If we are serious about NAT != SL, then we should enforce it. Clearly, we cannot send the protocol police and whack every market driven designer of a NAT, but we can perform "collective enforcement", i.e. design our specification in such a way that misusing site local in a NAT configuration is guaranteed to break every application, and thus that any attempt to deploy an IPv6 NAT using site local will be a deployment nightmare.
Suppose for example that we change our spec to forbid any communication between addresses of different scopes. This can be enforced by senders (refuse to send a packet if dest scope != source scope), routers or firewalls (drop packet if srce and dest scope don't match), and receivers (drop incoming packet if srce and dest scope don't match). You don't need to enforce it in every host and every router to be effective: just enforce in in a significant fraction of the hosts makes sure that any attempt to use the forbidden pattern will be very unreliable. This simple suggestion will in fact prevent using SL in the NAT scenario, as at some point the scenario relies on communication between an SL addressed source (e.g. a client) and a globally addressed destination (e.g. a web site). I think that we should enforce this requirement whether we maintain site local or find a replacement for disconnected sites. -- Christian Huitema -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
