Re: Reply to comments on opsec draft from Bert Wijnen/OPS directorate. Part 1.

[Ross Callon <rcallon@juniper.net>]

At 02:52 PM 2/22/2004 -0500, Perry E. Metzger wrote:
>... It is rare to see
>a commercial deployment where the filters were all done correctly,
>because few people use fully automated systems to manage the entire
>set of filters, which is what you need to do past even the most modest
>sizes...

The possibility of errors -- or unknown vulnerabilities -- seems to me 
to be an argument for multiple layers of security (although not the 
only argument). 

Regarding encryption of network management traffic (which is where 
this line started), I am a big believer in using some form of encryption 
or authentication for network management. I just don't think that we 
should pick one form and say that everyone has to use that one form. 

Ross