> It seems to me that if consumer routers are configured to refuse to forward inbound IPv6 packets to machines on the LAN, we would be in almost exactly the same situation vis a vis home service hosting as we are with IPv4 addresses, NATs, and automated port forwarding protocols. Frankly, this would be a giant step backwards from IPv6 as she is envisioned.
I don't think it is such a giant step back. Devices still get to have addresses in a way that makes sense. Routing still gets to make sense. If two people in the same house want to play a peer-to-peer multiplayer game with a third person not in the same house, under IPv6+automated-firewall-exceptioning they can, whereas under IPv4+automated-port-forwarding they can't.
It's kind of dumb that we need automated port forwarding at all - opening a port should already be a deliberate indication from an application that it wants to accept external connections. If you want to listen only for connections from the same machine, bind to 127.0.0.1 - an equivalent for which will still exist under IPv6. If you want to listen only for connections from the same LAN, think again about what you really want - when the user goes to college, do they really want to be accepting connections from 400 students with poor security practices? If you can stand that, you have nothing to fear from the open internet.
But in the meantime we have the software we have rather than the software we want to have; for home routers, blocking traffic and requiring uPnP or the like is a reasonable default. Even if we do that, IPv6 is still worth it.
I don't think it is such a giant step back. Devices still get to have addresses in a way that makes sense. Routing still gets to make sense. If two people in the same house want to play a peer-to-peer multiplayer game with a third person not in the same house, under IPv6+automated-firewall-exceptioning they can, whereas under IPv4+automated-port-forwarding they can't.
It's kind of dumb that we need automated port forwarding at all - opening a port should already be a deliberate indication from an application that it wants to accept external connections. If you want to listen only for connections from the same machine, bind to 127.0.0.1 - an equivalent for which will still exist under IPv6. If you want to listen only for connections from the same LAN, think again about what you really want - when the user goes to college, do they really want to be accepting connections from 400 students with poor security practices? If you can stand that, you have nothing to fear from the open internet.
But in the meantime we have the software we have rather than the software we want to have; for home routers, blocking traffic and requiring uPnP or the like is a reasonable default. Even if we do that, IPv6 is still worth it.