Flexibility leads to complexity and complexity is the enemy of security, so it's a shame that many security-related systems and APIs seem to themselves be designed with maximum flexibility in mind
Here's Niels Ferguson and Bruce Schneier's paper from 2000 where they dedicate about a quarter of the paper to ranting about how IPsec is too damned complicatedhttps://www.schneier.com/academic/paperfiles/paper-ipsec.pdf
I'm looking forward to Wireguard coming out of alpha. It's so beautifully simple.
Octodon is a nice general purpose instance. more