from the if-only-I-could-do-it-over dept.
Vint Cerf is considered a father of the internet, but that doesn't mean there aren't things he would do differently if given a fresh chance to create it all over again.
"If I could have justified it, putting in a 128-bit address space would have been nice so we wouldn't have to go through this painful, 20-year process of going from IPv4 to IPv6," Cerf told an audience of journalists Thursday during a press conference at the Heidelberg Laureate Forum in Germany.
IPv4, the first publicly used version of the Internet Protocol, included an addressing system that used 32-bit numerical identifiers. It soon became apparent that it would lead to an exhaustion of addresses, however, spurring the creation of IPv6 as a replacement. Roughly a year ago, North America officially ran out of new addresses based on IPv4.
For security, public key cryptography is another thing Cerf would like to have added, had it been feasible.
Trouble is, neither idea is likely to have made it into the final result at the time. "I doubt I could have gotten away with either one," said Cerf, who won a Turing Award in 2004 and is now vice president and chief internet evangelist at Google. "So today we have to retrofit."
Related Stories
Ben Cox writes in his blog about visualizing IPv4 address space use by mapping the whole IPv4 Internet with Hilbert curves. While the IPv4 address space is quite large it is still small enough to be able to send a packet to each and every IP address. He goes a little into the background of the maths involved and then makes a comparison to the IPv4 address space back in 2012 using data from the Carna botnet.
[See, also: xkcd's MAP of the INTERNET, the IPv4 space, 2006. --martyb]
Earlier on SN: Vint Cerf's Dream Do-Over: 2 Ways He'd Make the Internet Different
A Swiss VM hosting provider has a technical blog post about how to kill IPv4 completely on FreeBSD. That is to say, turning it completely off, not just preferring IPv6. They then solicit concrete solutions describing, along with a proof of concept, how to turn IPv4 completely off in other operating systems and allowing them to communicate with IPv6 only.
Earlier on SN:
Vint Cerf's Dream Do-Over: 2 Ways He'd Make the Internet Different (2016)
You have IPv6. Turn it on. (2016)
We've Killed IPv4! (2014)
(Score: 2) by Justin Case on Saturday September 24 2016, @11:30PM
No ideas to keep it from becoming a wretched hive of scum and villainy?
It's the Garden of Eden all over again. (TBL's web invention too.) You give humans something nice and they promptly get busy crapping all over it.
(Score: 3, Insightful) by Arik on Sunday September 25 2016, @01:05AM
If laughter is the best medicine, who are the best doctors?
(Score: 2) by Justin Case on Sunday September 25 2016, @12:18PM
The internet is not the web.
Which is why I mentioned both:
(TBL's web invention too.)
And, as someone who knows how to see the constant stream of attempts to ssh into my box as root, when I don't even have an account named root, I would think the asshats are clearly not confined to the web.
(Score: 3, Informative) by Arik on Sunday September 25 2016, @12:36PM
No, asshats are a general phenomena, but in this case I don't think there's anything specific to IP that is amplifying it or aiding them. A transport medium shouldn't be blamed for the bad uses people put it to, unless there's something specific about it that encourages them to be bad. I'd suggest that the constant connections you are seeing are encouraged primarily by the existence of vulnerable end-points and would be occurring with IPX or OSI or whatever else we could have wound up with instead of IP.
On the other hand, the vast shittiness of the web does have a technical component, a very very strong one. Many of the biggest problems with it are directly related to the plague of javascript and plugins and 'active content' being used on top of or in place of actual webpages (HTML.) This has created a huge industry built around exploits and another industry built around offering ineffective 'security' on top of a system that's insecure by design. The malware/advertising/antivirus complex depends on that one flaw more than all others combined.
If laughter is the best medicine, who are the best doctors?
(Score: 3, Interesting) by Justin Case on Sunday September 25 2016, @02:18PM
Many of the biggest problems with it are directly related to the plague of javascript and plugins and 'active content' being used on top of or in place of actual webpages (HTML.)
Arik, I would give that comment a thousand up-votes if I could. Further I'd love to give a solid face-smack or clue-bat to every so-called web developer who codes something in JavaShit that can be done equally well or better in HTML.
