Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs-tls13-03.txt
"Joe Clarke (jclarke)" <jclarke@cisco.com> Wed, 05 July 2023 14:42 UTC
Return-Path: <jclarke@cisco.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F31B6C15199A for <opsawg@ietfa.amsl.com>; Wed, 5 Jul 2023 07:42:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.593
X-Spam-Level:
X-Spam-Status: No, score=-9.593 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b="mSlnHrPu"; dkim=pass (1024-bit key) header.d=cisco.com header.b="jPWwFzCI"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Db-ZoPizQocp for <opsawg@ietfa.amsl.com>; Wed, 5 Jul 2023 07:42:07 -0700 (PDT)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0296C151996 for <opsawg@ietf.org>; Wed, 5 Jul 2023 07:42:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=14400; q=dns/txt; s=iport; t=1688568126; x=1689777726; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=K6YIBVOVR7wi2yLn+weFkpUpv3Jq/HhtZb/Q+QFswtM=; b=mSlnHrPu1AQzKm78ghhqPZaLNLNuAOxq8nIk667xpAaBlX1rjPWL0Nwo yrlqvVEh5s0tW9LDFMKG/05n/VoDZjSAIkvhZU6uaFCFGbGkDXY0TZWlI gNELDkaixNlycBXIIeBZsfQEktG5uay3+R0kludxN/upWZQg9VNVO+qYU M=;
X-IPAS-Result: A0ArAADif6VkmIkNJK1aHQEBAQEJARIBBQUBQCWBFggBCwGBLzFScwJZKhJHiB0DhE5fiFwDlySGT4ElA1YPAQEBDQEBLgEMCQQBAYRARgKGDwIlNAkOAQICAgEBAQEDAgMBAQEBAQEDAQEFAQEBAgEHBBQBAQEBAQEBAR4ZBRAOJ4VoAQyGBAEBAQEDAQEQLgEBLAwPAgEIEQMBAi8nCx0IAgQTCBcDglwBghVHAwEQBptlAYFAAoomeIE0gQGCCQEBBgQFgTwCEEGwXQMGgUIBhFKEboN2hDcnG4FJRIEVQ4JoPoJiAQEBAQEXgS4aHg2DZ4IuiUuBVw0MgmGDCIIPGC4HMoEbi2CBJ2+BHoEeegIJAhFngQgIX4FvPgINVAsLY4Ecgk4CAhEnExRTeBsDBwOBBRAvBwQyHQkGCRgYFyUGUQctJAkTFUEEg1gKgQs/FQ4RglgiAgc2PBtNgmoJFwg7U4EBEDMBNgNEHUADC3A9NRQbBQQjAUiBVzA+gQEKAkaiECkDZoFFL4EwBFECFA45KkgYGBYBARIFETqST45BoxEKhAuLfZU6F4QBjGyYCWKYJCCCL4sQlG+FRwIEAgQFAg4BAQaBYzqBW3AVGiGCZ1IZD44gGYNbhRSKZAF1AjkCBwsBAQMJi0gBAQ
IronPort-PHdr: A9a23:v+1JkREYvI3SNaONCun8Vp1Gfu0Y04WdBeZdwpMjj7QLdbys4NG/e kfe/v5qylTOWNaT5/FFjr/Ourv7ESwb4JmHuWwfapEESRIfiMsXkgBhSM6IAEH2NrjrOgQxH d9JUxlu+HToeVNNFpPGbkbJ6ma38SZUHxz+MQRvIeGgGIXWht602si5+obYZENDgz/uKb93J Q+9+B3YrdJewZM3M7s40BLPvnpOdqxaxHg9I1WVkle06pK7/YVo9GJbvPdJyg==
IronPort-Data: A9a23:PQml06+nIqaeIyM7f9fmDrUD+36TJUtcMsCJ2f8bNWPcYEJGY0x3y 2pMWG+Ba/6KMWTyfot+aN6y8k4CsMSHn9JkTVdlrS1EQiMRo6IpJzg2wmQcns+2BpeeJK6yx 5xGMrEsFOhtEjmE4E3F3oHJ9RGQ74nQLlbHILCCYnkZqTNMEn970ko8w7Nh2OaEvPDga++zk YKqyyHgEAfNNw5cagr4PIra9XuDFNyr0N8plgRWicJj5TcypFFJZH4rHpxdGlOjKmVi8kFWc M6YpF2x1juxEx7AkbpJmJ6jGqEBaua60QRjFhO6VoD66iWuqBDe3Y4LGtUHS0NX0QzQvNIp6 N5q7L+UeFoma/ikdOQ1C3G0Egl3OalAvbTAO3X67YqYzlbNdD3nxPAG4EMeZNJDvL0pRzgVs 6VDd1jhbTjb7w6y6LCwTuB2hckLJ8jwN4RZsXZlpd3cJa98HMubE/WVu7e02h9qo5lJGOzVW PA7NzZWYCbyPBNSMWYYXcdWcOCA3ymjLGIwREiuja0v+GHMwyRw3aTjdt3PdbS3qd59l0Kco CfN+H70R01cP92Ewj3D+XWp7gPSoc/lcLI8O6aa8v4wuQSwxDQzAzpPdn+K/Pbs3yZSROljA 0AT/yMvq407+0qqUsTxUnWETJis40N0tz14TrNS1e2d9kbHy13DVjVYElatfPRj5ZFrFG1yv rOct46xbQGDpoF5Xp50Gl28gjqoPSETIQfujgdbEFNZuLEPTGzP5y8jo/5qFKqzy9byAzy1n 3aBrTM1gPMYistjO0SHEbLv3m3ESnvhF1FdCuDrsoSNtVMRiGmNPN3A1LQjxawcRLt1t3HY1 JT+p+CQ7foVEbaGnzGXTeMGEdmBvqjVYGGN3AI0Q8B6qlxBHkJPm6gOuFmSw283aq45lcPBO yc/RCsIvsYIZSv2BUOJS9PhVqzGMpQM5fy8BqyLMbKik7B6dRSM+2l1dFWM0mX2+HXAYolhU ap3hf2EVC5AYYw+lWLeb75EgdcDmHtkrUuNHs+T8vhS+efEDJJjYe1bYALmgyFQxP7snTg5B P4Fb5HWkEUFCbynCsQVmKZKRW03wbEALcmeg+Rcd/WIJUxtH2RJNhMb6epJl1BN90iNqtr1w w==
