Timothy D. Morgan's recent paper titled, "IPv6 Address Cookies", seeks to apply the fundamental shift in resource availability brought about by the vastly increased Internet address space in IPv6 to develop a novel, lower cost solution to mitigating spoofed attacks. "Spoofed denial of service attacks have plagued the Internet for a number of years, and show no signs of abating. Research into mitigation techniques has apparently not led to a financially viable solution, and new attacks have been discovered in the wild without being widely anticipated". The following provides an introduction to this paper. more
Funny how some topics seem sit on a quiet back burner for years, and then all of a sudden become matters of relatively intense attention. Over the past few weeks we've seen a number of pronouncements on the imminent exhaustion of the IP version 4 address pools. Not only have some of the Regional Internet Registries (RIRs) and some national registry bodies made public statements on the topic, we've now seen ICANN also make its pronouncement on this topic... Why the sudden uptake of interest in this topic? I suspect that a small part of this may be my fault! more
The Cooperative Association for Internet Data Analysis (CAIDA) and the American Registry for Internet Numbers (ARIN) presented the results [PDF] of a recent IPv6 survey at the ARIN XXI Public Policy Meeting in Denver on April 7th. The survey involved over 200 respondents from a blend of Government, commercial organizations (including ISPs and end users), educational institutions, associations, and other profit and non-profit entities. The purpose of the survey, conducted between March 10th and 24th, was to capture IPv6 penetration data in the ARIN region... more
It has often been claimed that IPv6 and the Internet of Things are strongly aligned, to the extent that claims are made they are mutually reliant. An Internet of Things needs the massively expanded protocol address space that only IPv6 can provide, while IPv6 needs to identify a compelling use case to provide a substantive foundation to justify the additional expenditures associated with a widespread deployment of this new protocol that only the Internet of Things can provide. more
One of the major principles of the architecture of the Internet was encapsulated in a paper by Saltzer, Reed and Clark, "End-to-End Arguments in System Design". This paper, originally published in 1981, encapsulated very clearly the looming tension between the network and the application: "The function in question can completely and correctly be implemented only with the knowledge and help of the application standing at the end points of the communication system. Therefore, providing that questioned function as a feature of the communication system itself is not possible." At the time this end-to-end argument was akin to networking heresy! more
There is currently a discussion going on between Milton Mueller and Patrik Fältström over the deployment of DNSSEC on the root servers. I think the discussion exemplifies the difficult relation between those who develop standards and those who use them. On the one hand, Milton points out that the way the signing of the root zone will be done will have a great influence on the subjective trust people and nation states will have towards the system. On the other hand, Patrik states that "DNSSEC is just digital signatures on records in this database". Both are right, of course, but they do not speak the same language... more
There are discussions starting within the Regional Internet Registries (RIRs) about the creation of trading market in IPv4 addresses as we approach the inevitable exhaustion of unallocated addresses. The view being put forward is basically "this is likely to happen anyway and by discussing it now, we can ensure it happens in an orderly way". When I first heard this idea I was a bit surprised. The RIRs are policy based bodies and so a shift to a trading market appears to be an abandonment of that policy base. However I have been partly corrected on that. more
Alain Durand, Principal Technologist at ICANN, visited Georgia Institute of Technology last week for a talk on the global adoption of Internet Protocol version 6 (IPv6). The Internet Governance Project organized the talk in cooperation with Atlanta's Technology Development Center (ATDC) and the Institute for Information Security and Privacy. Durand, who was involved in the IPv6 standardization efforts at IETF back in the early to mid-1990s, offered a clear eyed assessment of the protocol's critical flaw... more
A recent paper called "Worm Propagation Strategies in an IPv6 Internet", written by Steven M. Bellovin, Angelos Keromytis, and Bill Cheswick, examines whether or not the deployment of IPv6 will in fact provide a substantial level of barrier against worms. Shared below are the introductory paragraphs from this paper. "In recent years, the internet has been plagued by a number of worms. One popular mechanism that worms use to detect vulnerable targets is random IP address-space probing..." more
The 5th African Peering and Interconnection Forum (AfPIF) gets underway today, August 26, 2014, in Dakar, Senegal, with a packed agenda full of sessions focused on the future of peering and interconnection in Africa. There are sessions targeted at Internet Service Providers (ISPs), Internet Exchange Points (IXPs), infrastructure providers, content creators and policy makers and regulators. The event goes through Thursday, August 28, 2014. more
I've been following the recent news on the World Summit on the Information Society, and it's getting really bizarre. The Wired article is one example of out of the out-of-this-world coverage on the World Summit; I heard a similar spin yesterday on a radio show that often shares material with the BBC. What king or dictator or bureaucrat has signed the document giving power over the Internet to one organization or another? Did I miss the ceremony? One laughable aspect of news reportage is that the founders and leaders of ICANN always avowed, with the utmost unction, that they were not trying to make policy decisions and were simply tinkering with technical functions on the Internet. more
Anyone who has been watching the technology industry for more than a couple of years quickly learns to recognize FUD: Fear, Uncertainty and Doubt. FUD is (apparently) widely believed to be an effective marketing technique, especially when it comes to security, privacy, or scarcity. But the FUD often falls flat. Scarcity, in particular, is rare on the internet -- even rarer than privacy or security. There's constant FUD about scarcity of bandwidth, but the pipes get upgraded. Attempts to impose artificial scarcity through paywalls or other devices inevitably fail in the face of free alternatives. Even the scarcity of IPv4 addresses, which have indeed run out at the top, hasn't affected end users at the bottom yet -- and probably won't, for a long time. more
The European Commission has released a communication on IPv6, in time for the IPv6 Day in Brussels next 30th May. It goes in the same direction as the report presented at the OECD Ministerial meeting on "Future of the Internet Economy", that was held in Seoul, Korea earlier this month. At the same time, the Commission committed to make its own web services available on IPv6 by 2010. It is good to see that intergovermental organizations take the lead on this, after 10 years of failure of the private sector to actually deploy IPv6... more
How important is it for a vendor, service provider or integrator to be using a service or technology that it is pushing on its clients? When Voice over IP (VoIP) came out Cisco began a gigantic push, having its salespersons pitch it to anyone and everyone on their client list. But Cisco had not yet deployed VoIP within its own corporate network. It was still making use of traditional voice systems from vendors that today it probably considers competitors. Many people on the receiving end of a sales pitch recognized this... more
Declan McCullagh recently opined that the "FBI [and the] DEA warn [that] IPv6 could shield criminals from police." His post was picked-up relatively widely in the past few days, with the headlines adding more hyperbole along the way. So just how real is this threat? Let's take a look. more
A World-Renowned Source for Internet Developments. Serving Since 2002.