Folks, FYI, this version addresses Paul's and Kathleen's comments.
The only remaining bit is the issue raised by Carlos which we'll hopefully address in the next rev. Thanks! Fernando On 01/23/2014 08:25 AM, [email protected] wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Operational Security Capabilities for IP > Network Infrastructure Working Group of the IETF. > > Title : Virtual Private Network (VPN) traffic leakages in > dual-stack hosts/ networks > Author : Fernando Gont > Filename : draft-ietf-opsec-vpn-leakages-03.txt > Pages : 16 > Date : 2014-01-23 > > Abstract: > The subtle way in which the IPv6 and IPv4 protocols co-exist in > typical networks, together with the lack of proper IPv6 support in > popular Virtual Private Network (VPN) products, may inadvertently > result in VPN traffic leaks. That is, traffic meant to be > transferred over a VPN connection may leak out of such connection and > be transferred in the clear from the local network to the final > destination. This document discusses some scenarios in which such > VPN leakages may occur, either as a side effect of enabling IPv6 on a > local network, or as a result of a deliberate attack from a local > attacker. Additionally, it discusses possible mitigations for the > aforementioned issue. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-opsec-vpn-leakages/ > > There's also a htmlized version available at: > http://tools.ietf.org/html/draft-ietf-opsec-vpn-leakages-03 > > A diff from the previous version is available at: > http://www.ietf.org/rfcdiff?url2=draft-ietf-opsec-vpn-leakages-03 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > OPSEC mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/opsec > -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
