Bob Braden writes:
Since 1980 we have believed that universal connectivity was one of the
great achievements of the Internet design. Today, one must
unfortunately question whether universal connectivity can be sustained
(or is even the right goal) in a networking environment without
universal trust. Maybe NATs are, in fact, a result of a very deep
problem with our architecture. If you accept that, then there is no
point in attacking NATs until you can propose a better architectural
solution to the trust problem (hopefully, there will be one!)
I sort of wonder the same thing, but I don't draw
the major distinction with trust. In fact, NAT's
are lousy at that, unless you're talking about
NAT's qua ALG's.
My big bugaboo here is whether the factors driving
people to want address space they control beyond
the illusion of NAT security -- mostly renumbering
immunity, IMO -- is so hard to counter with the
universal end to end model version of the world
(eg, IPv6) that addressing realms are a given and
need to be dealt with just like civil engineers
need to deal with politicians who want to put
busts of their likeness into the faces of dams,
etc.
I personally am not ready to give up on the
promise and architectural tidiness of e2e, but I
have to say as an engineer it's never a bad plan
to make certain the intertia of the world is kept
in mind. Systems which are "correct" but
undeployed are a dime a dozen in the ash heap of
history.
Mike