IETF Logo Mail Archive

Re: [OPSAWG] I-D Action: draft-dahm-tacacs-tls13-00.txt

Alan DeKok <aland@deployingradius.com> Fri, 08 July 2022 15:56 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AC34C14F747 for <opsawg@ietfa.amsl.com>; Fri, 8 Jul 2022 08:56:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gf0EEkhzEcHZ for <opsawg@ietfa.amsl.com>; Fri, 8 Jul 2022 08:56:46 -0700 (PDT)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F02C4C157B53 for <opsawg@ietf.org>; Fri, 8 Jul 2022 08:56:26 -0700 (PDT)
Received: from smtpclient.apple (bras-base-stsvon1503w-grc-35-70-26-170-197.dsl.bell.ca [70.26.170.197]) by mail.networkradius.com (Postfix) with ESMTPSA id 0487D5ED; Fri, 8 Jul 2022 15:56:22 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=deployingradius.com
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.100.31\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <YshSG8MJiRtDK0wC@shrubbery.net>
Date: Fri, 08 Jul 2022 11:56:21 -0400
Cc: "Joe Clarke (jclarke)" <jclarke=40cisco.com@dmarc.ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>, "Douglas Gash (dcmgash)" <dcmgash@cisco.com>, Andrej Ota <andrej@ota.si>, Thorsten Dahm <thorsten.dahm@gmail.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <1E6DA99C-E0C2-443C-A45E-EFDB71739751@deployingradius.com>
References: <165423057408.3428.4172200321096081956@ietfa.amsl.com> <YpmPnrFIGF67oDXJ@shrubbery.net> <BN9PR11MB537175FDD5A21A975272685FB8BB9@BN9PR11MB5371.namprd11.prod.outlook.com> <YryWSpLvE7X4E11H@shrubbery.net> <BN9PR11MB5371D497D5FFE940E37DC1A9B8BA9@BN9PR11MB5371.namprd11.prod.outlook.com> <Yr302mhZNxs/Mf3n@shrubbery.net> <YsdI9bKCHJsWy2/B@shrubbery.net> <BN9PR11MB5371BA7E85E49364FCD821DAB8829@BN9PR11MB5371.namprd11.prod.outlook.com> <16DC90D7-6A3F-446E-903C-CA4E0FA9051D@deployingradius.com> <YshSG8MJiRtDK0wC@shrubbery.net>
To: heasley <heas@shrubbery.net>
X-Mailer: Apple Mail (2.3696.100.31)
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/H4-frS20wxA5OMct1KU-kwmhqu0>
Subject: Re: [OPSAWG] I-D Action: draft-dahm-tacacs-tls13-00.txt
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2022 15:56:48 -0000

On Jul 8, 2022, at 11:49 AM, heasley <heas@shrubbery.net> wrote:
> There are no other additions in dahm-tacacs-tls13, only deprecations
> related to adding TLS.  Perhaps you are thinking of the original composite
> draft, which we split by request, or the second draft from that split
> (dahm-opsawg-tacacs-security).

  Yes.  I've checked the tls13 draft, and it has addressed my concerns, thanks.

> The next version -f dahm-tacacs-tls13 *will* add one thing, a status code
> that is necessary to fulfill Joe's request about handling the deprecation
> of the unencrypted flag.

  That's good.

  Alan DeKok.

v2.23.0 | Report a Bug | By Email