IETF Logo Mail Archive

[OPSAWG]Re: draft-ietf-opsawg-tacacs-tls13: Debugging TACACS+ over TLS

mohamed.boucadair@orange.com Tue, 26 November 2024 12:49 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C5EBC14F699 for <opsawg@ietfa.amsl.com>; Tue, 26 Nov 2024 04:49:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nY_01vFtav1Y for <opsawg@ietfa.amsl.com>; Tue, 26 Nov 2024 04:48:56 -0800 (PST)
Received: from smtp-out.orange.com (smtp-out.orange.com [80.12.210.122]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57DC2C151076 for <opsawg@ietf.org>; Tue, 26 Nov 2024 04:48:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; i=@orange.com; q=dns/txt; s=orange002; t=1732625336; x=1764161336; h=to:cc:subject:date:message-id:references:in-reply-to: mime-version:content-transfer-encoding:from; bh=aJpPZ8hrunaeGKpHS1Nro+YeMOmb7NEOwP7Vw0Cvgto=; b=qU/cEanlgS4hUu1u4K2e3oNIWUxctFu+WaIb5ga4NcDluOLcFTxW3EmD g6ksqzT45shu/GkEbr5NrDumRXTbgknE+IZCaXL2F5tjGbo7L+jsf99q/ K9iUMz0QDM3P1EP/UCKW45s6as2Sz9LJyMJBeYCVTkeQKNJVLX+jUsNtw NjCOlDddXMluAGnsm+K3+RoaehvNKlU082DvBXOBqBROi34stPsP4FEcT B2bZLnLdbasRuV2x6FcTP/HXclWgP1gj+snTNUs6VtFtjH4/QM9SmUx3g ljfw4KJjaXj+d4x8FEVo8G1nwSaWnLsKxr5eiyzEy0VTbYutLiVFwh3gx w==;
X-CSE-ConnectionGUID: ztdVJ1+gQyezish6QMJWcQ==
X-CSE-MsgGUID: pJxthpvpQTqbEP+CLnlM5w==
Received: from unknown (HELO opfedv3rlp0a.nor.fr.ftgroup) ([x.x.x.x]) by smtp-out.orange.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Nov 2024 13:48:54 +0100
Received: from unknown (HELO opzinddimail4.si.francetelecom.fr) ([x.x.x.x]) by opfedv3rlp0a.nor.fr.ftgroup with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Nov 2024 13:48:54 +0100
Received: from opzinddimail4.si.francetelecom.fr (unknown [127.0.0.1]) by DDEI (Postfix) with ESMTP id CE5FFBC060F3 for <opsawg@ietf.org>; Tue, 26 Nov 2024 13:48:53 +0100 (CET)
Received: from opzinddimail4.si.francetelecom.fr (unknown [127.0.0.1]) by DDEI (Postfix) with ESMTP id B1EEABC060EA for <opsawg@ietf.org>; Tue, 26 Nov 2024 13:48:53 +0100 (CET)
Received: from smtp-out365.orange.com (unknown [x.x.x.x]) by opzinddimail4.si.francetelecom.fr (Postfix) with ESMTPS for <opsawg@ietf.org>; Tue, 26 Nov 2024 13:48:53 +0100 (CET)
Received: from mail-db5eur02lp2108.outbound.protection.outlook.com (HELO EUR02-DB5-obe.outbound.protection.outlook.com) ([104.47.11.108]) by smtp-out365.orange.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Nov 2024 13:48:53 +0100
