Dear Tony,   
      
   27 Jan 19 20:11, you wrote to me:   
      
    VS>> It was not intended as a security mechanism initially, but over   
    VS>> time, it became one, and is required by many security guidelines.   
    VS>> Ask some computer security specialist you trust, if you don't   
    VS>> believe me.   
      
    TL> Well, having compared notes, I am wary of anyone who calls themselves   
    TL> a "specialist" without personal knowledge and trust of the person. :)   
    TL> I've certainly heard a lot of dodgy stories about so-called   
    TL> "specialists" in networking from a very trusted source over the years.   
      
   Not all IT security specialists are competent, that is true and can be said   
   about any specialists. But the requirement of using private IP address space   
   has made it into too many security guidelines. A Mr. Mordac can be competent   
   or incompetent, but he has checklists to follow.   
      
    VS>> Of course it does more! No packet filter *hides* *src*   
    VS>> *addresses* of your internal hosts, and that is exactly what   
    VS>> security people love NAT for.   
      
    TL> True, but IPv6 has mechanisms for source IP privacy without NAT.   
      
   Unfortunately, those mechanisms don't provide privacy of your /64 nets, i.e.   
   the nets still remain mappable.   
      
   [dd]   
      
      
   Victor Sudakov, VAS4-RIPE, VAS47-RIPN   
   --- GoldED+/BSD 1.1.5-b20160322-b20160322   
    * Origin: Ulthar (2:5005/49)