Do you ever wonder if Tim Berners-Lee throws up whenever he stops to think about what we've done with his marvelous creation?
Sometimes I think Wikipedia is just about the only major web site that deserves to exist.
(Score: 4, Insightful) by Ethanol-fueled on Sunday September 25 2016, @01:40AM
The original net-surfers embraced the internet because it was a wretched hive of scum and villany and the discourse was more free than Kim Kardashian's tits.
However, if that is not your cup of tea, you can simply ignore the internet and go back to your exciting bowls of plain oatmeal every morning.
(Score: 2, Interesting) by Anonymous Coward on Sunday September 25 2016, @04:18AM
A couple of people, not many, we decided that, well, wouldn't it be really swell if we planted a few gardens. We're gardeners after all. Why not come together and show each other what we know about gardening? We could connect our gardens to each other, have our plants grow together, maybe we'll find some awesome symbiosis happening! And we did. And others came and looked at our garden. It was just a little garden, mind you, there was nobody to hold your hands when you tried to only walk around in them, there were few trails and most of the time you had to carve your own, carrying a machete with you was advisable. Most people turned away when they noticed that it's going to be a bit of work to just look at our flowers. Let alone plant their own garden. Because back then, if you wanted to be part of that gardening experience, you better learned a thing or two about gardening, and fast!
Yes, there was the occasional bully who jumped into our flowerbeds and trampled over them, but we knew how to deal with them. And deal with them we did, swiftly and with lasting effect. We were, after all, gardeners. And we were good at that.
More people came along and we were overjoyed. They're really interested in our stuff! You see, nobody really cared about our plants and everyone we showed any of them called us names because, well, it was not "cool" to plant flowers. But suddenly this was the next big thing, everyone wanted flowers! And we were only too eager to share all the knowledge. Hey, the more the merrier! Knowledge multiplies if you share it!
Well, to be honest... we shared more than just knowledge. There were a few flowerbeds that had those camo nets above them, but hey, ya know, who cares what you do in your spare time, amirite? Just pass it and don't bogard the spliff.
Then people came who said they wanted to build some roads through our gardens so people could walk more easily. We agreed, it was a good idea. After all, most people by now weren't really hard core gardeners anymore. Many just wanted to wander about and smell the flowers. And those that joined were... well, let's say they were happy if we gave them a few saplings because they had no clue at all how to grow plants but wanted some good looking flowerbeds too. We didn't mind. After all, hey, it's not like I don't have that flower anymore just because I give you a sapling of it, right? And we get roads across our garden.
A seed shop opened at the corner. We thought it's cool. Hey, that makes it easier to get seeds initially. Someone's gonna buy, and then we pass 'em around and ... so we thought. But suddenly passing seeds and saplings around wasn't "allowed" anymore. The cornerstone of what we built was considered "bad" now. By whom the fuck and who died and made you king, we asked. We dealt with it the way we knew how to deal with it. The same way we dealt with the bullies, or with others that broke the rules. Only to learn that the rules have changed. We no longer make them.
Long story short, our garden is now walled in. Most of the plots have been sold, or rather, "reappropriated". We're sitting in some corners, tucked away from the busy streets where vendors peddle boring, uninspired hybrid plants (that are of course patented and don't you DARE to as much as SHOW it to anyone, let alone hand him a sapling!) where the masses stumble about, not even knowing what gardening is, for it has been turned into a huge amusement park. Allegedly there is still a tree standing somewhere in what used to be our garden, I haven't seen one in a long time, though.
So we moved on. And we learned.
We built another garden.
And this time, we will not make the mistake to invite the masses in. Leave them their amusement park, and leave them in the blissful ignorance that they don't even know what they're missing.
They most likely even wouldn't want to know.
(Score: 3, Interesting) by pvanhoof on Sunday September 25 2016, @08:11AM
Where is this new garden of yours?
(Score: 0) by Anonymous Coward on Monday September 26 2016, @06:02AM
Quite frankly none of them have the population or reliability of the old internet^H^H^H^H^H^H^H^Hgarden though.
I kind of think the serious guys have either given up, died, or turned into those maker snobs with their yuppie lattes and overpriced 3d printers.
