On Jun 24, 2014, at 5:56 PM, Mark Andrews <marka@xxxxxxx> wrote: > > In message <20140624235543.332511AD64@xxxxxxxxxxxxxxxxxxx>, Martin Rex writes: >> Mark Andrews wrote: >>> >>> Martin Rex writes: >>>> >>>> Phillip Hallam-Baker wrote: >>>>> >>>>> While going through the Windows API calls and thinking how old fashione >> d >>>>> and lame all those 'Win32' classes look now, a sudden thought: >>>>> >>>>> Ordinary users don't understand the importance of going from IPv4 to IP >> v6. >>>>> >>>>> But Ordinary users do understand that 32 bits is bad and old and obsole >> te >>>>> and rubbish and 64 bits is better. >>>> >>>> Experienced users know painfully well just how smooth and painless >>>> 32-bit (windows) and 32-bit IPv4 is, whereas newer 64-bit (windows) >>>> and newer 128-bit IPv6 is just many painful problems and ZERO benefit. >>>> >>>> A lot of the equipment that me and my family is using is not IPv6 capable >> , >>>> and *ALL* Software that I've used so far (Linux, WinXP, Win7) runs >>>> ***MUCH*** better when configured with IPv4-only anyway, so why bother. >>>> >>>> If someone needs to be pushed, then it is *VENDORS*, not users, >>>> that they ship their equipment in a fashion that it will work with IPv6, >>>> should this ever become available. Then maybe in 10 years from now, >>>> this might become interesting to end users. >>> >>> Given there are ISP delivering IPv6 + DS-Lite today over fibre >>> because they have run out of addresses it is time that *everybody* >>> starts complaining to every supplier that doesn't ship equipement >>> / services with IPv6 enabled by default. >> >> >> Why would any private individual want to get an IPv6 address? >> With DHCP IPv4 + NAT (on your Home router) and even more so with CGN, >> you may have at least a vague chance that your ID doesn't stick out >> of every IP datagram like a sore thumb. With IPv6, you're stripped >> naked for traffic analysis by every governmental agency worldwide, no matter >> how strong you encrypt your traffic. > > Because with CGN, DS-Lite and NAT64 you have a third class IPv4 > internet. You can't run any services what so ever. You cannot do > anything that requires anything other than UDP or TCP over IPv4. > Try running IPv4 in IPv4 or IPv6 in IPv4 tunnels over CGN, DS-Lite > and NAT64. They do not work due to the addresses sharing. Try > running a NAS from behind them, it does not work. > > With one level of NAT that you control (second class internet) you > can kludge around some of the issues cause by not having global > addresses ability of every machine. UPNP helps here. > > As for you ID sticking out, IPv6 is no worse that IPv4 is for all > practical purposes with currently shipping IPv6 stacks. They have > privacy addresses and they are turned on by default. IPv6 privacy addresses aren't changed very frequently -- I see them change only every 24 hours. Can they change more frequently with sysctl or application encouragement? I know NAPT assigns a new port for every connection, which is how often we need a new IPv6 privacy address to provide NAPT-equvilence host obfuscation. -d > Now with IPv6 you have a choice of whether to offer a service or > not and you don't have configure port forwarding etc. You can have > both stable and temporary addresses at the same time for the same > box. You can choose which to use on a service and/or role basis. > > But hey a third class internet is "good enough" for the plebes at > home. They don't deserve to be able to run servers from home. They > don't deserve to have a first class internet. > > Mark > >> The end-2-end principle is equivalent to a fairly complete loss of privacy. >> Really, I'm glad that I can use IPv4 and get a new IPv4 address assigned >> several times a day. >> >> -Martin > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: marka@xxxxxxx >