It comes as no surprise that the United States is shrugging off the world’s IP address shortage. And well it should. If the address shortage were a correct characterization of the problem, I’d lament the insularity of the U.S., which also opted out of the metric system.
The real problem is that an address gives systems (desktops, servers, handhelds, phones, etc.) the public presence necessary to be a full participant on the Internet-it allows one to be reached or “addressed” by others. Internet service providers (ISPs) provide only a small number (often one) of addresses and sometimes no public addresses. Just browsing the Internet isn’t the same as participating. Addresses are also necessary for devices such as printers, phones (VoIP), PDAs, etc.
Before home networking, the dial-up user was usually a person with a dumb terminal connecting to a large system. By late 1990’s, we were interconnecting our home networks to the Internet, but still retained this simplistic model where, upon connection, you were issued only one IP address. Even though the basic model had changed, the idea that the IP address was a precious limited resource was accepted and tolerated because we could work around the problem as long as we were browsing. In fact, we still have ISPs who do not allow their customers to participate by creating their own services even if it is a webcam or a device as simple as the family web server.
Even though the basic design principle of the Internet gives everyone the ability to participate, people accept their second-class role because we are used to having a distinction between service providers (such as the post office, the phone company, the cable company) and consumers. One current example is AOL’s attempt to solve its spam problem by only allowing one to connect from “authorized” providers as if we were in the 1900’s and the governments owned or controlled all telecommunications (including the post office).
What was revolutionary about the Internet is that it changed this fundamental relationship and moved the definition of services to the edge of the network. The Internet Protocol (IP) doesn’t even assume reliable delivery and eschews expensive constructs, such as circuits. One could run IP atop of any network, including unreliable “junk” networks. The reason for a transition from the earlier protocols of the Advanced Research Projects Agency Network (ARPANET) to the Internet was simply to avoid the expense of the extra services. The transition was feasible because, in those days, ARPA could just shut off the old network.
One of the triumphs of the Internet is that services, such as IPv4, cannot be turned off-you can’t force people to change. The adoption of new services (and protocols) should be encouraged by making them available as enhancements to the Internet, rather than as replacements. They must be marketed!
Unfortunately some of the enhancements are temporary ways to work around problems that create their own problems. Network-address-translation (NAT) allows all the systems and devices within a home (or office) to appear to be a single device to the rest of the network. It allows browsing from any machine within the home at the price of making the interior systems invisible to others, thus denying them the ability to offer their own services. This includes listening for a voice call; instead, we must deploy workarounds on top of workarounds for each case (i.e., port forwarding and Universal Plug and Play). In the spirit of “It’s not a bug, it’s a feature,” invisibility is equated with safety. But it is only the illusion of safety because of the complexity and the vulnerability of nave interior systems-any virus that gets through can frolic at will throughout the network.
The value of the Internet comes from the number of participants, and by relegating most computers and devices as observers, and not participants, we pay a high price. For every device to have the opportunity of becoming a participant, a unique IP address is indeed required (though it can and must be dynamic with the DNS providing stable handles). Having that address simply means that each device has a public presence and can be reached by other devices.
The problem is not just a lack of addresses outside the U.S. The problem is a lack of addresses everywhere, including the U.S. If the lack of addresses weren’t a problem in the U.S., then NAT wouldn’t be nearly as prevalent as it is today. Also, we shouldn’t forget that the Internet of the early 1990’s was a simpler and safer place. To regain that safety we must be able to assure that the traffic going through the Internet is not readily exposed to prying eyes. We must assume that the connections across the net are encrypted. Encryption is different from authentication; it’s sort of a “do not peek” sign on an envelope. Protocols that only encrypt links require us to trust the benevolence and expertise of each of the managers of the many access points and links while leaving the traffic fully exposed everywhere else.
A big benefit of IPv6, which requires support for encryption, is that we can safely deploy wireless access points because each computer or device is protecting itself. This alone is a reason for a transition to encrypted IPv6. Making encryption the norm for wireless IPv6-based links is not much different from making encryption the norm for wired links. The effort going into Wi-Fi Protected Access (WPA)--an interim step anticipating the 802.11i Wi-Fi security scheme-would give us far more benefit if it were focused on end-to-end encryption. However, WPA doesn’t and, unfortunately, securing wireless links still leaves us vulnerable everywhere else. What’s worse, WPA results in a plethora of access points with special passwords and rules for each of them, making connectivity more difficult and leaving us with a confusing array of settings and special cases. Putting the effort into encrypted IPv6 is far simpler for both users and the system operators. Furthermore, if sharing one’s wireless system is safe and simple, then we would each want to do our part to provide “Internet lighting,” just as we provide porch lighting for many of our streets.
The good news is that we don’t require a transition to IPv6. We can use IPv6 now over the existing Internet as-is. In fact, you can use IPv6 on most PCs today. The challenge is in making it simple and easy enough so that anyone can make it work and benefit from its features like encryption.
The important message in the Department of Defense (DoD) initiative is that the government agency recognizes the importance of providing each device with a public address and in the need for the simplicity of end-to- end encryption. Describing it as a call for a transition misses this point and discourages adoption by making it seem like a doomed all-or-nothing effort.
Programmers (and device builders) can and, in fact, must assume IPv6 in their designs now. It is far simpler to just make a connection than worry about the special cases. It is also simpler (and safer) for the users since they no longer have to deal with all the strange and error-prone configuration settings on their routers and access points.
It is vital that the Internet scale for all the new devices and services. The focus must be on making encrypted IPv6 “just work” at the edges. Adding more observers is far less important than adding more participants.
The Internet is just a prototype, and the while workarounds have addressed each problem in isolation, it is time to apply what we’ve learned. As I point out, we have scaffolding under the Web and faux-television, but have lost the vitality that gave us the Web and other new ideas. Television is all about control--if you change the “channel,” a group of advertisers aren’t happy. Television is asymmetric. By allowing everyone to participate v6 helps restore the symmetry that made it possible for the participants to create so much. The Web is just one example, and we’re still innovating. It’s no surprise that cable TV companies were confused when their consumers tried to become participants. Viewing video streams over the Internet is only interesting when it becomes mundane and we share our own “content” as much as we view the output of others. After all, we use the telephone to call friends not just radio stations.
It would be a shame if we failed to grow the Internet by waiting for a problematic transition, and a tragedy if we fail to recognize that the issue is not v6 itself, but the need for a larger, more dynamic, yet simpler and safer, Internet. We must not be confused by those who want to add more complexity and kludges. We must demand less and settle for nothing less.
Bob Frankston's background in computing and networking stretches across four decades during which he worked on the MULTICS projects; was co-founder (along with Dan Bricklin) of Software Arts, the company that shipped VisiCalc--the first spreadsheet; served time at Lotus Development where he created Lotus Express; and moved on to Microsoft where he initiated and championed home networking ("no new wires"). Frankston's blogs about everything from social trends to technology can be found at at http://www.satn.org.