upvote
I was at a talk where he brought up exactly this (I also once did a talk alongside him, but that's a different story). He said there would be two changes:

1. It would have 128-bit addresses. 2. It would have end-to-end encryption (or was it authentication, I forget).

IPv6 was supposed to fix both of these, with IPsec mandatory, but the latter demand sort of faded out into obscurity. We ended up basically solving encryption by pushing everything into TLS anyway, which I guess solved much of the same problems although at a very different layer.

reply
> We ended up basically solving encryption by pushing everything into TLS anyway, which I guess solved much of the same problems although at a very different layer.

The "solving" of encryption with TLS should not be celebrated.

Everything needs to go over TLS/HTTP-443 because of middleware boxes basically blocking everything else by default in many cases, and so application/protocol designs have to shoehorn / kludge everything into a round hole even if it's a square peg.

Certainly I'd want everything to have encryption at the higher layers (OSI 5-7), but having opportunistic encryption at IP (OSI 3) would also be great because snoopers could tell that two nodes are communicating but not how / what: RTSP? Torrent? Mindcraft? PvP2 game? If every node could (say) do an IKEv2 negotiation with every other node have IP-level traffic wrapped in IPsec that would help with traffic analysis.

reply
Doing this brings you close to OSI, which famously failed by being overcomplicated. The current design was implementable by zillions of cheap humans running cheap hardware.

I always wonder if the internet is thesurvivor of the networking cambrian explosion, with a slight roll of the dice making another candidate the winner.

reply
> Doing this brings you close to OSI, which famously failed by being overcomplicated.

We're slowly reinventing OSI, one step at a time: OSI had multiple sessions per transport connection (QUIC), 20 byte addresses (IPv6) and a directory system with public-key infrastructure (DANE, vCard, SSHFP, etc).

It's a shame TUBA (CLNP + TCP) failed.

reply
> The current design was implementable by zillions of cheap humans running cheap hardware.

Yes and no. The current internet arguably does not work without a browser and a TLS stack anyway, neither of which is easily implementable (e.g. number of practically usable rendering engines is in the single digits). I mean, I can piece together an IP packet, too, but there's not that many usable services reachable that way.

reply
You’re definitely right — the tech stack travels through time along what’s called a “path dependent” trajectory.

https://en.wikipedia.org/wiki/Path_dependence

reply
As someone who was there at the time, OSI certainly didn't fail by being "overcomplicated". It failed because a) they charged money to read the standards documents and b) TCP/IP already had so much deployment momentum that nothing was going to supplant it (we see proof of this in the fact that IPv6 also didn't achieve that). Edit: also c) there was no requirement (unlike RFCs) to have an interoperable reference implementation available. So the implementations that were created mostly didn't interoperate.
reply
In your opinion, do you think Internet Protocol Version 8 (IPv8) [1] stands a chance to fix the mistakes of IPv6 after more than 20 years now?

Or there is too much inertia for IPv8 to overcome to become a truly backwards compatible extension / superset of IPv4?

Part of the reasons for the slow adoption of IPv6 was that it was never designed to be backwards compatible unlike IPv8.

1: https://www.ietf.org/archive/id/draft-thain-ipv8-00.html

reply
This IPv8 document is not a serious proposal. The entire family of documents was published by a single person without collaboration from anyone else at IETF, and there has not been any work to integrate feedback from other IERF contributors (last I was aware of).

Anyone can publish an IETF draft document, it doesn't mean it's a serious proposal under consideration or will ever actually be implemented.

reply
> In your opinion, do you think Internet Protocol Version 8 (IPv8) [1] stands a chance to fix the mistakes of IPv6 after more than 20 years now?

IPv8 solves precisely zero of the problems that is causing a 'slow' roll out of IPv6 / replacement of IPv4:

"""

So it's a matter of mathematical and physical fact that to expand the address size, you must change the protocol, and that means two things immediately:

You have to change the version number.

You have to add new code to handle the new version.

Furthermore, you don't want to split the Internet in two, so you must design a method of interworking between the old version and the new version. Annoyingly, you need to do that in a way that can be done completely in machines that know about the new version, because other machines don't know anything at all about the new version, by definition. So,

You need a coexistence technique so that updated systems, with the new protocol, can connect to old systems that know nothing of the new protocol. Two minutes of thought show that this third requirement has only two solutions:

(3A) Dual stack, in which the new machines speak both the old (IPv4) and new (IPng) protocol.

(3B) Translation, in which something translates addresses between the old and new protocols.

[…]

Incidentally, "IPv8" proponents often ask why IPv6 didn't simply stick some extra bits on the front of IPv4 addresses, instead of inventing a whole new format. Actually, we tried that: the "IPv4-Compatible IPv6 address" format was defined in [RFC3513] but deprecated by [RFC4291] because it turned out to be of no practical use for coexistence or transition. The related "IPv4-Mapped IPv6 address" format is still valid and has a role in the POSIX socket API. Mappings of this kind also figured in the moderately successful coexistence technologies known as 6to4 [RFC3056, RFC3068] and Teredo [RFC4380], which have now been overtaken by events.

"""

* https://github.com/becarpenter/book6/blob/main/01.%20Introdu...

* Interview with author of article: https://www.youtube.com/watch?v=W3jkZ1Ulz-s

reply
> Actually, we tried that

I'm always fascinated by how many people think IPv6 adoption would have gone lightning-fast if we just used This One Weird Trick, where said trick has actually been tried and didn't help. They usually refuse to back down even after you tell them so.

reply
There’s a whole body of work in the form of public statements and documents from Vint Cerf on that topic. You could explore Google for hours…

https://spectrum.ieee.org/vint-cerf-mistakes

reply
he's answered this question a few times. It's basically "how was I supposed to have any idea what the implications were?" He said something like "16 bit, 32 bit, 48 bit addressing, it felt all equally improbable. Why would there ever be 65,000 computers on this network?"
reply
> "... Why would there ever be 65,000 computers on this network?"

This thinking can be seen in the allocation of network blocks. Mercedes Benz getting 53.0.0.0/8 is just a "we have more addresses than we ever need."

If somebody had imagined "yeah, let's give an address to each of our vehicles" they would have realized the space running out.

reply
> if he'd had the chance to have a second go of it

In a sense, he did. Take a look at RFC 4838.

reply
It would depend on whether the computers back then could handle that (along with all the crypto algorithms in their infancy) when A:\ and B:\ weren't even a thing.
reply
Not like CP/CMS predates the Internet or anything... /s
reply
The computers of today are vastly more capable than the computers of the day when he came up with TCP/IP so if he were to have a second chance, knowing what he knows now, we'd have to calibrate it against the fact that computers in the 1970s simply weren't as capable as the beasts we have today.
reply