That's never going to happen b/c there is too much legacy infrastructure and the benefit is marginal.
All current home routers are configured to do NAT, so you're not going to be able to have a Skype 2.0 be P2P b/c then you'd need to explain to millions of people how to reconfigure their routers.
Also P2P opens a whole new can of worms when it comes to security.
> That's never going to happen b/c there is too much legacy infrastructure and the benefit is marginal.
It is going to have to happen, or there will be no internet.
> All current home routers are configured to do NAT, so you're not going to be able to have a Skype 2.0 be P2P b/c then you'd need to explain to millions of people how to reconfigure their routers.
Current home routers will be replaced within a year or two. They do not last that long. Some people are starting to not have dedicated routers, instead renting equipment from the ISPs.
> Also P2P opens a whole new can of worms when it comes to security.
Firewalls have been around for a long time. We'll survive.
You're also assuming that there won't be NAT with IPv6; I don't know that that is a safe assumption.
"Current home routers will be replaced within a year or two."
Yeah right! My grandma isn't gunna be changing her router. And she'll be pissed if her stuff stopped working.
At then end of the day, if you have the choice between making a NAT friendly product that everyone can use and a non NAT friendly product that has some extra privacy - you'll be choosing the NAT friendly option.
"Firewalls have been around for a long time."
The thing in windows that everyone disables?
NAT is transparent and fool proof. How can you ensure a 3rd party won't be able to connect to your fancy new P2P chat client? Security holes are pervasive in networking code so without NAT and a with a bit of sloppy code, the "bad guys" can at any time connect directly to your computer. Can you imagine the chaos that would happen if there was a zero day bug in a P2P Skype. With NAT 99% of your problems are gone. It's physically impossible to connect to a computer that doesn't have port forwarding.
Unless the US gov't comes in an enforces a switch to IPv6 (like it did with digital TVs and all those subsidized converter boxes) directly connecting to computers isn't going to happen.
NAT doesn't protect you from security problems, it just makes it harder to connect directly to you, requiring an intermediate exchange that is on a accessible server, resulting in more points that can be compromised.
It reduces, rather than increases security, since now the communication can be compromised by a security hole at either end (and NAT doesn't stop the machines behind it from being compromised) or at the exchange intermediating between them (which, most likely, neither party has any control over or detailed knowledge of the security practices in place on.)
And major ISPs are deploying IPv6 now: no mandate required.
"requiring an intermediate exchange that is on a accessible server"
Exactly. So the onus of security is pushed off solely onto the centralized intermediary. In my example it's the Skype servers.
They can very easily firewall and filter all the connections. They can have a much stricter filter then what you have on your computer. (ex: packets have to very strictly conform to a certain standard generated by the client side program)
Centralized servers are also more secure because you don't have any access to the server code and it becomes virtually impossible to look for exploits.
Also if any bug IS found, then patching it is trivial b/c it's at one central point. If worse comes to worst you just shut down the server and now all your clients are safe.
No, the onus of security isn't pushed off on to the intermediary. The communication can still be compromised by compromise of either endpoint. The intermediary is an _additional_ point of failure.
With P2P communications between Ann and Bob, a compromise of Ann's machine or Bob's machine compromises the communication.
With NAT preventing P2P communication between Ann and Bob and requiring them to communicate through intermediary Charlie who is publicly accessible, compromise at Ann's, Bob's, or Charlie's location compromise the channel.
Systems can be compromised without hosting publicly-visible servers, as has been demonstrated in every remote browser-based exploit ever.
So, Charlie's system may be more secure than Ann or Bob's systems, but that doesn't matter because it doesn't _replace_ Ann and Bob's systems, which are still part of the communication channel. More points of vulnerability always means less security, even if the new point of vulnerability is, considered alone, more secure than the most secure existing node.
All current home routers are configured to do NAT, so you're not going to be able to have a Skype 2.0 be P2P b/c then you'd need to explain to millions of people how to reconfigure their routers.
Also P2P opens a whole new can of worms when it comes to security.