[api]

In designing ZeroTier I put a ton of effort into creating a secure P2P layer with addresses that are only 40 bits long. This effort continues with new solutions being worked on to maintain security while allowing more openness and federation.

It would have been much easier to use long addresses that are long hashes of keys. Having only 40 bits means we need two layers of defense in depth to prevent intentional collision: a work function to make the cost substantial (about USD $8M per collision on today’s public cloud) and a single source of truth for lookup that still supports federation. You could punt on all that with 128 or 256 bit addresses.

Yet I did it because I was quite aware that it was very necessary for usability. I have had many people tell me they love that they can type a ZeroTier address.

I would bet anyone that if the addresses had been gigantic we’d have 1/10 the adoption.

Software is first and foremost for people to use. Most of the complexity in software exists for this reason.

[p1mrx]

ZeroTier has a flat address space governed by a single algorithm. The Internet is a loose hierarchy of independently-managed networks. These problems have quite different addressing requirements.

Analogy: ZeroTier is to https://plus.codes/ as IPv6 is to mailing addresses. A mailing address is pretty long, but you can use its structure to route the mail efficiently.

[api]

The Internet is governed by a single algorithm: IP routing. Short IP addresses are a lot easier than short cryptographic addresses.

Adding 16 or 32 more bits to IPv4 would have been trivial. The existing IPv4 address space becomes 0.0.n.n.n.n or perhaps 0.n.n.n.n.0 if you wanted to give every existing IP 256 addresses to assign while also multiplying the IP space by 256.

Easy, easy, easy.

[p1mrx]

You're describing 6to4, where the existing IPv4 address space becomes 2002:nnnn:nnnn::/48. You can treat the 80 bit suffix as 8 bits when designing a network.

Problem is, stacking the new protocol on top of IPv4 was never very reliable, so 6to4 is mostly dead now. It would've worked a bit better if the Internet had used 2002::/16 exclusively.

[icedchai]

Adding 16 bits or 32 bits doesn't matter: The networking stack of every device would still need to be updated to understand the new address structure (just like IPv6!) You can't magically fit 48 bits in a 32 bit field.

IPv6 was the correct long term approach. You wouldn't want to pick only 48 bits and have to do this again in 20 years.

[api]

Every device has been updated. We are still lagging because nobody wants to use it.

[icedchai]

Yes. I'm saying if we had to update every device anyway, we might as well do it right and not some short term solution (48-bit addressing or whatever.)