On Fri, Jul 1, 2011 at 5:35 PM, <jan@uos.de> wrote:
On Fri, Jul 01, 2011 at 11:06:56AM -0400, Gavin Andresen wrote:
> > Not sure about OS differentiation, seems...wrong?  Maybe disabled by
> > default on bitcoind but on by default on bitcoin?
>
> OK.  I mis-remembered the poll:
>    http://forum.bitcoin.org/index.php?topic=4392.0
>
> On by default                        8 (20%)
> Off by default                               22 (55%)
> On by default in the GUI, off by default in bitcoind   10 (25%)

I just voted as well and now - with some extra votes in the meantime -
it's 9 / 22 / 13. So exactly 50/50 between off (22) and some form of on
(9 + 13).

I'm in favor of turning it on by default in the GUI and leaving it off
in bitcoind.

I don't like UPnP much, I find it exemplifies exactly what is wrong with
computer security today: Convenience trumps security almost every time.

BUT: I don't think this is the moment to fight UPnP. It's the standard
mechanism in use today to let a computer behind a NAT accept incoming
connections. The user has already made the decision in regards to
convenience over security. By enabling UPnP (or by buying a product that
does this automatically) they are saying: I want it to "just work"
instead of having fine-grained but more complicated control.

Bitcoin is a P2P application and as such should use this
mechanism. I think it's pretty clear that participating in a P2P network
requires one to receive messages from other peers. At least no one seems
to be concerned that Bitcoin (by default!) listens on port 8333. So I
think it's only logical to extend that to work behind NATs as well

If bitcoin listened on IPv6 that might help for alot of people. Windows 7 users get a teredo IPv6 address (unless they disable it) when behind NAT on IPv4. Take any win7 box and put it on a typical NAT /DSL setup this is what happens. I think this might actually work for more users than have UPNP support on their DSL gateways. teredo IPs aren't that stable though (they change frequently) and they might tend to flood the address cache with stale addresses.

Rob