Hi! On 09:35 Sat 22 Jan , Eugen Leitl wrote:
On Sat, Jan 22, 2011 at 08:00:45AM +0100, Michael Blizek wrote: ...
Besides IPv6 is as broken as IPv4 in meshes. It provides zero security,
I'm seeing a loophole in IPv6 by way of providing a local /64 which is effectively scratch space. This would prepare the way for geographic routing when the table space growth goes exponential again.
In how far is this geographic routing supposed to help? Finding routes to the other end of the mesh which you do not use anyway?
privacy and a single high-bandwidth application can slow everything down extremely - and there is close to nothing you can do about this. The only thing IPv6 does slightly better in meshes than IPv4 is automatic address
Positioning information is a good source of automatic address assignment, and there's machinery (DAD) helping you to deal with rare collisions.
Well, let's see which possibilities exist for defining addresses: 1) You have a very small address space and search the network to see if your randomly generated address is already in use before you use it. 2) You have a big address space and just generate an address and assume nodody else uses it. 3) You use public keys of a public-private key crypto to make sure nobody can "take over" somebody else's address. If IPv6 can not even do 2 without any quirks it has *zero* reason for existance in mesh networks. Not even "the outside is using IPv6" (they are *not*) is an argument, because you usually want to create an encrypted tunnel to the exit node anyway.
assignment - and even this probably is not that hard to do in IPv4 unless you have extreme situations.
IPv4 is dead, Jim.
IPv4 is *not* dead. Everybody is using it. I do not know a single ISP who provides it to their customers. Besides IPv6 is close to being the worst you can do from a privacy point of view. Getting rid of NAT is a very bad idea. Having the last 64 bits globally unique no matter where you more is very bad is well. Even privacy extensions (*if* used) are not as good, because addresses will not get reused. Having the first 64 bits static is even worse. I seriously doubt that it is not even necessary. Providers start implementing carrier side NAT and if done right (with UPnP or other means of forwarding ports without user intervention), this can be a significant privacy gain without any side effects. Yes I know how much application can be fingerprinted, but this does not mean that we should constantly be adding ever more identifying information. -Michi -- programing a layer 3+4 network protocol for mesh networks see http://michaelblizek.twilightparadox.com ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE