On 10/3/07, Mark Smith <nanog@85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org> wrote:
The value of network perimeterisation as a security measure, of which NAT is a method, is being questioned significantly by network security people.
Mark, The discussion at hand is whether the absence of NAT creates a drag on IPv6 deployment. and how much of a drag it creates. Your points about the relative merits of NAT as a security mechanism are entirely irrelevant to that discussion. On 10/3/07, Iljitsch van Beijnum <iljitsch@muada.com> wrote:
On 3-okt-2007, at 5:20, William Herrin wrote:
1. End the insanity of having software prefer IPv6 if available (AAAA records over A records).
Insanity?
Yes, Iljitsch, insanity. Trying IPv6 first is asking folks to disable it on their PCs the second or third time they can't get to a web site because the IPv6 path isn't working. Its also asking web site operators not to offer IPv6 addresses in the first place so as not to inconvenience folks who have Ipv6 turned on without a reliable connection. That's counterproductive. We want people on both sides to turn it on and leave it on. We don't need every PC in the world to be a beta tester for our new Internet. We do need them to turn it on. Regards, Bill -- William D. Herrin herrin@dirtside.com bill@herrin.us 3005 Crane Dr. Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004