Re: [OPSAWG] Error discovered during AUTH48 processing of draft-ietf-opsawg-tacacs
"Joe Clarke (jclarke)" <jclarke@cisco.com> Mon, 14 September 2020 20:26 UTC
Return-Path: <jclarke@cisco.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC5983A0E8A; Mon, 14 Sep 2020 13:26:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.62
X-Spam-Level:
X-Spam-Status: No, score=-9.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=IO104WNB; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=dFpddbsO
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BCEjjNYJ3jlZ; Mon, 14 Sep 2020 13:26:06 -0700 (PDT)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFD893A0D44; Mon, 14 Sep 2020 13:26:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1243; q=dns/txt; s=iport; t=1600115165; x=1601324765; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=j5Y3lXzHgriBybFbRhobRfdPWG/TVmPdC1jUdJCpP54=; b=IO104WNBHMfqYUHJRxa8ICnjyFPwTzsdRQQs6JjtHjWVWWYd/QfARAq/ 46HXAq1mLetxbuxrfFWoaMQK5mnvddl4+oA62QgUcoXUKsl/X86y88Q67 QiriQtkL3aXRaV0ad83L7iW7T0vrKaE0FIdf3B9Cr3cXmBiNUOiHQ93zs U=;
IronPort-PHdr: 9a23:5TQEgheyR9zeiVbzcAg73f7mlGMj4e+mNxMJ6pchl7NFe7ii+JKnJkHE+PFxlwaQA9fY9vdNkeuQta38CiQM4peE5XYFdpEEFxoIkt4fkAFoBsmZQVb6I/jnY21ffoxCWVZp8mv9PR1TH8DzNF7Pp3So7HgUFwmsfQZwL/7+T4jVicn/3uuu+prVNgNPgjf1Yb57IBis6wvLscxDiop5IaF3wRzM8XY=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BzAAAy0V9f/4UNJK1gHAEBAQEBAQcBARIBAQQEAQFAgTwGAQELAYFRUQeBSS8sCod1A41umHKBLhSBEQNVCwEBAQ0BAS0CBAEBhEsCgigCJDUIDgIDAQELAQEFAQEBAgEGBG2FXAyFcgEBAQECARIoBgEBNwEECwIBCBgeEDIlAgQOBSKDBIJMAw4gAattAoE5iGF0gTSDAQEBBYUxGIIQCYE4AYJwijsbgUE/gTgcgh8uPoQDOoNKgi23CgqCZZo9Ax6gbK5og1kCBAIEBQIOAQEFgVUBOIFXcBVlAYI+PhIXAg2OH4NxilZ0NwIGCgEBAwl8jkMBgRABAQ
X-IronPort-AV: E=Sophos;i="5.76,427,1592870400"; d="scan'208";a="561250186"
Received: from alln-core-11.cisco.com ([173.36.13.133]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 14 Sep 2020 20:26:04 +0000
Received: from XCH-ALN-003.cisco.com (xch-aln-003.cisco.com [173.36.7.13]) by alln-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id 08EKQ3V9017401 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 14 Sep 2020 20:26:04 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-ALN-003.cisco.com (173.36.7.13) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 14 Sep 2020 15:26:03 -0500
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 14 Sep 2020 16:26:02 -0400
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Mon, 14 Sep 2020 16:26:01 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=V7kf09ZHHnRC+mwOdrx6NNJBLcjpq3GP0S4glfeMlBLE8oWVOl+RP/BifCOAJyRrAbPKxPAGNy4DZXLGaksfb0l8LO+kOgrAkUJ5ekB02q6fy2LjhqDmqkzxtgN5CrG70TJzAFrvNtGXWmk1MwnJXImttuU355094RDAQcedE6Z1ZqRxD73dMw1gugb44DoqVCOwdcPGhyVdzw0jivVngFHBb2OAZxKwBOHixsY66nGNKvw8MqRel5lgil+708zzl5raIXKrWwYfdo6u0YfYdjsW+oKIsXmZNJdrMefQw+xiwDqlYBYzw+EDvwwDPFNGM4SOSs2TluBvLQLw/XdO/w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OB53+6b7Zy7kxIfh7IesUQ3aWChag8pBLxzHBkA6o58=; b=LSwcJC