[tsimionescu]

First of all, this wasn't about a service on the internet, but a P2P network. I want to download and upload data over BitTorrent, or to have conversations over TeamSpeak, but that doesn't mean I want to manage my PC like a public server.

Having a public server on the path, which is what hole-punching does, helps with this, especially in the area of DDoS, since attackers first have to fool the hole-punch server before attacking any specific peer directly.

[growse]

If one peer is only allowed to talk to another peer via a centralised "hole-punching" server, it isn't p2p.

There's nothing wrong with that topology, but the very original point was about how sometimes you want p2p and IPv6 helps enormously with this. If you think p2p topologies in general are "insecure" because the peers need to be directly reachable on the internet, then that's a different argument.

[tsimionescu]

If the vast majority of traffic flows directly between peers, with only an initial handshake requiring an external server, the system is somewhere between P2P and Client/Server. Depending on your goals this may be perfectly ok (e.g. if you want P2P connectivity for routing efficiency and throughput) or completely defeat the purpose (e.g. if you want P2P connectivity for censorship resistance).