Re: [OPSEC] Start of WGLC for draft-ietf-opsec-vpn-leakages

Sat, 13 Jul 2013 18:04:58 -0700 

I have read this draft and think it is fine. Merike's list of proposed
changes are also all very good.

--Paul Hoffman


On Fri, Jul 12, 2013 at 12:02 PM, Panos Kampanakis (pkampana) <
[email protected]> wrote:

> +1
>
> For completeness, I would like to request the authors to add a sentence in
> Section 5, to say that the recommendations in case of IPv6-only VPN
> (IPv4-only is discussed) are equivalent. In other words, if only IPv6
> traffic goes through the VPN (split tunnel or not) then IPv4 should be
> dropped.
>
> Panos
>
>
>
> -----Original Message-----
> From: [email protected] [mailto:[email protected]] On Behalf Of
> Gert Doering
> Sent: Friday, July 12, 2013 2:39 PM
> To: cb.list6
> Cc: [email protected]; Warren Kumari;
> [email protected]
> Subject: Re: [OPSEC] Start of WGLC for draft-ietf-opsec-vpn-leakages
>
> Hi,
>
> On Sun, Jul 07, 2013 at 01:35:59PM -0700, cb.list6 wrote:
> > I support publication of this draft.
> >
> > I recently ran into this leaking issue on Android with OpenVPN.  An
> > open OpenVPN server used for security and anonymity only inserted
> > routes for IPv4 on the client, with the result being all IPv6 does not
> > go through the VPN.
>
> It pains me to see such issues with OpenVPN, as OpenVPN service providers
> should be able to redirect IPv6 as well now, or at least set up IPv6 in a
> way that directs traffic into the tunnel and "ICMP unreachable!"'s it on
> the server side...
>
> So yes, I also support publication of that draft.
>
> Gert Doering
>         -- NetMaster
> --
> have you enabled IPv6 on something today...?
>
> SpaceNet AG                        Vorstand: Sebastian v. Bomhard
> Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
> D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
> Tel: +49 (89) 32356-444            USt-IdNr.: DE813185279
> _______________________________________________
> OPSEC mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/opsec
> _______________________________________________
> OPSEC mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/opsec
>

_______________________________________________
OPSEC mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsec

Reply via email to