Thus spake "Keith Moore" <moore(_at_)cs(_dot_)utk(_dot_)edu>
Also, I'm wondering how the SL/1918 address-scoping debate
plays in the context of firewalls. Don't firewalls provide an even
more random form of address scoping that apps must cope with?
Or not?
...
Scoped addresses muddy this picture, because experience indicates
that apps will be expected to cope with a mixture of scoped and
global addresses. Once scoped addresses are introduced, the app
has to perform functions traditionally performed by the network. If
host A cannot reach host B, it might be due to policy or a network
failure, or it might be that the address that A has for B is not valid in
the scope that A is using.
So you're not arguing against scoped addresses per se, you're arguing
against having both scoped and global addresses on the same host? I see the
same problem occuring if a host has two global addresses which are treated
differently by the firewall(s), so it's not truly a problem with SL.
The only SL-specific problem is when naughty applications pass network-layer
addresses across site boundaries; such applications must be "address aware"
anyways, so understanding SL isn't much of an incremental burden.
S
Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking