Login
You're viewing the mstdn.social public feed.
  • Emelia/Emibecomethewaifu@tech.lgbt
    Jul 3, 2026, 1:36 AM

    @mjg59 My favorite idea is a variant of chrome's device-bound credentials, but also binding the individual cookies to the IP or prefix they were issued to (/64 in the case of v6) such that you must refresh the cookie (thus hitting the asymmetric crypto) when you change networks.

    About the only thing that would break that is certain types of CGNAT or NAT64 AFAIK (ones where pool IPs aren't "sticky" for any given client, so a client can get different v4 addresses for every connection)

    💬 1🔄 0⭐ 1

Replies

  • 💬 1🔄 0⭐ 0
  • Emelia/Emibecomethewaifu@tech.lgbt
    Jul 4, 2026, 2:16 AM

    @0x2ba22e11 @mjg59 I'm not aware of any v6 CGNAT (that would be insane on multiple levels), but v4 CGNAT and ISP-provided NAT64 are "pretty much equivalent" from an IPv4 pool perspective AFAIK. Two NAT64 connections from the same IPv6 host could end up going out of different "pool4" IPs.

    (This being stateful NAT64 that operates like v4's "masquerade" NAT, rather than stateless 464xlat)

    💬 1🔄 0⭐ 0
  • Jul 4, 2026, 2:18 AM

    @becomethewaifu @mjg59 yeah I was just asking because I like to daydream about the possibility of a world in which we primarily use IPv4 and things like CGNAT become rarely used.
    But I felt the need to check that there wasn't some arcane reason why someone would do CGNAT to IPv6 traffic.

    💬 0🔄 0⭐ 0