On Nov 13, 2014, at 12:58 AM, Michael Richardson <[email protected]> wrote: > 4) you can't just fill the zone with all the names -- it won't be secure. > (4A - things that don't want global reachability, perhaps, shouldn't > have globally reachable addresses)
There is a privacy issue here. And if a global prefix is advertised, present state of the art is that all devices on the wire will wind up with an address on that prefix. However, attacking those devices from outside requires guessing their address, unless it's conveniently published in a DNS zone. I think there's room for addressing both of these issues, but you shouldn't just dismiss them. I agree with your other points. _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
