On Mon, 14 Dec 2009, Owen DeLong wrote:
UPnP is a bad idea that (fortunately) doesn't apply to IPv6 anyway.
You don't need UPnP if you'r not doing NAT.
wishful thinking.
you're likely to still have a stateful firewall and in the consumer space someone is likely to want to punch holes in it.
Yes, SI will still be needed. However, UPnP is, at it's heart a way to allow arbitrary unauthenticated applications the power to amend your security policy to their will. Can you possibly explain any way in which such a thing is at all superior to no firewall at all?
Because of the least surprise principle: Users get used to have NAT ~> they expect similar stateful firewall in IPv6. They get used to use UPnP in IPv4 ~> they expect something similar in IPv6. I don't think this is good, but bad engineering decision of UPnP cannot replaced with better ones overnight. Best Regards, Janos Mohacsi