> What I am suggesting is that there is no reason nat had to reusult in > being on the interNOT rather than the internet. you're simply wrong about that, at least for anything resembling today's NATs. except for a shortage of IPv4 addresses, NATs would not be needed at all. (yes, they're sold for other purposes, but they're not needed for those purposes) and there's no way to fix that shortage in a sane fashion (or as you put it, without producing the interNOT) that does not require changes to the endpoints - and in many cases, the applications - to make them work. once you do that you're within epsilon of the deployment barrier to IPv6. (had IPv6 been designed differently we might have been able to avoid having those changes affect the network core, but not leaf networks or endpoints.) > Further folk are going to buy these and put them at the border of > their home networks. yup, and there will continue to be vendors selling snake oil. it's not our problem. > Trying to secure end point computers is futile. it's even more futile to expect the network to do it. firewalls can raise the bar for some kinds of threats, but they can't make your insecure systems secure. > If I dot run a local mail server why should I let a machine have > unrestricted net access if it does not need it? no reason that I know of. but the relevant question for this dicussion is, why do you need a NAT to impose access control? answer: you don't.