On 10/3/07, Mark Smith <[EMAIL PROTECTED]> wrote: > The value of network perimeterisation as a security measure, of which > NAT is a method, is being questioned significantly by network security > people.
Mark, The discussion at hand is whether the absence of NAT creates a drag on IPv6 deployment. and how much of a drag it creates. Your points about the relative merits of NAT as a security mechanism are entirely irrelevant to that discussion. On 10/3/07, Iljitsch van Beijnum <[EMAIL PROTECTED]> wrote: > On 3-okt-2007, at 5:20, William Herrin wrote: > > 1. End the insanity of having software prefer IPv6 if available (AAAA > > records over A records). > > Insanity? Yes, Iljitsch, insanity. Trying IPv6 first is asking folks to disable it on their PCs the second or third time they can't get to a web site because the IPv6 path isn't working. Its also asking web site operators not to offer IPv6 addresses in the first place so as not to inconvenience folks who have Ipv6 turned on without a reliable connection. That's counterproductive. We want people on both sides to turn it on and leave it on. We don't need every PC in the world to be a beta tester for our new Internet. We do need them to turn it on. Regards, Bill -- William D. Herrin [EMAIL PROTECTED] [EMAIL PROTECTED] 3005 Crane Dr. Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
