On 3-okt-2007, at 18:54, Daniel Senie wrote:
it works.
O really? When was the last time you successfully transferred a file using IM?
By policy, I generally block file transfer over IM at security boundaries
What does that have to do with anything? It still doesn't work reliably, or even most of the time. That it's not something you want or need makes this irrelevant for you but it doesn't make NAT work.
If you want NAT, please come up with a standards document that describes how it works and how applications can work around it.
Been there, and done that. Please go read RFC 3235
I was done reading the IPv6 section very quickly... Nice start, but it only provides some obvious guidelines to protocol designers, this isn't good enough to base the architecture of the entire network on.
If we're successful, there'll be plenty of time to go back and re-evaluate NAT afterwards when IPv6 exhaustion is a distant memory.
Right. Building something that can't meet reasonable requirements first and then getting rid of the holes worked so well for the email spam problem.
This is a rather disingenuous argument. You might look at the history of TCP, which has had several tweaks over the years as more was learned. In trying to have every duck perfectly in a row, IPv6 is quite late to the party. Even NASA launches deep space probes before operational software is finished, and updates it in flight...
The crucial difference is that there is an upgrade path. There is no upgrade path from a network with NAT to a network where you don't have to work around NAT. That's why it's so important to keep the NAT in IPv4 and not let it sneak into IPv6.