While IP level security & authentication will go a long way to help prevent abuses and reduce unauthorized accesses, I doubt if it will provide enough protection by itself. While I would love to be proven wrong, I believe firewalls are here to stay (at least for the next year or two). A couple of reasons why: o Node Spoofing will probably still be possible o The connections will probably also be subject to man-in-the-middle attacks (Never underestimate the creativity of people who want to compromise your networks) o Authentication by itself will *not* provide adequate protection against many abuses o End-to-end encryption by itself won't completely solve the problems either (however, it *does* go a long way to prevent man-in-the-middle attacks o While IP security & authentication helps to secure the pipe between the two systems which want to communicate with each other, it does not provide any security about the applications running over the pipe. (ie - if you and I have a secure pipe between your system and mine & you have a worm running loose on your network, the only thing the secure pipe will do is ensure that other systems (not in the pipe) won't be damaged as the worm propagates out of your network into mine). Also. Which version of sendmail are we up to now? As far as the future of firewalls goes, I would probably guess that the functionality of most firewalls would eventually be an add-on application option for Operating Systems and that eventually it will be a standard part of every Operating System. Until then, we have to punt & keep using firewalls. I suspect even when firewalls are embedded in the O/S, that some type of firewall will still be needed to quasi-isolate a company's network from the Internet (and establish them as one entity) and to contain potential networking problems which arise when someone configures their system with the wrong IP address (or other type of problem). IMHO, the first company to include a firewall as a standard part of their Operating Systems has a real good shot at increasing their market share. Perhaps the O/S vendors are paying attention to this list & will implement this (would be nice). 8^) Of course, it would also help, if their systems were delivered secure - out-of-the-box and we didn't have to spend so much time continually locking them down & keeping up with the latest CERT Advisories. 8^) 8^) Best Regards, Frank Fortified Networks Inc. - Management & Information Security Consulting Phone: (317) 573-0800 - http://www.fortified.com/fortified/ <standard disclaimer> The opinions expressed above are of the author and may not necessarily be representative of Fortified Networks Inc.