In practice the stagnation of IPv6 seems to be a recognition of the unintended security that NAT with IPv4 adds. From a security perspective, having every device use a public IP and trying to prevent malicious software from simply opening whatever ports it needs per device would be a headache.
How about security through obscurity, to some extent? An IPv6 address isn’t a needle in a haystack, it’s a needle floating somewhere in the solar system. I think I have a quadrillion addresses assigned to me?
340,282,366,920,938,463,463,374,607,431,768,211,456 unique IP addresses is a staggering amount to scan, no matter what horsepower you have to deploy.
NAT brings no security, especially in this scenario. If you want to prevent malicious software from opening ports, you use a public facing firewall on your gateway. Which you should have for IPv4 as well.
In practice the stagnation of IPv6 seems to be a recognition of the unintended security that NAT with IPv4 adds. From a security perspective, having every device use a public IP and trying to prevent malicious software from simply opening whatever ports it needs per device would be a headache.
How about security through obscurity, to some extent? An IPv6 address isn’t a needle in a haystack, it’s a needle floating somewhere in the solar system. I think I have a quadrillion addresses assigned to me?
340,282,366,920,938,463,463,374,607,431,768,211,456 unique IP addresses is a staggering amount to scan, no matter what horsepower you have to deploy.
It’s slow but stagnation is a disingenuous way of putting it. https://www.google.com/intl/en/ipv6/statistics.html
NAT brings no security, especially in this scenario. If you want to prevent malicious software from opening ports, you use a public facing firewall on your gateway. Which you should have for IPv4 as well.