Hi,
I was at the meeting in SF, and I was one of the minority that voted
to not deprecate site-local addresses.
Well, if I am allowed to, I am now changing my vote to:
"YES -- Deprecate site-local unicast addressing".
Perhaps folks might be interested to know why I originally voted
NO, and why I am now changing my vote. If not, you can stop
reading now. :-)
Many people who have been voting NO have been including the list
of possible reasons that Bob and Margaret put in the message:
> Possible reasons include:
>
> - Site-locals should be retained for disconnected sites.
> - Site-locals should be retained for intermittently
> connected sites.
> - Site-locals should be retained for their access control
> benefits.
> - Site-locals should be retained as a means for internal
> connections to survive global prefix renumbering.
...
Aside from the access control benefits, these are some of reasons
why I originally voted NO. These are important issues, and they
should be addressed. I don't want to see them ignored. I voted
NO not so much that I felt that Site-locals were the solution to
all these problems, but that I felt that Site-locals helped to keep
a spotlight on these issues. My fear was that if we deprecated
Site-locals, then people would decide that we don't need to worry
about these issues any more. Deprecating site-locals doesn't get
rid of these issues, it just removes one possible solution (and not
necessarily a good solution) to them.
So, there are issues and problems with Site-locals. (If there weren't
we wouldn't even be having this discussion!) After seeing all the
discussion on the list for the past week, I've come to the conclusion
that rather than Site-locals keeping a spotlight on these issues so
that they will get solved, they have become a stumbling block that
is delaying those issues from being solved. The spotlight is on
Site-locals themselves, not the issues that need to be solved.
There are other approaches than Site-locals to addressing the above
problems. I have a proposal that I'm working on writing up to directly
address the disconnected/intermittently connected site issue. (And if
you solve that, you probably get the internal connections surviving
global prefix renumbering for free.) But I don't have it written up
to a point where I could distribute it as an internet draft. I've
verbally discussed it with a couple of people, but I have some more
issues that I need to work through to decide for myself whether or
not it is feasible.
So that's what I think we should do. Deprecate Site-Locals as they
are defined today (which isn't much of a definition), and then focus
on solving these problems without the having the burden of being
forced to cram the solution into Site-local addresses.
-David Borman, Wind River Systems
PS: I view claiming Site-Locals for access control benefits on par
with "security through obscurity". If you want access control,
put in real access control.
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
