Mark Andrews wrote:
Why would any private individual want to get an IPv6 address?
With DHCP IPv4 + NAT (on your Home router) and even more so with CGN,
you may have at least a vague chance that your ID doesn't stick out
of every IP datagram like a sore thumb. With IPv6, you're stripped
naked for traffic analysis by every governmental agency worldwide, no matter
how strong you encrypt your traffic.
Because with CGN, DS-Lite and NAT64 you have a third class IPv4
internet. You can't run any services what so ever.
The majority of home users actually do not want and do not need to
run any service in the first place.
And the majority of home users who do run services on their home
network today (Bots; trojaned PC) would probably rather not to do so.
You cannot do anything that requires anything other than
UDP or TCP over IPv4.
There is nothing any members of my family or any of my equipment
needs that doesn't fit here.
Try running IPv4 in IPv4 or IPv6 in IPv4 tunnels over CGN, DS-Lite
and NAT64. They do not work due to the addresses sharing. Try
running a NAS from behind them, it does not work.
I do *NOT* use IPv6 anywhere, and of the few equipment that I have
that is IPv6 capable at all, I have IPv6 removed or disabled, because
that makes it run smoother and safer.
With one level of NAT that you control (second class internet) you
can kludge around some of the issues cause by not having global
addresses ability of every machine. UPNP helps here.
There is a difference between using a random changing DHCP-assigned
IPv4 address that is NATed on your home gateway by default, and not
being able to get a static IPv4 or static IPv6 address assigned (and used)
for _very_limited_and_very_specific_ services.
As for you ID sticking out, IPv6 is no worse that IPv4 is for all
practical purposes with currently shipping IPv6 stacks. They have
privacy addresses and they are turned on by default.
IPv6 privacy addresses are security theater when the network prefix
is constant and the number of users sharing the prefix is tiny.
Now with IPv6 you have a choice of whether to offer a service or
not and you don't have configure port forwarding etc. You can have
both stable and temporary addresses at the same time for the same
box. You can choose which to use on a service and/or role basis.
*NOT* having to configure port forwarding is a real security issue,
that you really can not seriously want to be the default for home users.
But hey a third class internet is "good enough" for the plebes at home.
Given the small bandwith that many home DSL subscribers face, there simply
is no use case for "offering services" from home in the first place.
-Martin