Last Call Review of draft-ietf-opsec-vpn-leakages-02
review-ietf-opsec-vpn-leakages-02-genart-lc-housley-2013-12-13-00

I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at
<

http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Please resolve these comments along with any other Last Call comments
you may receive.

Document: draft-ietf-opsec-vpn-leakages-02
Reviewer: Russ Housley
Review Date: 2013-12-12
IETF LC End Date: 2013-12-16
IESG Telechat date: Unknown

Summary:  The document is almost ready for publication as a
informational RFC.  I raise minor concerns that should be resolved
before IESG evaluation.

Major Concern:

This document is about encrypted tunnels, and I am asking for this to
be stated very early in the document.  Sadly, the IETF uses VPN to mean
two very different things, please tell the reader which one is being
discussed in the abstract and the introduction of the document.  IPsec
and L3VPN demonstrate the two very different meanings for VPN, and
"VPN leakage" has meaning in both of them.  

Personal Observation:

I do not find this document very helpful.  It can be summarized as:

   If IPv6 is not supported in your VPN software, then disable IPv6
   support in all network interfaces before you try to use it.

I do not know why the OPSEC WG thinks that this message is worthy of
an RFC.