This is similar to what I thought IPv6 IPsec should have been, auto-generated addresses: where address generation uses the hash of a public key. Sure, the addresses would have to be longer (in a /48, you only have 80 bits of choice), but if IPv6 were longer to accommodate strong hashes, it would solve much of the problem of secure computer-to-computer communication in a decentralized way.
Right now, IPsec practically requires PKI. But at Google or Amazon's scale, PKI is far from an easy problem, distributing keys to millions of nodes must be painful. And auditing the system must be its own level of hell, as I doubt many internal PKI systems attempt to manage devices at that scale. Unlike a smartphone or a laptop, where you can rely on 2-factor authentication, a server must be single-factor authenticated. The server is the server, and that places a huge burden on correctly allocating certificates.
And then there's the chicken and the egg problem: if you want to deploy PKI to millions of existing servers, how do you do that and ensure every server is what it says it is? There's too many shaky links of trust involved for a system like that to stand up.
I really like this idea, it's in many ways better than the idea I had about IPv6, because it uses the DNS layer to advertise public keys. It's inarguably more extensible, to boot. My idea would fix IPv6 into a single standard for IPsec, this is much more flexible.
Right now, IPsec practically requires PKI. But at Google or Amazon's scale, PKI is far from an easy problem, distributing keys to millions of nodes must be painful. And auditing the system must be its own level of hell, as I doubt many internal PKI systems attempt to manage devices at that scale. Unlike a smartphone or a laptop, where you can rely on 2-factor authentication, a server must be single-factor authenticated. The server is the server, and that places a huge burden on correctly allocating certificates.
And then there's the chicken and the egg problem: if you want to deploy PKI to millions of existing servers, how do you do that and ensure every server is what it says it is? There's too many shaky links of trust involved for a system like that to stand up.
I really like this idea, it's in many ways better than the idea I had about IPv6, because it uses the DNS layer to advertise public keys. It's inarguably more extensible, to boot. My idea would fix IPv6 into a single standard for IPsec, this is much more flexible.