Re: [OPSAWG] OPSAWG Digest, Vol 102, Issue 14
"Douglas Gash (dcmgash)" <dcmgash@cisco.com> Fri, 27 November 2015 11:33 UTC
Return-Path: <dcmgash@cisco.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD9741B32C1 for <opsawg@ietfa.amsl.com>; Fri, 27 Nov 2015 03:33:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.086
X-Spam-Level:
X-Spam-Status: No, score=-15.086 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2goXa0prs0p7 for <opsawg@ietfa.amsl.com>; Fri, 27 Nov 2015 03:33:04 -0800 (PST)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03FBA1B32C0 for <opsawg@ietf.org>; Fri, 27 Nov 2015 03:33:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4610; q=dns/txt; s=iport; t=1448623984; x=1449833584; h=from:to:cc:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=keaAS+z2+nwYiNpvOKBh8DQAo5TbvvIX7ujnPH4rt3w=; b=IMgDNDFQMe8R7sWOEEPPpNX+8b9y+Cg9G2z1Z1LXRCyYcKt+sfy5zuMh UwM2JytdyX9zP2BlvY2YXitINwF1za2fim6Ce4GH64917QqkqgOwSdrQv 0TS+aFxM+oY0yswJrdYbWJjig0GAdyuwDqygUkc4Rjino4OmwMWeuG0f6 g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ApAgCHPlhW/4wNJK1egztTbwaEJbliAQ2BZBcKhSRKAoE5OBQBAQEBAQEBgQqENAEBAQQBAQE3NAsSAQgRAwECAR43Cx0KBAENBYguDb0tAQEBAQEBAQEBAQEBAQEBAQEBAQEBGItSiTkFh0qFWIk1AYUpiA6BW0mDeYMmjyyDcQEfAQFChARyAYRKgQcBAQE
X-IronPort-AV: E=Sophos;i="5.20,351,1444694400"; d="scan'208";a="212439974"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 27 Nov 2015 11:33:03 +0000
Received: from XCH-ALN-013.cisco.com (xch-aln-013.cisco.com [173.36.7.23]) by alln-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id tARBX2e0032345 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 27 Nov 2015 11:33:02 GMT
Received: from xch-aln-014.cisco.com (173.36.7.24) by XCH-ALN-013.cisco.com (173.36.7.23) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Fri, 27 Nov 2015 05:33:01 -0600
Received: from xch-aln-014.cisco.com ([173.36.7.24]) by XCH-ALN-014.cisco.com ([173.36.7.24]) with mapi id 15.00.1104.000; Fri, 27 Nov 2015 05:33:02 -0600
From: "Douglas Gash (dcmgash)" <dcmgash@cisco.com>
To: "Joe Clarke (jclarke)" <jclarke@cisco.com>, "opsawg@ietf.org" <opsawg@ietf.org>, "warren@kumari.net" <warren@kumari.net>
Thread-Topic: OPSAWG Digest, Vol 102, Issue 14
Thread-Index: AQHRKQdgk2Gksm2h5EuiQ8imlAXB4A==
Date: Fri, 27 Nov 2015 11:33:02 +0000
Message-ID: <D27DE9E1.DCBDA%dcmgash@cisco.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.8.150116
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.55.1.4]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <C378B67041115345A28A1A8D17576A84@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/opsawg/X91GnDNEF9q9UuQj3xj7NCAAGwM>
Cc: "aota@google.com" <aota@google.com>, Thorsten Dahm <thorstendlux@google.com>
Subject: Re: [OPSAWG] OPSAWG Digest, Vol 102, Issue 14
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Nov 2015 11:33:06 -0000
Thanks Joe, You have caught an important typo there, many thanks! In the first upload of the document (draft-dahm-opsawg-tacacs-00.txt), we used STARTTLS to upgrade the connection type. Post discussions in Prague, we reverted to using a separate port for TLS, and documented in the second upload (draft-dahm-opsawg-tacacs-00.txt). However, I neglected to remove the packet type for the STARTTLS from the enumeration, so thanks for the catch. It will be removed on next upload. Just to confirm, we are proposing separate port rather than STARTTLS. To your very valid question: in the end, we elected not to add a new version because we are looking to keep the content of the protocol the same as the original draft spec (although deprecating some less secure features). Besides the adoption of a separate