> So, perhaps the same company could also make a NAT that
> any homeowner could use? Because if the problem of NATs is
> easy of use, and this is the key being banged here (the NY School
> Board example, etc.) then it is a problem of design.
NAT's problem is not ease of use. NAT's problem is that they
break things in subtle ways. Many users can install a NAT,
but fixing the problems caused by NATs is beyond the ability
of all but the most sophisticated users. (and those who do
have the ability would far rather their time not be wasted
on such pursuits)
> However, if the problem is concept, in which way are NATs
> different from gateways, conceptually speaking? And,
> gateways are useful, no?
NATs, backhoes, dynamite, carbon tetrachloride. All of these are useful,
in limited situations, by professional experts who know the risks of using
them and take adequate precautions to minimize the danger associated with
their use. That doesn't mean you should try using them at home.
> Further, it seems to me that if NATs are to be blamed for the
> demise of IPv6, or its ad eternum delay, then maybe this is
> what the market wants
perhaps. but we should not confuse the market with intelligence,
or "what the market wants" with sound design. there is sometimes a
rightness to "what the market wants" (meaning that the market is sometimes
wiser than widely publicized experts) but the market is not an infallable
source of wisdom. and the market cannot choose wisely if engineers and
vendors don't provide it with good options.
> -- a multiple-protocol Internet,
> where tools for IPv4/IPv6 interoperation will be needed
> ... and valued. A commercial opportunity, clearly. Which
> can, undoubtably, be put in a sound theoretical framework
> for NATs, in network topology. NATs do not have to be a
> hack. They seem to have been discovered before being
> modeled, that is all.
if you do a cost-benefit analysis for NATs vs a large flat address
space you will alomst certainly find that NATs have a favorable
short-term benefit/cost ratio (for some cases) and a very unfavorable
long-term benefit/cost ratio. this might be fine if NATs are treated as
a short term hack or a method of transition to IPv6. but if the
market overinvests in NATs in the short-term there is some possibility
that you cannot reap the long-term benefits of IPv6. the market
is not necessarily endowed with foresight (indeed, our economic
system seems to artifically and unwisely favor short-term gains), and
hill-climbing strategies often do not yield good results.
> And firewalls are
> IMO much more homeowner-friendly than "ab initio security".
they shouldn't be thought of as mutually-exclusive;
they each need to exist and they need to work well together.
Keith