0WBIr27rynhiquQlQeCm7WvhnHWaLLidx633G2lCvdlwq3Z0GSAxdhLPuE2N+I26kDEx1rjR1GBEKXw0insx7Xp271TM4VSOsF4r/lxcXX8qXSpFFibZyQhEtojP22GRv7B15FUvTg7MlhpoJO219E1ynnvIRoHVNEUgR9+3i56kERl1XXYCAE+FgvRZLEmV55t4IXW0ZlltIbr/XmI7p0VT9VQil+iP53SSvjFBbV6FIvfBS+68n9kYGkSapRn/V3ZIk6rYaODmO+lz2UwqVBGZkEEZjuNwVZDLE951/pbrBJQp/wgIOuccb+B9yfQtzMqtC4bslnja4GEA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OB53+6b7Zy7kxIfh7IesUQ3aWChag8pBLxzHBkA6o58=; b=dFpddbsO5Z3BcL8zXsDCvMiV7ugJ/NW1XY9NHzp52dX3Yn0e4eyR9qx43FgxhtTAx9xgc9KxTNYdng0fH+zxCEUu2KmLFj5lobQtuqiPtSCmoAwWSsr1KCms578dmkXl8Q1FaX+7Y2o2wNgRPZkIha4sgppHo6uNo37T15YGdfU=
Received: from BN6PR11MB1667.namprd11.prod.outlook.com (2603:10b6:405:e::12) by BN6PR11MB4113.namprd11.prod.outlook.com (2603:10b6:405:77::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3370.16; Mon, 14 Sep 2020 20:26:00 +0000
Received: from BN6PR11MB1667.namprd11.prod.outlook.com ([fe80::5142:3a35:18c2:75c2]) by BN6PR11MB1667.namprd11.prod.outlook.com ([fe80::5142:3a35:18c2:75c2%8]) with mapi id 15.20.3370.019; Mon, 14 Sep 2020 20:25:59 +0000
From: "Joe Clarke (jclarke)" <jclarke@cisco.com>
To: Warren Kumari <warren@kumari.net>
CC: opsawg <opsawg@ietf.org>, "ops-ads@ietf.org" <ops-ads@ietf.org>, OpsAWG-Chairs <opsawg-chairs@ietf.org>
Thread-Topic: Error discovered during AUTH48 processing of draft-ietf-opsawg-tacacs
Thread-Index: AQHWitOMSb0capO/CEC8hShDc32cr6lolNyA
Date: Mon, 14 Sep 2020 20:25:59 +0000
Message-ID: <DEC33E8E-E9F8-4C49-A5F8-CDF50CF53C40@cisco.com>
References: <CAHw9_i+mE2JZFtgdBnKi4tcRL7Z6MQ391vq1fZftP9c9p6XcfA@mail.gmail.com>
In-Reply-To: <CAHw9_i+mE2JZFtgdBnKi4tcRL7Z6MQ391vq1fZftP9c9p6XcfA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3608.120.23.2.1)
authentication-results: kumari.net; dkim=none (message not signed) header.d=none;kumari.net; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [173.38.117.86]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c743c940-f540-4367-ca97-08d858ec64d2
x-ms-traffictypediagnostic: BN6PR11MB4113:
x-microsoft-antispam-prvs: <BN6PR11MB4113A6F25E86144D41793CBBB8230@BN6PR11MB4113.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: KJk7opn7H4m4FjViUs2g9eO9yZYujfrFnKb2ajRqh8ftLDcR320VNh71hXQucX+csxOr9sqHvdiuO6YUd2+NfqBhszGJtrNvsBPC8wcLD+eS0uVl6Nd+yzQHb8VJxvmgOcYPWD/d3XjwlqhYaCHA6O8JfXEIP24FeZA8PhKqisgMYIeRyxd2PhJsk7Rpkes8nSzBm+ICGD3NfAKMd5XOmAqiij/jXJ4XWO9DEYEMc1OIM/UfEdRSB2i2j1g6oasxQYq1NFddJoNzbWQuaaseNn8MfJ6hvPPcznxYQGPQSmkGcy3/Yscge/QtTg/FRyANMtT5XLbiRk76wFVc15F7vA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN6PR11MB1667.