Re: IPSEC == end of firewalls (was Re: (fwd) e$: PBS NewsHour, Path Dependency, IPSEC, Cyberdog, and the Melting of Mr.)

["Dave Emery" <die@pig.die.com>]

	Perry writes...
> 
> can get rid of the firewalls. I, for one, don't -- they are there
> largely because people don't trust that their networking software is
> free of security holes, and cryptography doesn't fix security holes
> for the most part.

	Perhaps I'm nieve, but I've always understood that one of the
primary functions firewalls accomplish is insulating from most easy
attacks large numbers of random machines in an organization that may not
be all perfectly administered, 100% under control of competant security
wise users, and configured correctly for maximum security with all the
latest rev's of stuff.

	Seems unclear that IP level security and authentication will
totally eliminate the problems caused by buggy software and 
clueless or careless users, or overloaded security staffs who
don't have time to update everybody and check everything immediately
on networks with thousands of machines.

	Having one or two machines to keep secure instead of thousands
seems like a big win.

						Dave Emery