Re: IPv6 NAT?

Mark Andrews wrote :

On 19 feb 2008, at 10:02, Dan Wing wrote:
    

It would be interesting to write it down, and to see what
would break if the IP stack acquired and provided a fresh
v6 address to every new connection.  Maybe nothing would
break, which would be great.
      

You also don't want to do it as you would also need massive churn in
the DNS.
  

The proposal is, more precisely, a new fresh v6 address for each OUTGOING connection.
(A new address per incoming connection wouldn't make sense, right?)
Then, there is no need to concern the DNS with these new addresses:
- Addresses in the DNS would remain stable.
- Hosts would  simultaneously have their advertised address(es), registered in the DNS, and transient addresses for outgoing connections.

This approach, say "extended privacy with fresh address per connection",  has been introduced as a potential alternative to v6 to v6 NATs.
The goal  is to have : (1) privacy and security similar to that of these NATs; (2)  preservation of E2E significance of addresses and port numbers.

If there is interest in at least looking at it, more work would clearly be needed.
In particular, some way to improve the Duplicate Address Discovery would have to be devised.
IMHO, preserving E2E significance has numerous advantages, worth extending the scope of studied solutions.

RD

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
http://www.ietf.org/mailman/listinfo/ietf