[157080] in North American Network Operators' Group
RE: IPv4 address length technical design
daemon@ATHENA.MIT.EDU (Spurling, Shannon)
Fri Oct 5 10:19:03 2012
From: "Spurling, Shannon" <shannon@more.net>
To: William Herrin <bill@herrin.us>, Barry Shein <bzs@world.std.com>
Date: Fri, 5 Oct 2012 14:18:10 +0000
In-Reply-To: <CAP-guGVzPU+4o63=s+BdYnvu5KL=O4Yz79Ys0nY=5bwiQxMkug@mail.gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I had toyed with the idea that maybe we needed an identity based routing sy=
stem. Addressing doesn't change because it's the physical map of the networ=
k. Instead what you need is a set of identity "banking" servers, either arr=
anged by organization or contract, that hold a public key and that your wor=
kstations and servers update with their current location. That would be sim=
ilar to the current DNS infrastructure. When you wish to transact with one =
of these servers, you use the DNS like identity to retrieve the current loc=
ation, and send a signed connection request via TCP or UDP. The remote end =
received an authenticated request that you can confirm using your identity =
and public key. You don't have to encrypt the contents of the packet, but y=
ou could if you needed to. If an address changes, that device could send a =
signed update indicating the IP change to all currently opened sockets and =
it's authoritative identity server.
I know it's kind of rough, but it would take all this complexity and put it=
back in the workstation stack. Everybody is lowering their DNS TTL's to no=
thing anymore to support dynamic DNS. There is a big push to virtualize and=
fragment the IP address scheme to support IP mobility, which flies in the =
face of good network management. Not to mention how IP mobility also enable=
s man in the middle to become a serious reality. And all the router vendors=
are pushing for more features, instead of doing what they are supposed to =
do better. I think a concept like this could help on several levels. It jus=
t seems like something different needs to be done.
S -
=20
-----Original Message-----
From: William Herrin [mailto:bill@herrin.us]=20
Sent: Friday, October 05, 2012 8:07 AM
To: Barry Shein
Cc: nanog@nanog.org
Subject: Re: IPv4 address length technical design
On Thu, Oct 4, 2012 at 7:36 PM, Barry Shein <bzs@world.std.com> wrote:
> In Singapore in June 2011 I gave a talk at HackerSpaceSG about just
> doing away with IP addresses entirely, and DNS.
> About the only obvious objection, other than vague handwaves about
> compute efficiency, is it would potentially make packets a lot longer
What portion of your audience would you say took it at face value
without realizing they'd been trolled?
Regards,
Bill Herrin
--=20
William D. Herrin ................ herrin@dirtside.com bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