Received: from DU2PR02MB10160.eurprd02.prod.outlook.com (2603:10a6:10:49b::6) by AS8PR02MB6839.eurprd02.prod.outlook.com (2603:10a6:20b:256::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8182.22; Tue, 26 Nov 2024 12:48:51 +0000
Received: from DU2PR02MB10160.eurprd02.prod.outlook.com ([fe80::c9a1:d43c:e7c6:dce1]) by DU2PR02MB10160.eurprd02.prod.outlook.com ([fe80::c9a1:d43c:e7c6:dce1%5]) with mapi id 15.20.8182.019; Tue, 26 Nov 2024 12:48:51 +0000
From: mohamed.boucadair@orange.com
X-CSE-ConnectionGUID: gJkBV+TISZGzkLQGOTBWSA==
X-CSE-MsgGUID: BeC3MNzkTeSAEACKRI8Niw==
X-TM-AS-ERS: 10.218.35.128-127.5.254.253
X-TM-AS-SMTP: 1.0 c210cC1vdXQzNjUub3JhbmdlLmNvbQ== bW9oYW1lZC5ib3VjYWRhaXJAb 3JhbmdlLmNvbQ==
X-DDEI-TLS-USAGE: Used
X-CSE-ConnectionGUID: 0+pzKBMcRgWXnM1gjJK2RA==
X-CSE-MsgGUID: cWieD+HySyW51lh2Ju2lew==
Authentication-Results: smtp-out365.orange.com; dkim=none (message not signed) header.i=none; spf=Fail smtp.mailfrom=mohamed.boucadair@orange.com; spf=Pass smtp.helo=postmaster@EUR02-DB5-obe.outbound.protection.outlook.com
Received-SPF: Fail (smtp-in365b.orange.com: domain of mohamed.boucadair@orange.com does not designate 104.47.11.108 as permitted sender) identity=mailfrom; client-ip=104.47.11.108; receiver=smtp-in365b.orange.com; envelope-from="mohamed.boucadair@orange.com"; x-sender="mohamed.boucadair@orange.com"; x-conformance=spf_only; x-record-type="v=spf1"; x-record-text="v=spf1 include:spfa.orange.com include:spfb.orange.com include:spfc.orange.com include:spfd.orange.com include:spfe.orange.com include:spff.orange.com include:spf6a.orange.com include:spffed-ip.orange.com include:spffed-mm.orange.com -all"
Received-SPF: Pass (smtp-in365b.orange.com: domain of postmaster@EUR02-DB5-obe.outbound.protection.outlook.com designates 104.47.11.108 as permitted sender) identity=helo; client-ip=104.47.11.108; receiver=smtp-in365b.orange.com; envelope-from="mohamed.boucadair@orange.com"; x-sender="postmaster@EUR02-DB5-obe.outbound.protection.outlook.com"; x-conformance=spf_only; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:40.92.0.0/15 ip4:40.107.0.0/16 ip4:52.100.0.0/15 ip4:52.102.0.0/16 ip4:52.103.0.0/17 ip4:104.47.0.0/17 ip6:2a01:111:f400::/48 ip6:2a01:111:f403::/49 ip6:2a01:111:f403:8000::/51 ip6:2a01:111:f403:c000::/51 ip6:2a01:111:f403:f000::/52 -all"
