Re: [OPSAWG] Submission of new version of TACACS+ TLS Spec (V4)
mohamed.boucadair@orange.com Thu, 25 January 2024 14:33 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69D96C14F695 for <opsawg@ietfa.amsl.com>; Thu, 25 Jan 2024 06:33:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.103
X-Spam-Level:
X-Spam-Status: No, score=-7.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b2nS4a6-Dbmy for <opsawg@ietfa.amsl.com>; Thu, 25 Jan 2024 06:33:54 -0800 (PST)
Received: from smtp-out.orange.com (smtp-out.orange.com [80.12.126.237]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBB5CC14F68F for <opsawg@ietf.org>; Thu, 25 Jan 2024 06:33:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; i=@orange.com; q=dns/txt; s=orange002; t=1706193234; x=1737729234; h=to:cc:subject:date:message-id:references:in-reply-to: mime-version:from; bh=qr59+BkeKcUl9SmbLUWp5+H/qzslJuUA4d3Hj8YiY6c=; b=jOxBNHeZZ/7OIVwX6EYjamapx3f3K6l2zziIdGdR9f2S4CNMGYyaAkjt yNxF20J+jwEqw7wJNnTUZ8tvbuARn1cle6i1y6tDZ4tZYdxFelQrdWuLg L1Xo6TfneTDyPIaPMisbV+a2qLsmDPf+zxTqiJliLg39ILIrSvtUq7JXX 1euUOLCIKu7HXEHqh4ITxAGQOtJ0S6genG54pvUjnZAs4CiHFUoAV7gRB ICzw82ThU0Isip8mny7r2WkA79DlHbfhM/3NuegMRM9BUmSOuLsQa+zn+ C0dK8KKzZdo/wBEMT8BG/VBqVgJIz3KZI3z7xNbu94MaJKXbD3P86kJTa A==;
Received: from unknown (HELO opfedv3rlp0d.nor.fr.ftgroup) ([x.x.x.x]) by smtp-out.orange.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Jan 2024 15:33:51 +0100
Received: from unknown (HELO opzinddimail4.si.francetelecom.fr) ([x.x.x.x]) by opfedv3rlp0d.nor.fr.ftgroup with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Jan 2024 15:33:51 +0100
Received: from opzinddimail4.si.francetelecom.fr (unknown [127.0.0.1]) by DDEI (Postfix) with SMTP id 38E1CBC1914B for <opsawg@ietf.org>; Thu, 25 Jan 2024 15:33:51 +0100 (CET)
Received: from opzinddimail4.si.francetelecom.fr (unknown [127.0.0.1]) by DDEI (Postfix) with ESMTP id 27654BC19304 for <opsawg@ietf.org>; Thu, 25 Jan 2024 15:33:23 +0100 (CET)
Received: from smtp-out365.orange.com (unknown [x.x.x.x]) by opzinddimail4.si.francetelecom.fr (Postfix) with ESMTPS for <opsawg@ietf.org>; Thu, 25 Jan 2024 15:33:23 +0100 (CET)
Received: from mail-vi1eur05lp2168.outbound.protection.outlook.com (HELO EUR05-VI1-obe.outbound.protection.outlook.com) ([104.47.17.168]) by smtp-out365.orange.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Jan 2024 15:33:21 +0100
