It has nothing to do with "security by obscurity".
You may wish to re-read what Joe was saying - he was positing sparse addres= sing as a positive good because it will supposedly make it more difficult f= or attackers to locate endpoints in the first place, i.e., security through= obscurity. I think that's an invalid argument.
That's not necessarily security through obscurity. A client that just picks a random(*) address in the /64 and sits on it forever could be reasonably argued to be doing a form of security through obscurity. However, that's not the only potential use! A client that initiates each new outbound connection from a different IP address is doing something Really Good. It may help to think of your Internet address plus port number as being just a single quantity in some senses. As it stands with IPv4, when you "see" packets from 12.34.56.78, you pretty much know there's a host or something interesting probably living there. You can then try to probe one of ~64K ports, or better yet, all of them, and you have a good chance of finding something of interest. If you have potentially 80 bits of space to probe (16 bits of ports on each of 64 bits of address), you're making a hell of a jump. If you don't understand the value of such an increase in magnitude, I invite you to switch all your ssh keys to 56 bit. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.