IronPort-HdrOrdr: A9a23:ub395KGtXZoDN0x7pLqFU5HXdLJyesId70hD6qkvc31om52j+f xGws516fatskdsZJhBo7q90dq7MAzhHP9OkMMs1NKZPDUO11HYVL2KgbGSpgEIXheOi9K1tp 0QPpSWaueAdmSS5PySiGLVYrVQouVvsprY/9s2pE0dKj2CHpsQljuRfTzrdHGeKjM2YabREq Dw2uN34x6bPVgHZMWyAXcIG8LZocfQqZ7gaRkaQzY69Qinl1qTmfHHOind+i1bfyJEwL8k/2 SAuRf+/L+fv/ayzQKZ/3PP7q5RhMDqxrJ4dYKxY4kuW3TRYzSTFcdcso65zXIISSaUmRMXee z30lcd1gJImjfsly+O0FzQMkLboUgTAjfZuC6laD3Y0IDErPZQMbsZuWqfGSGprXYIrZVy1r lG0HmesIcSBRTcnD7l79yNTB1ykFGoyEBS2NL7okYvJrf2UoUh27A37QdQCtMNDSj64IcoHK 1nC9zd/u9fdRefY2rCtmdizdSwVjBrdy32CXQqq4iQyXxbjXp5x0wXyIgWmWoB7os0T91B6/ 7fOqplmblSRosdbL57Bu0GXcyrY1a9CS7kISaXOxDqBasHM3XCp9r+56g0/vijfNgSwJ47iP 36ISdlXK4JCjfT4OG1re92G0r2MRWAtBzWu7Jj26Q=
X-Talos-CUID: 9a23:fI+Zg2yen9JQNcyBC8hCBgUkNO8+UHndlk6JAE3gKW1OEZ6xeAKfrfY=
X-Talos-MUID: 9a23:2ipgywZm1yE7VuBT7Rq1gzR4P/hSwfqiMUw/o8oIpsK1Onkl
X-IronPort-Anti-Spam-Filtered: true
Received: from alln-core-4.cisco.com ([173.36.13.137]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 05 Jul 2023 14:42:05 +0000
Received: from alln-opgw-5.cisco.com (alln-opgw-5.cisco.com [173.37.147.253]) by alln-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id 365Eg4aJ000825 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <opsawg@ietf.org>; Wed, 5 Jul 2023 14:42:05 GMT
Authentication-Results: alln-opgw-5.cisco.com; dkim=pass (signature verified) header.i=@cisco.com; spf=Pass smtp.mailfrom=jclarke@cisco.com; dmarc=pass (p=quarantine dis=none) d=cisco.com
X-IronPort-AV: E=Sophos;i="6.01,183,1684800000"; d="scan'208,217";a="3858656"
Received: from mail-bn8nam12lp2175.outbound.protection.outlook.com (HELO NAM12-BN8-obe.outbound.protection.outlook.com) ([104.47.55.175]) by alln-opgw-5.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Jul 2023 14:42:04 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FF9cFElIhBAaG83g/1FT1QhOBTPJ/3iegQs30nd/w9OyY6Araz6w+EZ9twlwGM9m8Jprvul8o8/OS4rzpg8jhGXlY8D+cXf4azdjTtXHqBIhznS0BSVkefLhgRT1xnnQWZUd0nUSCR039LbqbMQAI+D/694v7ekNcxOjzWqL5h0D3YMNJtWyFEFgSgHGqjAnuzKF9gkYlgFClmNP4ZlwOYBFPqvXPcGmlcr52QBa2Lcf4IQY2WgyZFzqA+QB1qvBczukvOwYmKiRcnLWb+xUQzwKV4wQ9epjUpV01cZS7xx4sNt4GWUj79/ShJ0ID70IxXCpVgOVjYnhmgqo76KD4A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ndEcr5koAripWCtfTrzxf36kXKaki4trz8T2uNpgdGs=; b=Mqfqqy5Ar7hjfporJ4SXjvjgBGlBuXyyE8I6Vk/f6JcGUFr0F5LTjWLS8pN4Jdi2bwevK3FHACrjxzupO39y/IE4cb+1CUxrYDO7FkFmMOErjT/oZzZPUCgRJWKF5HGgB7FoKB/0RSP7coruaH+GNT29O82kT8nNrb+R7/eE8S7wHeFhwwM3bXLuZQe5CjEU+UFZbueTmtMIuBwbTgePLr8mi163+QN1CorHzdSgmVG7/mqEMkjZYcEo8J8DeijnimAA+muGUm54vfqHgkh4aShsDzkDkpbtrmcqnkfAydlBq9OsfwEVdDHldwnQnzik4JBt7duCPNbrIfiMbTqKNA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ndEcr5koAripWCtfTrzxf36kXKaki4trz8T2uNpgdGs=; b=jPWwFzCI2Ph5zj09IzkvXgeOJQXegXuTFI5d0iSlp0ph9R7cTaOFUBLhkGeLQT34W3CNvfCKJMCc6EA3cqiwDQUbMR3yq9mBjapjCO5nGgEGXyowgckkXBIU4byd7hF6zi1mlLDJJ9bcx8QtIQDprdkRV7TqkRFGPHaWAzp2zW0=
