IETF Logo Mail Archive

Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs-tls13-03.txt

mohamed.boucadair@orange.com Wed, 05 July 2023 15:04 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 323F9C151996 for <opsawg@ietfa.amsl.com>; Wed, 5 Jul 2023 08:04:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.093
X-Spam-Level:
X-Spam-Status: No, score=-2.093 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fRL2kfXEaDQT for <opsawg@ietfa.amsl.com>; Wed, 5 Jul 2023 08:04:09 -0700 (PDT)
Received: from smtp-out.orange.com (smtp-out.orange.com [80.12.210.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D6A0C15108D for <opsawg@ietf.org>; Wed, 5 Jul 2023 08:04:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; i=@orange.com; q=dns/txt; s=orange002; t=1688569448; x=1720105448; h=to:subject:date:message-id:references:in-reply-to: mime-version:from; bh=uArUsG6CSDpFN9lhCRQd9UfSs/PFQRq4f1O+e/tSZnc=; b=BSawHoofsjkNr0pax8S84pED59e4fKXuFLfipHrCZaXyUo9LLA++5Osz zjn+tgplj70XGTa0jQLdCzuVVzJ3VVk4aHIVr5OsptAHegbJD0VMomBpU IhgC5qGUshYuVy/kgW3kTOty8+/2GRQT2RfFqy8PGK3fzi4pUuBOEKpqd c2OOWQYgSyHjeupYwunmOurRRTwgfaffVdzMIzBCTwb6U3coqMuEFNB+8 vAUHPpe/nWo8KaSL3ZQbw83nS0fPQpxthJ/LP5yKhYLg5LkQMzHnAc0SE StvnyW5edl39zztuNcdmPe5STSWRXXgF/e4RM8sBVrdHuY0+YnpoT+02K A==;
Received: from unknown (HELO opfedv3rlp0b.nor.fr.ftgroup) ([x.x.x.x]) by smtp-out.orange.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Jul 2023 17:04:06 +0200
Received: from unknown (HELO opzinddimail2.si.francetelecom.fr) ([x.x.x.x]) by opfedv3rlp0b.nor.fr.ftgroup with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Jul 2023 17:04:06 +0200
Received: from opzinddimail2.si.francetelecom.fr (unknown [127.0.0.1]) by DDEI (Postfix) with ESMTP id D79F7D2D52A4 for <opsawg@ietf.org>; Wed, 5 Jul 2023 17:04:05 +0200 (CEST)
Received: from opzinddimail2.si.francetelecom.fr (unknown [127.0.0.1]) by DDEI (Postfix) with ESMTP id B4B2AD2D5413 for <opsawg@ietf.org>; Wed, 5 Jul 2023 17:04:05 +0200 (CEST)
Received: from smtp-out365.orange.com (unknown [x.x.x.x]) by opzinddimail2.si.francetelecom.fr (Postfix) with ESMTPS for <opsawg@ietf.org>; Wed, 5 Jul 2023 17:04:05 +0200 (CEST)
Received: from mail-am7eur03lp2235.outbound.protection.outlook.com (HELO EUR03-AM7-obe.outbound.protection.outlook.com) ([104.47.51.235]) by smtp-out365.orange.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Jul 2023 17:04:05 +0200
