Mark Andrews wrote: >> >> Why would any private individual want to get an IPv6 address? >> With DHCP IPv4 + NAT (on your Home router) and even more so with CGN, >> you may have at least a vague chance that your ID doesn't stick out >> of every IP datagram like a sore thumb. With IPv6, you're stripped >> naked for traffic analysis by every governmental agency worldwide, no matter >> how strong you encrypt your traffic. > > Because with CGN, DS-Lite and NAT64 you have a third class IPv4 > internet. You can't run any services what so ever. The majority of home users actually do not want and do not need to run any service in the first place. And the majority of home users who do run services on their home network today (Bots; trojaned PC) would probably rather not to do so. > > You cannot do anything that requires anything other than > UDP or TCP over IPv4. There is nothing any members of my family or any of my equipment needs that doesn't fit here. > > Try running IPv4 in IPv4 or IPv6 in IPv4 tunnels over CGN, DS-Lite > and NAT64. They do not work due to the addresses sharing. Try > running a NAS from behind them, it does not work. I do *NOT* use IPv6 anywhere, and of the few equipment that I have that is IPv6 capable at all, I have IPv6 removed or disabled, because that makes it run smoother and safer. > > With one level of NAT that you control (second class internet) you > can kludge around some of the issues cause by not having global > addresses ability of every machine. UPNP helps here. There is a difference between using a random changing DHCP-assigned IPv4 address that is NATed on your home gateway by default, and not being able to get a static IPv4 or static IPv6 address assigned (and used) for _very_limited_and_very_specific_ services. > > As for you ID sticking out, IPv6 is no worse that IPv4 is for all > practical purposes with currently shipping IPv6 stacks. They have > privacy addresses and they are turned on by default. IPv6 privacy addresses are security theater when the network prefix is constant and the number of users sharing the prefix is tiny. > > Now with IPv6 you have a choice of whether to offer a service or > not and you don't have configure port forwarding etc. You can have > both stable and temporary addresses at the same time for the same > box. You can choose which to use on a service and/or role basis. *NOT* having to configure port forwarding is a real security issue, that you really can not seriously want to be the default for home users. > > But hey a third class internet is "good enough" for the plebes at home. Given the small bandwith that many home DSL subscribers face, there simply is no use case for "offering services" from home in the first place. -Martin