> > I'm a bit worried about the "out of the box" use-case; the usability
> > of the system seems to be directly tied to this being on, yet network
> > secure-by-default means that it probably should be off...
>
> I'm not sure that secure-by-default does require that this be off. As I
> understand this case it is egress probing not a daemon listening of
> ingress requests.
The SMF policy requires that the manifest be delivered with
services disabled. The SBD policy requires listening services
be administratively enabled, or listen local only. Non-listening
services (outbound only) may be enabled in the default profile(s).
Gary..