Received: from DU2PR02MB10160.eurprd02.prod.outlook.com (2603:10a6:10:49b::6) by AS2PR02MB10437.eurprd02.prod.outlook.com (2603:10a6:20b:644::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6565.17; Wed, 5 Jul 2023 15:04:04 +0000
Received: from DU2PR02MB10160.eurprd02.prod.outlook.com ([fe80::58f3:64de:5ef8:aba]) by DU2PR02MB10160.eurprd02.prod.outlook.com ([fe80::58f3:64de:5ef8:aba%5]) with mapi id 15.20.6565.016; Wed, 5 Jul 2023 15:04:04 +0000
From: mohamed.boucadair@orange.com
X-TM-AS-ERS: 10.106.160.162-127.5.254.253
X-TM-AS-SMTP: 1.0 c210cC1vdXQzNjUub3JhbmdlLmNvbQ== bW9oYW1lZC5ib3VjYWRhaXJAb 3JhbmdlLmNvbQ==
X-DDEI-TLS-USAGE: Used
Authentication-Results: smtp-out365.orange.com; dkim=none (message not signed) header.i=none; spf=Fail smtp.mailfrom=mohamed.boucadair@orange.com; spf=Pass smtp.helo=postmaster@EUR03-AM7-obe.outbound.protection.outlook.com
Received-SPF: Fail (smtp-in365b.orange.com: domain of mohamed.boucadair@orange.com does not designate 104.47.51.235 as permitted sender) identity=mailfrom; client-ip=104.47.51.235; receiver=smtp-in365b.orange.com; envelope-from="mohamed.boucadair@orange.com"; x-sender="mohamed.boucadair@orange.com"; x-conformance=spf_only; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:80.12.66.32/28 ip4:80.12.210.96/28 ip4:80.12.70.34/31 ip4:80.12.70.36 include:spfa.orange.com include:spfb.orange.com include:spfc.orange.com include:spfd.orange.com include:spfe.orange.com include:spff.orange.com include:spf6a.orange.com include:spffed-ip.orange.com include:spffed-mm.orange.com -all"
Received-SPF: Pass (smtp-in365b.orange.com: domain of postmaster@EUR03-AM7-obe.outbound.protection.outlook.com designates 104.47.51.235 as permitted sender) identity=helo; client-ip=104.47.51.235; receiver=smtp-in365b.orange.com; envelope-from="mohamed.boucadair@orange.com"; x-sender="postmaster@EUR03-AM7-obe.outbound.protection.outlook.com"; x-conformance=spf_only; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:40.92.0.0/15 ip4:40.107.0.0/16 ip4:52.100.0.0/14 ip4:104.47.0.0/17 ip6:2a01:111:f400::/48 ip6:2a01:111:f403::/49 ip6:2a01:111:f403:8000::/50 ip6:2a01:111:f403:c000::/51 ip6:2a01:111:f403:f000::/52 -all"
