Commit d75108fb authored by Joseph Rotolo's avatar Joseph Rotolo Committed by Aki Braun
Browse files

Adding comments based on discussion between Rapporteurs and PANW on Oct 30.

parent b6c3848d

EN-304-620-1.md

+5 −5
Original line number Diff line number Diff line
@@ -407,7 +407,7 @@ Affects likelihood of threats involving authentication. 


Affects impact of threats involving loss of data confidentiality, availability, or integrity.



  * **DAT-L-0** User data is generally trivial and unimportant

  * **DAT-L-0** User data is generally trivial and unimportant (ie. TV or streaming content, etc)

  * **DAT-L-1** User data is moderately important

  * **DAT-L-2** User data is important for preservation of human rights of user
@@ -476,7 +476,7 @@ Security profiles will be mapped to the security requirements necessary to mitig 
> - How its functions are configured?

> - How it keeps itself secure and functioning?



The purpose of a consumer VPN is to create a tunnel between client devices and a server that provides access to a public or private network while obfuscating information about the source device. Potential functions include:

The purpose of consumer VPN is to provide encrypted end-to-end communication between two end-points. There are many reasons for VPNs' use, such as obfuscating information about the source of the VPN client, data transiting through an untrusted domain, etc. Potential functions include:



* Authenticating client connections

* Determining to which exit nodes a clients may connect
@@ -484,11 +484,11 @@ The purpose of a consumer VPN is to create a tunnel between client devices and a 
* Obfuscating the source or target of traffic sent through the tunnel

* Routing restricted-use network traffic in or out of specific nodes



The VPN itself is a collection of software running on different nodes. Each software element may have a different set of functionality and may be more or less trusted than other elements. How the functionality and trust are distributed vary according to the architecture and use case of the VPN.

The VPN product is a collection of software running on different nodes. Each software element may have a different set of functionality and may be more or less trusted than other elements. How the functionality and trust are distributed vary according to the architecture and use case of the VPN.



For example, a VPN intended to protect the user of an endpoint node from surveillance would prefer an architecture that did not trust any node not controlled by the end user. A VPN intended to protect a corporate private network would trust all the nodes in the private network that are administered by the corporation, but not the endpoint nodes that are administered by employees.

For example, a VPN intended to protect the user of an endpoint node from surveillance would prefer an architecture that did not trust any node not controlled by the end user. 



Functionalities of nodes in VPNs (a node can have some or all):

Roles of nodes in VPNs (a node can have some or all):



* Authorization - grant nodes access to the restricted use network

* Edge - uses a public network to communicate with the restricted use network