Does anyone wish to correct me? I'm a pretty decent thinker, but it's possible I may misunderstand some specifics, I'm _not_ a DNSSEC or NAT mechanic.
I am not intimate with the internals of DNSSEC to comment on the interoperability with NATs at this time. As such, I wouldn't question your assertion. I do, however, question this premise as being directly relevant to the advancement of NAT use in the internet infrastructure. It is likely that the scaling properties of the internet will demand a change in the lower level protocols. When this happens, the higher layer protocols (like DNSSEC) will have to be reworked. So DNSSEC gets broken. Fix DNSSEC after we fix the infrastructure. With NAT you can subdivide the network to many orders of growth. The sum work saved by doing this vastly outweighs the work required to adapt DNSSEC. For example, the root name system could interoperate with the NAT machines in a controlled manner. No, it's not a trivial task. However, isn't it easier than renumbering the entire address space and putting more space into the problem? -a