>
> Let me add a third motivation - site-local addresses allow for very
> simple security policies or filters. For example the default
> configuration for a file server might be to provide service only to
> site-local clients.
>
The very thing that scares me about site-locals is that, if for some reason
your site perimeter is accidently breached, suddenly a bunch of subnets are
attached to yours and you have no way of easily distinguishing them from
yours.
This characteristic says to me that site-locals weaken security rather than
strengthen it (in the same way that any auto-config weakens security). If
you've got a file server that provides service only to clients with
site-local prefixes, then that means what you've got is a file server that
is happy to provide service to just 'bout every IPv6 host in the entire
internet. Now you have to be damn careful that those hosts don't get access
to your network. Of course you have to anyway, but at least accidental
breaches are easier to detect if you've explicitly said what client address
prefixes can and cannot access your box.
PF
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
