IETF Logo Mail Archive

Re: [OPSAWG] New Version Notification for draft-ietf-opsawg-tacacs-10.txt

Joe Clarke <jclarke@cisco.com> Mon, 30 April 2018 14:25 UTC

Return-Path: <jclarke@cisco.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A131E1289B0 for <opsawg@ietfa.amsl.com>; Mon, 30 Apr 2018 07:25:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9cyqrYTT-1IA for <opsawg@ietfa.amsl.com>; Mon, 30 Apr 2018 07:25:29 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2419B128C0A for <opsawg@ietf.org>; Mon, 30 Apr 2018 07:25:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4643; q=dns/txt; s=iport; t=1525098327; x=1526307927; h=subject:to:cc:references:from:message-id:date: mime-version:in-reply-to:content-transfer-encoding; bh=fOQtLoMuRu3jQWYyCIai3Y+Db3GKCQiTgfM0/YqCQPo=; b=SyXVSS/2uU9Y5r3bqMigtCNHDBJBAOLquJ+E4MVwAbL3PWwhx1cOco8c O391uRmQKqLNV1Rrb9dD6zrRPohYrWuohHTJ31YzLFgpD0w9VIFCQiQ3v Ws726qunS57d/w11CkK13OcJ9hoOPBFK/MLEdxPgQu5I96h7yTh8AQgTs k=;
X-IronPort-AV: E=Sophos;i="5.49,346,1520899200"; d="scan'208";a="388632493"
Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Apr 2018 14:25:27 +0000
Received: from [10.118.87.87] (rtp-jclarke-nitro6.cisco.com [10.118.87.87]) by rcdn-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id w3UEPQNh032634; Mon, 30 Apr 2018 14:25:27 GMT
To: Alan DeKok <aland@deployingradius.com>, "Douglas Gash (dcmgash)" <dcmgash@cisco.com>
Cc: "opsawg@ietf.org" <opsawg@ietf.org>, Andrej Ota <aota@google.com>, Thorsten Dahm <thorstendlux@google.com>
References: <152377192104.19876.15168509162131379489.idtracker@ietfa.amsl.com> <3C57BD13-BD53-4048-8975-B0BDD92F2E57@cisco.com> <BFA0D798-621B-4A81-A92F-8B8EFA100E7B@cisco.com> <75CA4B77-5606-4C39-ACB7-F1BE0BD1962A@deployingradius.com>
From: Joe Clarke <jclarke@cisco.com>
Openpgp: preference=signencrypt
Autocrypt: addr=jclarke@cisco.com; prefer-encrypt=mutual; keydata= xsDiBDyDmj4RBADa/Icz5Xl+cJUGNxC/tWgXWqcA9VA8GN+PeqKhXS0BnVHntdsQxbpFUUKK 4ld0Zex/Rec1jgC/ikExJHHIee8ZVcHqP+tsWexi83/ZvEdzI95diBp2Is5fYp8P8hdIBNQS Ooc1jVYrTJUaZgJK2uBzbkh/WbipwsQbueRzXqPORwCgsPNrStLzqOpjrA7FdUz/JVQf5+8D /1SiKAOFiW4TxY+fS09lqiLs3mbXjvw23iQwLxje4vBd4+b9iAUWOsSretSKv6OE9ZlD4FYe a8HmMgEkuKfXGc8GvTq4J1uHZ0gcVbrBGmxAUBPPaAENYEJfJf7dcysKVAl14ZQVIvzAGJAZ HGuegD7uekGKnOEA61R3ze4aM2zNA/96I77l0qiMc6J7gXmiD5uxC7FsSCFj5sqTYMgBqzIY EZjU/tTUbth84xcRi4X0WNkaILqq1mOcBfmzQMvzG1n1CydmJU6iF1ewle6cIui9TQYg5CES rJF7xid4vVXRz+xi6hc1+0bSaoJa3sfpNrSSr0lKGdWHZozWdQjOvTMCXc1CSm9lIE1hcmN1 cyBDbGFya2UgKEZyZWVCU0QgY29tbWl0dGVyIGFkZHJlc3MpIDxtYXJjdXNARnJlZUJTRC5v cmc+wl8EExECABcFAjyuLU0FCwcKAwQDFQMCAxYCAQIXgAASCRBvaI+K/hTPhwdlR1BHAAEB 7U0AoICIVoBe9B8bo1lrvHh+UF7GY/WaAJ9C2mCThFrmqxCr2bCtR12UoPCPqs7ATQQ8g5pA EAQAqk1J4LBDLeWs6ZOkPDYYcKCSAu0qlzEf5YP/TcSeZcjJyXILgesFXcayoy1v7ILPQSXj 4p5uzRyn0fuGqiTvajjxMZz1aSkvgGyS+gc+PDmi4SJ2N/tX2isrul8MK+NGeUsLuZaM1JKh gKpq9yuu3D3ELG7ESga7xsOs1V/sSd8AAwUD/20XByIlsUUC/65KG/DQ1WfX2gNuy5If9tSP Q6h1Lno5Hv3ow3ktybIoQSxbcBo28nA/Gzg5NFGVkkqfOkH2xtS6V0K/WjzsrloBHCPFiKp2 yHpXfKubxl8yefQPTMj8hLwlBKrNiN1fz5/629TIkEwDwrUwHxQreE7FAzPMqHORwkYEGBEC AAYFAjyDmkAACgkQb2iPiv4Uz4cnuQCfX1zNrahRTWz/HRpF7ms8qZqzdOIAn1uuu6Jst43p DzanBHUOBzUP6ymA
Organization: Cisco
Message-ID: <e06318b8-9016-2c64-cb50-72e2d09310c7@cisco.com>
Date: Mon, 30 Apr 2018 10:25:26 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <75CA4B77-5606-4C39-ACB7-F1BE0BD1962A@deployingradius.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/SskzfEzti6gICiLij2ZkCErStm8>
Subject: Re: [OPSAWG] New Version Notification for draft-ietf-opsawg-tacacs-10.txt
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Apr 2018 14:25:32 -0000