IronPort-Data: A9a23:FBMtxqyRwkdANJvPLzV6t+cywSrEfRIJ4+MujC+fZmUNrF6WrkUBn WIdCGHQa/mMajShL40ga9m+p0ME68TQnYJgSApr+S00HyNBpPSeCIXCJC8cHc8zwu4v7q5Dx 59DAjUVBJlsFhcwnj/0b/656yM6jfrULlbFILasEjhrQgN5QzsWhxtmmuoo6qZlmtHR7zml4 bsemOWBfgb/s9JIGjhMsf7a8Ukx5K2aVA4w5TTSW9ga5TcyqFFFVPrzFYnpR1PkT49dGPKNR uqr5NlVKUuAon/Bovv8+lrKWhViroz6ZGBiuVIPM0SWuSWukwRpukoN2FjwXm8M49mBt4gZJ NygLvVcQy9xVkHHsLx1vxW1j0iSMIUekIIrL0RTvuTLjFXUUFHJyM9hM3EwGNQX+MRUW1tno KlwxDAlNnhvhsqb/YjjEKxArJlmK8PmeoQCpntn0DfVS+48RozOSLnL4tke2yosgsdJHrDVY M9xhThHNUycJUEQfA5OTstmzI9EhVGnG9FcgFeSpaMy7mSVxgts27HhOdvPUtuQTMNakwCTo WeuE2HRXEhGZYfPl2rtHnSEjdDOkA+4eJMpBYLlr/pq2n+OnGgeF0hDPbe8iaLi0BLhMz5FE GQd/iMooYA++VSvScj8WRKiqXKFowVaUN1Ve8U69gel0KPY4g+FAXIfSTBdd9U8uYk9QjlC/ liRhNr2ChRuvaGbD3WH+d+pQSiaPCEUKSoOb3IJUBFdud37+thr3lTIU8ppF7OzgpvtAzbsz juWrS84wbIOkcoM0Kb99lfC696xmnTXZlZ2/hf0dEeu1AxGVIiAPoOqy3uB198Vee51UWK9l HQDnsGf6sUHApeMiDGBTY0x8FeBt6ft3Nr00Q4HInUxywlB7UJPaqhxzVlDyKpBN88FfXrla hLepBkJvptLZiLyPelwfp67DNkswe74D9P5W/vIb91IJJ9saAuA+yIobkmVt4wMrKTOuf5kU Xt4WZ/3ZZr/NUiB5GfoLwv6+eJ2rh3SPUuJGfjGI+2PiNJynkK9R7YfK0epZesk9q6Cqwi92 48AbJHXlkQDALyvPHm/HWsvwbYifSlT6Xfe+50/SwJ/ClU+QjlJ5wL5ne1+JtQ5wfg9ehngp yvlAB4DkDITekEr2S3RMSo/N9sDrL56rHkhOjcrM0rg0H85ee6SAFQ3JvMKkU0c3LU7l5ZcF qFbE+3ZW6gnYmqdp1w1M8KmxKQ8L0vDuO57F3D0CNTJV8U4H1SRkjIlFyOznBQz4t2f75Vh+ uP6iluEGvLuhW1KVa7rVR5m9Hvp1VB1pQ64dxKgzgV7EKktzGRrF8A1ptIKGZlWbDnpm36d3 QvQBgoEr+7QpYNz6MPOma2Ps4auFa15A1ZeGG7Yq72xMEE2O0K9lJRYXr/gkS/1DQvJFGeKP Y25DM0Q9NUAhl9MvIc6GLFupU77z8W6vKdUl2yIA12XB2mW5mtcH0S7
IronPort-HdrOrdr: A9a23:XXJa+6iTuFWEbftRuStB++wL7nBQX5N23DAbv31ZSRFFG/FwyP rCoB1L73XJYWgqM03IwerwQ5VpQRvnhP1ICPoqTM2ftWjdySGVxeRZgbcKrAeQfBEWmtQ96U 4kSdkHNDSSNyk2sS+Z2njfLz9I+rDun86VbKXlvg5QpGpRGsNdBnJCe2Km+zpNNWx77PQCdK a0145inX6NaH4XZsO0Cj0uRO7YveDGk5rgfFovGwMnwBPmt0Lm1JfKVzyjmjsOWTJGxrkvtU LflRbi26mlu/anjjfBym7o6YhMkteJ8KoMOCXMsLlVFtzfsHfqWG1TYczBgNnzmpDr1L8eqq iNn/7nBbU215qeRBDznfKn4Xic7N9n0Q6f9bbfuwqunSWxfkNEN+NRwY1eaRfX8EwmoZV117 9KxXuQs95NAQrHhzmV3amAa/hGrDvCnZMZq59ks1VPFY8FLLNBp40W+01YVJ8GASLh8YgiVO 1jFtvV6vpaeU6TKymxhBgl/PW8GnAoWhuWSEkLvcKYlzBQgXBi1kMdgMgShG0J+p4xQ4RNo+ 7ELqNrnrdTSdJ+V9M0OM4RBc+sTmDdSxPFN2yfZVzhCaEcInrI74X65b0kjdvaDKDh5/MJ6e r8uZNjxBsPUlOrDdfL0IxA8xjLTmn4RzXk0c1S45B4v7b7Vf7xNzGfSFchm8WtpOhaG9bcUf qoIp5aasWTX1cGNbw5rDEWAaMiWEX2ePdlyuoGZw==
X-Talos-CUID: 9a23:F2Ng5G4HiKdGb19mxNssrA0MCOMPV3bnw0jgJWrhBmRLa+evYArF
X-Talos-MUID: 9a23:YqmEbAmIwrgJDSHWIEOUdnppC8Zlz+eOGXscrshfv8neFzEqPzqC2WE=
