Most of modern science started in western europe. Weather in western europe is dependent mostly on the temperature of the atlantic ocean. At the summer solstice, warmup of the ocean is at its quickest, but the temperature is still rising. It will continue to rise up until august or so. Therefore august is the hottest month in western europe and therefore seasons are defined as they are.

Somehow those late medieval scientists didn't care much about other regions of the world. Sue them.

Any competent CA uses an HSM. I can even imagine using an HSM is a requirement for inclusion into the default CA bundle in webbrowsers.

An HSM is a Hardware Signing Module. It's a piece of hardware (supported by OpenSSL, by the way) which holds the secret keys. Secret keys cannot possibly be copied out of the HSM, except for backup purposes. But the backups are encrypted within the HSM itself, so the backed up keys can't be used for signing.

Diginotar, as most CA's I know of, uses multiple secret keys. One key is used for automated signing, typically used with Domain Validated certificates (blue address bar in your browser). For this key, a passphrase is kept somewhere available for the automated process, which of course is unsafe. Another key is used for higher security certificates. This is why not all certificates issued by diginotar are untrusted now. The certificates used by the Dutch governement for example, are signed with another key than the compromised key used for *.google.com.

So, nobody got hold of the private key -- it's safely in the HSM. Not all of Diginotar is untrusted, just the key used for signing *.google.com. Removing Diginotar entirely from browsers is a bit of an overreaction. It also causes distrust of certificates not signed by the key used for *.google.com. This includes the central Dutch identity service, DigiD. DigiD is used for authenticated the inhabitants of the Netherlands to websites operated by the governement, so removing the entirety of Diginotar from browsers has a very large and unintended side effect.

At some point, connection quality on IPv4 will be worse than connection quality on IPv6 for a significant amount of people. Their CGNAT may be overloaded. They may run applications which don't work correctly behind CGNAT.

When this point is reached, dual stacked hosting will be an advantage over IPv4-only hosting. Search engines may start to weigh in IPv6-reachablilty of sites. When this happens, you'll want to be with a hoster which supports IPv6 already.

I don't think the first push to IPv6 will be on the web. I think I'll be on peer to peer protocols and gaming. People soon will start to notice that carrier grade nat will work mostly fine to connect to webservers. However, they'll also notice their VoIP will suck. The connection to the game server will lag on IPv4 via NAT.

To webservers, they'll notice they can't post to any popular bulletin boards. The external CGNAT IP is likely to be banned from posting due to some other customer on the same CGNAT posting abusive messages. They may not be able to submit their mail to their favorite SMTP server because of a DNSBL.

So, they'll want IPv6 to avoid the GCNAT. IPv6 to them will be the superior solution to connect to specific services on the internet. So, I think this will start the snowball effect. When more and more users are demanding IPv6 servers due to the limited CGNAT they're behind, more and more server operators will think the transition to IPv6 will be worthwhile.

So yes, we'll be on dual stack for a while. But the IPv6 internet will soon be superior due to CGNAT being cumbersome to the end user.

Yes, port 587. This is the port authenticated clients can connect to (eg not spammers). So, run your mailserver externally with port 25 incoming and outgoing unblocked. From behind a line with port 25 outgoing blocked, you connect to this server using port 587 and smtp auth. Problem solved.

The OP can also solve his problem easily and cheaply by using comcast's outgoing smtp servers as smarthost.

I am in the business and I'm investing in IPv6-capable hardware, converting websites to support IPv6 (for instance when storing remote IPs from visitors), etc. All these things cost real money for no real immediate gain. We're going to use it as a marketing instrument to try and gain an advantage over competitors and when the real IPv4-crunch is there, we'll be ready.

I'm not trying to make money off you. And that's exactly what's the difficulty charging for IPs: who's getting the money? And what are they going to do with it?

Either way, 2011-2012 is going to be a very interesting couple of years.

The sollution is to put a price on IPv4 blocks. And make them increasingly expensive. Currenty there's NO economic insentive to upgrade to IPv6 because IPv4 is free and IPv6 for all practical purposes costs money (because of investments in routers, training, time to set up, etc).

Demanding IPv4 address space is free has been the biggest mistake in the transition to IPv6. Now it only can be fixed by a very rapid rise in price which is undesireable.