tone/language
I re-read the specific examples. Lets go through them one by one.
Indeed, product marketing departments have
effectively driven a perception that some connectivity and security
concerns can only be solved by using a NAT device, without any
mention of the negative impacts on applications. This is amplified
through the widespread sharing of vendor best practice documents and
sample configurations that do not differentiate the translation
function of address expansion from the state function of limiting
connectivity.
I wholeheartedly agree with the second sentence. But the first sentence
focuses on the role of the product marketing whereas in reality I believe
the situation was more complicated. The desires of equipment vendors
got mixed with the desires of the service providers, and with real-world
issues with addresses etc. How about this: "Indeed, it is often claimed
that some connectivity and ..."
Product marketing departments have widely
sold IPv4 NAT as a security tool and suppliers have been implementing
address translation functionality in their firewalls, though the
misleading nature of those claims has been previously documented in
[2] and [4].
I don't have a strong opinion on this, but I would use "NAT has been
sold as a security tool ..."
You appear to be assuming desktop/server OS's. Many/most cell-phone/pda
OS's
and virtually-none of the embedded appliance implementations include IPsec
for IPv4. Even when they do they don't include the nat traversal pieces.I
did add the comment about the helper services not working in all
situations.
It is true that such devices are less likely to have IPsec, or
other advanced features. (Features tend to be added to
devices when there is a clear, specific function they enable.
Perhaps more so than IETF mandates, even for IPv6.
For instance, corporate VPN access has been a driver for
IPsec inclusion in higher-end cell phone / pda devices.)
Would you be happier with the text with s/IPv4/some IPv4/?