X-IronPort-AV: E=Sophos;i="6.12,185,1728943200"; d="scan'208";a="61493868"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=DxovspjSrdq2Q1o06DJtBip2RMnOC5pUIC1kkd9kfGH+fvESdYjbcsR8m0wArT863J+yPvKx3ser/OZZ1AuJWBkw28froU/Qmcc/uBxjMLUUipqOuO+brZQ2uFn0YjSdp7VYyHbD/vLGEy4MfM214gyAWmam0D6iSb2ySEp5bo0u4zFR2kcAET/hWDviKgl5ZtVN50VegdJfQAIzq01yF1DMBw/oJ8K7Lk/Jrw3ek0W75IvNBYNr101r6EiaCHfUtKf/uxloXlxXmftVniJdCMnkapiyQtqaLfCo+eWyciw55UZ+aqT+S4ODQRIa2usXNJtzRKLIZ3WPWBei56He9Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Iy5Dk5QEmB63q/gAQ2BJP4MLWiE5qMjRhGZYhECBsG8=; b=JHV67MRcibRpI8H6a351Dz7JdOxtsWrsP2iBbZn8OsZftHYrqbx1G2VqwSAnZJGVzwgIvUeBLCMZ9yoi0gvD+LrKv+UvYcO7vx3REWSfT62i8zjPgCfKhXmuemnMsjjHznEOw9tjuxqQvTd8Zrtn6uW5ergDJS6+X/gKsN0LufhmO12bHYy6aAcYtN7Wq0whl3DoFaGJDcX8b5AZTbYjLkP/zW19I2P2BwiAFu0dSJWIqw4ZhJmf57NJieiD4GZxKy2CH16lISxYoIlP6EmHCAk6Mp+KMaa4REpfTUWBYvKqcFmofn6t/O2bZfBZ1YE63yTBs+1WejoVVz517+D2yQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=orange.com; dmarc=pass action=none header.from=orange.com; dkim=pass header.d=orange.com; arc=none
To: Alan DeKok <aland@deployingradius.com>
Thread-Topic: [OPSAWG]Re: draft-ietf-opsawg-tacacs-tls13: Debugging TACACS+ over TLS
Thread-Index: AQHbQACPHTuHcks1pUWdcsWUAB7bdLLJgm2g
Date: Tue, 26 Nov 2024 12:48:51 +0000
Message-ID: <DU2PR02MB101607E1164AD33012C7F8DE1882F2@DU2PR02MB10160.eurprd02.prod.outlook.com>
References: <CAA7Lko9cmE2t0i9h0vTV0JwUAdSagLg9U=TOkPkVXpxNhPTMGA@mail.gmail.com> <DU2PR02MB101601D475162B87BCC2F0D00882F2@DU2PR02MB10160.eurprd02.prod.outlook.com> <5C6DE7FB-49C8-498A-A7F2-25ED9290D904@deployingradius.com> <DU2PR02MB10160BECC52D6CA30B51E95FE882F2@DU2PR02MB10160.eurprd02.prod.outlook.com> <FEBA4AE3-F35D-4841-868C-C876DB1A68CE@deployingradius.com>
In-Reply-To: <FEBA4AE3-F35D-4841-868C-C876DB1A68CE@deployingradius.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ActionId=a2f2886e-471b-4af0-ad81-18b7a639d13d;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ContentBits=0;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Enabled=true;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Method=Privileged;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Name=unrestricted_parent.2;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SetDate=2024-11-26T12:48:19Z;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SiteId=90c7a20a-f34b-40bf-bc48-b9253b6f5d20;MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_ContentBits=0;MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_Enabled=true;MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_Method=Standard;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DU2PR02MB10160:EE_|AS8PR02MB6839:EE_
