CGA are not only used in SEND, but also in SHIM6, and they have a clear potential in other applications. You can take the narrow view that CGA are only useful to secure neighbor discovery, but doing that limits any future application.
Iljitsch makes another point, that CGA are inherently not useful in a NAT context, because the host identifier is assigned by the NAT, and mostly unknown to the host. Clearly, this is a valid argument. However, if you consider NAT64 close to the legacy IPv4 server, the picture becomes different. The NAT64 acts then as an extension of the IPv4 server, and may be tasked to prove that "you are really speaking to this host". I think Iljitsch missed the point about privacy. Consider an IPv4 enterprise network manager that wants to gain IPv6 access. Embedding the internal IPv4 addresses in the IPv6 address makes these addresses public, while previously they were private. In a stateless scheme, they also become reachable. -- Christian Huitema -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