Alan, T+ authors, and opsawg,

Sorry for the noticeable absence from this thread.  I've been focused on
some dayjob projects these past couple of weeks.

I have followed the threads, though.  I want to hopefully bring some
things to closure and get us all to move forward to come to consensus on
this doc.


On 4/17/18 11:07, Alan DeKok wrote:
> On Apr 17, 2018, at 10:15 AM, Douglas Gash (dcmgash) <dcmgash@cisco.com> wrote:
>> Initially (up to around version 5) we included just a very simple security section admitting that T+ was insecure and that the second document would address the issue. This was deemed to be insufficient, and instead the WG collectively determined that more detail should be added to enumerate some of the issues, you kindly catalogued some of these, providing a proposed text which we took to be a genuine suggestion for text for the document.
> 
>   Which it was.
> 
>   The point I've been trying to make for over a year is apparently still unclear.
> 
>   There was no excuse for plagiarizing the text in the first place.  Using it verbatim was fine, so long as attribution was given.
> 
>   There was no excuse for ignoring every single email I made to the list asking about this issue.
> 
>   There was no excuse for *continuing* to plagiarize the text for over a year, across four separate revisions of the document.

I agree this was not handled well on many fronts, but we can only learn
and move forward.  As a co-chair, I take responsibility for our part and
apologize it took this long to get sorted.  The authors have added
attribution to your excellent contribution and apologized.

I would like to consider the matter, albeit belatedly, closed.

>> 2) Reactivity of the Authors.
>>
>> As far as I know, we have responded to most posts regarding the content of the document, with point-by-point replies,
> 
>   No.
> 
>   See the list archives, especially May 2017.  There are multiple people suggesting that you have *not* done this, and that you *should* do this.

I for one have asked for a summary of changes when I did my last review.
 I did not see it.  There was a subsequent revision that did seem to
absorb my comments, but there wasn't a response to me email.  Typically,
when authors receive feedback, they respond in line to either ack or
discuss points (typos notwithstanding).

> 
>   See line-by-line reviews done by me, which were generally ignored.  Despite that, I did *multiple* such reviews, until such time as it became clear that such reviews were entirely unproductive.
> 
>> but there has been, for various logistic reasons, long delays in submitting the resulting new documents. Hopefully this has been addresses in last versions and we will continue with more rapid uploads until process completes one way or other.
> 
>   The issue isn't rapid uploads.  The issue is engagement.  It's not productive to ignore the messages on the mailing list for 6 months, and then to issue a new release saying "we fixed stuff".

Spot on.  One needs to engage.  I am pleased with the authors' attempts
to do better these past couple of weeks.  I want to see this momentum
continue.

>> 3) Change Tracking
>>
>> The uploads have generally had extensive changes relating to comments (which should generally have been summarized by previous email responses to comments). 
> 
>   Which I admit did happen sometimes, but not nearly as often as it should have.  Again, see mailing list archives from May 2017.  I'm not the only person who holds this opinion.  I'm just the main one pushing the point.
> 
>> Because of this, unless the updates have been for specific purposes (such as the recent update of the security section) then I would leave the changes to the diff tool which works pretty effectively.
> 
>   The diff tool lets us know what changed in the document.  It doesn't let us know if those changes addressed issues raise on the mailing list.
> 
>   To summarize:
> 
> * we have no idea if this revision of the document addresses multiple WG reviews
> 
> * we have no idea if the document even describes TACACS+ as currently implemented
> 
>   As such, it should not be put into working group last call, or much less published until such time as those issues are addressed.

I'm not sure what line-item changes are still outstanding.  Authors, I'm
sure you could look back at your revisions and spot anything that needs
to be addressed here.

I will be submitting an individual review of the new security
requirements soon, and I would like to see this renewed sense of
engagement on the list.

Joe

v2.23.0 | Report a Bug | By Email