> I believe often an issue here is that OS/application vendors can just bind > all the local services to nodes' site-local addresses, and make the > security someone else's (ie router vendor, because site locals must not go > out of the site) problem.
IMHO this is a really good reason for deprecating SLs entirely. if nothing else, we should make it very clear that it is not acceptable for developers/vendors to assume that the threats from the local network are less, or significantly different, than the threats presented by the global Internet. Keith -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
