Dear Tony,

27 Jan 19 20:11, you wrote to me:

 VS>> It was not intended as a security mechanism initially, but over
 VS>> time, it became one, and is required by many security guidelines.
 VS>> Ask some computer security specialist you trust, if you don't
 VS>> believe me.

 TL> Well, having compared notes, I am wary of anyone who calls themselves
 TL> a "specialist" without personal knowledge and trust of the person. :)
 TL> I've certainly heard a lot of dodgy stories about so-called
 TL> "specialists" in networking from a very trusted source over the years.

Not all IT security specialists are competent, that is true and can be said 
about any specialists. But the requirement of using private IP address space 
has made it into too many security guidelines. A Mr. Mordac can be competent or 
incompetent, but he has checklists to follow.

 VS>> Of course it does more! No packet filter *hides* *src*
 VS>> *addresses* of your internal hosts, and that is exactly what
 VS>> security people love NAT for.

 TL> True, but IPv6 has mechanisms for source IP privacy without NAT.

Unfortunately, those mechanisms don't provide privacy of your /64 nets, i.e. 
the nets still remain mappable.

[dd]


Victor Sudakov, VAS4-RIPE, VAS47-RIPN
--- GoldED+/BSD 1.1.5-b20160322-b20160322