IETF Logo Mail Archive

Re: [OPSAWG] Submission of new version of TACACS+ TLS Spec (V4)

"Douglas Gash (dcmgash)" <dcmgash@cisco.com> Thu, 25 January 2024 15:21 UTC

Return-Path: <dcmgash@cisco.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DCFEC14F697 for <opsawg@ietfa.amsl.com>; Thu, 25 Jan 2024 07:21:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.604
X-Spam-Level:
X-Spam-Status: No, score=-14.604 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PWJFo9lnpTbc for <opsawg@ietfa.amsl.com>; Thu, 25 Jan 2024 07:21:36 -0800 (PST)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD4E6C14F60C for <opsawg@ietf.org>; Thu, 25 Jan 2024 07:21:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; i=@cisco.com; l=28240; q=dns/txt; s=iport; t=1706196095; x=1707405695; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=zL0UBlFrndRxTnKJOkaJqvXCrgFaAdxH1v/qnXimGXo=; b=GQL+wC6HQZSQvAsgFD/BG9nLQvwHTiVZBzmv/7gT9Iy9v1xY/yqqi5qp jCOQwb92WAhmuspC8qe9hy6BQaHq7Su5rIPZ13dYVEcOFC4xqwRHEXX5l gZHPv41PQb5W9npbQ0lBklhyYmRQPIYdqRDNFKcJpcP6tRmV8MXfe5CgA g=;
X-CSE-ConnectionGUID: W7dSP3X/QFKSCEu9/k25JA==
X-CSE-MsgGUID: o8IrIKk8SpenQxxZzeLJ5A==
X-IPAS-Result: A0ABAACce7JlmJxdJa1QChkBAQEBAQEBAQEBAQEBAQEBAQESAQEBAQEBAQEBAQEBQCWBFgQBAQEBAQsBgTUxUnoCgQUSSIgeA4ROX4hnA5FAjEUUgREDVg8BAQENAQE9BwQBAYUGAodJAiY0CQ4BAgQBAQEBAwIDAQEBAQEBAQEGAQEFAQEBAgEHBRQBAQEBAQEBAR4ZBQ4QJ4VsDYZFAQEBAQECEhtMEAIBCBEDAQIWCwENMR0IAgQBDQUIGoJeAYIXSAMBEAapEgGBQAKKKHiBNIEBghYFgTwDsTkGgUgBhGiDOQGBToN9hFcnG4INgVeCaD6BBQGBWwIBAYEXDQUBBwsBCRoeH4NVgi8EgRcjBlaDQ4ItA1Exhj+DaIUCVHkjA30IBFwPGxAeNxEQEw0DCG4dAjE8AwUDBDIKEgwLIQUTQgNABkkLAwIaBQMDBIEwBQ0aAhAaBgwmAwMSSQIQFAM4AwMGAwoxMFVBDFADZR8yCTwPDBoCGxsNJyMCLEADERICFgMkFgQ2EQkLJgMqBjcCEgwGBgZdJhYJBCUDCAQDVAMhdBEDBAoDFAcLB3iCDIE+BBNHEIFCBANEHUADC209NQYOGwUEgTYFlgx3AgGBTHIBLBAmBBQeIQ0VYQIMRCgGEAIBEVCSKQmPIY5Jk0GBOgqEEYwGlUkXhAWMd4Z2kURkmFQgjU2VSg2FAQIEAgQFAg4BAQaBYzotPnBwFYMiUhkPjiwBDAmDWI95djsCBwEKAQEDCYZIhB8BAQ
IronPort-PHdr: A9a23:nitnqBzXLzVDrI3XCzMWngc9DxPP853uNQITr50/hK0LKeKo/o/pO wrU4vA+xFPKXICO8/tfkKKWqKHvX2Uc/IyM+G4Pap1CVhIJyI0WkgUsDdTDCBjTJ//xZCt8F 8NHBxd+53/uCUFOA47lYkHK5Hi77DocABL6YAZ+I+v8AY76hMWs3Of08JrWME1EgTOnauZqJ Q6t5UXJ49Mbg4ZpNu49ywCcpHxOdqUeyTZjJEmYmFD34cLYwQ==
IronPort-Data: A9a23:ctXjMK5vDzy9WOM34A8r6wxRtEfHchMFZxGqfqrLsTDasY5as4F+v mFKCj3TbquPY2Gnc4glYYzk8kJUvsCEmNExHQU+qihkZn8b8sCt6fZ1gavT04J+CuWZESqLO u1HMoGowPgcFyKa/lH1dOG58RGQ7InQLpLkEunIJyttcgFtTSYlmHpLlvUw6mJSqYDR7zil5 5Wq/qUzBHf/g2QoajtOt/rawP9SlK2aVA0w7wRWic9j5Dcyp1FNZLoDKKe4KWfPQ4U8NoZWk M6akdlVVkuAl/scIovNfoTTKyXmcZaOVeS6sUe6boD56vR0SoPe5Y5gXBYUQR8/ZzxkBLmdw v0V3XC7YV9B0qEhBI3xXjEAexySM5Gq95f4fnSEiZejiHToUEDH7ug/S0JsYK8xr7Mf7WFmr ZT0KRgXZRyFwumx2r/+F69nh98oK4/gO4Z3VnNIlG6CS615B8GYBfyXu7e03x9o7ixKNfrVY sUQcjpHZxXbaBoJMVASYH47tL732CKiKGEG9Tp5o4Iws0nJ7S9ygIP1Pdzsasy4V8hxvBux8 zeuE2PRWUxCa4fFllJp6EmEgffUlDz0cIMfCLP+8eRl6GB/3UQJAxEQEFC8u/T81wi1WslUL Aof/S9GQbUOGFKDcYbxZCXjkDm9kD0ncPdNQqo5slyv4/+Bi+qGPVQsQjlEYd0gkcY5Qz02y 1OE9+8F4xQy4dV5rlrApt+pQSOOBMQDEYMVicY5oeYt+dLvpsQ4iQjCC4slG6+uhdqzEjb1q 9xrkMTcr+tP5SLo//znlbwiv95KjsOYJuLSzl6INl9JFisjOOaYi3WAsDA3F8poIoeDVUWmt 3MZgcWY5+1mJcjSzHLUGrxVTOD0vant3NjgbbhHQcFJG9OFpi/LQGysyG8WyLpBa59bKWGzP Cc/RysIvMEPVJdVUUOHS9nsU5txl/eI+SXNXfHPZd0GeYlqaAKC52lvY0XWt10BY2By+ZzTz ayzKJ72ZV5DUPwP5GPvG481j+Rxrghgnjy7eHwO50n9uVZoTCTLGe5t3ZrnRr1R0Z5oVy2Jq 4oHaZLWkE4AOAA8CwGOmbMuwZkxBSFTLbj9qtdccaiIJQ8OJY3rI6a5LW8JE2C9o5loqw==
IronPort-HdrOrdr: A9a23:wiwWK6vex4cHF3885D2hQzM27skCNoAji2hC6mlwRA09TyXGrb HMoB1L73/JYWgqOU3IwerwRpVoIUmxyXZ0ibNhW4tKLzOWyVdATbsSorcKrAeQYREWmtQtsZ uINpIOd+EYbmIKw/oSgjPIburIqePvmMvH9IWuqkuFDzsaF52IhD0JczpzZ3cGPzWucqBJbK Z0iPA3wAaISDA8VOj+LH8DWOTIut3Mk7zbQTNuPXQawTjLpwmFrJrhHTal/jp2aV5yKLEZnl Ttokjc3OGOovu7whjT2yv49JJNgubszdNFGYilltUVAi+EsHfpWK1RH5m5+BwlquCm71gn1P PWpQ07Ash143TNOkmovBrW3RX62jpG0Q6g9bbYuwqgnSXKfkN/NyNzv/MfTvIf0TtngDhI6t MP44tejesPMfqPplWk2zGCbWAbqqP9mwtQrQdUtQ0fbWPbA4Uh97D2OyhuYcw99C6W0vFULM B+SM7b//pYalWccjTQuXRu2sWlWjApEg6BWVVqgL3e79F6pgEw86Ij/r1Vol4QsJYmD5VU7e XNNapl0LlIU88NdKp4QOMMW9G+BGDBSQ/FdDv6GyWqKIgXf3bW75Ln6rQ84++nPJQO0ZspgZ zEFFdVr3Q7dU7iAdCHmJdL7hfOSmOgWimF8LAS27Fp/rnnALb7OyyKT14j18OmvvUEG8XeH+ 2+PZpHasWTZFcG2bw5qTEWd6MiXkX2Cvdlz+rTc2j+1v72Fg==
X-Talos-CUID: 9a23:eQyLZ2yXTCGoe/bCLxYWBgUrRcweSibti07+AHSTJHs4D77PFH25rfY=
X-Talos-MUID: 9a23:pIQycApYOCXeG+fhcpAezzYyFd1JwKf+M1gAl6wWq/uWOAhSZh7I2Q==
X-IronPort-Anti-Spam-Filtered: true
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-9.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Jan 2024 15:21:35 +0000
Received: from rcdn-opgw-3.cisco.com (rcdn-opgw-3.cisco.com [72.163.7.164]) by rcdn-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id 40PFLYGa026084 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <opsawg@ietf.org>; Thu, 25 Jan 2024 15:21:35 GMT
X-CSE-ConnectionGUID: vjsyU+0ySHWemWuN7Mrgzw==
X-CSE-MsgGUID: XqLkm0mPRUGXDlN5pGX0iw==
Authentication-Results: rcdn-opgw-3.cisco.com; dkim=pass (signature verified) header.i=@cisco.com; spf=Pass smtp.mailfrom=dcmgash@cisco.com; dmarc=pass (p=reject dis=none) d=cisco.com
X-IronPort-AV: E=Sophos;i="6.05,216,1701129600"; d="scan'208,217";a="10915122"
Received: from mail-dm6nam12lp2168.outbound.protection.outlook.com (HELO NAM12-DM6-obe.outbound.protection.outlook.com) ([104.47.59.168]) by rcdn-opgw-3.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Jan 2024 15:21:34 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iM39l60wzPa7J3YWt8ock0k5rmJ7HMWtTJFKDLIRocDNeLmLIbOzN239NyH6hD3R7AzyX4XlmEstMQQvSmNHXsR3eIV0Cdj28Jy/7UsPjir+XAld063gpEDIbZOP2FEDwfGh4YeFLPySWfm3tQrC0TQNQJ8WG+o/yu6Lbjyu1fvFzTWyEmi8PiRO9cWPSW7hyciS3jdoLhcd9uzVhFvDFgo3SQQ7xHtBpIaywg8q8EASTLQ+suWysXeQzElXqvlZkh4inL4taIXT/zswBBTjm11HySgmsbZqwm3TMhhKWsaIX+FKoUkYPwmSaXWBx1IaaQFsaJ//kPuR7SRNYtUtSw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zL0UBlFrndRxTnKJOkaJqvXCrgFaAdxH1v/qnXimGXo=; b=RI80cL4KRxFuAx8O+VNnGg4mlNyfAobDoSRYWO/Dgke2i0XqzfHKELHckjZbPWsYoZLqmOFFNtEL8DC9Ef10GnqGwOj8QC4htDVbEXobqLZlK8TPM2TRplOp4oYhQ/Wqv0nRu1xPts1mZjBaCHRYT5eiPcKVH+GkKyOg4rh9MgDv97WJhN3sOiUlBv1aCVBrnTQEuIrjrTt91RBD5yfmvHHVVowJtKJlkWg7wtewk/HqvF9L22cGMEErURp9IXagVGJdc+ktoXFmHt4Z0pQT8pPX4pH0icdDaTVqPNRUS5Y67u/YgkWoKQovY9x4XdtDbdCCFGavBiHmQZ+XzbQGSA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
Received: from BL3PR11MB6364.namprd11.prod.outlook.com (2603:10b6:208:3b7::12) by SJ0PR11MB5104.namprd11.prod.outlook.com (2603:10b6:a03:2db::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.22; Thu, 25 Jan 2024 15:21:32 +0000
Received: from BL3PR11MB6364.namprd11.prod.outlook.com ([fe80::b8bb:e689:57be:b8ca]) by BL3PR11MB6364.namprd11.prod.outlook.com ([fe80::b8bb:e689:57be:b8ca%7]) with mapi id 15.20.7228.023; Thu, 25 Jan 2024 15:21:32 +0000
From: "Douglas Gash (dcmgash)" <dcmgash@cisco.com>
To: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, "opsawg@ietf.org" <opsawg@ietf.org>
CC: John Heasly <heas@shrubbery.net>, Andrej Ota <andrej@ota.si>
Thread-Topic: Submission of new version of TACACS+ TLS Spec (V4)
Thread-Index: AQHaNPX0ejHHIV+6kEWYbEbyJeE0bbDqyWyQgAAP2AE=
Date: Thu, 25 Jan 2024 15:21:32 +0000
Message-ID: <BL3PR11MB63643F7618C1CF2823ED7324B77A2@BL3PR11MB6364.namprd11.prod.outlook.com>
