Slashdot Mirror
DARPA Aims to Redo the Internet Protocol
Xaleth Nuada writes "The Defense Advanced Research Projects Agency's (DARPA) is looking to redo the entire Internet Protocol. With the DoD increasingly adopting network-centric warfare the shortcomings in the current IP have become resoundingly clear. Everything works fine for static hardwired networks. But not for dynamic wireless ones. The benefits for your average geek? How about REAL wireless networking? Easier network set-up? Increased wireless security protocol? Increased reliability in sending information?" Don't forget massive incompatibility and upgrade hassles. :)
Easier activity tracing, easier monitoring, easing censorship of "bad" websites, easier disabling of internet access to undesirables.
A new Internet Protocol? Isn't that called IPv6? They put a lot more security features in that time; if they need more now, why didn't they get it right back then? And what should convince me that they will this time?
Now, off to RTFA.
Please correct me if I got my facts wrong.
DARPA did help lay the foundations for the Internet. They may be in a good position to bring positive innovation to the IP protocol. Just as long as enough of us /.ers can see through any hidden embedded packet sniffing credit card stealing email reading we're watching you protocols, we should be GREAT.
Im a former Marine myself, and I fondly remember what a nightmare it was just trying to get everyone to have the same crypto loads for existing voice communications hardware. Im really curious as to how they propose to keep the network secure. On the other hand, the possible benifits are huge. Distributed sensor networks in particular could be revolutionized by this.
"Hand me the bullet-shooty-thing and a box of little hurts" -Overheard on a USMC Rifle range
Yay! Sounds like a great idea... get the government involved with solving all the technical problems.
Watch congress get involved! Watch how the project ends up championed by the "experts" at Microsoft (because they pay the dough and it's the only name the congressdrones know). Watch how the whole project ends up propritary and billg forces the government to pay $50 per node. Finally.. watch how the whole system ends up unreliable... so we end up with a system that is not free, expensive, and less reliable than before.
Keep the government out of the center of it... let them contribute to the community like everyone else and MAYBE we will get something that works that everyone can use without selling their soul.
Why don't you embrace your slashbotness instead of living in a dreamworld?
It seems more likely that DARPA would create a protocol free from built-in snooping for fear that such a feature could be used by the enemy.
While governments in general are guided by the will-to-power, militaries (at least the US military) are fairly well driven by readiness and victory. It doesn't seem likely that they would create such a vulnerable technology.
Can somebody try to tell these guys it's a little too late to put the genie back in the bottle. We can't change SMTP to stop spam and they want to change the whole TCP/IP thing. Good luck changing it in the next 30 years.
Stay tuned for new sig...
I'd be surprised if there wasn't some effort made to embed snooping and tracing into all packets transmitted.
If the purpose of this redesign is to better allow the armed forces to communicate on the battlefield, I highly doubt that they will embed snooping and tracing into the protocol. The military takes great pains to ensure that thier communications are kept secure, and having a secret backdoor in their entire communication system (no matter who controls it) is not something they would tolerate.
Please, anything that's not encumbered by *anybody's* IP patents.
It is in the DoD's self interest to make a communications protocol be as resilient and secure as humanly possible. Secure and reliable communications are the cornerstone of the modern military. A built-in insecurity in a comm system can and will be exploited by an adversary just as readily (if not more so) as an unintentional one.
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
just like it has for IPv6.
People will only upgrade if it's absolutely painless or absolutely necessary, we should've learned this by now. I have friends that still use analog cell phones, just because it's easier not to switch.
-- atomly
SMTP is not a transport-layer protocol. TCP and UDP are the most common transport-layer protocols that ride over IP - although many others exist.
There are certainly some valid arguments for looking at other transport protocols (the lack of mobility features in TCP/UDP, for instance), but SMTP is not one of them since it's an application-layer protocol.
DARPA invented the Internet Protocol before, and within a few decades the technology was widely deployed. Unfortunately, this time around, things won't be so easy.
Before, it was competing against a vacuum. Now, it's competing against ubiquitous IP. They may develop some cool stuff that works on a battlefield, but it will never get widespread usage, commoditization, and economy of scale that IP has. If they come up with new features that work great, somebody will find a way to get similar functionality built on top of good old IP.
