Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Mapping out an authentication and authorization model for the Internet

I'm reading about all kinds of chaos in the global economy at this time resulting from the mortgages mess. I think the only way to bring some order to this chaos is by applying computing technologies in an evolutionary and progressive manner.

It is imperative that the Internet is developed into a more cohesive and secure network in order to fully acquire the benefits that this technology can offer. A lot of people shy away from IPv6, especially people that have kids, since they're under the impression that they won't be able to monitor their kids' activities on the Internet if they use IPv6 for connectivity. Well, that may be true to some extent, but I believe that we must build an authentication and authorization model for the IPv6 Internet that can effectively prevent kids from being taken advantage of. If I had kids, I wouldn't monitor them constantly and invade their privacy. I would vote for a monitoring system that can be built on the totally impersonal Internet, since it's just software and it cannot take advantage of kids. The Internet must be enhanced with the logic to biometrically authenticate human users and determine that the person being authenticated cannot be at more than one place at the same time and this logic must be added to the IPv6 spec. We must then build an authorization model on top of that logic. This will protect kids. It will also protect the wealth of any persons that have legally gained that wealth.

Now, I'm not suggesting that everyone on the planet must be rounded up for biometric scans so that their personal details can be stored in some database. Like I've mentioned this will have to be evolutionary. So, when you logon to Windows or Linux, or whatever it is that you use, your biometric credentials - whatever that you're willing to provide - must accompany every IPv6 packet that originates from your PC, or Pocket PC, or iPhone, or whatever. Yep, this has to be done on the IP layer in the OSI stack, since after all that is the Internet and it is the piece of software that is closest to the hardware. Each router that is in the path of your IPv6 packet must store those biometric credentials and cross-reference those credentials with those stored on other IPv6 routers to establish that you cannot be at more than one place at the same time. Obviously, IPv6 routers and client software such as Windows, Linux, Windows Mobile, etc. will have to incorporate GPS in order to achieve this. As time passes, and as everyone that uses the Internet moves towards more honest business dealings, the enhanced Internet will learn all your biometric credentials, and thus this will be evolutionary.

IPv6 routers will have to access database backends to do this, and hence it is imperative that the PC architecture is enhanced with the true InfiniBand technology that enables very rapid network I/O. The real InfiniBand spec meshes the memory controllers on networked computers into a single InfiniBand network and Intel, AMD, etc. haven't given PCs this capability.

It is also important to fully authenticate PCs, including PC based servers against the Internet by incorporating serial numbers for every component on the PC such as capacitors, resistors, micro chips, etc. A compound hash value must be computed from all serial numbers on the PC using an algorithm like MD5 and this hash value must be the basis for forming those asymmetric keys used in encryption by software running on the PCs.


Re: Mapping out an authentication and authorization model for th


My opinion is the following:

The chaos you are mentioning was created by humans and no computing technology will resolve it. At the end, it should be resolved by humans who created it.

In old times when there was no Internet at all, no strong authentication and encryption methods were needed because people were very rarely dishonest and unfair.

So the simplest solution to the situation would be for some people to become honest and fair. (The majority of them are and will be honest and fair people).

No computing technology will turn those few dishonest people into honest and fair individuals. Only they can turn themselves.



New Member

Re: Mapping out an authentication and authorization model for th

You can't work under the assumption that people are honest and fair, or have been so. You could wind up losing a lot if you do that.

And I was expecting some technical input as reply to my post, not philosophy about life.

Hall of Fame Super Blue

Re: Mapping out an authentication and authorization model for th

I'm not sure what you are expecting here. Istvan's post was perfectly logical in that the mess we are in at the moment is to do with people and practices rather than any specific technology.

Your thread starts with talking about the global mess re: mortgages etc. and then goes on to talk about IPv6, authentication, authorization etc. How the two are directly related you haven't made at all clear.

I don't think for one minute that if we had IPv6 with all that that entails + infiniband etc. that this would somehow have helped us avoid the mess we are in now - or is this not what you are arguing ?


