> or to put it another way, why do you have so much faith in > filters of SL addresses and so little faith in filters of prefixes?
Your "so much faith" and "so little faith" are exaggerating my position. But I do think that site-local addresses will offer better security in practice than filtering a global prefix. Why is that? First, the security of the site-local addresses rests on proper configuration of the site boundaries. I think this is easier to get right and maintain than filters of a global prefix. It's simpler conceptually. For example when a site renumbers, any filters of the changing global prefix would have to be updated. Any mistakes in this process would not be immediately obvious. Also the configuration of the site boundaries can be handled automatically in some circumstances. For example Microsoft's ICS product (a firewall) automatically puts the interfaces on the inside & outside of the firewall into different sites. Second, there is "defense in depth" of the site-local prefix. Suppose an administrator does screwup the configuration of a boundary router. In practice there will be additional site boundaries between an attacker and the misconfigured router. I expect transit routers in the internet backbone would filter site-locals. So the attacker will still not have access to the site via site-locals. Rich -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------