> > => I guess you would give the same answer
> > for link-locals and many other cases.
>
> link-locals are there for autoconfiguration, not security.
=> You said that if you want forward site-locals beyond
a site then create a tunnel and I said:
I guess you would give the same answer
> > for link-locals and many other cases.
I didn't say anything about site-locals and security
and I didn't ask what link-locals are for. I said
that you can create a tunnel to take link-locals
beyond a link, so the problem is not specific to
site-locals.
>
> > So, if you have a tunnel, secure it.
>
> answer is non-responsive. we were discussing unauthorized
> router modifications.
=> It's responding to the comment that site-locals
can be forwarded beyond the site if a tunnel is created.
>
> site locals do not result in a meaningful improvement in
> security to a
> site of nontrivial size -- any node with a global address may
> unilaterally "choose" to extend the site...
=> I was not debating this point. But I agree that if a node
inside the side wishes to extend it, it can do that.
It can also do that if it tunnels IP packets in HTTP.
So this is a different scenario (having a
"malicious" node inside the site).
Hesham
>
> - Bill
>
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
