> Shall I expect a response, or is what Richard and I have posted > enough to convince you that there are indeed some security benefits in > using site-local address when designing a security perimeter in a > private network?
I don't think you've made a convincing case for this. I generally agree that an SL address that somehow appears in a network remote from the site in which it was used is not likely to be able to make it back to that site via the network's normal routing mechanisms. Some sort of tunnel is likely to be necessary. On the other hand there are far more opportunities to filter an address that does have a global prefix (you're not limited to filtering them at the border of the "site"), or to detect the use of such addresses on networks where they are supposed to be filtered, or to log such addresses for traffic analysis. I also don't think you've made a convincing case that a single, non-permeable security perimeter is a very useful feature of an addressing architecture. I do think you've made a case for using SLs in isolated networks, or nearly isolated networks where the only interactions between those networks and other networks are via special-purpose applications. As I said earlier I don't have a problem with using SLs in that corner case. I do have a problem with promoting SLs as a security mechanism for use in general-purpose network where off-the-shelf apps are exposed to a mixture of SLs and globals. Keith -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
