Title was editorialised - Cloudflare isn't switching, they are _adding_ Masque. There's even an "We’re not saying goodbye to Wireguard" heading in there.
@dang can you please uneditorialize this title back to the original: "Donning a MASQUE: building a new protocol into Cloudflare WARP"<p>@aofeisheng please see the HN guidelines: "Otherwise please use the original title, unless it is misleading or linkbait; don't editorialize."
> <i>Finally, neither the protocol nor the cryptography it uses are standards-based, making it difficult to keep up with the strongest known cryptography (post-quantum crypto, for example).</i><p>Isn't WireGuard post-quantum safe with pre-shared keys?<p>> <i>...connections are made through port 443, which for both TCP and UDP blends in well with general HTTP/3 traffic and is less susceptible than Wireguard to blocking.</i><p>HTTP3 over QUIC is blanket blocked in many countries (due to QUIC's built-in censorship resistance).