Re: comments on draft-itojun-v6ops-v4mapped-harmful-00.txt

[Keith Moore <moore@cs.utk.edu>]

> I suspect the root of this argument is whether NAT as we know it
> in IPv4 (with DNS-ALG, FTP-ALG, etc) is "good enough".
> If so NAT-PT is what we need.

that begs the question "good enough for what?"

> Or do we want to improve on that?
> For instance, do we want improvements that allows one to take advantage
> DNSSEC through the NAT?


I propose three guidelines:

1. communication between v6-capable nodes MUST NOT use NAT, so 
   applications that do not tolerate NAT can use v6.

2. views of DNS MUST be kept consistent between v4 and v6, except 
   possibly for limited portions of the net for which some DNS ALG 
   is necessary, and even then we need to discourage it.

   in other words, don't use NAT as an excuse to pollute DNS.

3. if it is necessary/desirable to extend the flexibility of
   communication between v4 and v6 hosts (v4-v6 NAT) this should
   patterned after mechanisms developed for v4-v4 NAT.  this will
   minimize impact on software written to take advantage of
   v4-v4 NAT workarounds.  

   in other words, NAT is a disaster, and attempts to solve the 
   problem (DNSALG, RSIP, MIDCOM) should be sufficient evidence
   that there are no good solutions.   let's keep v6ops out of the 
   business of generating more bad solutions.