Michael, > The major *security* advantage of IPv6 is that it removes 90% of > complexity of IPv4 networks that results from layers of NAT, and then > series of port-forwards through them. You seem to be assuming that there will not be middle-boxes with IPv6. -- NAT64, for example, doesn't seem to support that claim. And NAT66, allegedly one of the most required IPv6 "features" does not support your claim, either. Also, stateful firewalls (a la "only allow return traffic") are not much different than NATs in terms of state -- although I agree that things get uglier with CGNs. Anyway: since we will be running both IPv4 and IPv6 for lots of years, the complexity of IPv6 adds to that of IPv4. Thanks, -- Fernando Gont e-mail: fernando@xxxxxxxxxxx || fgont@xxxxxxx PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf