Perry writes...
can get rid of the firewalls. I, for one, don't -- they are there largely because people don't trust that their networking software is free of security holes, and cryptography doesn't fix security holes for the most part.
Perhaps I'm nieve, but I've always understood that one of the primary functions firewalls accomplish is insulating from most easy attacks large numbers of random machines in an organization that may not be all perfectly administered, 100% under control of competant security wise users, and configured correctly for maximum security with all the latest rev's of stuff. Seems unclear that IP level security and authentication will totally eliminate the problems caused by buggy software and clueless or careless users, or overloaded security staffs who don't have time to update everybody and check everything immediately on networks with thousands of machines. Having one or two machines to keep secure instead of thousands seems like a big win. Dave Emery