Re: Distributing site-wide RFC 3484 policy

[(Tomohiro -INSTALLER- Fujisaki/藤崎 智宏) <fujisaki@syce.net>]

 | >  | Anyway, the draft contains a horrible error, at least.
 | >  | We CAN NEVER specify zone-index from outside the box.  It MUST be removed.
 | > 
 | > I'm not sure why the error(?) is 'horrible', but we discussed about
 | > 'zone-index' in DHC wg ML.
 | > 
 | > http://www1.ietf.org/mail-archive/web/dhcwg/current/msg04683.html
 | > 
 | > If the site administrator knows the detail of a client, it may be
 | > possible to specify that value for the client.
 | 
 | You CANNOT specify "zone" itself from out of the box.
 |
 | If an implementation supports a kind of "zone" in policy,
 | the node may want to restrict the rule only on that "interface"
 | (or zone) which the dhcpv6 message has arrived, but no other way.
 | 
 | Server may ask the node to restrict the policy within the interface,
 | but it cannot ask the end-node to use another specific interface.
 | 
 | Or, are you suggesting to have mapping between fake "zone-index" and the
 | real one?
 | 
 | 
 | Anyway, I'd say, you CANNOT distrubute the polocy itself, but you could
 | suggest a "hint" to end-nodes, with "virtual precedence" (or "relative
 | precedence"), "virtual label" and "virtual zone-index" (or "zone label").

Do you mean node local information should not be given from outside ?

We think if a node is in an administrative scope and zone index value
is static (not dynamically changes when node restarts), it is possible
to deliver that value to the node.

And if there is a case that utilizes zone index delivery, we should
remain zone index delivery as it is, and limit the usage in
specification. If there is no case, delivering we should not deliver
zone index.

--
Tomohiro Fujisaki