New Member

Re: Mapping out an authentication and authorization model for th

I recently read somewhere on the Web that the DVD rental company BlockBuster was introducing a new service using some proprietory set-top box technology. BlockBuster would be able to do this cheaper and more efficiently by streaming content to PCs connected to the IPv6 Internet, but they can't do that since nobody's adopting IPv6. Using PCs for this would give users a more seamless experience as well, with the connected home theory/idea, etc. A lot more services such as this could be provided with PCs connected to the IPv6 Internet. And I guess Macs could be used as well. IPv6 is actually an enabler for tremendous global economic growth, and it's a very misunderstood technology.

Any company making money on the IPv4 Internet is doing so through packet sniffing and that's illegal.

Re: Mapping out an authentication and authorization model for th

I can appreciate the passion that you have for security and how we should transfer data with biometrics, but I have to agree with Jon and Istvan. The problems that we have with the crisis in the states had to do with greed, not hacking. You on the other hand are asking for some sort of protest against IPv4. The internet, current technologies, or whatever won't stop, nor deter, greed. In fact, anyone who supports "total security" needs to understand that ALL security can be broken/hacked/cracked or what have you. There is no failsafe method, and IPv6 isn't the answer either. Once it's in widespread use, there will be many people figuring out ways to get around it. That's what makes hacking fun.

My question is: Why ARE you so passionate about IPv6?


HTH, John *** Please rate all useful posts ***
New Member

Re: Mapping out an authentication and authorization model for th

I'm passionate about IPv6 only because I DO NOT like to deal with middle-persons and there are people out there that are like me, but they're not aware of the benefits of IPv6, especially in eliminating middle-persons. And IPv6 is the future - it will help in tremendous ways in children's education, help eliminate the gap between the rich and the poor, and it will offer many such benefits.

Just like IPv6, I think InfiniBand is also a misunderstood technology. I'm pretty sure that the latency factor in the PC architecture that the original inventors of InfiniBand wanted to eliminate was the latency involved in transferring data from the InfiniBand HCA to PC memory, so they wanted to integrate InfiniBand with PC memory controllers. Instead, what AMD did was they went and integrated the memory controller into their CPU architecture and called it a latency deterrant, to confuse the market. And Intel has now followed suit.

Other than that, I think technologies like InfiniBand over Ethernet also confuse the market. Sure, any kind of virtualization can be of use in some scenarios, but InfiniBand over Ethernet would in no way offer benefits anywhere close to InfiniBand over a real PHY layer technology in the OSI stack.

New Member

Re: Mapping out an authentication and authorization model for th


When I said that IPv6 would help eliminate the gap between the rich and the poor, the gap I meant was the communication gap. When my system based on biometric authentication against the Internet is in place, even an individual worth a trillion dollars would be able to walk the streets anywhere on the planet without fear. Some individuals will always have more money than others, as would some companies than other companies, some governments than other governments, and surprisingly some charities would have more money than other charities. My system, and I'm sure nor its enabler, IPv6, wouldn't let some rich SOB take advantage of poor people either. Without this in place nations like U.S, Canada, etc. can't call themselves developed.

Now, here's where I think the PC industry is missing out on InfiniBand capability. Even the new PCI Express 3.0 spec doesn't offer anywhere near the 40Gbps bandwidth that some companies offer through their InfiniBand fabric. So, there has to be direct channels from InfiniBand HCA to PC memory controllers that can provision that amount of bandwidth, or more. On that note, a few weeks ago, I've read on about their 60Gbps InfiniBand fabric, and now they're saying they only have 40Gbps InfiniBand fabric. What gives?

As I've mentioned in this post and on other posts in this thread, the PC architecture has to be enhanced to accomodate InfiniBand and there are several uses for PCs enhanced this way. For example, I don't know why PC hardware that we can buy rarely come with more than 8 CPU sockets, and I only know of this HP box that even gives us 8 sockets on a single box. Most only have four sockets. There may be blade enclosures that give us more, but that's not what I'm talking about. Windows Server 2008 Datacenter Edition can provide 64-way SMP, and that's the kind of application that I'm talking about here. If the PC architecture is enhanced for InfiniBand as I've outlined above, we can actually shatter these limits through virtualization software that sprawl across physical machine boundaries. So, you would be able to string together Hyper-V VMs or ESXi VMs by pointing those hypervisors at CPUs hosted on multiple physical machines.