(Score: 2) by butthurt on Friday October 07 2016, @02:16AM
originally posted on Slashdot.com by Opportunist
https://slashdot.com/comments.pl?sid=9216259&cid=52277895 [slashdot.com]
(Score: 2) by turgid on Sunday September 25 2016, @08:13AM
Ban all humans?
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 1, Insightful) by Anonymous Coward on Saturday September 24 2016, @11:33PM
Maybe 64 bit address space would have pass.
(Score: 3, Interesting) by MichaelDavidCrawford on Saturday September 24 2016, @11:44PM
When was the IP protocol accepted? "The Internet" did not at first use what we today recognize IP but it was sometime in the seventies.
Back in those days, the extra 96 bits would have been a serious drain on resources, for example by making routers more expensive.
To understand this, consider that the Apollo 11 lunar lander had 32 kB of magnetic core memory.
Yes I Have No Bananas. [gofundme.com]
(Score: 0, Disagree) by Anonymous Coward on Saturday September 24 2016, @11:52PM
This man works for Google now... and he's pretty good at peddling its worthless crap
(Score: 2) by Hyperturtle on Sunday September 25 2016, @11:58PM
No, this AC is correct, or at least I subscribe to the whack job theory the AC proposes.
Vint Cerf is highly intelligent and his past accomplishments are worthy of great praise.
He is not the same person today. He presently believes that privacy is more of an illusion and that one should accept much less privacy in exchange for various conveniences, conveniences that his employer allows, and allow security benefits from this lack of privacy that enable nations to keep their citizens safe.
The previous views and actions of Vint Cerf had tried to make IPV6 secure; you can go back and read the proposals. "Security built in from the ground-up" or something like that. Not anymore it's not. It's not all his doing of course, but he doesn't seem to mind the results. Those provisions were removed, their safeguards peeled back. Security is to be done by commercial entities you can trust with your privacy, like the businesses that promise to do it for free in exchange for things one would typically keep private. Your privacy secured, data you never really had to provide before to even need securing, by experts in the business, like his employer, at little or no cost to you.
The whole business model means that they are speaking out both sides of their mouth, and what we learn as consumers is the effort to convince a reluctant mark to take the bait.
I want to like the man. He certainly is more capable now, and certainly was back then, more than I ever hope to be as far as dreaming up solutions for networks and protocols and probably whatever hobbies he has as well. He's smart. Maybe there is a reason for his change of mind and the things he says now, and maybe it's a good reason, but I haven't heard anything other than his being stooge for his new masters. He endorses concepts he wasn't endorsing before, so he has come around to a new way of thinking.
Knowing this, I much prefer he sold out and is betraying us for money, than to think perhaps is ideals are slipping with age and that he truly isn't the same person. It is easier to be angry at someone you believe is evil than someone to be angry at the behaviors of someone you believe is mentally ill.
Perhaps he is like Darth Vader and only will find the remaining good within himself when it comes to an unfortunate test that will end up with him destroying himself and the empire he is helping to build. He was a good guy... once. Or maybe I am misconstruing the intent of his employment at Google?
(Score: 5, Informative) by stormwyrm on Saturday September 24 2016, @11:58PM
Using 128-bit addresses would have increased the size of the IP header by 24 bytes, a big consideration when bandwidth was much more limited, and how feasible the larger address space would have been for the routing hardware of the day to handle might have been another issue. As it is though, in the present the smaller address space they decided on actually led to much more complicated routing and NAT to get around its limitations, so in hindsight it might have made routing protocols simpler and easier to implement, as the IPv6 routing seems to be.
It is much easier to understand why adding cryptography to the protocols was unacceptable. Those were the days of Crypto War I, when the United States government was agitating for back doors in all cryptography and treating it as though it were munitions for export purposes. Adding crypto would have gotten the national security establishment of the government involved. In those days, RSA was still under patent, there were no alternative public domain algorithms for doing public key cryptography, and there were no efficient public-domain algorithms for symmetric cryptography either. DES and 3DES while public domain were relatively inefficient in software since they were designed to be implemented efficiently in hardware ASICs, and most other good algorithms like RC4 and IDEA were proprietary.
Numquam ponenda est pluralitas sine necessitate.
