Owen DeLong wrote: >>> UPnP is a bad idea that (fortunately) doesn't apply to IPv6 anyway. >>> >>> You don't need UPnP if you'r not doing NAT. >> >> wishful thinking. >> >> you're likely to still have a staeful firewall and in the consumer space >> someone is likely to want to punch holes in it. > > Yes, SI will still be needed. However, UPnP is, at it's heart a way to > allow > arbitrary unauthenticated applications the power to amend your security > policy to their will. Can you possibly explain any way in which such a > thing is at all superior to no firewall at all?
I'm a consumer, I want to buy something, take it home, turn it on and have it work. I don't have an IT department. How the manufacturers solve that is their problem. As a consumer my preferences for a security posture to the extent that I have one are: don't hose me don't make my life any more complicated than necessary > I would argue that a firewall that can be reconfigured by any applet a user > clicks on (whether they know it or not) is actually less useful than no > firewall because it creates the illusion in the users mind that there is a > firewall protecting them. Stable outgoing connections for p2p apps, messaging, gaming platforms and foo website with java script based rpc mechanisms have similar properties. I don't sleep soundly at night becasuse the $49 buffalo router I bought off an endcap at frys uses iptables, I sleep soundly because I don't care. > Owen >