On Tue, Dec 7, 2010 at 10:04 AM, Adam Tauno Williams <awilliam at whitemice.org> wrote: > Bogus. The reason is that they haven't been pressured into adoption by > higher powers; so we will get into a nice scramble to migrate in a > pinch. > > "most people" have no idea what NAT is, don't care, and shouldn't have > to care. > > Some people's belief that NAT is some magic sauce that makes them more > secure [it does not] or provides them more flexibility [it does not] > than real addresses ... causes the people who understand networking to > have to spend time explaining that their love of NAT is misguided and > their beliefs about NAT are bogus. *I'm* a fairly expert network person. (10base2, baby, I remember crimping those cables!) Forcing people to specifically select the services they wish to expose, rather than selecting what to cut off in configuring a typical firewall, is basic policy automatically enforced by NAT. It's especially helpful to ISP's, who *do not want* to try to remember all those furshlugginer individual policies and find it far simpler in routing and firewall terms to force all traffic to the NAT.