On Dec 7, 2010, at 7:41 PM, Nico Kadel-Garcia nkadel@gmail.com wrote:
On Tue, Dec 7, 2010 at 10:04 AM, Adam Tauno Williams awilliam@whitemice.org wrote:
Bogus. The reason is that they haven't been pressured into adoption by higher powers; so we will get into a nice scramble to migrate in a pinch.
"most people" have no idea what NAT is, don't care, and shouldn't have to care.
Some people's belief that NAT is some magic sauce that makes them more secure [it does not] or provides them more flexibility [it does not] than real addresses ... causes the people who understand networking to have to spend time explaining that their love of NAT is misguided and their beliefs about NAT are bogus.
*I'm* a fairly expert network person. (10base2, baby, I remember crimping those cables!) Forcing people to specifically select the services they wish to expose, rather than selecting what to cut off in configuring a typical firewall, is basic policy automatically enforced by NAT. It's especially helpful to ISP's, who *do not want* to try to remember all those furshlugginer individual policies and find it far simpler in routing and firewall terms to force all traffic to the NAT.
Does this mean I have to type in URLs like:
http://3ffe:1900:4545:3:200:f8ff:fe21:67cf/
I can only image phonetically calling these off on a support call, I'd get half way through it and the other end would tell me to "forget it I'll wait until DNS is working again".
In fact with DNS problems we'd be pretty much crippled.
I'd use IPv6 if the addresses weren't so hard to remember.
-Ross