IPv6 needs to be justified on the number of nodes that truly need a
globally accessible public address, not by insisting on counting devices
that should remain anonymous or under limited (and controlled) visibility.
you appear to be confusing visibility with accessibility.
No, that is exactly what I am not confusing.
If a node only requires accessibility by a few specialized nodes (such
as a water meter) then making it *visible* to more is just creating
a security hole that has to be plugged.
Yes, the hole can be plugged easily.
I am merely pointing out that the opportunity to add more rules to
an IPv6 firewall to plug a security hole that IPv6 created is *not*
an argument for IPv6.
Further, NAT boxes are very friendly to meter-type devices. They
can receive their IPv4 address via DHCP (eliminating the need
to administer addresses) and then they can contact the collection
server. The upper-layer protocols will identify the meter,
which they would have done for authentication reasons anyway.
There are also a large number of solutions using L2 tunneling.
My point remains, a globally meaningful address is something that
should only be applied when it is useful for that endpoint to
be globally addressable.