On Tuesday, March 19, 2002, at 07:17 PM, Keith Moore wrote:
[...] The reason I'm upset about NATs is that they make it difficult to
build distributed and peer-to-peer apps, and they encourage a model
where the net is centrally controlled (not by a single center, but
by a relatively small number of providers who control the center). [...]
I sympathize completely. I'm upset too.
However, I would observe that an architecture that requires an
application layer gateway in the customer premises equipment at every
site demarcation point is one we've all seen before [*].
We should not be surprised that such an architecture leads to a network
that is effectively controlled by a small number of powerful service
providers. It should seem eerily familiar by now.
I continue to hold the opinion that the widespread use of NAT in the
Internet is actually a sign that the IAB may have finally lost the first
round of the game, and I prefer to interpret the slow pace of IPv6
deployment simply that round two hasn't started yet.
So. Where is the hole in IPv6 that will allow a small number of
powerful service providers to obtain effective control of the network by
requiring an ALG in the CPE at every site? I know it's not the address
space. Maybe it's in the admission control policy. I don't know. I'm
not really very smart, so I need some help here.
Has anybody done a threat analysis? If so, can I read it?
--
j h woodyatt <jhw(_at_)wetware(_dot_)com>
[*] I think Steve Deering has made a similar observation.