Michel, OK lets try to cut to the chase as they say. Clearly in a mission critical environment where lets say people are dead (I mean really dead) because the network screws up. It is wise to reduce the single points of failure. But that should not be done as Keith stated with separate address space and I will add it can be done with global address space. Any packet can prevented from leaving any network or one coming in with absolute certainity. There is no plug into the network. That is what most mission critical systems do. Now to evolve those systems to use data outside which is where they are going IMO. That does not mean we require SLs. What it means is we need par excellence security.
I would rather spend my time working on that par excellence security than using duct tape and band-aids to patch SLs together. But to argue philosophically that the conclusion to these mission critical environments requires a separate address space as a premise is simply a false premise. The only reason 1918 was valid was because: 1. We did not have IP security in the works even as we do now. 2. We were paranoid about v4 address space with 2-to-the-32. And then we got NAT. Lets not do this with Ipv6. /jim /jim [Have you ever seen the rain coming down on a sunny day] > -----Original Message----- > From: Michel Py [mailto:michel@;arneill-py.sacramento.ca.us] > Sent: Monday, October 28, 2002 7:45 PM > To: Keith Moore > Cc: Margaret Wasserman; [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: RE: Limiting the Use of Site-Local > > > >> Michel Py wrote: > >> Let's talk about an airplane's IPv6 internal systems. > There will be a > >> requirement that the rudder's embedded controller reacts to > >> site-local only, just in case a bozo mixes up something. OTOH, the > >> NAV computer does need to talk to the outside word to > extract weather > >> or other in-flight dynamic data and to report to ground. > > > Keith Moore wrote: > > that's what packet filtering is for. > > Keith, you don't get my point. The requirement for site-local > is because someone or something can mess up packet filtering. > It is in *addition* of the packet filtering. In an airplane, > one level of security does not take off. > > Michel. > > > -------------------------------------------------------------------- > IETF IPng Working Group Mailing List > IPng Home Page: http://playground.sun.com/ipng > FTP archive: ftp://playground.sun.com/pub/ipng > Direct all administrative requests to [EMAIL PROTECTED] > -------------------------------------------------------------------- > -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
