>> While of course nothing is perfect, I think the number of cases >> where you want the routability of IP but have nothing on the local >> broadcast domain that can proxy is small enough that the cost of >> writing them off outweighs the cost of dealing with the issues that >> using IP raises. > Proxies raise their own set of issues.
True enough. But I also believe that for IP access control, you will never find a one-size-fits-all solution, and I would very much prefer to have that access control decision in a regular userland program on a presumably stable machine, rather than in a deliberately-cut-back protocol stack in a severely restricted environment on an inherently unstable machine (any machine where kernel debugging is in progress can, I think, be considered inherently unstable). Of course, the converse is true; an Ethernet-layer protocol will not fit all situations either - for example, the network uplink may not be Ethernet at all, maybe not even vaguely Ethernettish - but that's where judgement comes in. While I wouldn't say I'm unshakeable in the opinion, I currently believe that the closest thing to a general-purpose solution to this problem is Ethernet-layer. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mo...@rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