Received: from DU2PR02MB10160.eurprd02.prod.outlook.com (2603:10a6:10:49b::6) by DB9PR02MB6618.eurprd02.prod.outlook.com (2603:10a6:10:214::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.26; Thu, 25 Jan 2024 14:33:21 +0000
Received: from DU2PR02MB10160.eurprd02.prod.outlook.com ([fe80::5d3b:ed3b:20a7:1b6f]) by DU2PR02MB10160.eurprd02.prod.outlook.com ([fe80::5d3b:ed3b:20a7:1b6f%5]) with mapi id 15.20.7202.035; Thu, 25 Jan 2024 14:33:21 +0000
From: mohamed.boucadair@orange.com
X-TM-AS-ERS: 10.218.35.130-127.5.254.253
X-TM-AS-SMTP: 1.0 c210cC1vdXQzNjUub3JhbmdlLmNvbQ== bW9oYW1lZC5ib3VjYWRhaXJAb 3JhbmdlLmNvbQ==
X-DDEI-TLS-USAGE: Used
Authentication-Results: smtp-out365.orange.com; dkim=none (message not signed) header.i=none; spf=Fail smtp.mailfrom=mohamed.boucadair@orange.com; spf=Pass smtp.helo=postmaster@EUR05-VI1-obe.outbound.protection.outlook.com
Received-SPF: Fail (smtp-in365b.orange.com: domain of mohamed.boucadair@orange.com does not designate 104.47.17.168 as permitted sender) identity=mailfrom; client-ip=104.47.17.168; receiver=smtp-in365b.orange.com; envelope-from="mohamed.boucadair@orange.com"; x-sender="mohamed.boucadair@orange.com"; x-conformance=spf_only; x-record-type="v=spf1"; x-record-text="v=spf1 include:spfa.orange.com include:spfb.orange.com include:spfc.orange.com include:spfd.orange.com include:spfe.orange.com include:spff.orange.com include:spf6a.orange.com include:spffed-ip.orange.com include:spffed-mm.orange.com -all"
Received-SPF: Pass (smtp-in365b.orange.com: domain of postmaster@EUR05-VI1-obe.outbound.protection.outlook.com designates 104.47.17.168 as permitted sender) identity=helo; client-ip=104.47.17.168; receiver=smtp-in365b.orange.com; envelope-from="mohamed.boucadair@orange.com"; x-sender="postmaster@EUR05-VI1-obe.outbound.protection.outlook.com"; x-conformance=spf_only; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:40.92.0.0/15 ip4:40.107.0.0/16 ip4:52.100.0.0/14 ip4:104.47.0.0/17 ip6:2a01:111:f400::/48 ip6:2a01:111:f403::/49 ip6:2a01:111:f403:8000::/51 ip6:2a01:111:f403:c000::/51 ip6:2a01:111:f403:f000::/52 -all"
IronPort-Data: A9a23:DEdO4qnzEKXr3bHr9AJwhaPo5gyIIURdPkR7XQ2eYbSJt1+Wr1Gzt xIXXT+EO/bbYWKjKIxzOY3l/B5TvpLTx9FiHldvqik0Ei4T+ZvOCOrCIxarNUt+DCFioGGLT Sk6QoOdRCzhZiaE/n9BCpC48T8mk/jgqoPUUIbsIjp2SRJvVBAvgBdin/9RqoNziLBVOSvV0 T/Ji5OZYALNNwJcaDpOt/ra8k835ZwehRtD1rAATaES1LPhvylNZH4vDfnZB2f1RIBSAtm7S 47rpF1u1jqEl/uFIorNfofTKiXmcJaLVeS9oiM+t5yZv/R3jndaPpDXlhYrQRw/Zz2hx7idw