Margaret, > Margaret Wasserman wrote: > Private addressing does not provide any time of security > that cannot be obtained (and more easily, in most cases) > by appropriate configuration of firewalls or filters on > routers.
Mmmm. Maybe you can share how you access from the outside a system that has a site-local only address, without installing IPv6 NAT or some other proxy mechanism, when the edge device that you have compromised boots from flash that happens to physically write-protected? You can't put much code in the NVRAM that holds the config, given that you actually found how to execute code from there. There are lots of things that can provide security. Among them: paint. There are places where if you insert a red disk canister into a green computer, you get jailed and you could get shot. We had this discussion before, do we need to have it again? Although private addresses alone don't do much for security, there actually are _some_ situations where incorporating local addresses brings one more layer of things that needs to be hacked, which is good for security. What you are telling me is that there is no need to color-code disks in an underground secure facility where you need to clear three different layers of doors with traps and armored guards that strip search. What I'm telling you is that when one actually runs such a facility, one actually paints certain things in certain colors, even though one knows that the fact that the disk is red will not deter the determined spy to put it in a green computer. But it will deter most of the staff that wants to email the word file home to work there. > Are these planes currently implemented using IPv4 RFC > 1918 addresses? None that I have seen myself. Proprietary protocols, and it costs a lot. There are some cost reasons to move some systems to stuff that could be built with off-the-shelf items. Michel. -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
