In your previous mail you wrote:
as long as the applications are properly implemented with sockaddrs,
they are okay. the problem reside in protocols that pass IPv6
addresses in payloads (since view of the scope is different by nodes),
including:
- FTP (EPSV/EPRT does not help - for instance, how do you decide
the scope zone for data connection?)
- DNS (AAAA/PTR does not represent scope correctly)
=> add IKE in this list (with an additional security issue too).
- and all NAT-unfriendly protocols
=> as I proved in a not-yet published draft, for some protocols to be
NAT-friendly introduce a nasty vulnerability...
I'm okay to see site-local IPv6 address to go away, however, I'm
worried because there are more than a couple of protocols designed with
site-local IPv6 address in mind (DHCPv6, router renumbering, ...).
=> this is a design error and the last meeting discussion about where are
the site boundaries for a dialup connection showed where is the problem.
we need to keep link-local IPv6 address at least for ND. use of
link-locals within zeroconf environment needs further study.
=> I am not against scoped addresses in zeroconf environment where they
use only one zone, i.e. link-locals with only one link, or site-locals
with only one (disconnected) site...
Thanks
[EMAIL PROTECTED]
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
