On Jun 21, 2014, at 8:36 PM, joel jaeggli <[email protected]> wrote: > Folks, > > After some roundabout attempts at clearing the discuss on > draft-ietf-opsec-vpn-leakages the following text has been proposed by > the IESG as a note on the document. It could proceed to the rfc editor > queue with this text in place. We could also adjust the document > accordingly, however at this point, the current position is farily hard won. > > Thoughts would be appreciated. > > joel > --- > > This document describes a problem of information leakage in VPN software > and attributes that problem to the software's inability to deal with > IPv6. We do not think this is an appropriate characterization of the > problem. It is true that when a device supports more than one address > family, the inability to apply policy to more than one address family on > that device is a defect. Despite that, inadvertent or > maliciously-induced information leakage may also occur due to the > existence of any unencrypted interface allowed on the system, including > the configuration of split tunnels in the VPN software itself. While > there are some attacks that are unique to an IPv6 interface, the sort of > information leakage described by this document is a general problem that > is not unique to the situation of IPv6-unaware VPN software. We do not > think this document sufficiently describes the general issue.
I might suggest that this text say who “we” is. Clearly, those who wrote the draft, who might otherwise be described in the first person plural, must disagree with that assessment. Personally, if the final sentence is the considered opinion of the IESG, I would rather not publish as an RFC - a permanent archival document - a description that the same RFC says is inadequate. I would rather that the IESG return the document to the working group and request a replacement that “sufficiently describes the general issue”.
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
