>> i believe we have some clues on application consideration to scoped
>> addresses.
>
>I don't get the sense that we have consensus on this, because some
>people seem to think that scoped addresses are appropriate for use by
>general-purpose apps.
>
>for instance, there's really no way that an application can effectively use
>a scoped address in a referral to another host, since the app has no idea
>whether the host that uses the referral has access to the same scope as
>the party providing the referral. name-to-address mapping is only one
>instance of this problem.
agreed. you can't pass around scoped address across nodes (in general)
as the view of the scope differs between nodes. i have clearer idea
on link-locals, but i have almost no solutions against site-locals.
there are security issues associated with it (attacking other company's
inside machine using routing header w/ site-local address, and such...).
scoped address complicates address in referral. to give a concrete
example, to support ftp session using scoped address, KAME ftpd
behaves like below to deal with "EPRT" command:
- control connection is using TCP over link-local address,
between fe80::2 (ftpd) and fe80::1 (client). ftpd is seeing
some scope identification in sockaddr_in6 returned from getpeername/
getsockname.
- ftpd receives an EPRT command, like "EPRT |2|fe80::1|9999|" from the
client (note that there's no scope identification in the FTP command
stream)
- ftpd fills sockaddr_in6 with fe80::1
- ftpd copies sin6_scope_id from the sockaddr_in6 for control
connection, ASSUMING that the address specified by EPRT is in the
same scope as the control connection. these days the assumption
holds as EPRT to thirdparty address is disallowed, however, it is not
really a sane assumption to make.
- ftpd makes data connection to fe80::1%<scope identification>,
which (hopefully) reaches the client.
itojun
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
