Lars Higham wrote:
It's a good idea, granted, but isn't this covered by IPv6 administrative scoping?
That's the network layer, not the transport layer. IPv6 scoping has the potential to be very helpful for private addressing since it's fundamentally built into the protocol, as opposed to RFC1918 addresses which are just kinda an afterthought. This means that, by default, vendor products should DTRT with respect to scoped addresses, and administrators have more effective tools. However, giving administrators more tools is not always a good thing. I fully expect to see the clueless, the same people who don't filter RFC1918 spoofs at their border now, open up their border routers to let in privately scoped addresses from the outside world. And I expect there will be ISPs that let privately scoped addresses pass over their networks 'cause some clueless customers, with $$$ contracts, want to pass the traffic between different sites. And some vendors will ship with bad defaults and bugs. So, I expect private networks with global connectivity (kind of an oxymoron, but you know what I mean) will be easier to set up and set up more securely with IPv6. But it's no magic bullet. There will be some brilliant fools out there who manage to shoot themselves in the foot. That problem will never go away. Unfortunately, besides shooting themselves, these people cause some collateral damage too (just like this worm that started the discussion). We'll have to wait until IPv6 is widely deployed to really see how all of that works out. -- Crist J. Clark crist.clark@globalstar.com