Bob Braden writes: > Since 1980 we have believed that universal connectivity was one of the > great achievements of the Internet design. Today, one must > unfortunately question whether universal connectivity can be sustained > (or is even the right goal) in a networking environment without > universal trust. Maybe NATs are, in fact, a result of a very deep > problem with our architecture. If you accept that, then there is no > point in attacking NATs until you can propose a better architectural > solution to the trust problem (hopefully, there will be one!) I sort of wonder the same thing, but I don't draw the major distinction with trust. In fact, NAT's are lousy at that, unless you're talking about NAT's qua ALG's. My big bugaboo here is whether the factors driving people to want address space they control beyond the illusion of NAT security -- mostly renumbering immunity, IMO -- is so hard to counter with the universal end to end model version of the world (eg, IPv6) that addressing realms are a given and need to be dealt with just like civil engineers need to deal with politicians who want to put busts of their likeness into the faces of dams, etc. I personally am not ready to give up on the promise and architectural tidiness of e2e, but I have to say as an engineer it's never a bad plan to make certain the intertia of the world is kept in mind. Systems which are "correct" but undeployed are a dime a dozen in the ash heap of history. Mike