(Score: 2) by shrewdsheep on Sunday September 25 2016, @08:33PM
I have a hard time believing that Cerf actually thought about these things back then. Thinking about an address space four to eight times larger (in terms of bits) than that of computers (and many times bigger than the western population and many orders of magnitudes bigger than the intended military/academic use) at the time seems far fetched to me. Cryptographic elements do not have anything to do with IP. This protocol needs to be unencrypted to have it fulfill its function. Some elements of TCP could be encrypted but it does not make much sense. Encryption is added at the application layer.
I read this as follows: I, Cerf, would have liked to think of these things back then, but didn't.
(Score: 1, Interesting) by Anonymous Coward on Sunday September 25 2016, @09:26PM
(Score: 3, Informative) by stormwyrm on Monday September 26 2016, @12:25AM
Many of the security attacks on the TCP/IP protocol could be mitigated if strong cryptography were incorporated at that level. If we had a public key signature with every IP packet signed by the host that produced it, then attacks like TCP sequence number prediction, IP address spoofing, and so forth would require forging the cryptographic signature to become possible. Only problem is that an RSA public key signature is big, equal to the size of the RSA key used, and secure key lengths these days are in the 2048 bit range. Every packet would thus become at least 256 bytes of authentication information plus the header. Ouch.
As for the 32-bit address limitation, Vint Cerf himself said this [dltj.org]:
(emphasis added) He thought that IPv4 was supposed to be an experiment to prove the technology and well, it worked so well that it got beyond his control before he could do anything about it.
Numquam ponenda est pluralitas sine necessitate.
(Score: 1, Interesting) by Anonymous Coward on Sunday September 25 2016, @09:13PM
IPX had this solved back in the 80s.
48bit network, 32 bit network ids. Where it broke down was that IPX didn't support netmasks, meaning you wasted most of those 48bits of LAN addressing rather than being able to subnet them. That was the key feature of IPv4 over any of the alternatives for international usage.
Rather than using the IPv6 available today, we might in fact be better off going back to IPv4 and simply expanding the address range it can use to 64 or 128 bits and calling it good enough. For IoT and other such devices they should really NOT be on the IPvX network and rather be reached via a tunnelling protocol to an internal network connected via an internet addressed host. Doing this would reduce a lot of the utility of IoT devices for DDoS and other nefarious activities.
(Score: 5, Insightful) by Snotnose on Sunday September 25 2016, @12:21AM
128 bits lets the TLAs differentiate your printer from your phone from your laptop from your desktop from your fridge from your thermostat. It's why I don't upgrade to IPv6, my farking thermostat is my own business, I don't need the NSA learning I like to keep the heat off and crawl under a pile of blankets. Had the IP addresses been 64 bits it would have cost pretty much nothing from a bandwidth standpoint, and avoided a bunch of stuff from a privacy standpoint.
IPv6 can die a horrible death from my standpoint.
When the dust settled America realized it was saved by a porn star.
(Score: 3, Interesting) by stormwyrm on Sunday September 25 2016, @01:05AM
Remember, that it also lets you differentiate your printer from your phone from your laptop from your desktop from your fridge from your thermostat. You need to be able to do that under the limitations of IPv4 as well, and it is much more cumbersome for you to do that, and if you're doing it wrong, it makes no difference to the TLAs. If you do IPv6 right though, it will allow you to differentiate all your gadgets easily while making it harder for outsiders to do the same than the best that IPv4+NAT could let them. A properly configured stateful firewall [internetsociety.org] provides far better security and privacy than a NAT, which isn't really designed to provide privacy and security in the first place, and prevents other security mechanisms from working properly besides.
And no, 64 bits would have been just as unacceptable as a compromise in those days as 128 bits would have been. RFC 791 that described the IPv4 protocol as we use it today was issued in 1981, and there were several prior RFCs that were precursors to the protocol (IPv0-3) dating back to 1977. Think of what the computers and bandwidth were like in those days. In the 1970s even 32 kilobytes of RAM was considered plenty and was very expensive. Bandwidth was similarly costly.
Numquam ponenda est pluralitas sine necessitate.
