RE: GXD vs. SPF

[Frederick M Avolio <fred () avolio com>]

At 09:56 AM 9/30/98 -0400, Paul D. Robertson wrote:
> The worst thing I see about this model is that it doesn't reliably give 
> you an index to how much protection you're getting from the firewall.  

Of course not. However a larger and larger percentage of firewall customers
are caring less and less about such things. Just yesterday on this, the
other list, or the newsgroup (life's a blur) someone was trying to decide
on Brand A or Brand B firewall.  Security was not mentioned, not because
the company doesn't care, but I think because it is assumed: well, these
are the #1 and #2 companies so they must be good. And hey, Brand A supports
over 300 services through their firewall!

You've correctly distilled things back down to the two paradigms:

        That which is not expressly (expressly mind you) permitted is prohibited.

        That which is not expressly prohibited is permitted.

This tension will continue to go on for years. It is an identical struggle
to one in Christiandom regarding worship and the regulative principal. Does
God tell us what to do in worshiping him and how much can we deviate from
it, or does he just tell us what not to do and anything else is fine. 

In the market the "what is not prohibited is permitted" crowd wins because
it seems that is what most people in practice want. It is not secure. It is
not safe. (Just recall what happened to Aaron's sons Nadab and Abihu as
chronicled in Leviticus 10.)

Fred