Re: [secdir] Sec-Dir review of draft-ietf-opsec-vpn-leakages-02
Stephen Kent <kent@bbn.com> Tue, 10 December 2013 15:23 UTC
Return-Path: <kent@bbn.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AB161AE169 for <secdir@ietfa.amsl.com>; Tue, 10 Dec 2013 07:23:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.202
X-Spam-Level:
X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZtyTg6vT95NV for <secdir@ietfa.amsl.com>; Tue, 10 Dec 2013 07:23:00 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id 053931AE15E for <secdir@ietf.org>; Tue, 10 Dec 2013 07:23:00 -0800 (PST)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:51556) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1VqP9C-000Mvj-Nr for secdir@ietf.org; Tue, 10 Dec 2013 10:22:54 -0500
Message-ID: <52A731CE.5010809@bbn.com>
Date: Tue, 10 Dec 2013 10:22:54 -0500
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.1.1
MIME-Version: 1.0
To: secdir@ietf.org
References: <F5063677821E3B4F81ACFB7905573F240653E7FF01@MX15A.corp.emc.com> <52A6C883.2080709@si6networks.com>
In-Reply-To: <52A6C883.2080709@si6networks.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [secdir] Sec-Dir review of draft-ietf-opsec-vpn-leakages-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Dec 2013 15:23:01 -0000
Fernando, A quick look at your I-D suggests that the SSL VPN vs. IPsec VPN distinction is meaningful, and ought to be addressed. For example, in an SSL VPN the security model is based on higher level identifiers. Thus there are other ways that a user may find that traffic he thought was protected is not. I realize that your doc focuses only on the IPv6 vs. v4 issue, but given the title, a reader might be mislead by the lack of context. Steve
- [secdir] Sec-Dir review of draft-ietf-opsec-vpn-l… Moriarty, Kathleen
- Re: [secdir] Sec-Dir review of draft-ietf-opsec-v… Fernando Gont
- Re: [secdir] Sec-Dir review of draft-ietf-opsec-v… Stephen Kent
- Re: [secdir] Sec-Dir review of draft-ietf-opsec-v… Moriarty, Kathleen
- Re: [secdir] Sec-Dir review of draft-ietf-opsec-v… Paul Hoffman
- Re: [secdir] Sec-Dir review of draft-ietf-opsec-v… Fernando Gont
- Re: [secdir] Sec-Dir review of draft-ietf-opsec-v… Moriarty, Kathleen
- Re: [secdir] Sec-Dir review of draft-ietf-opsec-v… Moriarty, Kathleen