> I certainly agree with your first point: considering a block of addresses > trustworthy is silly. What site locals give you is a component of "defense > in depth": if an application listen only to a local scope addresses, it will > not receive any packet that come directly from the Internet. Like it or not, > that is a sizeable risk reduction, even if it is indeed possible to receive > packets from a compromised local host, or from a clandestine attachment to > the local network. But clearly, that is not sufficient: applications shall > indeed check the credentials of their remote users, not just the addresses.
The actual benefit of this is a function of what messages folks deliver to users and application writers. If folks say that site-locals provide a security benefit the users and app writers might be less careful, potentially removing any benefit. Thus I would argue that one should get users and programmers to *think* about site-locals as globals from a security perspective. I think that would be hard. Erik -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
