1996-01-24 - Re: IPSEC == end of firewalls

Header Data

From: Rick Smith <smith@sctc.com>
To: cypherpunks@toad.com
Message Hash: 83f6d670b01d9ea476b267074febd22df117066e3d364073129d3114e00cf785
Message ID: <199601242003.OAA23388@shade.sctc.com>
Reply To: N/A
UTC Datetime: 1996-01-24 21:02:14 UTC
Raw Date: Thu, 25 Jan 1996 05:02:14 +0800

Raw message

From: Rick Smith <smith@sctc.com>
Date: Thu, 25 Jan 1996 05:02:14 +0800
To: cypherpunks@toad.com
Subject: Re: IPSEC == end of firewalls
Message-ID: <199601242003.OAA23388@shade.sctc.com>
MIME-Version: 1.0
Content-Type: text/plain


Discussing firewalls, ses@tipper.oit.unc.edu (Simon Spero) writes:

>What do you need as well as crypto before you can remove all firewalls?

What firewalls do is they allow an independent group of people to
track external network access and enforce rules over a large
population of hosts. Given that just about any security installed on a
workstation can be overcome (inadvertently or consciously) by someone
with physical access to it, I doubt firewalls will ever go away
entirely. Today's techniques will no doubt evolve and change in varous
ways over time. But I'd be surprised if the function went away
entirely.

Until Netscape came out I suspected that desktop crypto wouldn't make
the bigtime soon, simply because there are too many ways to do it
wrong. Netscape has demonstrated that doing it wrong is no impediment
to deployment.

Organizations that want to do crypto well are probably going to
concentrate crypto services in a few closely managed hosts to reduce
the risk of messing things up.

Rick.
smith@sctc.com         secure computing corporation





Thread