> Some of the uses for SL would be better served by PI addresses, but not > all. > > Take the case of a 20,000 node network where half are allowed global > access and half are not.
yes, let's take that case. but give them all global addresses. assign one bit in the site's portion of the address which means "allowed global access" half of those nodes get globals with that bit set, the other half globals with that bit clear. put that bit anywhere in the site's portion of the address that makes it easy to filter the non-allowed traffic. now apps have a global address space to work with. they don't have to know about network topology. they don't have to keep track of scopes. they don't have to try to facilitate operation between sites. the way the app determines whether it is permitted to send traffic between A and B is to try to send that traffic. this works no matter where the decision to try to get A and B to talk to each other is made. if the network is set up right, an attempts by a host to talk to a host which it's not authorized to talk to results in an ICMP destination unreachable - administratively prohibited response. another nice thing is that there are no wired-in restrictions on where the security boundaries are, how many policies there are, etc. you can extend this kind of policy enforcement to work between multiple sites if you want to work it out with them. you can punch holes in it if you need to, so that under certain conditions certain nodes are permitted to communicate even though one of them has that bit set. perhaps most importantly - it doesn't try to use a single bit to communicate complex and unworkable security policies to apps. Keith -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
