Dan York wrote : >> In the IPv6-only world, to be reached at the end of the transition >> period, NATs should IMO be prohibited. > > I think we will have to respectfully disagree on this one. Count me in > the camp that says that NAT will *NEVER* go away as long as corporate > enterprises believe it is of value to them (as I noted in my previous > message). Even were we to somehow "prohibit" it, enterprises would > still do it... or our stance on prohibiting it would simply be yet > another barrier for them to seriously consider moving to IPv6. > > NAT is here. NAT is loved (by many). NAT will be with us until long > after we are all long gone. I agree that many love NATs. But that's the existing ones, private v4 to public v4. I guess that they will also love some king of v6-v4 NATs, the ones we DO NEED to standardize. Regarding v6-v6 NATs, the word "prohibit", I must accept it, was not well chosen. (There is no way, nor is there any intent to check what people do in private premises.) The point is rather that IMHO there will be better ways to achieve the same privacy and security functions that NATs happen to offer. Here is such an other way: if a client host takes a new randomly chosen "privacy IID" for each of its outgoing connections: (1) its address and its chosen port will keep their E2E significance; (2) no one will know where it is in its site; (3) any attempt to call such an address will fail; (4) the host will easily clean up its state when it knows a connection is finished, or when it resets, or when its power is turned off; (5) no stateful logic is needed in any intermediate box; (6) intermediate boxes are not concerned with protocols used (UDP, TCP, SCTP...). Reagards. Rémi _______________________________________________ Ietf@xxxxxxxx http://www.ietf.org/mailman/listinfo/ietf