On Tuesday, March 19, 2002, at 07:17 PM, Keith Moore wrote: > > [...] The reason I'm upset about NATs is that they make it difficult to > build distributed and peer-to-peer apps, and they encourage a model > where the net is centrally controlled (not by a single center, but > by a relatively small number of providers who control the center). [...] I sympathize completely. I'm upset too. However, I would observe that an architecture that requires an application layer gateway in the customer premises equipment at every site demarcation point is one we've all seen before [*]. We should not be surprised that such an architecture leads to a network that is effectively controlled by a small number of powerful service providers. It should seem eerily familiar by now. I continue to hold the opinion that the widespread use of NAT in the Internet is actually a sign that the IAB may have finally lost the first round of the game, and I prefer to interpret the slow pace of IPv6 deployment simply that round two hasn't started yet. So. Where is the hole in IPv6 that will allow a small number of powerful service providers to obtain effective control of the network by requiring an ALG in the CPE at every site? I know it's not the address space. Maybe it's in the admission control policy. I don't know. I'm not really very smart, so I need some help here. Has anybody done a threat analysis? If so, can I read it? -- j h woodyatt <jhw@wetware.com> [*] I think Steve Deering has made a similar observation.