[Cryptography] peering through NAT

[John Levine]

In article <19496554-2b3a-8f88-c998-4e9e738f8770 at huitema.net>,
Christian Huitema <huitema at huitema.net> wrote:
>But then, having a unique stable address/identifier for each device has some pretty nasty privacy implications. It is not hard to find privacy advocates who believe
>that Carrier Grade NAT is great, because it lets people hide.

For most home users, regular NAT has no downside.  It automatically
firewalls devices behind it* and it is not a bug that nothing outside
my house can talk to my printer or other devices on the LAN.  There
are a few home applications that want to see through the NAT, but not
many, mostly multiplayer games.  I agree that CGN where you're doing
N:M NAT rather than N:1 home NAT is a lot messier and harder to
manage, but that's a relatively recent development.  

I am surprised that when touting the advantages of IPv6 few people
mention that the giant address space makes it much more resistant to
port scanning.  On my home LAN there are two hosts visible from
outside but unless you had a hint about where to look like a DNS name
it's unlikely you could find them.

R's,
John

* - yes, I know you can do that without NAT, I have IPv6 tunneled onto my LAN too.
-- 
Regards,
John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly