Re: [OPSAWG] I-D Action: draft-dahm-tacacs-security-01.txt
Marc Huber <Marc.Huber@web.de> Fri, 02 September 2022 20:34 UTC
Return-Path: <Marc.Huber@web.de>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7244CC1524DE for <opsawg@ietfa.amsl.com>; Fri, 2 Sep 2022 13:34:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=web.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sre_1zeanJpa for <opsawg@ietfa.amsl.com>; Fri, 2 Sep 2022 13:34:53 -0700 (PDT)
Received: from mout.web.de (mout.web.de [212.227.15.3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A8357C1524C2 for <opsawg@ietf.org>; Fri, 2 Sep 2022 13:34:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=dbaedf251592; t=1662150890; bh=oLGg5aQMo0z/vGq3sAMe70fPAIBJjB7hr8gvo/O+xaA=; h=X-UI-Sender-Class:Date:Subject:To:References:From:In-Reply-To; b=FW5o/ipNzfoepuyq08eBsHusYbPNh9BPNTHRR07hCTxo4NDdUJFz2QpM8fcgYEcS1 goqwiNtu/qo3i0VxPN2OESIdkYG+z7RPizVjhznilZlug00Xcw08gUFDzQqRb1OFGU Hd6FcKYTWLu76bJb+mU6jrG95loqrI4Iavr3F3ro=
X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9
Received: from [172.16.0.4] ([91.2.89.172]) by smtp.web.de (mrweb006 [213.165.67.108]) with ESMTPSA (Nemesis) id 1MWz8v-1osauZ285p-00XTe9 for <opsawg@ietf.org>; Fri, 02 Sep 2022 22:34:50 +0200
Message-ID: <1eb47b0f-c7ae-adbe-c2a6-d22de47ef944@web.de>
Date: Fri, 02 Sep 2022 22:34:44 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.13.0
To: opsawg@ietf.org
References: <D63D35A3-4C80-4B1C-8A10-24417A0C246C@cisco.com> <0C61F482-B737-47BB-9714-25276CB3A7FC@cisco.com> <67AF35DE-C169-44AA-B3A0-4B9E09F963E8@cisco.com> <312511FB-BEB4-4982-83B2-29E4701FC896@cisco.com> <2B8E54AB-E33D-49BF-8FF1-0D0E2886E313@deployingradius.com> <7EEFD91B-948B-4631-946C-A9F92F782F8C@cisco.com> <BL3PR11MB63648CF97D183A7801A92BBBB7799@BL3PR11MB6364.namprd11.prod.outlook.com> <16495.1661875439@localhost> <BL3PR11MB6364B7AFC943A5D83E371EA7B7799@BL3PR11MB6364.namprd11.prod.outlook.com> <21887.1661887249@localhost> <Yw5pkf2RnUqICs8d@shrubbery.net> <8083.1661895884@localhost> <be7ed931-8c40-419d-c87f-8be1d7b7c2de@web.de> <EFCB8ECE-E8CE-4E38-B278-6C3579509729@deployingradius.com>
From: Marc Huber <Marc.Huber@web.de>
In-Reply-To: <EFCB8ECE-E8CE-4E38-B278-6C3579509729@deployingradius.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:YCqUxQGL2iAc2CszJVkc9VIj1nPXT2iXYkqkzgq7y7yy8NE+9cq EI6mPMuKVjwNQO4dCcSJ0QAxjj/pllZDFk2ZT3A1wqaPXIwjFVMBTTs5y2bq1RYe6Bk6SwS TNCvHsDgAJZmKAqmWdJPdWWbwwmevOZOORGEsUIpYv4dtk4Ihnq/8Sx6uk+N3uwDMTDP22W GoEe1Rw3i8jw0DWKJm7gw==
X-UI-Out-Filterresults: notjunk:1;V03:K0:tIDJ5NUK/nE=:yNywNTB0TFJtQAcYNsiHqK ABd1FIVbXq9/Wxl56dcy4S+Bb7csiVR4OefYeF4W4MI5UDIIbmmsPNbmdFB0A7DlgSA9yd/a0 wg1UljXcvPJucjn1ZipAMcK9cOWUS6Z2B8Ajb1eH1XzbJJTvcKr8ZnpfO9y7JTuQsMYrtqvIY gtmWMQ+n7eAiZe8uEEC3KucI9sa9c72YjXYGBIuOWvHwetb2Ua6QHtTiRf4FZ6qjcyGJaRVJu 2hDISPEox4a3d6N1j8GLVrcdJ62sdh2mnjzhl22PZHtDM71wUbbsUZKnp9oHeCe5IXrvLIqb7 t++xNHburGbDoyhSrc+HTeRfF0XFyrQVa5OZ6/Y7Xao/xAdRa78iGn5sjdqWGPECPaMLHzojy mR4DLXs36kcFuGQ5du6xgxim+zaJ3jwn8TU3FULx9MlNENiAC3p6wq9ETUuw4aLfg+IYogwDK qzGFAhAh181wuAmfRrx7BBKQrZ8nVA5Uo1GnFaGFYVmM+Xex3fZdiu0/P8Bcv1HSnO+6BLN/5 hiLbgAgpJqklbYmRQE8uLw6hpYrl/R561hWcA53KgGp7goTvYhlk2Q7ys5dkT+nH3Hn+0ElYG eeIupDcx4zr2TfC6oisto+2SykQQjoemER7NPfpvFpT3boxTrdbwlhR3gyXGwQeU6kpJFzRb4 Uos+xynrkBXlB16ZzCdUejExghMoDIeKXtoMSR3qULq+zE7slfiljvaudDaU96OQhreLOiOAs Jkku7zeiO6NEPDhXd7OCs/6r3cpuYLAji6qM5luM/1sZTjYtdOwN6csaqMBPgldkKtbwBvTxg xGqOdmnIVEPPjnVuSKQTz4ty9gYPJVcxAB1RHW2N1B/3H57ZyGVtgy86+jp7VGAAMWvdTglC6 +r2T/GJfJBEmV9GZMk8HlGzY07jA7QjdNZrwwpWTDuDTPtiYrjgaY9khfqRj2bECPeFhPhOHm 7qK7blGPAbd22mSBAgIDbqLus/QXS3sMwFbXBLre4UmPQc39CtkNxAsmFOleNJoWx+6y2/nBx 0vg664AQjxpB+i9gyQ2V4VPXhUKCRJnLOVuA4zpIsVCvlvkD3cE7MheuhCLGvoodAqIu6rlEf urvAK+nOFAcaGYIn0UOR9ia2YgJyRLRpAmfZkhMNGi9ouccHICD3xTbl/narf7DhbixdMpPV8 cdbPX8k4hlSwJoBmw0A21RacUD
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/AOdwIsgcvJUlwYhJenfdUN4TMyY>
Subject: Re: [OPSAWG] I-D Action: draft-dahm-tacacs-security-01.txt
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Sep 2022 20:34:55 -0000
I've had a closer look at draft-dahm-tacacs-security-01 this evening. While I'm perfectly fine with the "Extended Authentication" packet formats, I think it would make sense to add these extensions to "version 1.2" authorization and accouting packets, too. @the authors: please consider adding that to the next draft. One thing I've trouble to cope with are the TAC_PLUS_*_FRAGMENT portions. Could you elaborate on any use cases? Cheers, Marc
- Re: [OPSAWG] TACACS+ information Draft Security R… Douglas Gash (dcmgash)
- Re: [OPSAWG] TACACS+ information Draft Security R… Andrej Ota
- Re: [OPSAWG] TACACS+ information Draft Security R… Alan DeKok
- Re: [OPSAWG] TACACS+ information Draft Security R… Alan DeKok
- Re: [OPSAWG] TACACS+ information Draft Security R… Alan DeKok
- Re: [OPSAWG] TACACS+ information Draft Security R… Joe Clarke
- Re: [OPSAWG] TACACS+ information Draft Security R… Blumenthal, Uri - 0553 - MITLL
- Re: [OPSAWG] TACACS+ information Draft Security R… Andrej Ota
- Re: [OPSAWG] TACACS+ information Draft Security R… Andrej Ota
- Re: [OPSAWG] TACACS+ information Draft Security R… Joe Clarke
- [OPSAWG] TACACS+ information Draft Security Recom… Douglas Gash (dcmgash)
- Re: [OPSAWG] TACACS+ information Draft Security R… Alan DeKok
- Re: [OPSAWG] TACACS+ information Draft Security R… Douglas Gash (dcmgash)
- Re: [OPSAWG] TACACS+ information Draft Security R… Douglas Gash (dcmgash)
- Re: [OPSAWG] TACACS+ information Draft Security R… Douglas Gash (dcmgash)
- Re: [OPSAWG] TACACS+ information Draft Security R… Alan DeKok
- Re: [OPSAWG] TACACS+ information Draft Security R… Douglas Gash (dcmgash)
- Re: [OPSAWG] TACACS+ information Draft Security R… Randy Bush
- Re: [OPSAWG] TACACS+ information Draft Security R… Alan DeKok
- Re: [OPSAWG] TACACS+ information Draft Security R… Randy Bush
- Re: [OPSAWG] TACACS+ information Draft Security R… Joe Clarke
- Re: [OPSAWG] TACACS+ information Draft Security R… Randy Bush
- Re: [OPSAWG] TACACS+ information Draft Security R… Alan DeKok
- Re: [OPSAWG] TACACS+ information Draft Security R… Randy Bush
- Re: [OPSAWG] TACACS+ information Draft Security R… Alan DeKok
- Re: [OPSAWG] TACACS+ information Draft Security R… joel jaeggli
- Re: [OPSAWG] TACACS+ information Draft Security R… Douglas Gash (dcmgash)
- Re: [OPSAWG] TACACS+ information Draft Security R… Alan DeKok
- Re: [OPSAWG] TACACS+ information Draft Security R… Douglas Gash (dcmgash)
- Re: [OPSAWG] TACACS+ information Draft Security R… Joe Clarke
- Re: [OPSAWG] TACACS+ information Draft Security R… Douglas Gash (dcmgash)
- Re: [OPSAWG] TACACS+ information Draft Security R… Douglas Gash (dcmgash)
- Re: [OPSAWG] TACACS+ information Draft Security R… Joe Clarke
- [OPSAWG] TACACS+ SSH Enhancements Document Douglas Gash (dcmgash)
- Re: [OPSAWG] TACACS+ SSH Enhancements Document Michael Richardson
- Re: [OPSAWG] TACACS+ SSH Enhancements Document Douglas Gash (dcmgash)
- Re: [OPSAWG] TACACS+ SSH Enhancements Document Michael Richardson
- Re: [OPSAWG] TACACS+ SSH Enhancements Document John Heasly
- Re: [OPSAWG] TACACS+ SSH Enhancements Document Alan DeKok
- Re: [OPSAWG] TACACS+ SSH Enhancements Document Toerless Eckert
- Re: [OPSAWG] TACACS+ SSH Enhancements Document Michael Richardson
- Re: [OPSAWG] TACACS+ SSH Enhancements Document Marc Huber
- Re: [OPSAWG] TACACS+ SSH Enhancements Document Alan DeKok
- Re: [OPSAWG] I-D Action: draft-dahm-tacacs-securi… Marc Huber
- Re: [OPSAWG] TACACS+ SSH Enhancements Document Marc Huber
- Re: [OPSAWG] TACACS+ SSH Enhancements Document Douglas Gash (dcmgash)
- Re: [OPSAWG] TACACS+ SSH Enhancements Document Alan DeKok
- Re: [OPSAWG] TACACS+ SSH Enhancements Document Douglas Gash (dcmgash)
- Re: [OPSAWG] TACACS+ SSH Enhancements Document Marc Huber
- Re: [OPSAWG] TACACS+ SSH Enhancements Document Douglas Gash (dcmgash)
- Re: [OPSAWG] TACACS+ SSH Enhancements Document Simon Leinen
- Re: [OPSAWG] TACACS+ SSH Enhancements Document Marc Huber
- Re: [OPSAWG] TACACS+ SSH Enhancements Document Randy Bush
- Re: [OPSAWG] TACACS+ SSH Enhancements Document Marc Huber
- Re: [OPSAWG] TACACS+ SSH Enhancements Document heasley
- Re: [OPSAWG] TACACS+ SSH Enhancements Document Marc Huber