Now you're moving the goalposts, though. Saying that the network shouldn't play a role in security is totally different than saying that it currently plays none.

I find it really hard to understand this obsession with pining for a world where security doesn't need to exist. It does, and it always will. Design around that, it's not hard.

> pining for a world where security doesn't need to exist

Nobody is doing that. We're "pining" for a world where our devices can have direct phone numbers instead of having to share a party line. Unfortunately, some people keep insisting that requiring households, businesses, or larger groups of people (i.e. CGNAT) to share a single phone number keeps everyone safer because it keeps most people from being able to receive incoming calls.

See my other post[1] for the technical reasons NAT doesn't actually provide security. TL;DR - this is a problem of definitions and a common misunderstanding about how NAT/routing works.

In the telephone analogy, I'm trying to say that you phone lines sh0uld have their own individual telephone numbers, because you might need them some day. Not having the ability to receive incoming calls will eventually limit you in important ways. "But incoming calls can be dangerous! Why are you trying to making us less secure?" We're not increase your options, which doesn't affect your security. Since incoming calls are dangerous, just disable your ringer or use a firewall that simply blocs all incoming calls.

[1] https://news.ycombinator.com/item?id=20181274

> See my other post[1] for the technical reasons NAT doesn't actually provide security.

You're just as wrong now as you were then, see my up-thread post to correct your misunderstanding about security.

Edit: either direct addressing isn't possible with NAT, which provides security benefits, or it is possible, which means your complaint is mis-placed. It cannot simultaneously prevent direct addressing and provide literally no security benefit.