It would be slightly less evil without NAT. You'd still need the three-party handshake but it would always work. You'd no longer have the symmetric NAT craziness.
You could also dispense with the need for frequent keepalives, a boon to mobile battery life.
Getting rid of NAT is step one. Step two is deperimeterization: getting rid of in-line firewalls. Step two is going to have to wait on OSes having better service encapsulation and app isolation models and for programmers to remove their heads from their behinds and stop writing code that is vulnerable to stack-smashing and buffer overflow attacks.
The last part will be tough. How much longer will the Sun be a main-sequence star? :)
A sends packet to B, which gets dropped by B's stateful firewall.
B sends packet to A, which gets interpreted as response and accepted.
A sends packet to B, which gets interpreted as response and accepted.
The third party is only necessary for telling B about the outgoing port chosen by A's NAT. With IPv6 where there's a stateful firewall but no NAT, a direct connection on a well-known port is possible.
Although in practice, you still need some third party to exchange each other's IP addresses.
You could also dispense with the need for frequent keepalives, a boon to mobile battery life.
Getting rid of NAT is step one. Step two is deperimeterization: getting rid of in-line firewalls. Step two is going to have to wait on OSes having better service encapsulation and app isolation models and for programmers to remove their heads from their behinds and stop writing code that is vulnerable to stack-smashing and buffer overflow attacks.
The last part will be tough. How much longer will the Sun be a main-sequence star? :)