IP isn't perfect, but it's good enough that there's no way to displace it, given its free nature and level of entrenchment=.
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
Voice is data, video is data, they all run over IP and therefore can be considered data just like anything else.
What we don't have is security built into IP. IPSec is a good beginning, but its more of an afterthought. Not nearly as good as what they could do if security were an integrated part of the native IP protocol.
Isn't 802.11 the "physical" layer of the network. IP is still carried over that.
A fine is a tax you pay for doing wrong and a tax is a fine you pay for doing all right.
we must absolutely have some mechanism for assigning network capabilities to different users
Sorry, but the network capability of running a web server hasn't been assigned to you. You are blocked at the protocol layer.
Sounds like they don't want the Internet to be a network of ends anymore and control who can do what with the network. Nice experiment, this unrestricted free speech on the Internet, but we've decided we don't want you to have that. Be consumers, not producers.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
Actually, the article is misleading. They're looking into ad-hoc networks (Gnutella is a good example of a simple ad-hoc network).
By definition, ad-hoc networks have a dynamic topology, and there has been lot's of research in that area in the last few years.
You could implement an ad-hoc network on top of other technologies (ip is not the best one, though).
Google for "adhoc networks" for more info.
Can I hear someone say IPv6?
Someone has not got enough to do....
IPv6 can go join IPv5 in the scrap heap now... bring on IPv7!
I'm not sure why the von Neumann architecture is such a security problem. I mean, the problem with computers not working isn't how they're built per se--turing machine, post machine, hell use cellular automata--it's that the mathematical theory says "it is impossible to write code (in general) that is guaranteed to be bug free". You could change the von Neumann archiecture, sure, but you could just as easily 'write an interpreter' (though with hardware) for the architecture. Either way, if you're writing code, you're going to have bugs.
All the US Govt haters. You know, they only DESIGNED the current internet for us. And they give out cool schwag like NSALinux and stuff.
;-) What would you trust? NE2k driver by some random polynesian company, or somebody who works on the computers at NASA?
And USgovt.. Yeah, they at NASA hired ol' Mr. Becker to make our lan drivers
Understand then decide.
TCP works poorly in a wireless environment because of the congestion control. When packets get lost, it assumes it's because of congestion and starts backing off, which slows down the connection even more. That's not always the case in wireless because packets can get lost due to interference and a number of other scenarios that do not exist for wired connections.
EvilCON - Made Famous by
If the purpose of this redesign is to better allow the armed forces to communicate on the battlefield, I highly doubt that they will embed snooping and tracing into the protocol. The military takes great pains to ensure that thier communications are kept secure, and having a secret backdoor in their entire communication system (no matter who controls it) is not something they would tolerate.
Well, no but you don't need to put in backdoors to retain ultimate control of a network. Would you want the world to be forced to use a network that is authoritatively maintained by the Pentagon? I'm not American for one thing (nor's the 'Net btw) and therefore I particularly wouldn't like to host my websites on Don Rumsfeld's network nor even a global network that his boys designed to his spec.;-) I'd end up trusting it about as much as I trust him and there's no prizes for guessing how much that is.
Think GPS. It's publicly and commercially available but the moment that shit starts going down, resolution for 'public' customers is throttled and the world is suddenly forced to remember that the USAF has the keys.
In the bygone halycon days of the internet, there was no problem in saying, "Okay, suckers, we're switching over at midnight, no ifs, ands, or buts. Anyone not adopting the new protocol will be screwed." (ie, the universal adoption of tcp/ip in 1982 and the debut of the dns system in 1983). That worked then because there weren't millions of people in every country depending of this thing for their livelihood. Alas, you can't do that anymore. Things will break. LOTS of things will break if you tried that now. Sure, it might be possible to coordinate an effort to completely switch everyone over (for the sake of argument; i don't actually believe this), but can we afford the days, weeks, or months of instability while everyone in the world tries to cope with ironing out the wrinkles introduced by a forced, non-compatible upgrade?
... the whole point of the internet in the first place was to connect very many disparate networks, so that they could all communicate with each other even if they didn't use the same hardware or protocols. There must be a certain degree of compatibility in any replacement.