x-ms-office365-filtering-correlation-id: 3f773fde-b04a-4823-1198-08dd0e18ae04
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|376014|38070700018;
x-microsoft-antispam-message-info: Sck7MQfeeGiNxll7GIgisI1WJFivQioz/yf3/xAq9k9cSGD2N5bqUL4NmYzeyvDsUNrfMpfYsVUFR5f2mS8E1r/VaMIzo+Znf2c0lXdfjD4pQwufvnFnwx8cASjdtkivp3PQGx/cLDBu2RsP5VMaTa+jLeWutp4mRdu3M//P/IiwnoFrkbIdMvMcc1iMBMg4V6eXbSPJw1cEsyAQ4Kiryk+oikDjLOWkT1Lx0WLYROqXbdMke7RLyyHVx7dF1U9vDNxPDbkEbgO/uUjBGKdqU5L7vyeFcwbu1L6/SvbDUL6/n9m36DzhRBH5uUINVoPlztVtVom+5vgyg4dY20SOwWQ+iOaZ7yPmqiWYJ/V5cvvCm+loFXHXLePhN9YH5FQ6NKKzeyIpfgsqXHqJJaGmMogWsc78dyUMNgGoBJ2aFdEgvBgL1H6RDjIM2O6GLwNCFzgLuRbMChkhtjyCUqNgaQ4xguGjncOY+kn1D6wpgtheFGvHkGz7NduwwCFA1MQhdfcS8Ppsujv97a1YMaKz2cZLV/bS4hZvkpzx1aRPEvxZphAt5SRMBxMfdXaE8PeSunYkYSLl40J1EVghxD5WDOduACZvrSRf8lIix9MFkv8jKtgOywYhUWhkXjpYxT4MiTOGwlHgX3ggXpv/WSvfIQBi1WH92QIG0IpDe4eNXxg3m52SXnzHHblYageqOqiDhfbIzUoLmRTnaF0YFjf1ceZm209kNJ/9PhViyd3Yb/jlblFjtuFcB3cE7XLiWElQd9gQJx4n4sK5VyqONQfByKhFdWNEBPko9dF94LNgoIjYGMw9wKrHPyOPuP1eYQOOHTt0V7GYfeOVWDrVc0o2Lop/lASEx/cxNFHm0JIcrA5/3V/QeqmxBPZA3OkK7e1LLQGf5aSIL4i3+6gyXXZN0S3HV+dRtlQrQRIZCTDWYZXoR8Acj66AEMoiqhiMX9QP6Ct3Z3QBTMQrfm9C58aapvYAP4BwlMrr8AuhzXtNw1wDoZinRcmmdPuJeXFL8xbqe3Gk/6xvsPPClxz5vdxaS1RdISUjeOCdqVfFLJCzNFf9LvrqA3wgIftH6Ol0OOPgnEbBKHYihb6T6O6hrsdac5lHWeRPvWUJBZZ/dHjdUHDbehwovcg/xlCiMdRNaTxrp4t+Iu1RFDCsnSOEiX+LPCGwf8r1SSG8vPn7nk9IGgVJEKgEJG5IvvH+0F1RL0Ky5raUhOC74dlqK24UwKvCfx9JoXkPkY0XQwAPm7qbVYaN71X+sMsW4ocWlrLsDuPzqnyvF3/qTkzDji9MjuBdvp+op9cHoJfdJqEPKxK0CSPH8KlO8+Zh0xvlpKkRrtMQiYDCa3hNdhVOSl4Fd9UXHGO3qsIceSoGwIp1cMmIr1Q=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR02MB10160.eurprd02.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 8JPGhZi+uI4exdumGQ1WiewNn8cnianUdrNMbhuNMXW6NJ1HILm4bbxPHxCmUfA9iP/VL8fOlnmn6Q46+bBR9PyVfLBkDBWW3RWUN57hKCNwdT62joHKERM22K17dHVBY0r2QDj+UOosXMmqybkm6awuDN/0tgIEIpqjIq+Xx28k+aiyZAh8BIKSB/7OACD/dbul6Wp54Mn0p2BXjaHn7Yx4esZyy5pvzQM0V8hpJpLJLkSMKsGfieIICJPOwwHHfQjqES/Kb/Ed09tPxSYkOVgGk7IZkACzNMzbYnnX9VeK+i36s6H6p5hhmGx1H9a5Rd13W+Mk2fRGjk1eOgQvtATNNesOU9WxiKmOCu9KazJra9+3TRLs9JDp1fzgcTA7lujgEuwKeGCeuXtv1DiOpqW3FpnMrdCjG67DmFj6nYZS0CPR0DFm908uWOEmcfyXyprWKqB4zyRZDgbGknp2kdzduHgttH1/nfXDFjXf7yQQ40D7JQv8bAcCJzJqOqq89tSKdIGc1Ux6E42BW+ocwvokRYHqYpcTFd3B3KXmqp81Za/TMj0+J1feFEEkZDusBB3PDpXZ6v9puFK4GIoEnuXh5vwuJ+T7O5mcbA9c6XkRRQYzPgmXKztjL9nKEHFnV5Of+P8YD0zs0P4ttk3E4ZPx+4LV9rRvdJmHvwX+bIBOdo1LpmxIqPt540Dfmhfjl7SkreTydnyl+76ZJlp4i+UN7e8LkbkrG3eUyn8/MWj7LP0S8nuT314000dJ++ZGlAgh7nTgqeq42EMzyK4WZY3Du1tfMNJZrBqD0YeBNvj0RSOLoxxuYsBtFNqv66cJ4vMyFkfnvRGKPt+DRkik2r6mdnGG45H98EmKuzyrjy3DOMPElsNmyDgAp0jMMMpGuxOVJI5uyt45TZlCitvC6b++ZhXWGFbHsuFQKYelD2K1rEFW/5B2ct+eZYcolRlnVG6USN95FHLGwU5mkQZDiABZ/t+NAJoI1HCeadnPv2lvTXUHY8cKdOtLyDqtAZRxY9HPBZ7n6/pocg12+kegNFWqag/5/1tN5rb8lRkV0RQWhwWjPvl3XFbJj/8Eo165/Uxk6AyT7ev2oZIj/3Wd6C7fB+hPTUCwviT1CQNTImYb2RhaVlkaz5dkAw4++ypNJPQg8S53+iNAul8dFcgYlEWI0PKh5ACeMX2UXbksDA+9vl6ccCSDCeajDgYYmoT0748cuVvCiBMVgL4C5uN/SlrYJPjnPl0pjZyKfUookexJSHMCTzbIAHnJBM9Fjw+fYZ2zmqfwQE7WTQYqE+0agaM8DXKO3L98fo7eUWrDA4Ewjm+RoDhToXA3jyuoK9C7hofbd5EptvQY6lcPuZIcYXvft27GMPxnNd+rVHwUrPg+8ySZvgCVCDSe18ND5pvRdBf264/P6y1l5CruIB//qb5r+KezwUpuMGAsBpRjSJoFYYz7YyZtUBWrb85jRWWIDY7mWOD3woBH6SaY25m3YRq0EqGfTWVlKO2yj6b9i07C91e2BfDiu2hUpSj/n07mNvWkVwPlHjUWXDrDszjMa+TarOo6kugmxsQIThrUtoaCje+Y9qYK4N+m7LwhoqfZOIT2laAwqRu6ScRWE58qeA==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
X-OriginatorOrg: orange.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU2PR02MB10160.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3f773fde-b04a-4823-1198-08dd0e18ae04
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Nov 2024 12:48:51.7563 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 90c7a20a-f34b-40bf-bc48-b9253b6f5d20
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ZQdr7J4NPPWGFv+xs4tDgltQvsLvU3EJiGxJZWRwiD6TbIcd4NS7sJeyxJ/vCE4BpEuFiL0p84zNkptPui2iTiFj1iqPHLjZqgEc8SLVhUI=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR02MB6839
X-TM-AS-ERS: 10.218.35.128-127.5.254.253
X-TM-AS-SMTP: 1.0 c210cC1vdXQzNjUub3JhbmdlLmNvbQ== bW9oYW1lZC5ib3VjYWRhaXJAb 3JhbmdlLmNvbQ==
X-TMASE-Version: DDEI-5.1-9.1.1004-28820.007
X-TMASE-Result: 10--25.788000-10.000000
X-TMASE-MatchedRID: gzVbiXtWD9vaYagUwgwslB1kSRHxj+Z5QR7lWMXPA1vdCxlfwuOfWoRM yN/ppM4ndIuVqEWA4CHYhqBQAIFb/U9dh3PRYVY1Be3KRVyu+k2oQhzKjuRd9dGMGYFaxr1EeJH w3i94qT0YEqVZTC4aRtuVtM9m5SYZQ0GHvtRkDzW4ZyHbEX52c29OLiEGcnHNBQ2tO1vzKA3L9L J0j3xlqSSyknyt3zKsmU1f6JygJlA6s+CwDIvtUZ+stJjZFtGkTJDl9FKHbrk/gf7afIrQU4ytc TfY0Fk57zwVyz3W3hy4zhsny32nLPh5cxaw7VEM6/++lLC6DG5I/RC05YKo2CxMw0FMkBlZoXt0 5Nacb+9cwgrJFDkEP19cHVjHRLjeNISJkp4/5GsapIb9znReA0oeFpA88br+jmHKJbyQlpCIm0c tI5FyGeLzNWBegCW2XWqJYTxN2ANfMDNvhnsk69IFVVzYGjNKWQy9YC5qGvxfysTmYHtv9sdwGu KIm8sZC24oEZ6SpSkgbhiVsIMQK2u5XqFPzjIT8jF0kHc8YvQ=
X-TMASE-SNAP-Result: 1.821001.0001-0-1-22:0,33:0,34:0-0
X-TMASE-INERTIA: 0-0;;;;
X-TMASE-XGENCLOUD: d787603f-4034-4ee3-a38e-efd868775b12-0-0-200-0
Content-Transfer-Encoding: base64
