So you're not arguing against scoped addresses per se, you're arguing
against having both scoped and global addresses on the same host?
it turns out that this doesn't solve the problem. the addresses will still
leak. apps will still be expected to cope with the mixture of ambiguous and
unambiguous addresses.
I see the
same problem occuring if a host has two global addresses which are treated
differently by the firewall(s),
I see that as a different problem - in particular, in that case there's no
need for apps to cope with ambiguous IP addresses. as a result it's much
clearer that it's unreasonable to expect apps to talk to the nodes whose
traffic is being filtered.
The only SL-specific problem is when naughty applications pass network-layer
addresses across site boundaries
which is a perfectly healthy and reasonable thing for apps to do.
(not that they can tell where those site boundaries are anyway)
; such applications must be "address aware"
anyways, so understanding SL isn't much of an incremental burden.
using an address as an opaque identifier doesn't require address awareness.
Keith