In your previous mail you wrote: However, I'm concerned about the "applied allover" part. Specifically - while I'm very much fond of the AAA solutions - I'm concerned whether we can expect all parts of the Internet to have an infrastructure that really can figure out the home addresses. What if there's a coin-operated (or Visa-) airport WLAN?
=> this is a problem of trust in the local/visited domain *and* in the remote/home domain. In your example if I understand the issue is the lack of trust in the local/visited domain, so one may reject traffic with home address options from it. Finally, I seem to remember there was a discussion a long time ago whether we could somehow provide automatic, mandatory, ingress filtering in IPv6. => my concern is that the "mandatory" term in a RFC is not enough to enforce it in the real world. Currently, we are headed towards the same situation as in IPv4 where ingress filtering is only partially applied, and we keep coming up with "patch" solutions such as I-trace to help the situation. => ingress filtering has more problems with IPv4, mainly because it was not considered from the beginning. But it is already a BCP and it seems that most ISPs use it (feedback from ISPs please). Interestingly, these solutions typically need changes to a large fraction of the routers in the Internet which we already are doing anyway to move to IPv6... => we can expect to avoid the same errors with IPv6. Unfortunately ingress filtering (like network management) is something where IPv6 is not yet at the same level than for IPv4 today. We hope this situation will be improved very fast. Regards [EMAIL PROTECTED] -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
