Last Call Review of draft-ietf-opsec-vpn-leakages-02
review-ietf-opsec-vpn-leakages-02-genart-lc-housley-2013-12-13-00
Request | Review of | draft-ietf-opsec-vpn-leakages |
---|---|---|
Requested revision | No specific revision (document currently at 06) | |
Type | Last Call Review | |
Team | General Area Review Team (Gen-ART) (genart) | |
Deadline | 2013-12-16 | |
Requested | 2013-12-05 | |
Authors | Fernando Gont | |
I-D last updated | 2013-12-13 | |
Completed reviews |
Genart Last Call review of -02
by Russ Housley
(diff)
Genart Telechat review of -03 by Russ Housley (diff) Genart Telechat review of -04 by Russ Housley (diff) Secdir Last Call review of -02 by Kathleen Moriarty (diff) Opsdir Last Call review of -02 by Dan Romascanu (diff) |
|
Assignment | Reviewer | Russ Housley |
State | Completed | |
Request | Last Call review on draft-ietf-opsec-vpn-leakages by General Area Review Team (Gen-ART) Assigned | |
Reviewed revision | 02 (document currently at 06) | |
Result | Almost ready | |
Completed | 2013-12-13 |
review-ietf-opsec-vpn-leakages-02-genart-lc-housley-2013-12-13-00
I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at < http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. Please resolve these comments along with any other Last Call comments you may receive. Document: draft-ietf-opsec-vpn-leakages-02 Reviewer: Russ Housley Review Date: 2013-12-12 IETF LC End Date: 2013-12-16 IESG Telechat date: Unknown Summary: The document is almost ready for publication as a informational RFC. I raise minor concerns that should be resolved before IESG evaluation. Major Concern: This document is about encrypted tunnels, and I am asking for this to be stated very early in the document. Sadly, the IETF uses VPN to mean two very different things, please tell the reader which one is being discussed in the abstract and the introduction of the document. IPsec and L3VPN demonstrate the two very different meanings for VPN, and "VPN leakage" has meaning in both of them. Personal Observation: I do not find this document very helpful. It can be summarized as: If IPv6 is not supported in your VPN software, then disable IPv6 support in all network interfaces before you try to use it. I do not know why the OPSEC WG thinks that this message is worthy of an RFC.