Date: Mon, 19 Aug 2002 20:18:29 +0900
From: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
| even if you don't advertise your address to public via DNS,
| people will try to connect (people can portscan, ping6 ff02::1,
| whatever).
I'm not sure what this has to do with anything. You're not suggesting
that not using deprecated addresses is a security issue, are you?
For the ff02::1 case there's no problem anyway - when (if) you reply to
that, you'd use a preferred (non-deprecated) address. There there's no
existing communications reason not to do so.
I'm having trouble fathoming how portscan is possibly related.
In general, we want connections to work, we're not looking for reasons
to prevent them. The only reason that we don't send from deprecated
addresses all the time (the only reason "deprecated" exists at all) is
that we're looking for a graceful way to retire an old address.
We can retire it (eventually) from foreign uses, bu aging it out of the
DNS. That part is easy. But we have to keep the address valid while
that is happening, so it can be used until it does eventually vanish.
But if we just keep it valid, then there's nothing to prevent our local
node (which does not look up the DNS before deciding what local address
to use) from using the address that we're trying to make go away. So,
we mark it as special - don't use this one if it makes no difference
which address is used, use that one instead.
But once again, the aim behind all of this is to keep things working as
much as possible during the transition, not to find more ways to prevent
communications.
| i don't agree with Pekka's take.
I do agree. And as I recall, it was the reasoning that was also used, and
adopted, years ago.
kre
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
