I believe often an issue here is that OS/application vendors can just bind
all the local services to nodes' site-local addresses, and make the
security someone else's (ie router vendor, because site locals must not go
out of the site) problem.
Needless to say that sounds pretty much like "NAT protection" today..
Right. With the added "feature" that site-local IPv6 traffic may
transit IPv4 networks (via tunnels) that are not part of the
local site...
There are no security benefits to site-local addressing that can't be
better realized by appropriate filtering rules in routers.
Margaret
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