References: <BL3PR11MB63644D3F5582B72ECC98B6BEB794A@BL3PR11MB6364.namprd11.prod.outlook.com> <DU2PR02MB1016022202D515B9E8B9B5F81887A2@DU2PR02MB10160.eurprd02.prod.outlook.com>
In-Reply-To: <DU2PR02MB1016022202D515B9E8B9B5F81887A2@DU2PR02MB10160.eurprd02.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Enabled=True; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SiteId=90c7a20a-f34b-40bf-bc48-b9253b6f5d20; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SetDate=2024-01-25T14:30:42.0000000Z; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Name=unrestricted_parent.2; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ContentBits=0; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Method=Privileged
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BL3PR11MB6364:EE_|SJ0PR11MB5104:EE_
x-ms-office365-filtering-correlation-id: 5152ef19-051a-4393-4d75-08dc1db94fa2
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: zK8aTF2RdVHR0Qkc8OfqoNTBsTM/QAqiYiIvehSGojYCQ3aRrSs9khBRODNUJdy4fnrH46o+wjop7hU5e4DVjJXibj6tL/en4cU9BiBvlM9eUPW7+dhKw+I4UxjUghNx4powwstfeCf113UoUAipaVttre/qj+IKK/k8XaF0WgDmrq/GUzsmc+VWsSsA9ynMe+jOu6GK5nW06oYlUcfGI/Ae1vwskC6DhS9N1JfAK7JuboPmDd+t5/oX8cKp4xT1wBAWmtEbfUDzCCrLBxJwKJKPEGR7rMkUIFuv8JKw/n5xIF4/GCRRUrkBN+yS6GDlhdJniXnaCAQ0DjClcKO8OTFiJwZ/D2nT9j487UzXZ81dFH3o2elzPXlfPlnBu3nD6m0pwWBbtYfb78ntNu+D79s7hulO9ouYAxXjVAXD7c1kfiE8/9Ad/jpRkoPN7SIWlauP5yoQDQYYwwpj8sbodeRF/Su6VyM8EdjHd/succOmHTDaH/0AhNr+Dx3lnkOTTvW819i4wwfIt2zCRQ1LDUjRNKAG8RAovYLV5GCo45mJw9ZGCdnzX/Wecsy0Dti9iP5VkMVfqMY3Ci8cAg2Fxthdw/9mSW53gZgHiVSlBO5PZ6auTGWU3C+PRmankokZicuj3BLLfOREirUvAeuIVQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL3PR11MB6364.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366004)(396003)(346002)(136003)(376002)(39860400002)(230922051799003)(230473577357003)(230373577357003)(64100799003)(186009)(1800799012)(451199024)(66476007)(66556008)(166002)(7696005)(122000001)(38100700002)(53546011)(6506007)(478600001)(71200400001)(38070700009)(86362001)(966005)(41300700001)(8676002)(8936002)(4326008)(9326002)(91956017)(66574015)(316002)(66946007)(54906003)(76116006)(5660300002)(64756008)(66446008)(52536014)(33656002)(83380400001)(2906002)(9686003)(110136005)(55016003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: DRmfixXvCXn61EAlIl4RBVS8ZHHin8Yja2eA05qgLez8P0F2GnByotjBR4DOW7qYzveNOfeXxfXU/W4F283VMaURFqp6yP9ML6oqVPU17a/vNbIUHPND/ws2eu4CZQ4PCHCqKK1Q7+2cdZC/9ofZDZ48kgcLqo0MCos4EIvwhoeXAyLHqf/Qbl+YiOGheZLceW8OhVBRAKwDDaQ7rokZqfXr5BNQHuh/NF+EgSEykmvqmLAMZGgVPM7AEormNqQapGRjA43E1sAQPnALhNyt/RLuLgRKI2wW3Yo5wy5H8tn/EDRxXxD3N07kqT3VFL725Ml8lYMhdP/bwKE4kA5YM8UikXLEgHwtcfWXUo++IHcBmm7oIe3UBUvSrpCw3Cuvm4yzZVgf1ee0MREp9AB9prl/M7OkJyW2iAB5a/FnhlWNTu95I3JsGS9jtw1LRH1Uz7l5INrikO4qQ+ihKYU03lKEW3a9tkZFnY0bIcujNb6/kNqrNYRblSxsJ8Wpeu6yWX21c73704vXlI6S3tGXeVWFQRKQ05clSfFGz31cx+abah7gka8c4AUaPYOHBbnYo9AVnu2jktXqJ7v4oqb7UDr7rcuBkm6f8vTU1PNJ2Z4x1q5hjfewu3gySIX5/ZQHnViYEiiHVy2P566NcmFpnq5bW1Z+eyoIhDv5CzludAnZ/XdGUCwiLmsOj5jHMheUboG2ngNeUMpZnEk91chHEZpZinC6Axd3mSbMMtrIgDpZQBRPSgeotgzl/7HxJ1wL0P8WUM2X3AFAi2vy22+RW+XMctb6yPUj/fzb6/gimwTh2EdQPKuceuNLw2oZKSaYcjndN4VsfFSfVLBjXKctvHyObGauXP4MuT+IrW5dR6MWraRE7yRr+Zr5Sm3g4CauPeeXxPOOAPwaTt+8IiETvYF3J6xrKPPKDfegol3nrAHIIxdzySWg5aA/bpidnXVsenkclYas/3NGGEI17IAExbY3s/vr4Gli/v+s0RQVotiyMmO1nDHTyLZvmF1CbzJ06wYClsBqkiLYpS9R64c1MS7GWq32+szwgcE+r0a1kLvolavDVswmTu7cKGXN07+h2DhV5dBc1hn2YYBIOJSAqiiKpsaV4qPe5dV2Y68z7/uho7iVSsBPFafW7vLvLgR+OoWmLoWaL6lOU7fagDLQ2zD4PWSJ3/uBV5TJZVMKMQ8PpxSXrUcLmmyDZgCBQ2vgwHdeZhn80XJqytt4VJb8JH3xO2IE7Rw9ki8KHwg6UW4kUt8COgYdlt7qmThgLke+Oaaf1yLh2LuBhfA1GP/MBbKUoLfTrPJJhpuRvHEPCBqBKZZU415QMD/cZgX32z089VDNRLmvcihi9Oplenjo+g2dpP07UKzfEZR2I8OsCI0/z6xDN29rj+WbzkzHlcDm4lQeEujRnWG3DR4SpN7HwTB5AiQbIMHo8ZSsPBX8Z2ig+rNjnLPH1IqOtyeQu+rCxQwSiPLoVaXaB28Wup+nyG8pxSyBjzfnyunUoKHmUrLQszvIqkS7x1sQ2Y2hi3SOfv3G0WLlmveYGc9ByHVwwWbWkUHO5DzEmooJGS9W5eoAI02xqgoiIpKF1DaTxaxMrM2n3W+5oDjTLbMRmcXZOUA3WF7McUKLjkjkUV+Yc1dXmW7QzWJzGPC+DrbRzzU0VNsfkG1teZgGhy0AS9fpNQ==
Content-Type: multipart/alternative; boundary="_000_BL3PR11MB63643F7618C1CF2823ED7324B77A2BL3PR11MB6364namp_"
MIME-Version: 1.0
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL3PR11MB6364.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5152ef19-051a-4393-4d75-08dc1db94fa2
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jan 2024 15:21:32.1633 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 5wACHGaGcPBXW9JKq5S8uaMVJ7uCm9W9OVtIPZkbCE7SYf0Fxi/GNVRJju1JXmrysRv/iIfshr9UYRzm73CQfA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR11MB5104
X-Outbound-SMTP-Client: 72.163.7.164, rcdn-opgw-3.cisco.com
X-Outbound-Node: rcdn-core-5.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/54kS-dQx1D4KNh3g7MZz5laZNWU>
Subject: Re: [OPSAWG] Submission of new version of TACACS+ TLS Spec (V4)
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jan 2024 15:21:40 -0000

Hi,

Thanks for your further review.

We will check through your comments against the latest version and identify the missing items, then continue this thread on what their acceptable resolution could be.

Thanks,

The Authors.

From: mohamed.boucadair@orange.com <mohamed.boucadair@orange.com>
Date: Thursday, 25 January 2024 at 14:34
To: Douglas Gash (dcmgash) <dcmgash@cisco.com>, opsawg@ietf.org <opsawg@ietf.org>
Cc: John Heasly <heas@shrubbery.net>, Andrej Ota <andrej@ota.si>
Subject: RE: Submission of new version of TACACS+ TLS Spec (V4)
Hi Authors, all,

Many thanks for your effort on this document.

I managed finally to read the new version. I’m afraid that some of the comments in https://github.com/boucadair/IETF-Drafts-Reviews/blob/master/draft-ietf-opsawg-tacacs-tls13-03-rev%20Med.pdf were not addressed or at least I fail to see how they are.

For example, I still don’t think that we can separate the discussion of the port number from how the IP address of the server is configured. I still also think that cipher suite discuss can be offloaded to RFC9325 (which btw should be cited as normative; also, please note that RFC7525 is now obsoleted by RFC9325).

Cheers,
Med

De : OPSAWG <opsawg-bounces@ietf.org> De la part de Douglas Gash (dcmgash)
Envoyé : vendredi 22 décembre 2023 17:54
À : opsawg@ietf.org
Cc : John Heasly <heas@shrubbery.net>; Andrej Ota <andrej@ota.si>
Objet : [OPSAWG] Submission of new version of TACACS+ TLS Spec (V4)

Dear OPSAWG,

Many thank for all the comments on the Secure TACACS+ (TLS) draft v3.

We have submitted a revised doc which intention to address the concerns and comments. It is rather later than originally planned, our apologies for the delay. We will look forward to addressing the corresponding issues form this revision in a timelier manner.

Some brief notes regarding the broader topics raised in v3, all items of course, are open for re-aligning as the group sees fit.

·      Regarding the allocation of a specific port, a key motivation concerns the pervasive use of default ports in current configurations. Ensuring the client implementations work correctly with default ports now TLS is introduced, to minimise burden for operators whilst avoiding wrinkles with downgrade attacks does require said new default port to be allocated, and we will explicitly mention this in a new section in the new doc. We hope this should help account for our request for an allocated port.
·      RFC9325 does look a timely reference, and we have tried to delegate what we can from the new TACACS+ doc to it.
·      Tracking the discussion on the deprecation of obfuscation option inside TLS, our current reading is that:
o  All TLS traffic must NOT use obfuscation.
o  Setting the non-obfuscation option (TACACS has a flag for unencrypted)  is mandatory for all TLS TACACS+ traffic.
o  The aim is to avoid any ambiguity and to remove MD5 operations from this level of the protocol.
·      We hope we have addressed the raised issues nits and ambiguities.

Best regards, the Authors.


____________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc

pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler

a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,

Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.



This message and its attachments may contain confidential or privileged information that may be protected by law;

they should not be distributed, used or copied without authorisation.

If you have received this email in error, please notify the sender and delete this message and its attachments.

As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.

Thank you.

v2.23.0 | Report a Bug | By Email