On 3/23/14, 10:39 AM, Carlos Pignataro (cpignata) wrote: > Joel, Warren (as shepherd), > > In addition to some responses below, it appears that my review > comments sent to opsec are yet to be addressed: > http://www.ietf.org/mail-archive/web/opsec/current/msg01477.html "The > only remaining bit is the issue raised by Carlos which we'll > hopefully address in the next rev." > http://www.ietf.org/mail-archive/web/opsec/current/msg01447.html > > It seems the remaining bit is still remaining. Frankly, I am still > concerned that this doc still refers to "VPN Leakages" while its > applicability and scope is a small subset of "VPNs".
the problem I take it with respect to aplicability is that the draft targets a narrow subset of vpns. The problem of exposure via split tunnels or in fact multi-interface issues is covers a whole range of issues, some of which are deliberate, some accidental or in this case inadvertent. > More inline. > > On Mar 23, 2014, at 10:57 AM, joel jaeggli <[email protected]> wrote: > >> Hi, >> >> I hope that you folks are recovering well from IETF meeting >> related excesses and accompanying travel. >> >> Some questions came up in the IESG review of the document that are >> more appropriately answered by the working group rather than by me >> attempting to channel you folks. >> >> https://datatracker.ietf.org/doc/draft-ietf-opsec-vpn-leakages/ >> >> 1. Does the working-group view view disabling IPV6 in deployed >> equipment due to operational necessity as a desirable outcome. > > My personal view is "No". That would be a step backwards in deploying > IPv6. >> >> 2. Does the working-group characterize the problem of vpn leakages >> captured in this document as being distinct from the problems posed >> by split-tunnels in general. >> > > I do not think it is different. Rather, this is one instantiation of > a more general problem. > > Thanks, > > -- Carlos. > >> Your thoughts would be appreciated. joel >> >> >> _______________________________________________ OPSEC mailing list >> [email protected] https://www.ietf.org/mailman/listinfo/opsec >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
