BGP is not the point. Consider e.g.: [attacker] --- [internet] ---- [ISP] --- [customer w/ site locals] Now the attacker can send packets with a fec0::/10 source address to the customer -- no one will block them unless they're explicitly configured as site borders -- before the customer itself. And if the customer does not block them, we're in for very serious trouble.
Far be it from me to argue the other side in this debate, but... I agree that the packet with a site-local source would get through to the customer's site. But, what serious trouble would this cause? This would only cause trouble, I guess, if the customer's system attributes some special security status to packets that appear to come _from_ a site-local address, which would be quite inadvisable. Margaret -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