And don't forget
As some would put it, "tl;dr" ("too long; didn't read"), but from what I have read, I understand that the DARPA intends to update the entire Internet protocol, mainly because its structure compromises the security of the Army's confidential information mainly on the battlefield. If the Internet's current structure is what may be posing the Army Forces problems, why don't they just update the protocol and use this updated, more secure protocol on a private network of their own, instead of risking causing chaos on the "Interweb"?
"Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect" -- Linus Torval
The military is, but DARPA is, among other things, the birthplace of Total Information Awareness. I wouldn't trust DARPA.
In Repressive Burma, it's not just your connection that dies. slashdot.org/comments.pl?sid=314547&cid=20819199
The article seems to have two different main points. Firstly that the entire networking model (7 layers) is inappropriate for "reliable" networks. Secondly they suggest that the entire model for building computers is wrong, and that somehow they need to use hardware to isloate programs.
The issues they address in the first point were issues which I felt were meant to be addressed by IP6, has/will it fail? I always understood IP6 as being designed to (optionally) have secure connections, qos and an ip address structure to allow for floating nodes. Would IP6 not stand up to delivering messages in network time for the entire US military structure?
The second issue seems simple to me, yes it will be much more reliable if you use a seperate computer for each task and allow them to communicate, but can you tolerate the lack of flexibility and is it even possible to do anything meaningful without adding lots of parts and weight (the more parts, the less reliable). I can imagine building a chip which actually contains 8 386s and 32M or ram split into 4M per 386, then have the disk controller map the device in an 8 way split so they can't touch each others data, a network chip could act as a switch to all the information, providing qos etc. buses to expansion could be mapped to cpus, but is it worth it or are you better off building two different but functionally identical systems so if one fails the other shouldn't? Also it's still one machine, as soon as you actually split it out into a meaningful number of machines weight, size and handling all become a problem. It would be lovely if you could sew tiny bluetooth enabled cpus w/mem into all the army gear and then they cluster together into a super cpu which reads the soldiers thumbprinted data device to figure out what to do, but would that actually require any sort of fundamental shift in how computers are made to achieve?
To me this article simply states that they haven't managed to build a good enough network yet, and want some cash to do it, and that they haven't managed to build a reliable os/app combination to deal with their needs yet either! Just the talk of "One of the limitations inherent in this approach is that when an application malfunctions, it can affect other programs" made me think they need to look harder at their OS. I will be surprised if the end result isn't IP6 (perhaps a modified army version) but you never know! I wonder what OS they'll go with though?
Never underestimate the dark side of the Source
I'd like to point out that the internet your using right now came from DARPA doing the same thing in the 70's. If you don't want an internet that runs on protocols initially devised by the US military then you better unplug now.
The purpose of language is communication, If the idea is clear the grammar ain't important
The military wants secure and reliable communications, period. From a military standpoint, it might be nice to monitor your adversaries, but not if it means that your adversaries can monitor you. Any intentional weakness in a communications protocol could be exploited by an enemy, making it unsuitable for military purposes. Since the military's opponents are other militaries, they have to assume that the enemy has the resources of an entire country behind it, and plan accordingly. Insecure comms makes the military's job harder. For the military, keeping YOUR comms secure is the first priority; monitoring or disrupting the other side's comms is a bonus.
Law enforcement, on the other hand, is going up against individuals or small groups. The stakes are lower and the adversary has far fewer resources. Insecure comms makes their jobs easier, because they need to monitor the other side a whole lot more than they need to worry about having their communications monitored. Hell, virtually all police departments still use unencrypted radios, despite the fact that scanners have been available to the general public for 30+ years.
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
No they did nothing of the sort, as soon as the network started getting very large, ie most people started to get phones and they wanted to be able to a call out side the local exchange with high frequency the invented technologies like PCM and the Time division multiplexing so they could packetize voice communications. Why did they do this because the Circut-switched network was becoming to costly to manage. The internet also has a nother reality, unlike most phone calls prior to packetizing most netusers want multiple concurent connections to hosts or many brief connections in rapid succession. Most pre-prepacket phone users never wanted to talk to more then one person at a time and only required call setup operations every few moments at most not hundreds of times in an instant loading some web page the pulls from many hosts or playing a video game and needing to update all clients.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Funded by the US military != devised by the US military. Most of the present protocols were designed by guys who wouldn't know which end of an M16 was the dangerous one.
