> The issue is not the capability of the devices to support global > addressing, but the desire of the network designer to configure a set of > devices that specifically don't have access to the public address space.
the device designer has absolutely no business assuming that "site-local" threats are different than "global" ones. otoh, if the network designer wants to impose such constraints, packet filtering on global addresses is far more flexible and foolproof. -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
