> Perhaps more importantly, I don't buy the argument that *any* set of > addresses should be considered trustworthy, by default or otherwise. > Addresses are simply not sufficient as an authentication mechanism. > This is not a practice that IETF standards should endorse or encourage.
I certainly agree with your first point: considering a block of addresses trustworthy is silly. What site locals give you is a component of "defense in depth": if an application listen only to a local scope addresses, it will not receive any packet that come directly from the Internet. Like it or not, that is a sizeable risk reduction, even if it is indeed possible to receive packets from a compromised local host, or from a clandestine attachment to the local network. But clearly, that is not sufficient: applications shall indeed check the credentials of their remote users, not just the addresses. -- Christian Huitema -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
