Comment by omgJustTest

12 hours ago

NAT is not inherently a security feature, however where NAT happens is somewhat important.

A local router that I can control deals with how to map from my public IP to my private IPs.

This is not security but is obfuscation of the traffic.

Obfuscation becomes almost impossible in the IPV6 context where NAT isn't necessary, it becomes optional, and given the likely trajectory that option will be exercised by sophisticated enterprise customers only.

3 comments

omgJustTest

Reply
kibwen  12 hours ago

As the article mentions, if you want to use NAT with IPv6, you can. The fact that it's optional doesn't mean that address obfuscation is suddenly impossible.

  • omgJustTest  11 hours ago

    It means it is not by default, which as we know, is a powerful choice these days.

    ie enterprise customers will enable it, consumers will do it if they are tech savvy and your mom/dad/granddaughter/grandson/nephew/niece will have the default option.

    when you are at home you will have nat and when you are not you will be uniquely identified.

    • Dagger2  10 hours ago

      If you can be uniquely identified without NAT then you can be uniquely identified with it too, because IPs don't contain your identity. You get them from a combination of the network prefix and a random number generator.

      There's generally no reason to be enabling NAT when you have enough address space to not need it. It can be a useful tool in your toolbox sometimes, but it's not something to be enabling by default.