On 12/13/2013 12:37 PM, Warren Kumari wrote: >> Personal Observation: >> >> I do not find this document very helpful. It can be summarized >> as: >> >> If IPv6 is not supported in your VPN software, then disable IPv6 >> support in all network interfaces before you try to use it. >> >> I do not know why the OPSEC WG thinks that this message is worthy >> of an RFC. > > We often see that folk simply don’t realize that their VPN software > does’t do the right thing with IPv6 — I think your summary would be > better done as: 1: Figure out if your VPN software supports v6 > correctly. 2: If not, disable v6 on all interface when you enable the > VPN. > > But, even if that was the entire message, it is unclear *where* it > could be published that would get the necessary visibility — we think > it is an important message, folk listen to the IETF, and RFC’s is > what we have.
As a datapoint, there have been at least one or two VPN implementations that have produced patches in response to this document. From my perspective, when a document leads to fixes in real implementations, that as much of a ROI as you can get. And having a document that discusses the issues is not only helpful to raise awareness among developers, but also to refer to when they produce patches and wait for the ok/approval of their fellow developers such that they can commit their changes. As another datapoint, I've discussed this issue at a number of meetings, and should say that the general reaction from the audience is that of surprise. "Awareness" is another important ROI. Thanks! Best regards, -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
