[LACNIC/Seguridad] Fwd: RFC 7359 on Layer 3 Virtual Private Network (VPN) Tunnel Traffic Leakages in Dual-Stack Hosts/Networks
Fernando Gont
fgont en si6networks.com
Mar Ago 26 23:29:36 BRT 2014
FYI: <https://www.rfc-editor.org/rfc/rfc7359.txt>
El contenido es bastante claro. Tal vez lo que pueda generar alguna
pregunta al lector minimamente "afilado" es la "front page".
P.S.: Otros trabajos que he realizado (muchos dentro de la misma
temática) se encuentran en:
<http://www.arkko.com/tools/allstats/fernandogont.html> (y algunos que
estamos revisando en:
<http://datatracker.ietf.org/doc/search/?name=&activedrafts=on&olddrafts=on&sort=&by=author&author=Gont>).
Saludos cordiales,
Fernando
-------- Forwarded Message --------
Subject: RFC 7359 on Layer 3 Virtual Private Network (VPN) Tunnel
Traffic Leakages in Dual-Stack Hosts/Networks
Date: Tue, 26 Aug 2014 18:23:00 -0700 (PDT)
From: rfc-editor en rfc-editor.org
Reply-To: ietf en ietf.org
To: ietf-announce en ietf.org, rfc-dist en rfc-editor.org
CC: drafts-update-ref en iana.org, rfc-editor en rfc-editor.org
A new Request for Comments is now available in online RFC libraries.
RFC 7359
Title: Layer 3 Virtual Private Network
(VPN) Tunnel Traffic Leakages in Dual-Stack
Hosts/Networks
Author: F. Gont
Status: Informational
Stream: IETF
Date: August 2014
Mailbox: fgont en si6networks.com
Pages: 12
Characters: 26506
Updates/Obsoletes/SeeAlso: None
I-D Tag: draft-ietf-opsec-vpn-leakages-06.txt
URL: https://www.rfc-editor.org/rfc/rfc7359.txt
The subtle way in which the IPv6 and IPv4 protocols coexist in
typical networks, together with the lack of proper IPv6 support in
popular Virtual Private Network (VPN) tunnel products, may
inadvertently result in VPN tunnel traffic leakages. That is,
traffic meant to be transferred over an encrypted and integrity-
protected VPN tunnel may leak out of such a tunnel and be sent in the
clear on the local network towards the final destination. This
document discusses some scenarios in which such VPN tunnel traffic
leakages may occur as a result of employing IPv6-unaware VPN
software. Additionally, this document offers possible mitigations
for this issue.
This document is a product of the Operational Security Capabilities for
IP Network Infrastructure Working Group of the IETF.
INFORMATIONAL: This memo provides information for the Internet community.
It does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.
This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
https://www.ietf.org/mailman/listinfo/ietf-announce
https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist
For searching the RFC series, see https://www.rfc-editor.org/search
For downloading RFCs, see https://www.rfc-editor.org/rfc.html
Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor en rfc-editor.org. Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.
The RFC Editor Team
Association Management Solutions, LLC
--
Fernando Gont
e-mail: fernando en gont.com.ar || fgont en si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
Más información sobre la lista de distribución Seguridad