[addisonj]

not disagreeing with your point here, or in the follow-ups of the pain of https for "local network" apps... but I really wish that we could get to a place where we could get away from this distinction. Obviously, ipv6 is not that easy or realistic, but that really is, imho, the "right" long term answer.

Having gone down the path of being able to just spin up "local" services that get a publicly routable (but most often firewalled off) ipv6 IPs and then good DNS integration is really neat... but still requires lots of technical chops. I wish that weren't the case

[mort96]

I work with embedded Linux stuff and MCU stuff where we make a significant number of units. Even in an IPv6 world, there's no way each of those would get their own public static IPv6 address with an associated DNS record just for the purpose of being able to spin up a debug web interface. It's explicitly desirable for these devices to not be reachable through the public Internet.

[stavros]

Well then you set your firewall to default-deny. It doesn't make sense to hobble the internet just because NATs are inadvertently a convenient firewall.

[mort96]

And how do I assign the devices globally unique IP addresses? SLAAC is only for local addresses, right?

[stavros]

Wouldn't IPv6 work for that?

[mort96]

I don't know what you mean. I asked what process you would use to assign IPv6 addresses.

[stavros]

Maybe I'm not understanding the use case. Why can't you use DHCPv6 or SLAAC wherever the device is deployed?