Received: from BN9PR11MB5371.namprd11.prod.outlook.com (2603:10b6:408:11c::11) by LV8PR11MB8583.namprd11.prod.outlook.com (2603:10b6:408:1ec::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6565.17; Wed, 5 Jul 2023 14:42:02 +0000
Received: from BN9PR11MB5371.namprd11.prod.outlook.com ([fe80::365e:8627:9e70:45ef]) by BN9PR11MB5371.namprd11.prod.outlook.com ([fe80::365e:8627:9e70:45ef%4]) with mapi id 15.20.6544.024; Wed, 5 Jul 2023 14:42:02 +0000
From: "Joe Clarke (jclarke)" <jclarke@cisco.com>
To: "opsawg@ietf.org" <opsawg@ietf.org>
Thread-Topic: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs-tls13-03.txt
Thread-Index: AQHZqpnQi7GkEw7UXEuuj7Oe45XXqq+rQtf7
Date: Wed, 05 Jul 2023 14:42:02 +0000
Message-ID: <BN9PR11MB537112089669BC32EF2C0772B82FA@BN9PR11MB5371.namprd11.prod.outlook.com>
References: <168805050611.46147.7135705558590726585@ietfa.amsl.com>
In-Reply-To: <168805050611.46147.7135705558590726585@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN9PR11MB5371:EE_|LV8PR11MB8583:EE_
x-ms-office365-filtering-correlation-id: cc03e497-8ea1-409d-c988-08db7d65feb7
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: t3J6daXTLfZLGk2zmI7ToykfBwW7axb1EkjaWu2JiSu0lSgM3SgwxFvObdl2Pmi3AdTV+6MJM0vu1YRTmdGrWlOIoyaPZUEm1laKocp27bpfjulNyMAwVRMPsyIOksw3fQ3GCSJu1Auia5ut213KnV0Z5vZIDxByCYEFxzsAVL2iLfYNdnYCSaZursBcfTdibu1Bvj1EqlDb4GN8kG+fg0rItXEfmP1hFXnuJhQg8DZ4ooZcO4v6nCPIfS9kTY0nPZraSvLnoUkSIMXGzc81GsWD34by8XyNepW94BFBzOm7Os8a+TQn8I9lnSqIIX0ysEk6XeXCiE6a5bU6gJ4e9/jr2KHqu7velg+x2hx7C5/Iifpf6rsUHkgsE8sxWHMT5SzTC/yj7M37PRBJRb3Zmp+1Yu0cTMmQSbrVHNaDAYDoWkGsC1+pK5RbR64SQ3EYGi+z/ErFVBBKIanY3ItGNpudpYyAj+h773m/XQvVFWq5r3/xbSgAqii51tSRFk9Cd0Ubxtv7JxWVhEIrNnhpJwQO8b7coXz0baQ3a57moiqAgUDXQXxYTs5/J8w/RD4hRXo0K0Ffl1pl4Zsol4HQe6Ni73nBiEFAa19tLKtEgLlZLaRItzXtgcalObxMupziu4zVq1NAlFbpQbVWLK7G4Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN9PR11MB5371.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(396003)(346002)(366004)(136003)(376002)(39860400002)(451199021)(966005)(6506007)(71200400001)(53546011)(7696005)(478600001)(83380400001)(66574015)(9686003)(186003)(21615005)(5660300002)(52536014)(2906002)(41300700001)(76116006)(91956017)(8936002)(8676002)(64756008)(66556008)(66476007)(6916009)(66946007)(316002)(33656002)(66446008)(55016003)(86362001)(166002)(38070700005)(122000001)(38100700002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: