I'm sorry to come up with a substantive comment late in the day, since I very much like this document. This isn't a showstopper, but I though it was worth mentioning:
12.0 Security Considerations
Local IPv6 addresses do not provide any inherent security to the nodes that use them. They may be used with filters at site boundaries to keep Local IPv6 traffic inside of the site, but this is no more or less secure than filtering any other type of global IPv6 unicast addresses.
This is true, but it undersells the proposal, given the current state of enterprise security models. Can we add:
From a security viewpoint, such filtering is exactly equivalent to the filtering of ambiguous IPv4 addresses [RFC1918] at a site boundary. Hosts whose local addresses are filtered are invisible from outside the site. If such a host needs, and is authorized to have, external access, it must do so using an additional, globally routeable, IPv6 address.
Brian
-------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
