I think the problem is the layer model. ARP and TLS and all those routing protocols don't really need to exist. Insecure connections don't need to be there. It all seems to be full of legacy stuff.
Which is probably a good thing because standardization and compatibility are really nice, but I think we could do way better today.
I don't know why it can't just be something like:
* Get the address from DNS. The address has the key hash in it.
* Use the routing prefix on the address, or LAN discovery, to find the server
* Do a handshake and make sure the public key hash matches the address
No certificates, no NAT, everything just works, LAN connections are secure, devices are identifiable between networks, if they don't want to be they can use new keys.
Routing prefixes could have a fixed layout so it's easy to identify individual subscribers for rate limit purposes.
Alternate P2P routing mechanisms could be automatic and transparent.
I skimmed the text. No mention of NAT. We're in 2025. Everything is still NAT. Lack of a flat, IPv6 Internet is the problem. Everything is flextape on top of band-aids on top of glue to support content via IPv4 and NAT.
Which is probably a good thing because standardization and compatibility are really nice, but I think we could do way better today.
I don't know why it can't just be something like:
* Get the address from DNS. The address has the key hash in it.
* Use the routing prefix on the address, or LAN discovery, to find the server
* Do a handshake and make sure the public key hash matches the address
No certificates, no NAT, everything just works, LAN connections are secure, devices are identifiable between networks, if they don't want to be they can use new keys.
Routing prefixes could have a fixed layout so it's easy to identify individual subscribers for rate limit purposes.
Alternate P2P routing mechanisms could be automatic and transparent.