Discussion
Internet Protocol Version 8 (IPv8)
tptacek: Obvious reminder that anybody can publish an Internet-Draft.
rocqua: I hate to be this dismissive, but it feels like an academic with a paternalistic streak looked deeply at how the Internet works, saw lots of different protocols and weird design decisions, and decided: this is not coherent enough. Then he figured, I'll make all the decisions now, that way it'll be coherent. And let's give every subnet a centralised source of trust and management. That'll make the design so much cleaner!By which I mean to insinuate there's a lot of nuance and learned lessons in the current situation that this design seems not to learn from. Even though it did learn some lessons, I don't think this passes 'Chestertons fence'
wg0: Seems to be very censorship friendly protocol from grounds up.
sourcegrift: why cant they do an ipv5 with 64 bits of address soace for us humans?
SwellJoe: Sounds like this is exactly that. Too bad they didn't do that first, and we've had a couple decades of failing to widely adopt IPv6 because it's too complicated and confusing."1.7. Backward Compatibility and TransitionIPv4 is a proper subset of IPv8:IPv8 address with r.r.r.r = 0.0.0.0 = IPv4 address Processed by standard IPv4 rules No modification to IPv4 device required No modification to IPv4 application required No modification to IPv4 internal network requiredIPv8 does not require dual-stack operation. There is no flag day. 8to4 tunnelling enables IPv8 islands separated by IPv4- only transit networks to communicate immediately. CF naturally incentivises IPv4 transit ASNs to upgrade by measuring higher latency on 8to4 paths -- an automatic economic signal without any mandate."
absynth: It probably has age verification on every packet.
19skitsch: Interesting… Feels like a beautifully designed network for a world where operators trust each other more than they actually do
sourcegrift: How can we adopt this 30 years back!?
timokoesters: This document is an Internet-Draft (I-D). Anyone may submit an I-D to the IETF. This I-D is not endorsed by the IETF and has no formal standing in the IETF standards process.https://datatracker.ietf.org/doc/draft-thain-ipv8/
albinn: One of the main (vocal) issues people seem to have with IPv6 is that the addresses are hard to remember. But having eight different three digit numbers (r.r.r.r.n.n.n.n) does not seem any easier unfortunately.
sschueller: I though the whole concept in IPv6 of remembering addresses is that you don't. That is IPv4 thinking...
stingraycharles: Did you read the proposal? It proposes 64 bit address space.
_ache_: > IPv8 does not require dual-stack operation.The whole thing isn't a joke because of this. Technically, it's IPv4++ and that about it.> Every manageable element in an IPv8 network is authorised via OAuth2 JWT tokensWhat ?!I'm not sure it's the path I want to follow.
FpUser: How do we secure internet to the point it does not work anymore. Well except government and big corporate sites
chromacity: I guess I was right to wait out IPv6...But more seriously, it gives me a pause when we try to bake more complex, application-centric logic into foundational protocols. The list of assigned IPv4 and TCP option numbers is a graveyard of tech experiments, but at least we had the sense to separate them from the main protocol. Baking JSON web tokens and OAuth into IP seems kinda crazy from that point of view. Is this what we want to commit to for the next 40 years?I kinda wish that IPv6 just used this ("IPv8") addressing scheme and left everything else the same, though. I think the expectation that IPv6 should entail an architectural rethink for existing networks really slowed us down. Fun fact: at this point, IPv6 is 30 years old and we're still under 50%.
transcriptase: I’ll take 1.1.1.1.1.1.1.1 over the bastard child of a mac address and bitlocker recovery key any day of the week.
albinn: Sure, but remember your prefix 187.231.91.67.135.47.0.0/16
Induane: I thought it was a joke but someone is serious.This is one of the worst things I have ever heard of proposal wise.The worst. I can't even. Literally.
