SoylentNews

Vint Cerf's Dream Do-Over: 2 Ways He'd Make the Internet Different

posted by janrinok on Saturday September 24 2016, @11:04PM   
from the if-only-I-could-do-it-over dept.

Arthur T Knackerbracket has found the following story:

Vint Cerf is considered a father of the internet, but that doesn't mean there aren't things he would do differently if given a fresh chance to create it all over again.

"If I could have justified it, putting in a 128-bit address space would have been nice so we wouldn't have to go through this painful, 20-year process of going from IPv4 to IPv6," Cerf told an audience of journalists Thursday during a press conference at the Heidelberg Laureate Forum in Germany.

IPv4, the first publicly used version of the Internet Protocol, included an addressing system that used 32-bit numerical identifiers. It soon became apparent that it would lead to an exhaustion of addresses, however, spurring the creation of IPv6 as a replacement. Roughly a year ago, North America officially ran out of new addresses based on IPv4.

For security, public key cryptography is another thing Cerf would like to have added, had it been feasible.

Trouble is, neither idea is likely to have made it into the final result at the time. "I doubt I could have gotten away with either one," said Cerf, who won a Turing Award in 2004 and is now vice president and chief internet evangelist at Google. "So today we have to retrofit."

---

Original Submission

• Re:128-bit addresses and crypto (Score: 3, Informative) by stormwyrm on Monday September 26 2016, @12:25AM

  by stormwyrm (717) on Monday September 26 2016, @12:25AM (#406448) Journal

  Many of the security attacks on the TCP/IP protocol could be mitigated if strong cryptography were incorporated at that level. If we had a public key signature with every IP packet signed by the host that produced it, then attacks like TCP sequence number prediction, IP address spoofing, and so forth would require forging the cryptographic signature to become possible. Only problem is that an RSA public key signature is big, equal to the size of the RSA key used, and secure key lengths these days are in the 2048 bit range. Every packet would thus become at least 256 bytes of authentication information plus the header. Ouch.

  As for the 32-bit address limitation, Vint Cerf himself said this [dltj.org]:

  The decision to put a 32-bit address space on there was the result of a year’s battle among a bunch of engineers who couldn’t make up their minds about 32, 128 or variable length. And after a year of fighting I said — I’m now at ARPA, I’m running the program, I’m paying for this stuff and using American tax dollars — and I wanted some progress because we didn’t know if this is going to work. So I said 32 bits, it is enough for an experiment, it is 4.3 billion terminations — even the defense department doesn’t need 4.3 billion of anything and it couldn’t afford to buy 4.3 billion edge devices to do a test anyway. So at the time I thought we were doing a experiment to prove the technology and that if it worked we’d have an opportunity to do a production version of it. Well — [laughter] — it just escaped! — it got out and people started to use it and then it became a commercial thing.

  (emphasis added) He thought that IPv4 was supposed to be an experiment to prove the technology and well, it worked so well that it got beyond his control before he could do anything about it.

  --
  Numquam ponenda est pluralitas sine necessitate.

  Parent

  Starting Score:	1		point
  Moderation		+1
  Informative=1, Total=1
  Extra 'Informative' Modifier		0
  Karma-Bonus Modifier		+1
  Total Score:		3