Mans Nilsson wrote: > By forcing the end user to NAT and hide things behind a > "broadband router" > or similar device, you now give the attacker one convenient weak spot > which, once attacked and brought to its knees, will deny > every node in the > house network service, especially since this box probably > also serves as switch, 802.11 access point, print server and > whatnot.. Probably not what you wanted.
Who said I was forcing the end user behind a NAT, though I agree it creates a single point of failure. There appears to be a lot of IPv4-centric single-address-per-interface thinking going on in this thread. Just because some nodes in a network are using addresses that are not globally routed does not force other nodes to forego use of globally routed addresses. That is the IPv4 model of the world. Multi-addressed IPv6 nodes can simultaneously use limited range and globally routed addresses for different destinations. Light switches, file mounts, printers, etc. should not by default be globally exposed. If someone chooses to change the configuration, fine, but forcing the 'managed enterprise network' model on the consumer will not work. Tony -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