LeoPanthera: This is not a serious proposal and we should not treat it as such. And I apologise in advance for the length of this comment."IPv4 is a proper subset of IPv8. No existing device, application, or network requires modification. 100% backward compatible."This cannot be true. Section 5.1 states that IPv8 uses version number 8 in the IP header Version field and the header is 8 octets longer than IPv4's. Any existing IPv4 router, switch ASIC, NIC, host stack, or firewall that sees a Version=8 packet will fail to parse it (most will drop it). Backward compatibility is logically impossible when the wire format is different.The spec simultaneously demands sweeping new machinery everywhere: new socket API (AF_INET8), new DNS record type (A8), new ARP (ARP8), new ICMP (ICMPv8), new BGP/OSPF/IS-IS, mandatory certified NIC firmware with hardware rate limits, mandatory Zone Servers, mandatory OAuth2 on switch ports, mandatory persistent TCP/443 to the Zone Server from every end device, and a new IANA version-number assignment. "No modification required" is contradicted on nearly every page.IP version 8 is already historically assigned (it was PIP, later folded into the IPv6 effort). The draft's IANA request ignores this.The ASN model conflates identity with location. ASNs are organizational identifiers assigned by RIRs, turning them into the 32-bit routing prefix means an organization cannot change providers, multihome with provider-assigned space, or use PI space the way networks do today. Every organization that wants public IPv8 connectivity must now hold an ASN - roughly a 1000x increase in ASN allocation.The /16 minimum injectable prefix rule eliminates essentially all of today's BGP traffic engineering and most multihoming patterns.Cross-AS Cost Factor (CF) requires every AS on Earth to trust the metrics injected by every other AS, including a "economic policy" component. BGP is policy-based precisely because ASes do not trust each other's metrics, this has been understood since the 1990s.The Zone Server kitchen sink (DNS + DHCP + NTP + OAuth + telemetry + ACL + NAT + WHOIS validation + PVRST root) concentrates a dozen unrelated functions into one box on one hardcoded address (.253/.254). This is an operational and security anti-pattern.PVRST is mandated. PVRST is a Cisco-proprietary spanning tree variant, mandating a vendor-specific protocol in a Standards-Track draft is a non-starter for IETF.The companion drafts (WHOIS8, NetLog8, Update8, WiFi8, Zone Server, RINE, routing protocols) are all by the same author, none have working-group review, and the core draft depends on all of them to function.
jojobas: Double checked the publication date, it's not April 1st.
PhilipRoman: I see this point a lot but it never really made sense to me. What exactly does IPv6 bring to the table that makes it unnecessary to remember IP addresses? Especially for anything more advanced than just looking up a hostname.
otterley: Also, who is the author? He seems to have appeared from nowhere, like Satoshi Nakamoto. Maybe it’s just Claude posing as a network engineer.
RobotToaster: There's already an ipv8 https://www.rfc-editor.org/rfc/rfc1621There's also at least three ipv9s, only one of which was a joke https://en.wikipedia.org/wiki/List_of_IP_version_numbers
imoverclocked: > IPv8 also resolves IPv4 address exhaustion. Each Autonomous System Number (ASN) holder receives 4,294,967,296 host addresses. The global routing table is structurally bounded at one entry per ASNYes, let's conflate routing and addressing while throwing out decades of IPv6 implementation and design. (/sarcasm)
speedping: I'm working on my IPv9 proposal as we speak. It has an LLM validating the contents of every packet. Gotta stay ahead of the curve.
QuercusMax: I've got a spec for ipv11. Why? Because it's one more than 10.
lamasery: Can’t you just make ten… one larger?
wmf: I think you would have to be an outsider to come up with this proposal because it challenges many sacred cows of the IETF establishment. It has no chance of being taken seriously and I personally disagree with a bunch of the decisions but it's entertaining to ponder what kind of mindset would produce this.
isatty: Not sure about what point you are making but that legit more readable than ipv6
stingraycharles: Yes, and assuming it will not become popular, this will expire / not renew in 6 months.It’s also worth noting that the author is affiliated with a company based in Bermuda. So it doesn’t feel like it comes from a legitimate institute. For all i know this was vibe-written by an AI in an afternoon.
sleepychu: I must be missing something, why aren't their legitimate institutes based in Bermuda?
usui: > Every manageable element in an IPv8 network is authorised via OAuth2 JWT tokens served from a local cache. Every service a device requires is delivered in a single DHCP8 lease response.Isn't it 2 weeks late for April Fools'?
zythyx: I'm not going to pretend I know all about IP routing and networking. I understand enough of it to have a home server all appropriately set up with IPv4.But what makes this quote a problem? I mean, it seems a bit excessive, but I don't understand why...
vasachi: IP is what, four layers of protocols lower than OAUTH?