Message-ID-Hash: TZF4KPLDYQJOTVXCKALWQEJC2BPS6VTG
X-Message-ID-Hash: TZF4KPLDYQJOTVXCKALWQEJC2BPS6VTG
X-MailFrom: mohamed.boucadair@orange.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-opsawg.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Heikki Vatiainen <hvn@radiatorsoftware.com>, opsawg <opsawg@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OPSAWG]Re: draft-ietf-opsawg-tacacs-tls13: Debugging TACACS+ over TLS
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/RpstFYI1dVcLnOm9Hb_FjXmkmnE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Owner: <mailto:opsawg-owner@ietf.org>
List-Post: <mailto:opsawg@ietf.org>
List-Subscribe: <mailto:opsawg-join@ietf.org>
List-Unsubscribe: <mailto:opsawg-leave@ietf.org>

Re-,

Sounds like a plan :-)

When that work is started, I'd recommend you set it under: https://www.rfc-editor.org/info/bcp195.

For the specific tacacs+ case, citing BCP195 instead of RFC 9325 would allow us to inherit these guidelines in the future. 

Thank you.

Cheers,
Med

> -----Message d'origine-----
> De : Alan DeKok <aland@deployingradius.com>
> Envoyé : mardi 26 novembre 2024 13:42
> À : BOUCADAIR Mohamed INNOV/NET <mohamed.boucadair@orange.com>
> Cc : Heikki Vatiainen <hvn@radiatorsoftware.com>; opsawg
> <opsawg@ietf.org>
> Objet : Re: [OPSAWG]Re: draft-ietf-opsawg-tacacs-tls13: Debugging
> TACACS+ over TLS
> 
> 
> On Nov 26, 2024, at 7:27 AM, mohamed.boucadair@orange.com wrote:
> > I'm afraid that we need to handle this globally (e.g., in UTA
> WG), not for every application.
> 
>   I agree.
> 
>   I spoke with Eric Vyncke in Dublin, and explained that while
> RFC 9325 is good, RADIUS and TACACS+ were having similar issues
> with TLS.  i.e.. The TLS RFCs largely describe what TLS does, but
> are somewhat thin on how applications can use TLS.  The RADEXT WG
> has spent substantial time digging into a number of issues, and
> updating drafts with what we've found.
> 
>   His suggestion was the same as yours: This needs to be done in
> UTA.  He also pointed out that as someone involved in RADEXT, and
> as co-chair of UTA, I was the ideal person to write this
> document.
> 
>   The good news is that much of the necessary text is already in
> the RADEXT drafts, so perhaps the work isn't as large as it could
> have been,
> 
>   I'll try to find some time.
> 
>   Alan DeKok.

____________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

v2.46.0 | Report a Bug | By Email | System Status