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(39860400002)(376002)(346002)(396003)(366004)(136003)(5660300002)(478600001)(33656002)(83380400001)(6916009)(71200400001)(8936002)(8676002)(54906003)(6506007)(53546011)(64756008)(66446008)(66556008)(66946007)(66476007)(186003)(26005)(86362001)(2906002)(316002)(36756003)(6486002)(6512007)(2616005)(91956017)(4326008)(76116006); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: EtxLUXWsA42wJVYgFpziLW7mJTDEa+w/Xvg11+48tlOKwGax73D/NBvFG0BxkvDRVjhbxya23ZtV4X7h9oTHj9KT5BQr5bSsBdetEW/n7k1Im6wwllUhB4MEFL0BYVnH3KFXewrWPPEtb3tFcBbtK/1JIN4e/szcI4scbC4ZwrVINz2qZkZmCJsvcoDzCUwgE3sh1crnlhbfPxQNMksaDYrTR62T9Ky2rON1qx97tiYgPisrXTGxA23F3dZyYZKXUussj2k3lcin17Renil8Mx/QTB8/qCrHd+Y+aPqL1TubwpPycHCNin41khJKF+6YPW6nAwkKFJX1vAVBwKsq7Rz9NxLMN1Dr3n6vyn9Q9SECKUFKRQQ27EjipHAcQithAhVwEMxdj3pJBnUa6so477jVPGu5vEYFq74KKJe7OVFlukQwo7FVd4jWtp9y1KJ/wu51l/6CT0WcacnVO4FP64k4IVPB1RErZ9bllxMMlUAIQeoIiOg6vIule4+g/l5zeTL9pFP/shLLKieSok16f8jKiVH1w01cMIQ8+wm8/eyQrcVoGYXj9UqnB0KvVVlTxo/oZs3lCf5ZIgOJoTkAmEugthzep6rVBhsXNUnKzYjvVtTmfA16l7gBf5dzpQrZ3Cvx8nuIlxD+64r/QNC6Ew==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-ID: <98EE6F09BF74B84E969A98A41E6B39F0@namprd11.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN6PR11MB1667.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c743c940-f540-4367-ca97-08d858ec64d2
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Sep 2020 20:25:59.9477 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 4IDjWpuXRZaBrzCtzabZFio47J/lV3fYq+mMwvxxbUfCgB5kAxm/Yic5EERBT4jBq/P9v/mO5HCSnmZLS02UVw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR11MB4113
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.13, xch-aln-003.cisco.com
X-Outbound-Node: alln-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/FUTgkYxCTtzJogx4NcPQ4ZNk7dA>
Subject: Re: [OPSAWG] Error discovered during AUTH48 processing of draft-ietf-opsawg-tacacs
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Sep 2020 20:26:10 -0000
As a contributor, I think the new text is much clearer and seems both correct and a wise thing [not] to do. Joe > On Sep 14, 2020, at 16:12, Warren Kumari <warren@kumari.net> wrote: > > Dear OpsAWG, > > During AUTH48 processing of RFC 8907 (draft-ietf-opsawg-tacacs) we ran > into something that was clearly an error: > Original: > As this information is not always subject to verification, it is > recommended that this field is in policy evaluation. > > We are planning on replacing it with: > Updated: > As this information is not always subject to verification, it MUST NOT be > used in policy evaluation.: > > > The original clearly makes no sense, butas the correction flips the > meaning from what was written when approved, I wanted to let the WG > know. > > I'm planning on approving the "Updated" on Monday Sept 21st unless I > hear a clear and compelling argument why not... > > W > > -- > I don't think the execution is relevant when it was obviously a bad > idea in the first place. > This is like putting rabid weasels in your pants, and later expressing > regret at having chosen those particular rabid weasels and that pair > of pants. > ---maf
- [OPSAWG] Error discovered during AUTH48 processin… Warren Kumari
- Re: [OPSAWG] Error discovered during AUTH48 proce… Joe Clarke (jclarke)
- Re: [OPSAWG] Error discovered during AUTH48 proce… Randy Bush
- Re: [OPSAWG] Error discovered during AUTH48 proce… Qin Wu