Pekka, I'm trying to understand this comment.
> > >.. thus making the argument about the ease of use pretty > much irrelevant > > >IMO .. > > > > Exactly. > > > > It makes any argument that site-local filters are more "secure" > > than global filters pretty much irrelevant, too... > > > > If you can compromise the edge router and change its > configuration, > > you can get either intra-site global or site-local traffic to be > > forwarded outside of the site. > > Totally agree; but I'd also add a simpler case: someone forgot to > explicitly configure (or like I did, when reading the spec > -- assumed that > it should get done automatically) the site scope in the > edge router(s). > Whoops! > > Watching the amount of spoofed traffic nowadays, most of > which could be > prevented by proper filtering, doesn't give me any reassuration that > people would actually do this too.. and then wonder why > their private > site-local address space has been compromised.. => Are you saying that site-local traffic would start leaking outside the site and routed globally? As in transient ISPs will just forward it? Hesham -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
