> I think it would be more accurate to say that a NAT contravenes > the basic Internet prnciple of universal connectivity. well, if we're going to try to get accurate (or even precise) I'd venture that the basic principle being contravened is not universal connectivity, but separation of function between the network and the endpoints - where the network's job is to make a best effort to deliver packets to where the endpoints want them to go. expecting the network to isolate insecure hosts from untrustworthy attackers, or more generally, to enforce policy about what kinds of content are permitted to pass, has always been a stretch. Keith