SoylentNews is people
SoylentNews
from the if-only-I-could-do-it-over dept.
Vint Cerf is considered a father of the internet, but that doesn't mean there aren't things he would do differently if given a fresh chance to create it all over again.
"If I could have justified it, putting in a 128-bit address space would have been nice so we wouldn't have to go through this painful, 20-year process of going from IPv4 to IPv6," Cerf told an audience of journalists Thursday during a press conference at the Heidelberg Laureate Forum in Germany.
IPv4, the first publicly used version of the Internet Protocol, included an addressing system that used 32-bit numerical identifiers. It soon became apparent that it would lead to an exhaustion of addresses, however, spurring the creation of IPv6 as a replacement. Roughly a year ago, North America officially ran out of new addresses based on IPv4.
For security, public key cryptography is another thing Cerf would like to have added, had it been feasible.
Trouble is, neither idea is likely to have made it into the final result at the time. "I doubt I could have gotten away with either one," said Cerf, who won a Turing Award in 2004 and is now vice president and chief internet evangelist at Google. "So today we have to retrofit."
(Score: 5, Insightful) by Snotnose on Sunday September 25 2016, @12:21AM
128 bits lets the TLAs differentiate your printer from your phone from your laptop from your desktop from your fridge from your thermostat. It's why I don't upgrade to IPv6, my farking thermostat is my own business, I don't need the NSA learning I like to keep the heat off and crawl under a pile of blankets. Had the IP addresses been 64 bits it would have cost pretty much nothing from a bandwidth standpoint, and avoided a bunch of stuff from a privacy standpoint.
IPv6 can die a horrible death from my standpoint.
When the dust settled America realized it was saved by a porn star.
(Score: 3, Interesting) by stormwyrm on Sunday September 25 2016, @01:05AM
Remember, that it also lets you differentiate your printer from your phone from your laptop from your desktop from your fridge from your thermostat. You need to be able to do that under the limitations of IPv4 as well, and it is much more cumbersome for you to do that, and if you're doing it wrong, it makes no difference to the TLAs. If you do IPv6 right though, it will allow you to differentiate all your gadgets easily while making it harder for outsiders to do the same than the best that IPv4+NAT could let them. A properly configured stateful firewall [internetsociety.org] provides far better security and privacy than a NAT, which isn't really designed to provide privacy and security in the first place, and prevents other security mechanisms from working properly besides.
And no, 64 bits would have been just as unacceptable as a compromise in those days as 128 bits would have been. RFC 791 that described the IPv4 protocol as we use it today was issued in 1981, and there were several prior RFCs that were precursors to the protocol (IPv0-3) dating back to 1977. Think of what the computers and bandwidth were like in those days. In the 1970s even 32 kilobytes of RAM was considered plenty and was very expensive. Bandwidth was similarly costly.
Numquam ponenda est pluralitas sine necessitate.
(Score: 1, Interesting) by Anonymous Coward on Sunday September 25 2016, @01:15AM
Explain to me again why NAT and private use IPv4 address tables are so terrible? I understand that the telcos, FB, and (I assume) Google don't like them because they keep thinking they ought to be able to track "their customers" (whether those people actually signed up for their services or not) and their devices around 24x7x365.
And Cisco doesn't like NAT because they've been pushing IPv6 for twenty years (literally) and have co-authored over one hundred RFCs about it (not exaggerating) so they can convince corporate buyers they need to keep upgrading their routers and switches to stay up to date.
Of course, hackers (the evil kind) love the idea that every device out there will have a permanent, unique IP address, possibly along with transient IP addresses if it's a mobile device. That makes their job so much easier.
(Score: 0) by Anonymous Coward on Sunday September 25 2016, @01:31AM
(Score: 0) by Anonymous Coward on Sunday September 25 2016, @01:40AM
How many permanent IP addresses does the world need? Probably less than 100 million. OK, we'd run out of them eventually, but a 64-bit address space would solve that problem for at least the next 30 years.
You don't need a 128-bit address space when almost all of the IP addresses are transient.
(Score: 0) by Anonymous Coward on Sunday September 25 2016, @04:54AM
(Score: 2) by Pino P on Sunday September 25 2016, @09:01PM
Limiting the Internet to 100 million addresses that can accept incoming connections is like saying "Only one person out of 70 should be allowed to run a website or other publicly accessible resource."
(Score: 1, Informative) by Anonymous Coward on Sunday September 25 2016, @08:14AM
If you want to see why it is a terrible thing go look at the NAT code inside of most routers. It is a sight to behold. Most actual router code is pretty simple.
NAT also creates another attack surface. Yep. Several recent attacks have been working around NAT to get into peoples networks. Instead of a clean firewall. Several smart guys long ago figured out the 'hole punch'. https://en.wikipedia.org/wiki/Hole_punching_(networking) [wikipedia.org]
NAT is a hack to work around a shortage. We actually ran out of IPs years ago.
Also ipv6 has private ranges and can do NAT. *IF* you really really really want to.
Of course, hackers (the evil kind) love the idea that every device out there will have a permanent
That is why you have a real firewall.
possibly along with transient IP addresses if it's a mobile device
You have not worked at a phone company or ISP have you? 99.999999% of them are static or for all intents static.
That makes their job so much easier.
It makes everyone's job easier. I dont make shit code just to make someone elses life slightly harder. If you think NAT will stop hackers you are dreaming.
Instead of worrying about ipv4 vs ipv6 I suggest you worry more about the problems in the core network routing and how easy it is to screw up.
(Score: 2) by Pino P on Sunday September 25 2016, @09:03PM
How would you go about adding "a real firewall" to, say, a USB LTE modem?
(Score: 0) by Anonymous Coward on Monday September 26 2016, @09:05AM
You stick it in the USB-port of the firewall.
Oh, you mean a single (laptop, probably) computer? Secure the computer, instead of putting a firewall in front of it.
(Score: 3, Informative) by Snotnose on Sunday September 25 2016, @01:15AM
I should add I was writing ethernet drivers back then. 32 bit registers were high end, 64 bit just wasn't done. So I get why 32 bit IP addresses were chosen (especially when they were chosen in the 60s), I just don't get why whomever decided 128 bit addresses were better than 64 bit addresses.
I want no part of IPv6, each addy gives too much information about itself.
When the dust settled America realized it was saved by a porn star.
(Score: 0) by Anonymous Coward on Sunday September 25 2016, @01:52AM
https://itsnobody.wordpress.com/2012/02/17/how-many-addresses-can-ipv6-hold/ [wordpress.com] They could track grains of sand in Earth beaches!