Keith Moore wrote: > ... > One of the assertions that Tony seems to be making is that > SLs can be used to communicate to applications when policy > forbids them from talking > to one another. (Tony, if I'm mistating this, please restate it)
I was suggesting that SL is an indication that a filtering policy has been applied to this network. This does not by itself indicate where the boundaries are. > > So for instance if a process resides on a host which only has an SL > address, and it wants to communicate with a peer for which it > only has > a global address, then the process can infer that it is forbidden as > a matter of policy from communicating with that peer. Based on its SL address, it can infer that there is an explicit filter somewhere in the network. That filter may or may not be between it and the application peer. > > Or perhaps if process A lives on a host with both global and > SL addresses, and it has only a SL address for the host on > which process B resides, then A can infer that B is forbidden > from communicating off-site. This is the case that seemed to apply to the referral type apps. If A only knows a SL for B, and a global prefix for C that does not match its own, it can assume that the likelihood of C being able to see B is low. Or at the very least when it fails there is an indication that someone probably wants it to. > > (Offhand I haven't thought of other inferences that could be made - > certainly if both hosts have both SL and global addresses then > you can't assume that the hosts are allowed to connect.) > > Is there a widespread idea that it's reasonable for apps to > make these kind of inferences? > > > > Personally, I don't think either of those inferences are reasonable - > there are too many situations where a host can be temporarily > without a global address (but not forbidden to communicate > externally as a > matter of policy), Lack of an external address means that the external nodes will be unable to communicate with that device from outside the site. Why the node is without a global address is irrelevant to the ability to use it in a referral. > and too many situations where a process > might know some but not all of the addresses at which a > potential peer might be reached (so the lack of knowledge of > a global for that peer doesn't > imply anything about policy). It implies that the ablity to actually connect to it is explicitly impaired. Other than the case of the private network connected behind a globally attached network, I see no reason for permiting SL/global connectivity. If we can get PI prefixes for the private network, we should simply put a hard stop in SL working with anything except another SL. Tony > > Keith > -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