IronPort-Data: A9a23:XR9f0aLfr8UD4ODTFE+R/pIlxSXFcZb7ZxGr2PjKsXjdYENS1WcHy DRKCjzQPv+Kamv9eIgiao7n8xtU6sXQytdrTQZorCE8RH908seUXt7xwmUcns+xwm8vaGo9s q3yv/GZdJhcokf0/0vraP64xZVF/fngbqLmD+LZMTxGSwZhSSMw4TpugOdRbrRA2bBVOCvT/ 4uryyHjEAX9gWUsbTpJs/jrRC5H55wehhtJ5zTSWtgb5Dcyp1FNZLoDKKe4KWfPQ4U8NoZWk M6akdlVVkuAl/scIovNfoTTKyXmcZaLVeS6sUe6boD56vR0Soze5Y5gXBYUQR8/ZzxkBLmdw v0V3XC7YV9B0qEhBI3xXjEAexySM5Gq95eXCySYg8er7nbLSH3h89BxEBo2NJQhr7Mf7WFmr ZT0KRggUyrb3Kef5e3+TeNhwMM+MMPsIYUT/Gl6yi3UBuonRpaFRLjW4dhf33E7gcUm8fT2P pJFL2YwKkmZJUcUZz/7C7pm9Ausrnz4czRdpV7Tr60q6GHfxQ1r+L/3Odzad5qBQsA9ckOw/ D2apDyiWHn2MvSB0Rq6okmpv9TMlArCV5s1V7iHsdF11Qj7Kms7U0RNDgPi+5FVkHWWWdlbI lYX939y9aMz70esCNL6WjW0pXeetVgdVsZeVeog52mlzbLP6hmWLmkJUjAHb8Yp3PLaXhQv3 16N2trsWjFyquXOTWrHrOzJ6zSvJSISMGkOIzceShcI6MXip4d1iQ/TStFkE+i+idid9SzML y6i/AJioIcYte8w2p698GDinC73ppHQd1tgjunIZV6N4gR8bY+jQoWn71nH8PpNRLp1qHHQ5 BDofODOvYgz4YGxeD+lHb9WQ+z4jxqRGGGM0AEyd3U03271k0NPa7y89xlYAC+F2O4tfCT1b VXfsAY5CHR7ZSPzN8ebj6qXDN42zeDAEtDhX/bYBueij7B0fQ6DuShrOkONxTi2lFB2y/pif 5CGbcyrEHAWT7x9yya7TPsc1rltwT0iwWTURtbwyBHPPVuiiJy9Ge9t3LimN79RAEa4TOP9r Yw32yyilUw3bQEGSnOLmbP/1HhTRZTBObj4qtZMasmIKRd8FWcqBpf5mO1xK9A0wvgOzL6To xlRv3O0LnKu3BUrzi3bMhhehE/HB8kXQY8TYXN0Yw70hydLjXiHtftHKMFqFVXYyACT5aUtF KJdIp/o7gVnTzXM4TMGapfh5IVwaQ6m7T9izAL0CAXTi6VIHlSTkve9JlWH3HBXUkKf65Fiy 5X+jVmzacRYGGxf4DP+M6/HI6WZ5iRGx4qfniLgfrFuRakb2NIycXCq3qVucphkxNeq7mLy6 jt6yCww/YHly7LZOvGQ7UxYh+9F0teSH3a220H20Izubmzz2zXmxoVNFuGVYTraSWX4vr24Y vlYxO39N/tBm0tWt417EPBgyqdWCx7HuepB1go9dJnURw3DN1+iCiHuMQpzWmllwaVQvwS7H EmI/7G2/J2Xbdj9Hgd5yBUNMoy+6B3MpgTv0A==
IronPort-HdrOrdr: A9a23:3YlKl6/0l2BfA+3olFJuk+Hmdr1zdoMgy1knxilNoENuA6+lfp GV/MjziyWUtN9IYgBfpTiBUJPwJ080hqQFkLX5XI3SEjUO3VHCEGgM1/qZ/9SNIVybygcZ79 YeT0EcMqywMbEZt7eG3ODQKb9JrLbogcLY4Ns2jU0dMT2CA5sQsjuRYTzra3GeMTM2fqbRY6 DsnvavyQDQHkj/aP7QOpDmZYX+juyOsKijTQ8NBhYh5gXLpTS06ITiGxzd8gYCXyhJybIC93 GAtwDi/K2sv9yy1xeZjgbontdrseqk7uEGKN2Hi8ATJDmpogG0ZL55U7nHkCEprPqp4FMKls CJhxs7Jcx8517YY2nwixrw3AvL1ioo9hbZuB+lqEqmhfa8aCMxCsJHi44cWADe8VAcsNZ117 8O936FtrJMZCmw3hjV1pztbVVHh0C0qX0tnao4lHpES7YTb7dXsMg24F5VKpEdByj3gbpXVd WGTfusoMq+Q2nqKUwxjVMfmeBEmU5DRitud3Jy/fB9FQImx0yRgXFonvD31U1whK7VA6M0lN gsdJ4YyI2nQqItHNBALfZETs2tBmPXRxXQdGqUPFT8DakCf2nAspjt/dwOlayXkTMzve0Pcb n6IRhlXFQJCgjTINzL2IcO/gHGQW27UziowsZC54Jhsrm5QLbwKyWMRF0njsPl+pwkc4Lmcu f2PIgTD+7oLGPoF4oM1wriW4NKIX1bVMEOoN40V1+Hv8qOIIz3se7QdurVOdPWYHoZc3K6Bm FGUCn4Jc1G4EzuUnjkgALJU3eoYUD79YIYKtmTwwHS8vlFCmRhiHljtb3i3LD/FdRriN1DQH dD
X-Talos-CUID: 9a23:MduJPGsReGE52wUhAircgDd86It1WCH6/nzoAnS1MmBkeJiKVQSQ8bpdxp8=
X-Talos-MUID: 9a23:2cT9IAqUUZUf9UAPLosezy96FPg42KGXM0MEuKwJou7HMBM3FCjI2Q==
