The consumers are not expected to need a public address where they can be reached - in fact, having a public address is actually a security and privacy risk.
The consumers are not expected to need a public address where they can be reached - in fact, having a public address is actually a security and privacy risk.
> having a public address is actually a security and privacy risk.
Services can be turned off or a firewall instructed not to pass traffic from the internet (by default). That represents exactly the same attack surface as having a service enabled and nobody being able to get to it from the internet because of NAT.
The privacy risk is mitigated by RFC4941 "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". Granted that does not deal with the (delegated) prefix staying the same and when there are only one or very few users in that prefix, some individual behavior could be inferred. Because of that at least in Germany we have the peculiar horror of getting the IPv6 address and all delegated prefixes changed on every redial. That eliminates all privacy concerns while also continuing to make residential internet connections useless for hosting any services.
Anyway. The internet is already way down the road of functioning only as the delivery conduit for a few cloud / service providers mediating all user communication and access to content.
I strongly disagree with this. Privacy (not that it's a big deal imo) is well handled by the temporary address extension, and security is not an issue if you run a firewall. And you should be running a firewall even if you use v4, because NAT is not an acceptable security measure.
100% of consumer routers and OS level firewalls deny new inbound connections by default. There are upsides and downsides to static vs dynamic ISP-provided addresses, but the only difference between IPv4 and IPv6 in this regard is that IPv6 has a vastly larger address space and offers an ISP far more capacity to randomize a customer's host address for a far lower cost than IPv4. CGNAT is available for 4 or 6 if such is desired.
This is oh so very German.
In normal times it is massively overkill. I have to wonder if, heaven forbid, the things these sort of German things are meant to mitigate come to pass again if they will make any difference or if they are a largely symbolic act designed to demonstrate ideological opposition to such things.
Normal NAT as seen with home internet routers provides zero privacy, because you still have a predictable public IP.
People also think that IPv4+NAT provides security, but IPv4 is such a tiny address space that all public IPs are scanned daily by various malicious bots. Meanwhile IPv6 is so enormous that unless you register your address in some public way, you're completely invisible to port-scanning bots by default!
I have a friend who works in the networking division of a telco in my country, their team had to spend significant time and effort educating a PM who was dead-to-rights convinced that IPv6 was “less secure” and seemed to think that IPv6 didn’t have subnets and that NAT’s were the same as firewalls and refused to be convinced otherwise.
People like that make any forward progress extremely difficult.
"A always comes with B, hence A is required to provide B" is obviously, trivially wrong, but a truly incredible number of people will dig their heels in and refuse to admit that "B can be provided in other ways".
In this case where things went wrong was that: "Before A the availability B was rare, and A requires B, and hence B become commonplace only because of A."
You can see how the association can be accidentally upgraded to an "if and only if" instead of merely "if".