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
Just a few items that comes to mind:
- The US military needs this for their own use, it does not have to be forced down over the rest of the spam-enjoying (right?) population.
- Asymmetric warfare analysis shows that it is better for the US to fix bugs or information leaks or other holes in software rather than keeping them secret for possible later use. Ref. NSA and their SELinux effort for evidence.
- the above also means that adding extra backdoors will likely backfire. The NSAKEY has the tin foil crowd in hysterics already.
- Encapsulation means you can run IPv7 (to give it a name) over the ordinary IPv4 and then roll out for the rest of the net to use once everyone tires of spam and breakins.
Also they wanted to do "something" with von Neuman architectures. Well, as anyone who has worked with DSPs I can assure you that alternatives are out there and in active everyday use, DSPs like for instance the Motorola DSP56300 that uses super-Harward architecture (one instrution and two data busses). Just why this is such a big deal I do not understand.
Not that I would mind then looking at it; after all compilers (especially GCC) have problems in optimising bus allocation (should this array be on the X or Y bus?). Yeah I know some claim compilers surpass human assembly programmers. Strange ten that people like me are paid (well too!) for hand optimising assembly on DSPs.
Oh, the moaning, oh, the bitching.
:)
Has it occurred to anyone else that DoD might not be out to reform the Internet in any way? They are out to build a network model to serve their own needs, but they have no need to reform the rest of the world.
Now, if they make this revolutionizing new network protocol/infrastructure public other people might want to adopt it because it's neat. But me being a hardened cynic, this will most likely only find use in privately owned networking ponds...Kinda like a certain version pf IP we all know of
I think you might be wandering into tin-foil-hat land here.
They're talking about creating a networking standard we could all use to build our own networks. The specs will be open, like AES. (Or, do you believe that AES has some backdoor that lets the US military decrypt your private bits?)
I don't see any similiarity with GPS. That's a military controlled network of hardware, on which, we civilians are allowed to tag along. It's not public or commercial in any way. Nobody had any illusions about that, well, except maybe you.
-ave
...or maybe not.
It's interesting that your not american, given your sig.
As much as some people here who aren't american complain about us being involved in world matters (whether we should or shouldn't), I think that is just as important that they not muck in ours! If you want John Kerry as Prez, then come over here, become a citizen and VOTE! Elsewise, you are politely reminded that this is not your democracy, it is ours.
I tend to agree that the US shouldn't be mucking around overseas for the most part, but I don't think a policy of Isolationism is a good idea either. I think the situation is much more complicated than any of us realize.
"We don't know what we are doing, but we are doing it very carefully,..." Wherry, R.J. Personnel Psychology (1995)
While this is funny, it does raise the issue ...
If DARPA tries to change the protocols and nobody listens to them the IPv4 infrastructure will remain just like it has. I don't exactly see much of a shift to IPv6
Do you think that the rest of the world is going to adopt a new protocol because the US DoD tells them they should??
Lost at C:>. Found at C.
DARPA and the military aren't interested in rebuilding the internet, they are interested in rebuilding IP.
They want to rebuild IP because they have a need for a better system. They need secure, reliable, ad hoc networking so that battle groups can communicate with each other.
These are private WANs. Not the Internet! The Military is not going to send real time battlefield data across the public internet, and real time battlefield data is what this thing is all about. The military launches and rents satellites for that sort of thing, they don't send it across uunet.
When they create a WAN, they have to have some mechanism to talk. Right now it might be IP, but in the future they want it to be something else. Something better for THEM.
The US Military couldn't care less if the rest of the world, or the internet itself, started to use whatever they come up with.
As far as those attacking technical limitations, when they started working on the original internet I'm sure everyone was saying, "Fault tolerant distributed networking with dynamic routing? That's impossible, why are they bothering" The point of DARPA is to do science and advance the field beyond current knowledge.
They may succeed, and they may fail. But they shouldn't just not try.