X-IronPort-AV: E=Sophos;i="6.01,183,1684792800"; d="scan'208,217";a="2743032"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iy/v7e+Jn24QE1+giEg/tHsabrARsRhYHrBEMCyLSjR9c6xadord40v1TtT+2aIFYmh+i2kyZzIe0JqcZNn5FdgBHZhgxy628ig5OutmGWksZpkBs1k/jAk7GGdiJxzE+qDr+X2b3QnEddmi7LO1uEkwZn1QoMSraMK7wCq/HqGnrwOpuQ/gEI4l5c7Or5dz/NE64+nu69EczFk06ubTyGOi5pRptQCEb+hA/7seq5YVr0bOMVsL8whruW6I+TH3eb7o97MrjOWU64ynZcHZUqWZ9y7iinhEDcjtfwd9A0KEqjhLbmbsa9sUdiLdDrJAEsbRcpKSRcpLEBfbMt1zog==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JHJ9Ya9wL4KzQtfgUSNHYrc2QiATd7Z3hilHpjPmYr8=; b=LUMQJTYiBKtqDe810OV9lEofnYk3lEyF/4jAcb9gDTyQ9FFtZWU8HrnYskxaXV+mZe5eHdm2M0Z3TIn0xdNjD1z85rlZ4ZaqCcIVxCLftuWWCtBkCwiGuUpLZ5wCxwbwkPfn4En06VWqbH8eJEEfzJO8Zl5sy9bvWJ71dUVMBSo4jbmwHs3PrqS/Flky2sdoSzqZMAPr/ssvaL1PRdWqvG5SMLrqc6BNE5tYB+QPe35uKVAKc/iKtUNUDcaSSoD5nUrYQGuTM9Ue86lVV25akxZbzAnVJ+GH98wnd1ZTkTVPhLQw5ypaYmPTqcKDr+ND4dm90bQU3DksElT10SGB4A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=orange.com; dmarc=pass action=none header.from=orange.com; dkim=pass header.d=orange.com; arc=none
To: "Joe Clarke (jclarke)" <jclarke=40cisco.com@dmarc.ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>
Thread-Topic: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs-tls13-03.txt
Thread-Index: AQHZqpnQi7GkEw7UXEuuj7Oe45XXqq+rQtf7gAAHCmA=
Content-Class:
Date: Wed, 05 Jul 2023 15:04:03 +0000
Message-ID: <DU2PR02MB10160503322FB68A7CBFA3988882FA@DU2PR02MB10160.eurprd02.prod.outlook.com>
References: <168805050611.46147.7135705558590726585@ietfa.amsl.com> <BN9PR11MB537112089669BC32EF2C0772B82FA@BN9PR11MB5371.namprd11.prod.outlook.com>
In-Reply-To: <BN9PR11MB537112089669BC32EF2C0772B82FA@BN9PR11MB5371.namprd11.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Enabled=true; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SetDate=2023-07-05T14:47:52Z; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Method=Privileged; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Name=unrestricted_parent.2; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SiteId=90c7a20a-f34b-40bf-bc48-b9253b6f5d20; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ActionId=0ad8fe0a-0d92-4049-aaab-54780b4fe042; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ContentBits=0
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DU2PR02MB10160:EE_|AS2PR02MB10437:EE_
x-ms-office365-filtering-correlation-id: bd61d681-aa58-4766-d2cf-08db7d691295
