IPv8 — Build the Branch & ZoneServer v1
openipv8.org
Help fund the kernel build of IPv8 and the first ZoneServer reference implementation. A managed, backward-compatible successor to IPv4.
  • thenextguy@lemmy.worldEnglish
    7·
    3 days ago

    https://www.ietf.org/archive/id/draft-thain-ipv8-00.html

    North-south security – traffic from internal devices to the internet – is enforced at the Zone Server egress by two mandatory validation steps. First, every outbound connection must have a corresponding DNS8 lookup – no DNS lookup means no XLATE8 state table entry means the connection is blocked. Second, the destination ASN is validated against the WHOIS8 registry – if the destination prefix is not registered as an active route by a legitimately registered ASN holder the packet is dropped. These two steps together eliminate the primary malware command-and-control channel: connection to hardcoded IP addresses without DNS resolution.

    At the global routing level, BGP8 route advertisements are validated against WHOIS8 before installation in the routing table. A route that cannot be validated is not installed. Manual bogon filter list maintenance is eliminated. Prefix hijacking is architecturally difficult – an attacker must compromise both an RIR registry entry and produce a validly signed WHOIS8 record.

    This bothers me. It is no longer the Internet as it was. DNS becomes the primary means of addressing, not IP address.

    • JigglySackles@lemmy.worldEnglish
      4·
      2 days ago

      Yeah…it wasn’t too bad at first but then I saw this stuff and all I can think of is “who controls what’s valid”?

      Goodbye privacy, anonymity, and any semblance of liberty.