Alifatisk: I feel the same, I guess using JWT is the joke here?
kube-system: Yeah but they failed to adjust for age drift that may occur during the round trip latency of the packet. Unfortunately at intergalactic scale this error can be significant
bnjms: Just a gut check but it feels ugly to put auth in an L3 proposal.
SkiFire13: IPv6 doesn't require modifications to IPv4 devices, applications, networks etc etc either. You just cannot reach IPv6 networks and devices from them, and the same applies to IPv8. 8to4 is nothing innovative because 6to4 already exists. In the end this proposal has all the disadvantages of IPv6 with less advantages.
jeroenhd: IPv6 addresses can be plenty memorable. Mine starts with 2a10:3781:xxxx, and the rest of the address is whatever I want it to be. About as recognizable as my IPv4 address.If I wanted to memorize the addresses for some reason (maybe I broke DNS or something?), I'd just start numbering devices at 1 and keep going up.
SkiFire13: And if you want the same address space as IPv6 you need to remember 16 digits. Having them written in decimal won't help you with that anyway.
kennywinker: I believe Bermuda is a tax shelter country, which means people and companies register there to hide identity and income from the nations they live and do business in. Because of that, the vast majority of businesses registered in bermuda are not legitimate institutions - they are shell companies defrauding their home nations.
cynicalkane: Imagine needing an JWT token "from a local cache" -- from OAuth2, naturally -- before anything will route your packets.
fredoralive: I hearby propose an IPv6.1. The only change is the written form goes from:2001:db8::ff00:42:8329to128.1.13.184..255.0.0.66.131.41By doing this, I have changed IPv6 from the strange unwanted alien thing everyone hates, to the new wonder protocol that "just adds more dots" that everyone wants.I await my FIFA Peace Prize.
Hamuko: Can I skip age verification by using UDP?
Ekaros: Insider would understand that there is non-existing chance of any new IP protocol being even considered or taking off. And thus any effort spend on it would be complete waste. Best you can do is work on some addition or backwards compatible new functionality.
fredoralive: I've got a spec for IPv2. Because of advances in carrier grade NAT, we can reduce the address field from 32 bits to 16, making amazing savings somehow.
jubilanti: This has to have been at least researched via an LLM if not written by it. The form looks right but it is absurd. It angers me to think about how many people wasted their time and brainpower trying to understand this in the spirit of RFC good faith.
repelsteeltje: * Censorship friendly, and* Surveillance friendly.What more do you want?!
zerof1l: Either a joke or vibe-coded. Whole thing is nonsense.
Existing IPv4 applications use the standard BSD socket API with AF_INET and sockaddr_in. The IPv8 compatibility layer intercepts socket calls transparently -- the application has zero IPv8 awareness.
magicalhippo: IPv8 does not require dual-stack operation. There is no flag day. 8to4 tunnelling enables IPv8 islands separated by IPv4- only transit networks to communicate immediately.How is this different from IPv6? We've had 6to4 for ages, the problem is the other direction: how does a IPv4 host initiate a connection to a IPv8 host?Existing IPv4 applications use the standard BSD socket API with AF_INET and sockaddr_in. The IPv8 compatibility layer intercepts socket calls transparently -- the application has zero IPv8 awareness.Except many IPv4 applications use the addresses of the source or that they bind to in some form. If it's secretly an IPv8 behind their back that'll break.
criticalfault: does ipv6 require Dual Stack Operation?