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: /I0LqJpQM/8ivYTas6+JiKtDa4M8S6CulpRD8zhbOLCjOXgnq+8ovzEOKsl+/380NygIz+su7Kwbp4U54/GSUcTLPnUJAvWyjQx2kIpR6GYH6PtPopJULkqqSGHbavmmJ0Nuj3i7IuNNldTdrZ9vfRa4kK8/Izf51jSwD0EZ5JCrtE7/0pLN5h08ilG7bOCNmnaObRnFgBr5KmXQhvoxuO7rii9w9nnHIEg0InIJvH5O37MhsPnhp7Q8HArMGHCXUjUYgyv+kUoHnHDYsoNm1/uysq4+x3nMVct8Ton4ctkdCsFp6s/CPendBuS7lI4uUUNifXzKXTdm8oSUfo64HzVL9Wx7hL94Wm/JySwLgRQeseWPxkfJKIsgRdS77RMD0L0N4bxK5xXNLntcbP7u9U4UHvCdOh8zcN7bGD4BTv/UC4qAVXiJmxjiE1h5Bwq/y2hwVmu1t/UCyOemMAQCUbCfgmx908oLQ6yrVRLQ4YYTfnTaVuRnnNs8GvqYwgzCil1albMZGYCI7JF1xhCDhScgKOfucD4URLsW23xa/HLEQ25j3zcxRBlkP4NkzoM7R93E7hKwPMU421APQdYxhtBDsipO4mtSICB+Fz2b7ABfpDzXiGXNWkf6VuS8NG3Ef3xwB+FAvjNEsyofcg0r/Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU2PR02MB10160.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(376002)(39860400002)(346002)(396003)(136003)(366004)(451199021)(5660300002)(38070700005)(166002)(122000001)(186003)(38100700002)(71200400001)(66946007)(9686003)(966005)(76116006)(66476007)(2906002)(7696005)(86362001)(66556008)(478600001)(316002)(66446008)(64756008)(110136005)(6506007)(26005)(53546011)(83380400001)(55016003)(8936002)(8676002)(41300700001)(33656002)(52536014)(66574015); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: BcRQRvlQDxtWWdcwL5XqSry/XBR7hRXaHj1fOYR0MqxtuMJ3Ty3fhJLlvzLRED8q9oZ7c0oh3+dVaddaGjBBVAjuZxG206XlC4PrjTBs/DIiTE3VBeDQGJS/+RFeofTdHm0mlHXxVjMa2FbCuz3Luvg1ark4dqSIEb+oU05xV30TVsSr5r3me2AVrHGXPktFnFDU/PkJJ2vU/av9vZkwYml3P1EIDIBy4BOVupxtXohS4WGnjp03oyjRB5MoVjxFk3K6EZxqpQZ86JSPs9lwzKwVhq+vM1G6qyzWGPqtaRr4+hkuKEG/11IO3QTowd4VJauWlAcWLYlq71kWwJIDJPWc1abercNsShdC1+hyoFDeeVsHpsN+gKEg9G3RGBMscZ2WLmEQ/u6LBLVCPLDhClRV8G8WcoWLhxXgfxWCpG3EMPq9Eud2Byg0IUsxs6YiB7/Y3PK3ZWQmNeH72yONJJLHvlXPqOZ6Gxyhnq1N53XGI8ihX1CDZisTuI447bjqnVZW1a73WovCHa/xl/KzN+eIUL+LGtRm+cjwtMMon0CuaZEBUJPMTwcvCLrFPOapd/21VTWw+zdze+V2hSCAjfOXFpUKUahRVQ1j+Lqezg9tdNE0eWwN89NQPRiHgXTIjkQKCdrr/LZU745s9GtAY2MEg3R72tQan+9fJMLKvYoh4rdBhO2rs1VsLm/KHSk889yTCKf+QWAGbkag34TxiVn5Y0dzbl/QxIKRlwjoZy6v/7WTYhsc7h0m+Fwk92y6t9kQTe4ZoftD+ZodYAMPi0zIoTSuwQg60EEBDAkzs6AHliR4M8/32gaCoFmW/DTrRMKtwcEhQ4eO5C4OKj6Ty9gh+zZDdDT1sm0nJxlj3YTEXo3GxyHYQ+0nUoUEB65MqJdrtNBOtE7hMjc9cuG+Ymi7/87fl/tOcITbdRyk687j2yVv+CYOuo2hOkaiADV+BxjBKE9YaMoirFeHNkd8HT+vcBCZjTpnFEgf21vEXv0/ngAPUMDJXXEXqtaasz/NrbipAClPhWSwnied03H28ABFrof/HXUxoK+PL67f0y802L+9F3IUDts75Ox3Rkkza4RzVNXOUSIyfnaQMW+iL1xYUZcr5pIti6FISyywDb/qbYOhZO4rEAHAJaiy9giLYzINea9y0MVU39+ld298QPN6nTBfoBzvInYqu513aSORC4OtYHYRGtL+0wJteJN7X5FPQJYeYgv5VwpwSz58RYxOwGq4ox5bQkLKquZAH4IAFBinmmIbICLnLwbGkKXQiy9swWUXYFuYoPTKT/QtJuPoljJuBIjOh8iljMfjfMQj5FZvV07tJDVuvL48mdivUS/9JkuiIBiUk9yrbGcxqo3rekDo2jYvT35nvfhaG2XqsrtJkQiu/mRLeCJbm+0Ocxd9tgBr5955pc67Ha5iqCiribDwojAjovClvzTCbzIqyYF98d9i8FDpeU/cVYCV1kjDY2JnhSO0e3CpN9AhkNiz1VD/65jgI+Vm7/rQNUBPpjICDEvh+cbr2pBtPzkLuTy5sQyCk1ev2MufaQkKrMD+naWqeXCiTkNRzmkg1sarKqoVK2L4CL+2iIvMfoljxaFikx6cMoXzd3lCN9m1Iw==