(Score: 1, Interesting) by Anonymous Coward on Sunday September 25 2016, @01:15AM
Explain to me again why NAT and private use IPv4 address tables are so terrible? I understand that the telcos, FB, and (I assume) Google don't like them because they keep thinking they ought to be able to track "their customers" (whether those people actually signed up for their services or not) and their devices around 24x7x365.
And Cisco doesn't like NAT because they've been pushing IPv6 for twenty years (literally) and have co-authored over one hundred RFCs about it (not exaggerating) so they can convince corporate buyers they need to keep upgrading their routers and switches to stay up to date.
Of course, hackers (the evil kind) love the idea that every device out there will have a permanent, unique IP address, possibly along with transient IP addresses if it's a mobile device. That makes their job so much easier.
(Score: 0) by Anonymous Coward on Sunday September 25 2016, @01:31AM
(Score: 0) by Anonymous Coward on Sunday September 25 2016, @01:40AM
How many permanent IP addresses does the world need? Probably less than 100 million. OK, we'd run out of them eventually, but a 64-bit address space would solve that problem for at least the next 30 years.
You don't need a 128-bit address space when almost all of the IP addresses are transient.
(Score: 0) by Anonymous Coward on Sunday September 25 2016, @04:54AM
(Score: 2) by Pino P on Sunday September 25 2016, @09:01PM
Limiting the Internet to 100 million addresses that can accept incoming connections is like saying "Only one person out of 70 should be allowed to run a website or other publicly accessible resource."
(Score: 1, Informative) by Anonymous Coward on Sunday September 25 2016, @08:14AM
If you want to see why it is a terrible thing go look at the NAT code inside of most routers. It is a sight to behold. Most actual router code is pretty simple.
NAT also creates another attack surface. Yep. Several recent attacks have been working around NAT to get into peoples networks. Instead of a clean firewall. Several smart guys long ago figured out the 'hole punch'. https://en.wikipedia.org/wiki/Hole_punching_(networking) [wikipedia.org]
NAT is a hack to work around a shortage. We actually ran out of IPs years ago.
Also ipv6 has private ranges and can do NAT. *IF* you really really really want to.
Of course, hackers (the evil kind) love the idea that every device out there will have a permanent
That is why you have a real firewall.
possibly along with transient IP addresses if it's a mobile device
You have not worked at a phone company or ISP have you? 99.999999% of them are static or for all intents static.
That makes their job so much easier.
It makes everyone's job easier. I dont make shit code just to make someone elses life slightly harder. If you think NAT will stop hackers you are dreaming.
Instead of worrying about ipv4 vs ipv6 I suggest you worry more about the problems in the core network routing and how easy it is to screw up.
(Score: 2) by Pino P on Sunday September 25 2016, @09:03PM
How would you go about adding "a real firewall" to, say, a USB LTE modem?
(Score: 0) by Anonymous Coward on Monday September 26 2016, @09:05AM
You stick it in the USB-port of the firewall.
Oh, you mean a single (laptop, probably) computer? Secure the computer, instead of putting a firewall in front of it.
(Score: 3, Informative) by Snotnose on Sunday September 25 2016, @01:15AM
I should add I was writing ethernet drivers back then. 32 bit registers were high end, 64 bit just wasn't done. So I get why 32 bit IP addresses were chosen (especially when they were chosen in the 60s), I just don't get why whomever decided 128 bit addresses were better than 64 bit addresses.
I want no part of IPv6, each addy gives too much information about itself.
When the dust settled America realized it was saved by a porn star.
(Score: 0) by Anonymous Coward on Sunday September 25 2016, @01:52AM
https://itsnobody.wordpress.com/2012/02/17/how-many-addresses-can-ipv6-hold/ [wordpress.com] They could track grains of sand in Earth beaches!
(Score: 1) by ankh on Sunday September 25 2016, @02:53PM
They promised us an effective search tool -- and could have built one (they're smart, right?)
A tool that would let us look for, generally and then with increasingly specific focus, what we want and think we need, and find just that.
Without a flood of approximations and wrong guesses and sheer larding on of crap.
Google should have figured out how to make their money by enabling and _improving_ search -- getting accurate and honest information from sellers and providers and creators and making that searchable, real time, with a history.
Instead they created a search tool that's used to find people and shove crap at us every time we look around.
"Bad bug. Please fix."