From owner-freebsd-net  Fri May 29 07:39:24 1998
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id HAA21468
          for freebsd-net-outgoing; Fri, 29 May 1998 07:39:24 -0700 (PDT)
          (envelope-from owner-freebsd-net@FreeBSD.ORG)
Received: from coconut.itojun.org (root@coconut.itojun.org [210.160.95.97])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA20934
          for <freebsd-net@FreeBSD.ORG>; Fri, 29 May 1998 07:38:00 -0700 (PDT)
          (envelope-from itojun@itojun.org)
Received: from localhost (itojun@localhost.itojun.org [127.0.0.1])
	by coconut.itojun.org (8.8.8+3.0Wbeta12/3.6W) with ESMTP id XAA12556;
	Fri, 29 May 1998 23:37:47 +0900 (JST)
To: Eivind Eklund <eivind@yes.no>
cc: freebsd-net@FreeBSD.ORG
In-reply-to: eivind's message of Fri, 29 May 1998 16:26:37 +0200.
      <19980529162637.32681@follo.net> 
X-Template-Reply-To: itojun@itojun.org
X-Template-Return-Receipt-To: itojun@itojun.org
X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD  90 5F B4 60 79 54 16 E2
Subject: Re: ipv6 network addresses 
From: Jun-ichiro itojun Itoh <itojun@itojun.org>
Date: Fri, 29 May 1998 23:37:47 +0900
Message-ID: <12552.896452667@coconut.itojun.org>
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>> 	There's something called "site local address" defined in rfc1884.
>> 	However, scoped address has so many twists.  You must be very careful
>> 	configuring nameservers for site local addresses.  Also, there's is
>> 	very hard problem for site border routers...
>> 	I believe people would like to get rid of NAT when v6 is deployed, 
>> 	so there will be no private address, I believe...
>I don't agree.  The use of NAT is partially to protect against attacks
>- if you're not routed, an attack is that much harder.

	even without address translation, you can have "non-routed" network
	space.
	If you use NAT, you are actually "routing" external packet
	to your host.  In this case the security level degrades very much.

	Lengthy discussion was done in IETF IPng working group, so I would
	not repeat that here.  I highly recommend the following message.
	(I do not copy the message here since this was not by me...)

	http://www.cs-ipv6.lancs.ac.uk/ipv6/mail-archive/IPng/1998-05/0057.html

itojun



Message-Id: <199804071422.KAA03813@postal.research.att.com>
To: "Jennings, Robert" <RJennings@IKON.com>
cc: bound@zk3.dec.com, Jun-ichiro itojun Itoh <itojun@itojun.org>,
        thartric@mentat.com, ipng@sunroof.Eng.Sun.COM
Subject: (IPng 5597) Re: Basic Sockets API 
Date: Tue, 07 Apr 1998 10:22:23 -0400
From: Steve Bellovin <smb@research.att.com>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message