-----BEGIN PGP SIGNED MESSAGE-----
In message <[EMAIL PROTECTED]>, "Marcus J. Ranum"
writes:
>We shouldn't _Need_ firewalls in a few years (ha!) but we will
>because energy is being directed down a useless path. The short
>term fix (firewalls) has been converted into a $600mm/year
>industry selling a stop-gap* as a long-term solution.
I understand that the vast majority of medicine is maintainative rather
than either curative or preventative. That is, more time, effort and
money are spent keeping people with medical problems alive than are
spent keeping people from developing those conditions in the first place,
or curing them of existing medical conditions. Opinions vary, but
in general this is considered a basic feature of the medical profession
rather than a function of the state of current medical technology.
I'm sure you can see the analogy.
While you are entirely correct in pointing out that the -solution-
to the problem is redesign (fixing, or rather replacing, protocols
and applications), there will -always- be the pragmatic problem of
finding a optimum solution to the cost/risk equation given decidedly
suboptimal hardware, software and wetware. Firewalls, or things like
them, can be one of those optimum solutions, and this is almost certainly
going to remain true for some time to come.
Looked at more generically, there will always be a need for implimentation
fixes for design flaws. This sucks, but there it is.
Now: You are also entirely correct in pointing out that many firewalls
are a liability in that they are expected, often by people who don't
know any better (but sometimes by people who should), to do things that
they cannot do or that they were not designed to do. Stated more
generically, this becomes: People are stupid. This, too, will almost
certainly continue to be a problem for quite a while.
Time for another analogy: firewalls are like condoms. They provide
some protection if you're engaging in risky behaviour, but if you have
overwhelming cause for alarm if yours breaks, chances are you were
doing something you shouldn't have been doing in the first place. One
failure is enough, and you won't always know about it immediately.
Many people have unrealistic expectations about condoms, and make
grave errors of planning based on those false expectations. It is also
the case that a significant number of condom failures are do to inappropriate
use, typically the result of an uninformed (or misinformed) operator. They
still, however, remain a generally usable workaround to a difficult
problem---operating in an unpredictable and occasionally hostile environment.
- -Steve
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBN03x5irw2ePTkM9BAQGnpgP+Nn1b3jf75nqPLEjM2Sg82Xk8Kj5XgCz/
/11uf+uXX0EA6k8PtiIrv2LHAlTDhSqpERbqA1V4mXEBku/t6zjf6n76n7G5L4vr
+99wxv7UvzPos4c2pnnNzOywEwiWu2fr2mF8VB2NHJe3Er4MUymhhww82tiLxvUe
g/Y+Xx4rd7U=
=xPeA
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
