Hi, Carlos, On 12/22/2013 05:54 PM, Carlos Pignataro (cpignata) wrote: >> FWIW, this is what we hae at the time of this writing (still subject to >> comments and edits); >> >> ---- cut here ---- >> When employing the term VPN (or its acronym, "VPN"), this document >> refers to IPsec-based or TLS-based tunnels, where traffic is >> encapsulated and sent from a client to a middle-box, to access >> multiple network services (potentially emplying different transport >> and/or application protocols). > > I do not think this is the best approach. Here you are saying: “when we > say VPN we actually mean this, so we will make statements about VPNs”. > Instead, I’d suggest the more precise approach is to say “in this document > we consider Foobar VPNs, so we will make statements about Foobar VPNs” > (where Foobar is a modifier/qualifier of VPN, defined in the document).
If you know of such modifier/qualifier, I'd like to know -- particularly if it's a one/two word thing that will not result in cumbersome text throughout the document. Besides, at the end of the day, foobar VPN would still be one definition of ours, so... I'm not sure that would make the text any more precise (as long as the terminoogy is clarified up frnt, as with a "Terminology" section). >> Our use of the term "Virtual Private Networks" excludes the so-called >> SSL/TLS VPN portals (a front-end provided by the middlebox to add >> security to a normally-unsecured site). Further discussion of SSL- >> based VPNs can be found in [SSL-VPNs]. > > Additionally, this talks about a specific view from the user (it is not a > provider provisioned VPN for example). So I’d define what it is and not > what it is not. Not sure what you mean. >>>> Regarding the title... I'm not sure it's easy to come up with >>>> something simple that makes this clear (particularly when, as you >>>> correctly state, "VPN" is kind of a meta-term)... Do you have any >>>> suggestions for some alternative title? >>> >>> I think that, for the title, saying ³VPN traffic leakages² is too >>> generic >>> to be accurate, and you need to qualify ³VPN². >> >> Is that possible in a one-liner? > > It is necessary, in a one- or two-liner. So far we have tried to do that with the terminology Section -- and I doubt that can be clearly one with a one liner. But if you have any suggestions, I'm all ears. > The IETF has defined terminology and taxonomy for VPNs. For example: > http://tools.ietf.org/html/rfc2764 > http://tools.ietf.org/html/rfc3809 > http://tools.ietf.org/html/rfc4026 for PP-VPNs, esp. S. 3, 3.10, 4 > http://tools.ietf.org/html/rfc4110#section-1.5 > > And as you acknowledge it is a meta term (and an overused one); I’d talk > about Foobar-VPNs, with narrow definitions. I'll check the references, and will also let others weigh in. Thanks, -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
