> I think it makes sense to consider a boundary (firewall+ALG) that defines
> a "trusted zone" within the house, establishes ACLs for a given
> "connection", be it a tunnel or otherwise, defined by an authentication
> event, and mediates the activity over that connection as long as it's
> active.
you're confusing trust boundaries with network topology.
trust boundaries don't follow network topology even today,
or you have to do a fair amount of work to make them do so.
they're even less likely to follow network topology in the future
when a significant number of the devices we want to talk to are
running wireless IP.
and just because I have multiple devices in my home doesn't mean
that I trust my (roommate, spouse, kid, babysitter, houseguest,
burglar, landlord, friendly neighborhood cop) to have net access
to everything in my home merely by having physical presence there.
nor do I want to have to run separate protocols to access devices
on my home network than for the same kinds of devices located
in other environments.
Keith
