My point was that there are topology locators that are only viable
within a scope defined by the local network manager.
yes, we know this. it's a bad idea, and we need to stop
pretending it's a legitimate thing to do. that way, when the
network manager does this, it's his fault when things break.
network managers do have legitimate needs that must be
respected. this is not one of them.
So your position is that network managers are required to route all
prefixes in the global table, and access controls are to be removed
no, I probably misunderstood what you meant by 'viable'.
my position is that
- ambiguous addresses are harmful;
- packet filtering based on addresses, and filtering of advertised
routes, are not very good ways to implement host security, but the
current state of authentication is such that these crude mechanisms
cannot be dispensed with entirely anytime soon;
- apps need to be able to pass around tokens that are reliably and
precisely associated with hosts, and which can be used to reliably
and efficiently send messages to hosts (modulo access control
limitations), and DNS cannot adequately provide this service;
- forcing hosts to make the right choice from several (source,
destination) address pairs in order to successfully send packets to a
destination is unrealistic, especially when those choices require
information that is not readily available to hosts or applications.
Keith