 3:03 PM

    > Finally, neither the protocol nor the cryptography it uses are standards-based, making it difficult to keep up with the strongest known cryptography (post-quantum crypto, for example).

    Isn't WireGuard post-quantum safe with pre-shared keys?

    > ...connections are made through port 443, which for both TCP and UDP blends in well with general HTTP/3 traffic and is less susceptible than Wireguard to blocking.

    HTTP3 over QUIC is blanket blocked in many countries (due to QUIC's built-in censorship resistance).

  • by tptacek on 6/22/23, 3:37 PM

    It's WireGuard, not Wireguard.