> I think it still belongs between the internet and most networks made entirely of desktop, IoT & personal devices.
I think your belief has been shaped by the fact that adoption of P2P protocols was hampered by NAT for over a decade, and that developers often write software that trusts the local network. Default deny policies help protect insecure servers for the time being, but I'd like to see servers that utilize encryption and authentication instead of relying on simple allow all/disallow all firewall policies at the connection level.
> developers often write software that trusts the local network
Yes, this is still a source of problems - DNS rebinding allowing websites to attack random sockets on LAN and localhost makes my skin crawl. That the protections are being implemented in the browser makes me sad.
> I'd like to see servers that utilize encryption and authentication
Me, I'd prefer architectural solutions further down the stack than /every single service/ that happens to benefit from a TCP control socket having to duplicate the work of encryption + authentication, with the attendant myriad opportunities for it to go horribly wrong. I already mentioned IoT and we know exactly what that's like when it comes to protecting itself.
Yes, I know, pipe dream .. and going off topic .. but I can wish.
I think your belief has been shaped by the fact that adoption of P2P protocols was hampered by NAT for over a decade, and that developers often write software that trusts the local network. Default deny policies help protect insecure servers for the time being, but I'd like to see servers that utilize encryption and authentication instead of relying on simple allow all/disallow all firewall policies at the connection level.