port for TLS, this should help avoid breaking current deployments. Many Thanks, Regards, Thorsten, Andrej, Doug. >---------------------------------------------------------------------- > >Message: 1 >Date: Mon, 16 Nov 2015 14:48:34 -0500 >From: Joe Clarke <jclarke@cisco.com> >To: Warren Kumari <warren@kumari.net>, "opsawg@ietf.org" > <opsawg@ietf.org> >Subject: Re: [OPSAWG] FW: New Version Notification for > draft-dahm-opsawg-tacacs-01.txt >Message-ID: <564A3312.4030103@cisco.com> >Content-Type: text/plain; charset=windows-1252; format=flowed > >On 11/13/15 13:37, Warren Kumari wrote: >> We would really appreciate any feedback on this document. Personally I >> think it is really useful, but we need the WG to review and provide >> feedback. >> >> Over the years I've heard a number of people kvetch that TACACS+ isn't >> documented -- well, now you can, you know, actually do something about >> this... > >I may be biased, but I have read the doc, and I support the WG working >on it. I agree with your last sentiment that this would be good to >final document this with industry consensus. > >One thing I wonder is if there shouldn't be some version change for the >support of TLS, or if the Type of 0x00 is enough? > >Joe > >> >> W >> >> On Sun, Oct 4, 2015 at 4:18 PM, Douglas Gash (dcmgash) >> <dcmgash@cisco.com> wrote: >>> Dear Opsawg List, >>> >>> We have uploaded a second revision of the TACACS+ protocol >>>specification >>> which we believe is ready for publication subject subject to port >>> allocation. >>> >>> Please see details below. >>> >>> The essential difference from the first revision is the change of TLS >>> option support using a separate port as opposed to the original Start >>>TLS >>> mechanism. >>> >>> We would be very grateful for the opinion of the list regarding the >>> suitability of document for publication as an RFC. >>> >>> Many thanks, >>> >>> Thorsten, Andrej, Doug. >>> >>> >>> On 02/10/2015 16:25, "internet-drafts@ietf.org" >>><internet-drafts@ietf.org> >>> wrote: >>> >>>> >>>> A new version of I-D, draft-dahm-opsawg-tacacs-01.txt >>>> has been successfully submitted by Douglas C. Medway Gash and posted >>>>to >>>> the >>>> IETF repository. >>>> >>>> Name: draft-dahm-opsawg-tacacs >>>> Revision: 01 >>>> Title: The TACACS+ Protocol >>>> Document date: 2015-10-02 >>>> Group: Individual Submission >>>> Pages: 38 >>>> URL: >>>> https://www.ietf.org/internet-drafts/draft-dahm-opsawg-tacacs-01.txt >>>> Status: >>>>https://datatracker.ietf.org/doc/draft-dahm-opsawg-tacacs/ >>>> Htmlized: >>>>https://tools.ietf.org/html/draft-dahm-opsawg-tacacs-01 >>>> Diff: >>>> https://www.ietf.org/rfcdiff?url2=draft-dahm-opsawg-tacacs-01 >>>> >>>> Abstract: >>>> TACACS+ provides access control for routers, network access servers >>>> and other networked computing devices via one or more centralized >>>> servers. TACACS+ provides separate authentication, authorization >>>>and >>>> accounting services. This document describes the protocol that is >>>> used by TACACS+. >>>> >>>> >>>> >>>> >>>> >>>> Please note that it may take a couple of minutes from the time of >>>> submission >>>> until the htmlized version and diff are available at tools.ietf.org. >>>> >>>> The IETF Secretariat >>>> >>> >> >> >> > > > >------------------------------ > >Subject: Digest Footer > >_______________________________________________ >OPSAWG mailing list >OPSAWG@ietf.org >https://www.ietf.org/mailman/listinfo/opsawg > > >------------------------------ > >End of OPSAWG Digest, Vol 102, Issue 14 >***************************************
- Re: [OPSAWG] OPSAWG Digest, Vol 102, Issue 14 Douglas Gash (dcmgash)