jon.seymour at gmail.com
Sun Aug 31 10:35:45 EST 2008
On Sun, Aug 31, 2008 at 10:21 AM, Karl Auer <kauer at biplane.com.au> wrote:
> On Sun, 2008-08-31 at 07:57 +1000, Richard Chirgwin wrote:
> > I can't see why the ordinary user should need to know
> > anything about v6. All the user needs is "does the connection work?" and
> > "do my applications work?" Multiple end-user addresses may well be a
> > good thing for ordinary users, but if it's an invisible good thing, so
> > much the better.
> True to some extent. But the features - and limitations! - of IPv4 have
> reached, at some level, the collective subconscious of Internet Userdom.
> Often in simplified and sometimes badly perverted form. So people think
> - really believe! - that NAT is a security feature, when in fact it is
> just another form of security through obscurity.
NAT undeniably enhances security for machines that don't have another layer
of security, simply because it significantly reduces the chance of
externally initiated connections reaching ports that are vulnerable.
Admittedly, it is an unintended consequence of a mechanism designed for
another purpose, but to suggest that NAT doesn't provide a net
security-related benefit is, I think, stretching the point a little.
> Ordinary people don't even bother to try setting up services on their
> own home computers with IPv4, because even though the OS may make it
> trivial to set up (say) a webserver. Mac and Linux make it very easy
> indeed. But working out the port forwarding, DMZ, dynamic DNS and so on
> is just too geeky for most people, and means muddling with something
> that, if they get it wrong, might stop all their Internet access. With
> an IPv6 address, you set up your webserver and it just works.
And that's the scary thing for me about ISP or CGN's - the loss of control
over the NAT. The only good NAT, as far as I am concerned, is a NAT I
control. A NAT controlled by someone else is a complete nightmare.
It will be interesting to see whether introduction of NATs themselves starts
to provide the economic incentive for widespread adoption of IPv6. For
exmaple if ISPs use their NATs to limit BitTorrent traffic, I imagine there
will start to be a increase in demand for IPv6 connectivity. Will it be
enough to bootstrap the adoption of IPv6? Probably not, but stranger things
More information about the Link