One advantage of having scoped addresses defined in the IPv6 architecture from the start is that applications can know not to pass them outside of their scope. If we instead suggest that people firewall/filter off random portions of the global address space, then apps will blindly pass those addresses around in the data stream, mistakenly thinking that they are real global addresses. Only having dedicated scoped address space allows apps to do the right thing.
I don't agree...
When one sections off a portion of the global address space and an application can't reach it, that is the intended behaviour. The application has an unambiguous address, but it just can't reach the addressed node. This will be a frequent occurence (due to firewalls, network outages, etc.) and applications will have to deal with it appropriately (error message to the user, or whatever). I'm not actually against the idea of private networks, and I agree that they are necessary for security. I just think that they should use global addresses, not site-local addresses. Site-local addresses create _overlapping_ private address spaces. When SLs are sent outside of a site, they become ambiguous (or just plain wrong). So, it is not possible to know which host a corresponds to a particular site-local address unless you also know which site the address applies to. This creates a set of problems that I think we should avoid by not using site-local on globally-connected networks. Margaret -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