Content-Type: multipart/alternative; boundary="_000_DU2PR02MB10160503322FB68A7CBFA3988882FADU2PR02MB10160eu_"
MIME-Version: 1.0
X-OriginatorOrg: orange.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU2PR02MB10160.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bd61d681-aa58-4766-d2cf-08db7d691295
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Jul 2023 15:04:03.9405 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 90c7a20a-f34b-40bf-bc48-b9253b6f5d20
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: tUaLIB05c8yS3ZeeQcvJFCxoA5kv3KadwsWDZWegyhzynMhKd623TZaC6+q3SsgfKec3+XSxf3A2t4k+DzqoVjrPJZXuoERphrAW/lkn9ns=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR02MB10437
X-TM-AS-ERS: 10.106.160.162-127.5.254.253
X-TM-AS-SMTP: 1.0 c210cC1vdXQzNjUub3JhbmdlLmNvbQ== bW9oYW1lZC5ib3VjYWRhaXJAb 3JhbmdlLmNvbQ==
X-TMASE-Version: DDEI-5.1-9.0.1002-27734.000
X-TMASE-Result: 10--32.865200-10.000000
X-TMASE-MatchedRID: 7u3eoxEoplDyCZGzF+DOCY92uekb9JH9olVO7uyOCDWu2GmdldmiUK0G JL2EV5pM+MDYhfPaDFwu++J5cVTl6grMpYa2eQcfhFdVIh1DFPmOtWfhyZ77DikDYTG6KmZagCO zL6v7C+fFM5JRLAEmlFafBRDsN6GPomJ6lqgT9hqSlJbFK+uaF5+stJjZFtGkfkuZtv/FS5qBAX l9LkPp6XtCowv/AitKceyfeJ3+b5zmD0/n9mv+d2UlOh2o2oTO5jpYq8oRllO49IoBojnioT3jh zzlBjmIqHC+QmJ4xwLP1hd0ZMHSA/pOefjYFHOmtq3zrla59SW8coKUcaOOvdwCa7XGp562KIhc odY8l2FvGSQljnHkk3MhZktxc5RtMcbeuoCmGSDuNO1zKrjbZgzrPeIO/OIHF2jIWUnlRQyaSMe TgfswONO82lWRIPgzQzuTy0U3YQEt6TN2Cs0owkiHeXNaI0jjRcGHEV0WBxAHw3hIDAYijkZ0dy V63Pj0Amx9TjFccOmLEz+ztWo6vFqiwVJPzWtLwwlfdSm9NBFO5y1KmK5bJW6Pap1MPdtHcFfbH Ro0Wfe6J6b6k54FE4DAbaZpdAwgSaVfaxxV94825XOhnouJ5RuurbgYp+HQCCo+lsDuynVWIjPH gtaVHPdIm8S+G8+gLsvndq11AZKbVVXilP6Qq/CDFvXZFmYyYeSLiGsUzvlU4sxFq6igEVCd7VO gbE3oc0v9j9D2TcmGM6cm519w3e0fJ4Xl3ClR5SB5uUeEexrG+nS24MzHeZKLNrbpy/A0TL7Uow oFRPpOBQo6IPXuUtl9DHcHloy4U9IBYcMFyd0j5/iH9rzNmZ4CIKY/Hg3A8gGd4jv8zaP9a7Q38 w1tP7Yh47+6UnDR4E9s12Gvf537O+Z0CukyhWvfiVSqJzu3SnQ4MjwaO9fpP8tMOyYmaA==
X-TMASE-SNAP-Result: 1.821001.0001-0-1-22:0,33:0,34:0-0
X-TMASE-INERTIA: 0-0;;;;
X-TMASE-XGENCLOUD: 33b05268-e759-4e60-9784-0eb624a54b37-0-0-200-0
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/T4zbiSGHnjsK83WgvoNm42t6vhI>
Subject: Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs-tls13-03.txt
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jul 2023 15:04:13 -0000

