On Thu, 23 Jul 2015 12:50:29 -0700 David Stainton dstainton415@gmail.com wrote:
But we have a gigantic userbase, and playing "consumer router support technician" for all of the ones that ship with broken uPnP/NAT-PMP implementations does not fill me with warm fuzzy feelings.
I think this is a weird analysis. How many of those people even try to be a relay or a bridge? Do we have numbers on that? Does the support team object or are you objecting on their behalf? It just seems too hand wavy for too many years to punt on dealing with NAT properly.
If I understand things correctly the uPnP/NAT-PMP is in fact not the proper way to solve this problem because of the reasons Yawning mentioned. IPFS (interplanetary filesystem) currently solves this problem via some complicated protocol with the selection of a rendezvous server... similar to Tor hidden services. Clearly this is the correct way to solve the NAT problem. Am I wrong about this?
NAT-PMP (aka PCP) is less awful than uPnP is, may actually be ok (as long as you don't try to remove port mappings due to a bug in older miniupnpd), but is primarily an Apple-ism limiting it's usefulness.
OTOH, the far more widely supported/deployed uPnP, on consumer routers at least, should be disabled and treated with extreme suspicion till proven otherwise.
Regards,