> It’s kernel-based which reduces attack surface and can be ran in virtually any device.
Excuse my ignorance, but can someone explain why a kernel based networking stack has less of an attack surface then a user-space based stack?
I mean logically user-space should be more secure no?
BTW if people want to try userspace WireGuard: https://github.com/cloudflare/boringtun