> Some people want the "security" that site-local brings. For a > different approach that's about as easy but more flexible -- and > without the architectural complexities of site-local -- see > http://www.research.att.com/~smb/papers/draft-bellovin-ipv6-accessprefix-00.txt > (I've submitted it to internet-drafts, but they've got a backlog to > clear.)
This is much better than hardcoding a security policy about fec0::/10. If this allows us to completely get rid of site locals (or at least restrict them to disconnected sites) I think it is a good idea. One comment that hasn't be raised is that you want the option to carry its own lifetime - there isn't a lifetime associated with the whole RA packet but only the default router lifetime (in the RA header) and explicit lifetime(s) in the prefix option. Erik -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
