> So to restate - Keith, it sounds like you now agree, that with a > reasonably small amount of additional complexity, apps can function in a > network environment that has both globals & site-locals - subject to > your condition about globals being available for apps that communicate > off-site?
yes. the trick is making that condition stick in practice. I have my doubts. > Certainly - if a node is going to run an application that communicates > off-site then it needs a global address. I mostly agree with the second > part - I would say any general-purpose node in any network which has an > external connection should have a global address. > > However I think we will have limited-function nodes, which run a fixed > set of applications, and if those applications do not need globals then > the node does not need a global address. I'm with you this far. > I think the vendor of one of > these devices should have the freedom to determine the device's "out of > the box" configuration, based on expected usage patterns. Here I strongly disagree. It's simply not reasonable in general for a vendor to make assumptions about the distribution of threats in a customer's network. For the very limited case of home networks, it might be reasonable, but I have stong doubts that either it's reasonable to define a 'home network' or to have 'home network devices' as a special class that for which it's declared okay to be insecure out of the box. Keith -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
