From: Rick Smith <smith@sctc.com>
Date: Thu, 25 Jan 1996 05:02:14 +0800
To: cypherpunks@toad.com
Subject: Re: IPSEC == end of firewalls
Message-ID: <199601242003.OAA23388@shade.sctc.com>
MIME-Version: 1.0
Content-Type: text/plain


Discussing firewalls, ses@tipper.oit.unc.edu (Simon Spero) writes:

>What do you need as well as crypto before you can remove all firewalls?

What firewalls do is they allow an independent group of people to
track external network access and enforce rules over a large
population of hosts. Given that just about any security installed on a
workstation can be overcome (inadvertently or consciously) by someone
with physical access to it, I doubt firewalls will ever go away
entirely. Today's techniques will no doubt evolve and change in varous
ways over time. But I'd be surprised if the function went away
entirely.

Until Netscape came out I suspected that desktop crypto wouldn't make
the bigtime soon, simply because there are too many ways to do it
wrong. Netscape has demonstrated that doing it wrong is no impediment
to deployment.

Organizations that want to do crypto well are probably going to
concentrate crypto services in a few closely managed hosts to reduce
the risk of messing things up.

Rick.
smith@sctc.com         secure computing corporation