> Keith, you don't get my point. The requirement for site-local is because > someone or something can mess up packet filtering. It is in *addition* > of the packet filtering. In an airplane, one level of security does not > take off.
that's bogus. filtering SLs has exactly the same vulnerabilities as filtering globals or any other pattern of bits. some routers will have to filter SLs, others will have to pass them, so there is always the potential that this bit of configuration can be corrupted. you can put as many levels to filter globals based on prefix as you put to filter SLs, and at the same cost. actually this particular use of SL wouldn't bother me at all as long as you don't impose SLs on passengers or an external network - because almost none of this is going to use off-the-shelf hardware or software but it's also true that SLs don't give you additional security. nor do they make your job any easier. Keith -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
