Michael, > For instance, a reason to create a new network "zone" is because we > don't provide printers with decent access control lists (authorization), > instead, we make them wide open and then throw WPA on the wireless so > that it's "secure", and then assume if you've authenticated, you are > authorized to print. > IPv6 would make that a new subnet, no additional layer of NAT, and do > the authorization by IP address. Huh? Why would one authorize access to a printer on a per-address basis? Why should every user on the same computer have the same access rights to the printer? -- This is probably a hint that, even if deployable, IPsec may not be want you need/want. > (with SEND to secure the mapping!) And you argued against overly complex networks? Sigh.... (paraphrasing you) "and then we throw IPsec and SEND so that it's secure, and then assume that if your IP address is authorized, the user at that IP address is authorized to print". Thanks, -- Fernando Gont e-mail: fernando@xxxxxxxxxxx || fgont@xxxxxxx PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf