Topic: end-to-end encrypted, fully distributed Internet protocol (Read 2041 times)

I suggest some of our technical experts/developers that are interested to join dns-p2p community to help establish their project, because in a sense both projects are related and can use similar underlying techniques in implementation and possibly compliment each other.

efnet #dns-p2p
http://dot-p2p.org

Google for IPsec.

I can do end to end encryption with IPv6? How do I verify the person at the other end?

The overhead isn't as great as I thought it was, IPv6 addresses are 128 bits, an MD5 hash is the same size, and a SHA1 hash is 160 bits. Routers do not need to know anything about the encryption, they are only looking at the packet header, the same things that they look at in the IPv4 and 6 packet.

IPv6 is hardly coming from the ground (you can do point to point encryption with that), good luck to get this implemented world wide scale. Also, your idea seems to generate a huge amount of overhead, which makes things slow. Nice idea, though.

Look at Onioncat.

Idea: Would it be possible to IP over Tor, and implement Tor over plain Ethernet (instead of IP)?
So then we just use public keys (.onion addresses) as IP addresses?

The idea is this: Something that can deliver a packet to the holder of the private key that packet is encrypted with (with the same reliability and all of IP).

Or we can add another block so IPs are now XXX.XXX.XXX.XXX.XXX making it have 255 times more exponents.

What I'm looking for is something that scales massively, to trillions of IP addresses at least.

A lookup on a bloom filter would be a constant time (relative to what?) lookup too, you hash the IP address and get a few indexes from it (10 seems to be the most efficient), and lookup the number stored in each memory location. If any of the numbers is zero, you know the IP is not accessible from that direction. Else, you just choose the one with the lowest numbers. For a new IP that would be ten seek()s on a hard drive, else it is cached in memory..

That would work and make things more efficient as long as there is a single way into the network. However, you have to validate the signatures, start worrying about overhead. I mean, a SHA1 hash is 320 bits. That could also lead the way to filtering routers dropping packets based on ISP, or similar (not that there would be anything wrong with that).

Other considerations are economizing traffic and handling malicious routers... I imagine you would implement some sort of algorithm that would disconnect bad routers that are infecting routing tables as well as pass packets along their lowest latency path (not congesting one router if there's a less loaded one available). Malicious routers seem to be a problem even today, if an ISP create an "Internet black hole" with bad routing settings!

Maybe it could make routing easier if instead of generating independent keys, you use signed certificates. This way the certificates could follow some sort of hierarchy. Your cert is signed by your ISP cert which is signed by the backbones certs your ISP uses and so on...
Then routers would only have to index the certificates of the backbones... the index could get quite smaller. But anyway, routing would become a much heavier process than it is in IP.

Interesting idea. I had never heard it before.
There's practically no chance that it would ever happen though.

The idea of decentralizing IP attribution is really interesting.
But you would force routers to perform non-constant operations (index searches) to find the correct route, wouldn't you?
Today, I think (really not sure), routers can figure out the route in constant time, just by looking at the IP.

I think mesh networks, such as Netsukuku or Batman, work more or less like this.  But these are not internet networks anymore.  They are alternative, quite experimental, networking protocols.

Bitcoin and this idea seem to have similar goals, so I want to ask for input or for similar ideas out in the wild:

There has been a lot of talk about the IPv4 address space running out very shortly. However this is funny, because there are no such things as shortages in a free market. So what is going on here? Currently IP addresses are assigned by a central authority (or at least delegated by one). In fact, the ARIN goes as far to say that you do not own your IP address. Yikes! This means Apple or Ford cannot sell off their IP addresses that are unused but assigned to them in a /8 block (something like sixteen million addresses!). If a market were allowed to form, this would allow IP addresses to be allocated to their most urgently demanded use, as well as spur growth towards less costly forms of communication, like IPv6 or this idea:

What if you could simply generate an IP address to use? Specifically, what if you could use a public/private key pair to communicate? You simply encrypt a message for particular key, and pass it to a router, and the router figures out how to get it to its destination. IP addresses would be the hash of the public key each side is using, and you could generate these almost limitlessly. A Man-in-the-middle attack would be completely impossible, since the IP address is based on the private key that can read the message -- you would have to knowingly (but maybe mistakenly) send the message directly to an attacker.

How would these messages be routed? Each router would be physically connected to a dozen or so other routers, as it is now. Using a probabilistic algorithm, the router passes the message to another router it believes is closer to the recipient, if everyone is connected to a dozen other people, most messages could be passed in six hops. If the algorithm is a simple bloom filter, you could store routing tables with a 99.9% success rate for a trillion individual IP addresses in 2 TB (the necessary size of a bloom filter increases proportionally to the number of items it stores, which could pose a problem... I'm not sure if this is any worse than the current situation though).

Perhaps someone can suggest something better?