The major *security* advantage of IPv6 is that it removes 90% of
complexity of IPv4 networks that results from layers of NAT, and then
series of port-forwards through them.
You seem to be assuming that there will not be middle-boxes with IPv6.
-- NAT64, for example, doesn't seem to support that claim. And NAT66,
allegedly one of the most required IPv6 "features" does not support your
Also, stateful firewalls (a la "only allow return traffic") are not much
different than NATs in terms of state -- although I agree that things
get uglier with CGNs.
Anyway: since we will be running both IPv4 and IPv6 for lots of years,
the complexity of IPv6 adds to that of IPv4.
e-mail: fernando(_at_)gont(_dot_)com(_dot_)ar || fgont(_at_)acm(_dot_)org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
Ietf mailing list