O/9ny8XFO9inq6H9P1/jCuKEOzWNftWg65GJGmxcM+k+BWC/0rC+kANRVzDSbk8RZ0AjE4hxTlf2n8lGliJADZN36XU463HEddOaUXygQgSYVdeuwn5Tv8rinZj5cR90cWsKfHvTZGfRh4c7BnsJb3CvsJVrphtiwba40yWS4pEaw+5GbWzP8/QCMOtRUHtaYKCeEZVNWV4JujCeuan+5gEJDoN7A8+5rPHkGaEsgM0ShqLDDy/jvflz1dHRjYz+zfYrIyiVdeZrQwPozdC+aIPSqZvbX8N/kp7uACaZJo8+0bYS5hdBY58BqGNtG0O9emPpjQNvvbNjwtghUbMCJxvvFQiKqay+uWhm8b37btNfErRkV4qr2CwoVn5KNtXwbOpgQrBiMY9DQFDXae88fIEgAgvReZOIN+CN/FNQ/Vzk5fMsEbPHMbqmSgM988iVcXChOFaQlaQi4Xbe6s1ZxudSWQAhI45Ilz43iLznOSL7XC57u9QY3bx/Kso1L9OfOBnqpxaaPuYNFzHhqDgTe2S/t4u7mML4uwIicHBO2Iw76Q9uZJGBf7cWmuP9591NOrxCaMPK3E4HMVtNiApKZntlvDH0tOg87jyGftC6KKY/yHELLBF1SjVRujgLymFuwPPzeUHBeBTFuiSPMKDVyTWyEf9c2Yrpa702Nc/G0wLpjGu+thuAbDBLcWJzqUZ34gNVRNnzn6eUaGKIAtkZT3X3kSpHNg+k59lfdVc333uCXocQBb+eUKv0iJYc6PRIirzVyF4AMm/dJCa8Q4E6nnwRxIHTumpQ3me4wRgiFnJTjKy6Sq0apWA7hMQjOi23jcDNhaGDVkLgPp8uTK4ZFbg78gn1lH2bwUabYQ5JNWfmnYs7CRbQDm+1h52BXB8QxjpqrRirCMIEFZfkY8XEspk576cAw6WQDkFyxvbU7lwEbPzzbRvfwkcjZOqz+0LIUYbJmDAVbRX2sObBGYiihUl7keErKMBZAN9qAhmexNJPUA2K1LnLdkOEtfXw8OlfIIpVshVirZ+ssD+gGazZcRQFvwV1ayZU3NaioFYgt2qifv6WUgkJZlTYsm1W2nK4RK6R0EA7vDBPpNb+HLbpSADbBLLcVD+wpcgYX6ntIzfRaQWL12mM/4DH2SMCyUINGEARc7TtskAgIo0kFP5StJ5e4VqHEBkm54QQEIhEhWBoddz5wdr7/Vh+HSDZrT6PRJdiKAYQafy9quQ7JU3l2HCy12lXy+OeCASOER6t7g8JAMlGpcmnwaWAvXt8m2d8nwvkSUyraFTlkMuZSu2KQgAhOj9aQ/bRIyzXmTJWN42hPZWltBbAPd+oZClmmQJbriGj2T4QhikPBHUWzYDXHXPcUYQZd5zDU9NKvq6dGzFe9A2H5jZg9xoqrP3znc4XqFBP+bP6sopa8LzY6DlVFgmX19GBYhqmxfwiwOh6n1rmhyYRZYS0Se3q7gJNib75Q6s4wE8XOnCjgIvK33YvizYYH/k4iL8P63KMUFTair4hpwIw/JfQjJGKrn5PlUtjD33CHlwfn58Ucz/paNmnsW0JIGfkX0wYaD9BoiyWjr6TP/7i2LIg8riSoAxLKoNDgxscxwDQO+C51+eYn+9veKSeTCwo1SSnhQoFvnFqtWiuFFynBl/cxaIxJaogXkTY
Content-Type: multipart/alternative; boundary="_000_BN9PR11MB537112089669BC32EF2C0772B82FABN9PR11MB5371namp_"
MIME-Version: 1.0
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN9PR11MB5371.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cc03e497-8ea1-409d-c988-08db7d65feb7
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Jul 2023 14:42:02.1457 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: BeqexBNp9VM1mkO5H/PQlHZcPMLlidQ/s9c5cfk3CGpTHSMLIqMfyKsygLCZLvM5vc7ERBRbABiaGu/9EJ2Pow==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV8PR11MB8583
X-Outbound-SMTP-Client: 173.37.147.253, alln-opgw-5.cisco.com
X-Outbound-Node: alln-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/fQ0uRjWOAKc6ciklotdRtp4YrK4>
Subject: Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs-tls13-03.txt
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jul 2023 14:42:12 -0000
Thanks for the update on this document. I’ve reviewed this new version in its entirety. To summarize: * TACACS+ TLS will use a dedicated “tacacss” TCP port number * Obfuscation is prohibited by TACACS+ TLS compliant clients/servers (within the tunnel) These were two issues I believe were discussion points in the WG. As a contributor, I am convinced that both make sense for the reasons put forth in the draft. Hopefully during the migration process, implementors won’t forget the obfuscation on non-TLS sessions. I like the migration section, but I am curious why, after migration, one would need any legacy servers at all (regardless of server lists). I can see having my “DEVICE_ADMIN” T+ list having both TLS servers first followed