[LAC-TF] Fwd: RFC 7359 on Layer 3 Virtual Private Network (VPN) Tunnel Traffic Leakages in Dual-Stack Hosts/Networks

Fernando Gont fgont at si6networks.com
Tue Aug 26 23:29:36 BRT 2014

FYI: <https://www.rfc-editor.org/rfc/rfc7359.txt>

El contenido es bastante claro. Tal vez lo que pueda generar alguna
pregunta al lector minimamente "afilado" es la "front page".

P.S.: Otros trabajos que he realizado (muchos dentro de la misma
temática) se encuentran en:
<http://www.arkko.com/tools/allstats/fernandogont.html>  (y algunos que
estamos revisando en:

Saludos cordiales,

-------- Forwarded Message --------
Subject: RFC 7359 on Layer 3 Virtual Private Network (VPN) Tunnel
Traffic Leakages in Dual-Stack Hosts/Networks
Date: Tue, 26 Aug 2014 18:23:00 -0700 (PDT)
From: rfc-editor at rfc-editor.org
Reply-To: ietf at ietf.org
To: ietf-announce at ietf.org, rfc-dist at rfc-editor.org
CC: drafts-update-ref at iana.org, rfc-editor at rfc-editor.org

A new Request for Comments is now available in online RFC libraries.

        RFC 7359

        Title:      Layer 3 Virtual Private Network
                    (VPN) Tunnel Traffic Leakages in Dual-Stack
        Author:     F. Gont
        Status:     Informational
        Stream:     IETF
        Date:       August 2014
        Mailbox:    fgont at si6networks.com
        Pages:      12
        Characters: 26506
        Updates/Obsoletes/SeeAlso:   None

        I-D Tag:    draft-ietf-opsec-vpn-leakages-06.txt

        URL:        https://www.rfc-editor.org/rfc/rfc7359.txt

The subtle way in which the IPv6 and IPv4 protocols coexist in
typical networks, together with the lack of proper IPv6 support in
popular Virtual Private Network (VPN) tunnel products, may
inadvertently result in VPN tunnel traffic leakages.  That is,
traffic meant to be transferred over an encrypted and integrity-
protected VPN tunnel may leak out of such a tunnel and be sent in the
clear on the local network towards the final destination.  This
document discusses some scenarios in which such VPN tunnel traffic
leakages may occur as a result of employing IPv6-unaware VPN
software.  Additionally, this document offers possible mitigations
for this issue.

This document is a product of the Operational Security Capabilities for
IP Network Infrastructure Working Group of the IETF.

INFORMATIONAL: This memo provides information for the Internet community.
It does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.

This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see

For searching the RFC series, see https://www.rfc-editor.org/search
For downloading RFCs, see https://www.rfc-editor.org/rfc.html

Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor at rfc-editor.org.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.

The RFC Editor Team
Association Management Solutions, LLC

Fernando Gont
e-mail: fernando at gont.com.ar || fgont at si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

More information about the LACTF mailing list