I agree with Brian - the security issues are not the driving force in local addressing.
The requirements I want are simple: * I want to be able to create prefixes ex-nihilo (from nothing), without involving the user, the internet, or anything other than my router or collection of routers. * I want an acceptable level of uniqueness from these prefixes, so that I can connect (physically or via VPN) on such network to another without worrying about address collision. * I want "internal" applications to be able to keep communicating with each other regardless of the presense or absence of connections to the global internet or to other clusters of self-configuring routers. The 'filtering' requirement is not driven by security, but by a realisation that any self-created prefix is not going to fit within the aggregable PA architecture of the current internet. Thus, to protect the routing tables we need to filter the self-created space. Given these requirements, even the Hinden / Carpenter draft doesn't completely fulfil them, since it requires manual configuration of the prefix (via an algorithm, but it's still 'manual') and a mechanism to propagate that prefix within the local network. So far the best solution I've seen is to take a /12 prefix (I've been using fef0::/12, but fdf:://12 would work as well), append a MAC or EUI-48 (to /60) and still have four bits left over if you need to subdivide further (eg to generate prefixes for interfaces without an EUI-48 or MAC). The only drawback here is that each router generates a prefix that is only aggregable at the /60 (per-router) level and the /12 (universal) level, but since this is designed for self-contained ad-hoc networks with at the extreme a couple of hundred nodes (and more usually less than 10 or so) routing table bloat is not really an issue. Since each router administers it's own prefixes there is no need for prefix propagation, and the routing protocol takes care of the rest of the packet delivery infrastructure. Incidentally, I've come to realise the 'referral' argument is a minor concern. If you're in a "local networking" world, you only want to do referrals to other nodes in your world. If you're in a "global" world, then you of course do global stuff. The only potential issue is when you're in a overlaid world, but then I'd suggest that it's the job of the person running the application to determine which world the application should prefer. -- Andrew White -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
