Just to correct a misimpression some folk seem to have picked up. This proposal doesn't depend on using the Mathematical Mesh in any way.
The scheme does assume that users are going to have some application that manages their devices and the Mesh would be one choice for such a scheme. And as you might expect, all the reference code I have developed is built on my Mesh code base. But that is proof of concept code, not what I would consider a proposal for deployment.
People have been arguing for years that what people really need is IPv6 and that will solve everything. Well, I have IPv6 and it isn't solving the problems I need solved. I am still stuck with a second class Internet service and worse, every single IoT device out there is designed around the limitations of that second class service.
This is the start of a design proposal:
Step 1: Identify the services that are needed to turn an ordinary Internet connection into a first class connection.
Step 2: Work out how to provide them so that applications and devices only need a single protocol binding with a single serialization and are not required to navigate DNS Update, ACME, MOQ, etc. etc.
My prototype is working off a Web Services binding I hacked together while QUIC was still in flux. So I am certain we don't want to use that. But I do know this can all be made to work. It is only the deployment side of this that is 'ambitious'.
On Tue, Jul 1, 2025 at 12:03 PM Phillip Hallam-Baker <phill@xxxxxxxxxxxxxxx> wrote:
When I first used the Internet in the late 80s, the only way to reach it was through a University with a connection. There was something of a two tier effect in place because the machines of the era were regulated by a priesthood of system administrators.Part of the reason the Web won and competing network hypertext systems lost was that anyone with access to a machine could run the HTTP service, albeit maybe not on port 80.Fast forward to 1995 and we start to see a split between the ultra-fast (T1!) connection at the university and dialup access. Dialup isn't just slower, it is temporary. Nobody is going to want to be running a service that matters over dialup (some did of course but nobody wanted to).Since then, broadband has replaced dialup. But that is all broadband has done. I have 1Gb/s into the house but I don't have a full Internet connection I can run services until Verizon's truck rolls to upgrade me to a full business line with static IP addresses in the fall.Where we have ended up is with a two speed Internet in which residential users have a greatly curtailed Internet experience over what someone with a static IP address, a DNS name registration and (most important) some serious network administration skills can achieve.In a few months time, roughly $750 worth of IoT gear I have installed in the house will become unusable as network connected infrastructure because the provider can't be bothered to support it. Guess what? I am never buying an IoT device from that provider again, not ever and I suspect that will be true of most of the customers they are trying to upsell with forced obsolescence. The cloud based IoT model isn't just working any more.[Oh and please, stop your marketing droids lying about the necessity of the money grabbing scheme. You are not fooling anyone but yourselves and you are making people even angrier.]When I replace the thermostats it will be with Genuinely Internet Things (GITs). That is:* They will have a DNS name* They will have a WebPKI certificate* They will support open authentication to a universal account (OAUTH or TLS Client auth)Point is, if an IoT device is a GIT, I can reach it from a Web browser and log in using an Internet account I control. The device I bought and paid a fair price for will work without paying a monthly rent or suffering forced obsolescence.If US manufacturers won't make these devices, we will have to do a kickstarter for devices that meet our needs, that is a proven method of gaining the attention of Chinese knockoff manufacturers.So what would it take to turn an ordinary residential broadband Internet connection into something that a full featured Internet connection is capable of?One of the principles of the Mesh is that any set of instructions you can write down and give to a user can be turned into code. Same goes for system administration.So what I am proposing is a package of services which in combination give the user a full featured Internet experience without the need to have particular network admin skills and can be deployed as either a cloud service or a cheap $50 ish appliance.These are all essentially glue services and all essentially things we already have but without the nth degree of automation required to make this hang together. For example a service in the cloud reachable from network devices behind a NAT that:* Provides bidirectional DNS resolution and authoritative publication.* Provides ACME relay functionality* Provides an OAUTH IdP to an account identified by a DNS Handle* Operates a mini private CA for TLS Client auth* Provides a presence service for connecting up MOQ calls.* Relays inbound HTTP requests to devices authorized for external network connections.None of these systems is complicated, most already exist individually but putting them together requires serious systems expertise. Doesn't make sense as a one off but a single capable person could easily provide a service supporting thousands of users and companies already providing Anti-Virus, VPN or Password management services could easily add these services to their lineup.I will be in Madrid to talk about this with anyone interested. I already have quite a bit of code.