Hi Joe, all,

On the port number point, I'm afraid that the arguments in Section 8 are more for justifying why distinct port numbers might be useful, not why a well-known port number has to be assigned. I would suggest to strengthen that part before making the request (see more in rfc6335#section-7.2 and also rfc7605#section-7).
Cheers,
Med

De : OPSAWG <opsawg-bounces@ietf.org> De la part de Joe Clarke (jclarke)
Envoyé : mercredi 5 juillet 2023 16:42
À : opsawg@ietf.org
Objet : Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs-tls13-03.txt

Thanks for the update on this document.  I've reviewed this new version in its entirety.  To summarize:


  *   TACACS+ TLS will use a dedicated "tacacss" TCP port number
  *   Obfuscation is prohibited by TACACS+ TLS compliant clients/servers (within the tunnel)

These were two issues I believe were discussion points in the WG.  As a contributor, I am convinced that both make sense for the reasons put forth in the draft.  Hopefully during the migration process, implementors won't forget the obfuscation on non-TLS sessions.

I like the migration section, but I am curious why, after migration, one would need any legacy servers at all (regardless of server lists).  I can see having my "DEVICE_ADMIN" T+ list having both TLS servers first followed by legacy servers while I sus out the stability of the new implementation.  But when I'm satisfied, I likely would remove the legacy servers altogether.  Moreover, at least with Cisco config, I assume I'd have each server defined with various TLS attributes and it wouldn't matter what list they are in.

I guess what I'm suggesting is dropping the second paragraph in Section 6.2 and saying something to the effect of, when migration from legacy, obfuscated T+ to T+ TLS, insecure and secure servers MAY be mixed in redundant service lists.  However, secure servers SHOULD be tried first before falling back to insecure servers.

As a nit, Indication is misspelled in Section 3.3.

As co-chair:


  *   WG, please review this draft!
  *   Authors, any thoughts to what port number to use for tacacss or whatever IANA can assign?  I'd like to see a few more reviews before pinging the ADs on early allocation.
  *   Are there any implementations of this thus far?  If so having an Appendix for them would help.

Joe

From: OPSAWG <opsawg-bounces@ietf.org<mailto:opsawg-bounces@ietf.org>> on behalf of internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>>
Date: Thursday, June 29, 2023 at 10:55
To: i-d-announce@ietf.org<mailto:i-d-announce@ietf.org> <i-d-announce@ietf.org<mailto:i-d-announce@ietf.org>>
Cc: opsawg@ietf.org<mailto:opsawg@ietf.org> <opsawg@ietf.org<mailto:opsawg@ietf.org>>
Subject: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs-tls13-03.txt

A New Internet-Draft is available from the on-line Internet-Drafts
directories. This Internet-Draft is a work item of the Operations and
Management Area Working Group (OPSAWG) WG of the IETF.

   Title           : TACACS+ TLS 1.3
   Authors         : Thorsten Dahm
                     Douglas Gash
                     Andrej Ota
                     John Heasley
   Filename        : draft-ietf-opsawg-tacacs-tls13-03.txt
   Pages           : 12
   Date            : 2023-06-29

Abstract:
   The TACACS+ Protocol [RFC8907] provides device administration for
   routers, network access servers and other networked computing devices
   via one or more centralized servers.  This document, a companion to
   the TACACS+ protocol [RFC8907], adds Transport Layer Security
   (currently defined by TLS 1.3 [RFC8446]) support and obsoletes former
   inferior security mechanisms.

The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-opsawg-tacacs-tls13/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-opsawg-tacacs-tls13-03.html

A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-opsawg-tacacs-tls13-03

Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts


_______________________________________________
OPSAWG mailing list
OPSAWG@ietf.org<mailto:OPSAWG@ietf.org>
https://www.ietf.org/mailman/listinfo/opsawg
____________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

v2.23.0 | Report a Bug | By Email