2. You have just described the Sun RPC portmapper, which has been shown to be a bad idea. You have just advertised what your host offers, and made it extremely difficult (with current firewalling techniques) to allow a given service from the outside, as it may be on any numeric port (assuming you're sane and use default-deny). Besides that, whose headache are you saving? Most users don't know what a port number is, nor do they need to. They run their web browser, put in the hostname, and it goes to the well-known port number for http. Why should I have to explain even a port name to my father?
Besides, given ports are named with strings, on the client side. Check out /etc/services on a UNIX[-like] system, or the equivalent file on Windows (IIRC %SystemRoot%\etc\services or similar). Yes, they're fixed to a well-known port number, but there are good reasons for that.
-30-
The purpose of protocols is to transmit information in an understandable manner. If you want privacy, either stop transmitting information or render it non-understandable (ie., encryption). It makes no sense to bitch about someone's effort to improve the state of the Internet.
!#@%*)anks for hanging up the phone, dear.
Sure.. it's called the Internet Protocol.. but that doesn't mean it's gonna replace what we're using now..
Anyone who thinks that the DOD will run drones with publicly available IP addressing schemes, has been spending a little too much time behind the ole peacepipe..
This will probably use a propriatary signalling method.. special packet sizes with some form of encrytion built right into the protocol at layer 3.. if not layer 2..
just because the DOD builds a new network.. doesn't mean we all get access to it.. it's no longer 1970 here folks.. the DOD doesn't need berkley anymore..
The OSI seven layer model and the DoD four layer model (now I'm thinking about seven layer taco dips darn it) was one of the most interesting things I ever studied in terms of putting pieces together. The ability to have seperate layer handle different aspects from packing to acknowledgement to physical delivery at once made sense and gave me insight into how computer "stuff" is put together in a group effort. I first learned this seven or so years ago and still remember it fondly as the first area that advanced my knowledge of computers to a deeper level (and something I really enjoyed learning about). Anyone who is interested in computers at all should at least take a look at one of these models - IMHO, it is an example of how computer "stuff" needs to work together aside from being at times disparate, and working in conjunction to accomplish a task.
"As the intrepid kobold companion continues his journey, he begins to wonder... if priests raises dead, why anybody die?
Most companies don't even use the full power of their current networks, installed in the late 90's or early 00's. Would they be willing to throw out all the old stuff to get the new stuff? I doubt it...most of them are still hurting from over spending in the first place.
$8.95/mo web hosting
From the quick blurb in the article where he talks about that, you could almost say we're already trying to do what he was talking about. He talked specifically about breaking from a generic hardware envirnment where the program runs to physically dividing applications. we do that now in software and hardware both. Think OS's and virtual machines for the software version, and there are hardware versions used in mainframes and other specialty setups. It might be time to jump whole sale away from the architecture since we spend a lot of our timte working around the problems he describes...
AB HOC POSSUM VIDERE DOMUM TUUM
Consider a swarm of several thousand minimissiles, each with an assigned target. As some are shot down, the others negotiate in real time to shift targets so that highest priorities are met, including in response to new threats that emerge after the swarm was lost.
....
....
Now -- try doing that with IPv4 or even IPv6 model, painstakingly assembling frames into packets and packets into messages
The architecture issue is a whole nuther matter. Consider the use of neural nets to filter noise from information in shifting signals, as tracked by a matrix of thousands of sensors
DARPA couldn't care less about your pr0n surfing, guys. The game is much bigger than that
Most people seem to miss the fact that the R in DARPA stands for Research. Research is not done by accepting the status quo. If ARPA had not invested in the original network research, who knows were we would be today!
TCP/IP is not perfect for every use. If DARPA can find a better set of protocols to slide into layers three and four of the OSI model, more power to them.
Internet protocol suite
For every problem there is a solution that is simple, obvious and wrong.
The U.S. isn't rushing toward IPv6 because it wasn't ready in MS Windows yet. That will probably change when Longhorn comes out. Maybe even as soon as XP SP2.
I completely agree. This general got fed some bad info, or his tech really sucks in networking. If you get rid of the layers in the stack, then you lose its dynamic ability. It sounds like he has some problems with their email or messaging system, and he wants to rewrite the entire IP protocol. I'd vote for rewriting SMTP, but there is nothing wrong with IP. I think the general just needs to get a systems guy who's a little knowledgable in whats out there today.