IPv4 address length technical design

Spurling, Shannon shannon at more.net
Fri Oct 5 14:18:10 UTC 2012


I had toyed with the idea that maybe we needed an identity based routing system. Addressing doesn't change because it's the physical map of the network. Instead what you need is a set of identity "banking" servers, either arranged by organization or contract, that hold a public key and that your workstations and servers update with their current location. That would be similar to the current DNS infrastructure. When you wish to transact with one of these servers, you use the DNS like identity to retrieve the current location, and send a signed connection request via TCP or UDP. The remote end received an authenticated request that you can confirm using your identity and public key. You don't have to encrypt the contents of the packet, but you could if you needed to. If an address changes, that device could send a signed update indicating the IP change to all currently opened sockets and it's authoritative identity server.

I know it's kind of rough, but it would take all this complexity and put it back in the workstation stack. Everybody is lowering their DNS TTL's to nothing anymore to support dynamic DNS. There is a big push to virtualize and fragment the IP address scheme to support IP mobility, which flies in the face of good network management. Not to mention how IP mobility also enables man in the middle to become a serious reality. And all the router vendors are pushing for more features, instead of doing what they are supposed to do better. I think a concept like this could help on several levels. It just seems like something different needs to be done.


S -



 

-----Original Message-----
From: William Herrin [mailto:bill at herrin.us] 
Sent: Friday, October 05, 2012 8:07 AM
To: Barry Shein
Cc: nanog at nanog.org
Subject: Re: IPv4 address length technical design

On Thu, Oct 4, 2012 at 7:36 PM, Barry Shein <bzs at world.std.com> wrote:
> In Singapore in June 2011 I gave a talk at HackerSpaceSG about just
> doing away with IP addresses entirely, and DNS.
> About the only obvious objection, other than vague handwaves about
> compute efficiency, is it would potentially make packets a lot longer

What portion of your audience would you say took it at face value
without realizing they'd been trolled?

Regards,
Bill Herrin



-- 
William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004




More information about the NANOG mailing list