People with proxy systems won't change them, the security of
packet filters will go up relative to how well the key management
problem is addressed. (Key mangement is a large problem, and solving
parts of it is a very useful thing.)
Its worth noting that the fact that you've authenticated some
entity does not mean that you should extend them ultimate trust, it
could mean that their keys have been comprimised.
I expect that as firewalls get cheaper, we'll start to see the
technology being pushed deeper inside a company, so that every
mailhost runs smtpd, not just the one on "the firewall."
| Does anyone want to comment on the conventional wisdom of what IPSEC and IPV6
| will do for network security, and how this will require changes to firewalls
| and how they operate?
"It is seldom that liberty of any kind is lost all at once."