by legacy servers while I sus out the stability of the new implementation. But when I’m satisfied, I likely would remove the legacy servers altogether. Moreover, at least with Cisco config, I assume I’d have each server defined with various TLS attributes and it wouldn’t matter what list they are in. I guess what I’m suggesting is dropping the second paragraph in Section 6.2 and saying something to the effect of, when migration from legacy, obfuscated T+ to T+ TLS, insecure and secure servers MAY be mixed in redundant service lists. However, secure servers SHOULD be tried first before falling back to insecure servers. As a nit, Indication is misspelled in Section 3.3. As co-chair: * WG, please review this draft! * Authors, any thoughts to what port number to use for tacacss or whatever IANA can assign? I’d like to see a few more reviews before pinging the ADs on early allocation. * Are there any implementations of this thus far? If so having an Appendix for them would help. Joe From: OPSAWG <opsawg-bounces@ietf.org> on behalf of internet-drafts@ietf.org <internet-drafts@ietf.org> Date: Thursday, June 29, 2023 at 10:55 To: i-d-announce@ietf.org <i-d-announce@ietf.org> Cc: opsawg@ietf.org <opsawg@ietf.org> Subject: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs-tls13-03.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the Operations and Management Area Working Group (OPSAWG) WG of the IETF. Title : TACACS+ TLS 1.3 Authors : Thorsten Dahm Douglas Gash Andrej Ota John Heasley Filename : draft-ietf-opsawg-tacacs-tls13-03.txt Pages : 12 Date : 2023-06-29 Abstract: The TACACS+ Protocol [RFC8907] provides device administration for routers, network access servers and other networked computing devices via one or more centralized servers. This document, a companion to the TACACS+ protocol [RFC8907], adds Transport Layer Security (currently defined by TLS 1.3 [RFC8446]) support and obsoletes former inferior security mechanisms. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-opsawg-tacacs-tls13/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-opsawg-tacacs-tls13-03.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-opsawg-tacacs-tls13-03 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts _______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
- [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs-tls… internet-drafts
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs… Joe Clarke (jclarke)
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs… mohamed.boucadair
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs… Joe Clarke (jclarke)
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs… Marc Huber
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs… mohamed.boucadair
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs… Peter Marrinon
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs… Alan DeKok
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs… Alan DeKok