Also, it provides no forward secrecy.
The primary purpose of the encryption in CJDNS is simply to establish identity and make the completely decentralized addressing system (the key component) possible. Using the keys to do built in transparent end-to-end encryption is an important and valuable feature as well, but ultimately is secondary. If you need the kind of security that requires frequent key rotation, you should really be using an additional encryption and identity verification layer on top, just like with the current internet.
Also, CJDNS uses 512 bit keys, and the nature of how the protocol works means that any address collisions (which would be unavoidable by someone impersonating you) would be obvious and detectable, so for it's intended purpose it should not be necessary to rotate keys very often at all.
The existence of Hyperboria and the use of VPNs over the current internet is purely due to the fact that the current users are still too few and far between to establish direct links to each other.
The only recent/ongoing shifts in internet technology are IPv6 and the https push, and they are both built on top of existing technology, and have been extremely logistically challenging to implement. How could a total revamp possibly fare?
A survey of some of the most promising IP alternatives would be most interesting.
For bonus points, it can also tunnel IPv4 and IPv6 through the P2P network[1] much like a traditional VPN would. But unlike a traditional VPN, it is sufficient to connect to any single node of the P2P network, no need for direct connectivity to the gateway. And of course that connection doesn't have to be a UDP/IP stream over the public internet, because CJDNS can speak raw Ethernet frames[2] over any hardware interface you like.
[0] https://en.wikipedia.org/wiki/Unique_local_address [1] https://github.com/cjdelisle/cjdns/tree/master/tunnel [2] https://github.com/cjdelisle/cjdns/blob/master/doc/configure...
What it's trying to do is create a more distributed version of the BGP / IP system we use to route traffic today. So instead of organizations like ARIN and APNIC that assign addresses and AS numbers (for BGP routing), you just generate your own IPv6 addresses, derived from a private key, and then it peers with whomever you want to peer with. There is no centralized step here, all you need is authentication information from the servers you want to peer with.
I actually see this more as a replacement for BGP. BGP is what really routes all the internet traffic around, and then the IP is like the end-point for that routing. BGP has a similar work flow to the way you use Cjdns (find peers, connect to them, get more redundant routing paths).
Why bother? Well, the IP/BGP ASN allocation process is a complicated, centralized, manual, expensive mess. I've recently acquired some IP space and an ASN and it took a long time and a lot of difficult work to get it all worked out. With Cjdns, you just boot it up, peer with some upstreams and you're ready to go. And because it uses IPv6 for the exit, it works with any application that supports IPv6, so it's compatible with pretty much everything, no rewriting is needed.
A lot of people don't like that it isn't perfectly anonymous, but that's okay. It's trying to be as fast and efficient as possible, as opposed to something like Tor that is trying to improve privacy and anonymity at the expense of performance. You can always run things like Tor on top of it if you want to do that. Anyways, we don't know if Tor is the final answer to that problem, so this allows you to solve the routing problem, and then implement protocols to deal with the privacy/anonymity problem above that.
I'd really love to see this project get more adoption, but it's going to be an uphill battle to get a large amount of the internet peering through it.
I'm not sure if this is the best way to describe cjdns, so feel free to correct me on any of this.
