Thus spake "Keith Moore" <moore@cs.utk.edu> > > Also, I'm wondering how the SL/1918 address-scoping debate > > plays in the context of firewalls. Don't firewalls provide an even > > more random form of address scoping that apps must cope with? > > Or not? > > ... > Scoped addresses muddy this picture, because experience indicates > that apps will be expected to cope with a mixture of scoped and > global addresses. Once scoped addresses are introduced, the app > has to perform functions traditionally performed by the network. If > host A cannot reach host B, it might be due to policy or a network > failure, or it might be that the address that A has for B is not valid in > the scope that A is using. So you're not arguing against scoped addresses per se, you're arguing against having both scoped and global addresses on the same host? I see the same problem occuring if a host has two global addresses which are treated differently by the firewall(s), so it's not truly a problem with SL. The only SL-specific problem is when naughty applications pass network-layer addresses across site boundaries; such applications must be "address aware" anyways, so understanding SL isn't much of an incremental burden. S Stephen Sprunk "God does not play dice." --Albert Einstein CCIE #3723 "God is an inveterate gambler, and He throws the K5SSS dice at every possible opportunity." --Stephen Hawking