On 6/21/14 9:29 PM, Fred Baker (fred) wrote: > On Jun 21, 2014, at 8:36 PM, joel jaeggli <[email protected]> wrote: > >> Folks, >> >> After some roundabout attempts at clearing the discuss on >> draft-ietf-opsec-vpn-leakages the following text has been proposed by >> the IESG as a note on the document. It could proceed to the rfc editor >> queue with this text in place. We could also adjust the document >> accordingly, however at this point, the current position is farily hard won. >> >> Thoughts would be appreciated. >> >> joel >> --- >> >> This document describes a problem of information leakage in VPN software >> and attributes that problem to the software's inability to deal with >> IPv6. We do not think this is an appropriate characterization of the >> problem. It is true that when a device supports more than one address >> family, the inability to apply policy to more than one address family on >> that device is a defect. Despite that, inadvertent or >> maliciously-induced information leakage may also occur due to the >> existence of any unencrypted interface allowed on the system, including >> the configuration of split tunnels in the VPN software itself. While >> there are some attacks that are unique to an IPv6 interface, the sort of >> information leakage described by this document is a general problem that >> is not unique to the situation of IPv6-unaware VPN software. We do not >> think this document sufficiently describes the general issue. > I might suggest that this text say who “we” is. Clearly, those who wrote the > draft, who might otherwise be described in the first person plural, must > disagree with that assessment. > > Personally, if the final sentence is the considered opinion of the IESG, I > would rather not publish as an RFC - a permanent archival document - a > description that the same RFC says is inadequate. I would rather that the > IESG return the document to the working group and request a replacement that > “sufficiently describes the general issue”. I would hold that option out to the w.g. and the authors, Though I don't personally think the effort to produce a document for the purpose satisfying the IESG as a particularly worthy goal. So if the sentiment (which as I interpret it as being the case) is that the document in present form adresses a real problem and that it should be dealt with in a discrete fashion rather than rolled up with the generic problem of split tunneling then I can live with myself.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
