Hi Hesham,
=> I hereby declare to the ML that I completely
agree that link-locals and site-locals are different :)
:-)
Sorry if my note seemed condescending or something... I
didn't mean it that way.
The point was: using tunnelling to evade scope boundaries.
This can be done in a zillion ways for different addresses,
if we're not careful how the tunnel is setup or if a malicious
node is inside the site and can fool the firewall (if one exists).
I completely agree...
The current discussion is (I think) attempting to compare the
security implications of two ways of addressing a private
network:
- Using site-local addresses that are filtered at
an SBR due to site configuration.
- Using global addresses that are filtered at the
border of the private address space using
routing filters.
In neither case would the addresses being used on the private
network appear in global routing tables.
I still don't really understand why these cases are substantially
different in terms of security... Not that I'm claiming to be
a security expert or anything, but I would like to understand
what the difference are, if any.
Margaret
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
