> Devices that are meant to be local-use only can use local scope > addresses.
the whole concept of a local-use-only device is somewhat odd. how can the device manufacturer make assumptions about his customers' network topology? or about the placement of security threats relative to that topology? > In addition, to get to an IPv6 node such as a water meter, > you need to get the address right -- the whole 128 bits of it. If a > device uses the "privacy addresses" of IPv6, then the low level 64 bits > are essentially random. Getting to the device by some form of net-scan > can prove to be very long, will plenty of opportunity for the network > police to detect the attack. the nice thing about "privacy addresses" is that they can be used when appropriate for a device or application, and avoided when they're not appropriate. ideally this should happen on a per-application basis. Keith
