Dave Cridland wrote:
Martin Rex <mrex(_at_)sap(_dot_)com> wrote:
The majority of home users actually do not want and do not need to
run any service in the first place.
You're surely joking?
Nope, I'm dead serious.
Let's assume that by "service" you actually meant "service accessible to
anywhere on the internet", because it's just silly to assume you might have
meant internal services.
Correct. "Services" attached to the home network and accessed from
within the home network don't care about the IPv4 address on the
WAN interface of your home gateway.
They would have to care about changing network prefixes of a home gateway
that provided end-to-end transparent IPv6, on the other hand, and that
would be a real nightmare.
There's a fairly large number of devices sold with the explicit feature
that they have a [horrendously complex] mechanism by which they're
reachable from the outside world.
The Western Digital NAS I have sitting on a bookshelf in my office is one
such, as is the HP printer behind me. There are various digital TV set-top
boxes that are able to be programmed to record from outside the consumer's
network, too.
While that might be true, the security of most of these devices is
so ridiculously lame (read _not_ there), that *EVERYONE* is better
off when few to none of these ever become transparently accessible
from the internet. And for those devices that aren't huge gaping
security problem as shipped, they *ALL* turn into one within a few months.
These aren't obscure undocumented features; these are headline USPs.
Pretty much all of them are irresponsible features from a product safety
perspective, and NAT is probably the best (and by far most important) thing
that happened to the internet after the invention of the World Wide Web.
They're not *public* services, of course, but they're certainly services in
every meaningful technical sense, and they're all reliant on weird hacks,
proxy services, and so on. IPv6 instantly makes these simpler for
developers and users.
If the equipment running these services were transparently accessible
from the internet by default, then the vast majority of them would also
be publicly accessible without the owners consent and probably without
the owners knowlegde.
-Martin