On 17/02/2007, at 10:52 AM, Stuart MacIntosh wrote:
NAT, if my memory serves me right, is not a security mechanism - that is a by-product of it's main goal of preventing the exhaustion of the v4 address space. IMHO (and flame me for this off-list if you want) NAT should not be used as protection - that is something Windows/Microsoft jumped on because the services on the OS were vulnerable, ie it introduced security without the dev's doing much more work.
Correct, but it is a mighty handy side effect of NAT. It's another layer of security that is better than nothing. I would hazard a guess that for the majority (i.e. residential broadband customers), nothing is the alternative.
IPv6 is going to give us true global end-to-end and you guys are talking about not using that??
Not quite, we're indirectly asking the question of whether IPv6 is in fact the best 'next step' for internet users. My mother doesn't care about end to end connectivity. In fact neither does anyone else in my family. However they do care about being able to 'use the internet' - which is not predicated on end to end connectivity. Cheers, Jonny.