Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contributions, Status and Plans

Alan DeKok <aland@deployingradius.com> Thu, 18 May 2017 17:46 UTC

Mime-Version: 1.0 (Mac OS X Mail 9.3 $3124$)
Content-Type: text/plain; charset="us-ascii"
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <00c501d2cff7$ca31d1a0$4001a8c0@gateway.2wire.net>
Date: Thu, 18 May 2017 13:40:26 -0400
Cc: Tianran Zhou <zhoutianran@huawei.com>, Ignas Bagdonas <ibagdona@gmail.com>, IETF OOPSAWG <opsawg@ietf.org>, draft-ietf-opsawg-tacacs@ietf.org, opsawg-chairs@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <ED75808C-16B0-491E-BDA4-688BA05F747E@deployingradius.com>
References: <D53BBCC7.22ECC8%dcmgash@cisco.com> <61D9FC7A-6F10-44E6-8400-578C4FEE1988@deployingradius.com> <D53C62F4.22F82E%dcmgash@cisco.com> <E7D62944-46B9-4091-BF16-0AF8CA47626D@deployingradius.com> <fc8a1ff5-db6f-d463-8ff7-77ec03f1f25f@gmail.com> <006101d2cd9c$e8c0afe0$4001a8c0@gateway.2wire.net> <BBA82579FD347748BEADC4C445EA0F21A237CE44@NKGEML515-MBX.china.huawei.com> <00c501d2cff7$ca31d1a0$4001a8c0@gateway.2wire.net>
To: "t.petch" <ietfc@btconnect.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/T_FPibDsX-mN9xsK4bjFPSgZJy4>
Subject: Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contributions, Status and Plans
Precedence: list

On May 18, 2017, at 12:57 PM, t.petch <ietfc@btconnect.com> wrote: of thought.
> 
> 
> This I-D, as Alan has commented and Doug acknowledges, has several
> places where the description of security is more 1997 than 2017.  If we
> turn such parts into a clear, concise specification, we may then find
> that we have wasted our time since the Security Directorate then says
> that no
> way can that appear in an RFC, even an Informational one.

  They've approved RADIUS RFCs... by holding their nose.

> Would it be worth seeking guidance now on what is or is not likely to be
> acceptable to a Security Directorate review?  Not a line by line
> analysis but rather
> higher level guidance as to whether such things as MD4, ASCII login,
> RFC2433 as Best Practice and so on can appear.

  I've been on the Security Directorate for a while now.  While I don't claim to speak for everyone, I think the current approach in the draft will be fine.

  They may ask for some sections to be removed (i.e. servers pushing keys to clients). But everything else is pretty much fine.

  The idea is that having a documented protocol, with warnings and caveats, is much better than an undocumented one.

  Alan DeKok.

[OPSAWG] draft-ietf-opsawg-tacacs-06 Contribution… Douglas Gash (dcmgash)
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Alan DeKok
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Douglas Gash (dcmgash)
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Alan DeKok
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Robert Drake
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Douglas Gash (dcmgash)
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Douglas Gash (dcmgash)
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Alan DeKok
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Blumenthal, Uri - 0553 - MITLL
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Douglas Gash (dcmgash)
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Douglas Gash (dcmgash)
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Ignas Bagdonas
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… t.petch
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Douglas Gash (dcmgash)
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Tianran Zhou
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Alan DeKok
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Alan DeKok
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Alan DeKok
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Ignas Bagdonas
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Alan DeKok
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Blumenthal, Uri - 0553 - MITLL
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… t.petch
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Douglas Gash (dcmgash)
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Blumenthal, Uri - 0553 - MITLL
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Randy Presuhn
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Douglas Gash (dcmgash)
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Tianran Zhou
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Alan DeKok
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… t.petch
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Douglas Gash (dcmgash)
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Alan DeKok
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Tianran Zhou
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Tianran Zhou
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… t.petch
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 ASCII t.petch
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 ASCII Alan DeKok
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 ASCII Douglas Gash (dcmgash)
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 ASCII Eliot Lear
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Douglas Gash (dcmgash)
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 ASCII t.petch
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Alan DeKok
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… t.petch
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Douglas Gash (dcmgash)
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contribu… Douglas Gash (dcmgash)
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 ASCII Douglas Gash (dcmgash)
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 ASCII Alan DeKok
Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 ASCII Douglas Gash (dcmgash)