> Your "so much faith" and "so little faith" are exaggerating my position. > But I do think that site-local addresses will offer better security in > practice than filtering a global prefix. Why is that? > > First, the security of the site-local addresses rests on proper > configuration of the site boundaries. I think this is easier to get > right and maintain than filters of a global prefix. It's simpler > conceptually. For example when a site renumbers, any filters of the > changing global prefix would have to be updated.
when a site renumbers the routers are going to have to be updated anyway. of course we need a solution for this problem. but having site locals won't change the need to reconfigure routers when renumbering. > Second, there is "defense in depth" of the site-local prefix. Suppose an > administrator does screwup the configuration of a boundary router. In > practice there will be additional site boundaries between an attacker > and the misconfigured router. the same kind of defense in depth is possible (and quite reasonable) with prefix filtering - and it's more flexible since it doesn't require the same prefix length to be filtered at each router. > I expect transit routers in the internet > backbone would filter site-locals. So the attacker will still not have > access to the site via site-locals. I agree that SLs would not get very far in the public Internet. that doesn't mean that they wouldn't leak at all, but attacks using SLs would probably have to be mounted from "near" the site being attacked. Keith -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
