Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Saturday September 24 2016, @11:04PM   Printer-friendly
from the if-only-I-could-do-it-over dept.

Vint Cerf is considered a father of the internet, but that doesn't mean there aren't things he would do differently if given a fresh chance to create it all over again.

"If I could have justified it, putting in a 128-bit address space would have been nice so we wouldn't have to go through this painful, 20-year process of going from IPv4 to IPv6," Cerf told an audience of journalists Thursday during a press conference at the Heidelberg Laureate Forum in Germany.

IPv4, the first publicly used version of the Internet Protocol, included an addressing system that used 32-bit numerical identifiers. It soon became apparent that it would lead to an exhaustion of addresses, however, spurring the creation of IPv6 as a replacement. Roughly a year ago, North America officially ran out of new addresses based on IPv4.

For security, public key cryptography is another thing Cerf would like to have added, had it been feasible.

Trouble is, neither idea is likely to have made it into the final result at the time. "I doubt I could have gotten away with either one," said Cerf, who won a Turing Award in 2004 and is now vice president and chief internet evangelist at Google. "So today we have to retrofit."


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Informative) by stormwyrm on Saturday September 24 2016, @11:58PM

    by stormwyrm (717) on Saturday September 24 2016, @11:58PM (#406081) Journal

    Using 128-bit addresses would have increased the size of the IP header by 24 bytes, a big consideration when bandwidth was much more limited, and how feasible the larger address space would have been for the routing hardware of the day to handle might have been another issue. As it is though, in the present the smaller address space they decided on actually led to much more complicated routing and NAT to get around its limitations, so in hindsight it might have made routing protocols simpler and easier to implement, as the IPv6 routing seems to be.

    It is much easier to understand why adding cryptography to the protocols was unacceptable. Those were the days of Crypto War I, when the United States government was agitating for back doors in all cryptography and treating it as though it were munitions for export purposes. Adding crypto would have gotten the national security establishment of the government involved. In those days, RSA was still under patent, there were no alternative public domain algorithms for doing public key cryptography, and there were no efficient public-domain algorithms for symmetric cryptography either. DES and 3DES while public domain were relatively inefficient in software since they were designed to be implemented efficiently in hardware ASICs, and most other good algorithms like RC4 and IDEA were proprietary.

    --
    Numquam ponenda est pluralitas sine necessitate.
    Starting Score:    1  point
    Moderation   +3  
       Interesting=1, Informative=2, Total=3
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 2) by shrewdsheep on Sunday September 25 2016, @08:33PM

    by shrewdsheep (5215) on Sunday September 25 2016, @08:33PM (#406383)

    I have a hard time believing that Cerf actually thought about these things back then. Thinking about an address space four to eight times larger (in terms of bits) than that of computers (and many times bigger than the western population and many orders of magnitudes bigger than the intended military/academic use) at the time seems far fetched to me. Cryptographic elements do not have anything to do with IP. This protocol needs to be unencrypted to have it fulfill its function. Some elements of TCP could be encrypted but it does not make much sense. Encryption is added at the application layer.
    I read this as follows: I, Cerf, would have liked to think of these things back then, but didn't.

    • (Score: 1, Interesting) by Anonymous Coward on Sunday September 25 2016, @09:26PM

      by Anonymous Coward on Sunday September 25 2016, @09:26PM (#406401)
      Encryption is needed even at the IP level I think, at least strong authentication. Packet spoofing and connection hijacking becomes a lot harder to do if you have that.
    • (Score: 3, Informative) by stormwyrm on Monday September 26 2016, @12:25AM

      by stormwyrm (717) on Monday September 26 2016, @12:25AM (#406448) Journal

      Many of the security attacks on the TCP/IP protocol could be mitigated if strong cryptography were incorporated at that level. If we had a public key signature with every IP packet signed by the host that produced it, then attacks like TCP sequence number prediction, IP address spoofing, and so forth would require forging the cryptographic signature to become possible. Only problem is that an RSA public key signature is big, equal to the size of the RSA key used, and secure key lengths these days are in the 2048 bit range. Every packet would thus become at least 256 bytes of authentication information plus the header. Ouch.

      As for the 32-bit address limitation, Vint Cerf himself said this [dltj.org]:

      The decision to put a 32-bit address space on there was the result of a year’s battle among a bunch of engineers who couldn’t make up their minds about 32, 128 or variable length. And after a year of fighting I said — I’m now at ARPA, I’m running the program, I’m paying for this stuff and using American tax dollars — and I wanted some progress because we didn’t know if this is going to work. So I said 32 bits, it is enough for an experiment, it is 4.3 billion terminations — even the defense department doesn’t need 4.3 billion of anything and it couldn’t afford to buy 4.3 billion edge devices to do a test anyway. So at the time I thought we were doing a experiment to prove the technology and that if it worked we’d have an opportunity to do a production version of it. Well — [laughter] — it just escaped! — it got out and people started to use it and then it became a commercial thing.

      (emphasis added) He thought that IPv4 was supposed to be an experiment to prove the technology and well, it worked so well that it got beyond his control before he could do anything about it.

      --
      Numquam ponenda est pluralitas sine necessitate.
  • (Score: 1, Interesting) by Anonymous Coward on Sunday September 25 2016, @09:13PM

    by Anonymous Coward on Sunday September 25 2016, @09:13PM (#406397)

    IPX had this solved back in the 80s.

    48bit network, 32 bit network ids. Where it broke down was that IPX didn't support netmasks, meaning you wasted most of those 48bits of LAN addressing rather than being able to subnet them. That was the key feature of IPv4 over any of the alternatives for international usage.

    Rather than using the IPv6 available today, we might in fact be better off going back to IPv4 and simply expanding the address range it can use to 64 or 128 bits and calling it good enough. For IoT and other such devices they should really NOT be on the IPvX network and rather be reached via a tunnelling protocol to an internal network connected via an internet addressed host. Doing this would reduce a lot of the utility of IoT devices for DDoS and other nefarious activities.