TjW3HC6YV9B0qbkwIzxX/TEes1zFfUuxVPJHZSwmeGrlxbNXlb8+PN/VXscJqID1dtmOG4bo JT0KBhVBvyCr8+L+urmD9dN34EkJsStO54DsHZ9yz2fFewhXZ3IX6TN45lfwSs0gcdNW/3ZY qL1axI2NEiGP0IJYwhRUcxu9AurriGXnzlwrVWVrK867y7ZyxF62bTkMcD9fcaDQ8pY2E2fo woq+kyjXkFDao3GklJp9FqjttLBtBz2BrkDV+WX+sJhv1KR40IqXUh+uVyT+qLj1hHWt8hkA 0Af/yUntqhnqBSgT8L2WFuzp3usshsVQdEWEuAm5keK0KW8ywGBHWEbQRZAZcAo8sgsSlQC1 lKAhPvyBSZyureYU2Pb8LqIxRu7PyQPIG0qYjMNCxAEi+QPu6k2hxPLC8hiSaOolIWoHSmqm m7a6i8jm78UkMgHkb2h+kzKiC6toZ6PSRMp4gLQXSSu6QYRiJOZi5KAxGCDtv1tAZaiSEjYh lIftNOx0fE3AsTY/MCSe9klELas7veDFTTTh19zApUsnwhBHVbyJei8BxkvfC9U3tY4RNP/X KPEkSptjKK/0VOvZK5zJpywUsk31/C9Ecy/D66EKN1TfpJ2aQmLujl0YlKd1Hzsl05qlrwjP ZCccoCnCnNy5UVbINieFrx1PVwDn3tWKYbvqXbTkUTPPV22Oi/9dFv9GAHSBt3VFYvdyOkvz /5RNtGR1zJUW/Dkby/c/OY7dA9ScyFhXMip+5YKKYZvxzaK/klwU5c9JptwI+RYc1h9zbuWp hlRp2cElgWj3i2feW1mlFg6NO+2BsYXQY0H0dwEZg3yhydLjXeH6aYUbZwserc7vOdk1+Ycc hX2U5ToPxi7cRyeo251RcCl8uRKLU337SrQZXbNSGZkJfZIGVeWkuIIiyO0qUHi+ALs6ZBhy 1BhvyuHKac+q/NKUJ6KMKz2kwjq4hDwWotaBiP1HzWaQ220mKACFsA7pqZfzx0kQfkC+teb6 +pSKToln7GQ5rEUqZzOj63CqJq1GexjGEYcB3Pc8bu9KSjd+Cyk3JNEV+GLOzvaUQsYPY28M P5NwaiU3OIvxT53X0hUS96HDp7SI/PovbZcwQkiF3LOB7huIq01OWGIhKGjqYURroJkVdOKZ 3+y
IronPort-HdrOrdr: A9a23:ZHRUhaEgp6m4Cx67pLqEwceALOsnbusQ8zAXPhZKOGRom6uj5q STdZUgpHrJYFR4YhsdcLW7VZVoLkmxyXcY2+Ys1NSZLWvbUQmTTL2KtrGSugEIcheWnoVgPM FbHZSWY+eAbmSS4/ya3OEWeexQu+VuXMqT9IDjJ9YGd3ANV51d
X-Talos-CUID: 9a23:/UbpfmrOYSqYYPQrf/hFOXDmUe0dKibW4VrAGEmpUFxDU5KOZmKBwawxxg==
X-Talos-MUID: 9a23:XbKoNw/yHOIC7Vf9CZTCMIWQf8hY3qqHN01TqoRF4+aICSdPNDW4og3iFw==
X-IronPort-AV: E=Sophos;i="6.05,216,1701126000"; d="scan'208,217";a="24816913"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TLwa5vb6jT6PKSpNoDe4EGjQWJsYaje2+912NEu7nkoxHP50dSsiPJs2Nfyg5vCVMJFbRboXMACeRQXaeOVFyHv+o2MncNRZhznXYRbHYlhHIECQK3u5cAK6/DtSP4HgpuJEvhKMGM19nIOaTmf5Rs3Vhxn9V/sGWlpOICfdMfVsoV45zkksai/Ho6UYBKeZvae8RwZoADOrJZygfWSnp7HGBAqg6Yx9LCsMLolO5QCUbS32CU1bqVp2FjG+gq9EnJ9kNJ/AWb/JE61Cqf7QtIfX+uNAXm71wZK5ui26JA2WD30reVoTWG2FSbq9m0xUJvzHUWowonXYlioN/RFAEQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=A0SSFrJVeb60Tm460yrv8U7kN7UrlybsKwq4ziBRfV8=; b=Q+U77HQ22lB4Wu7WPlgCi+laxUlHmHy15CNcueXAuTjAheBYCxBsSMZXQNTrTPTQI9yYqufA79AJfu55cNGWqqlXHrhAajjMH5vSPzDbaVMZdrComC+aNeRlg1I7BwIrOnxkegYU8ydjZKTxCDB/tl+ATxfxRzTFQRmH1GHd8wRRBRFGqAbFOYgqspJa7kvk6BAQhBkYOLcxsub1T3HvTagJZzbadsTtiZTov3NlNdrrObQeDcNM3o06Bm5oa9QpdGV5vFjbgbitlP0eu1WOwCvjjyLPpeuj7hc0wDEZRzMRp6IypdxGB5vF8RAbxzfThFysjHzfELyWUiY2UTZO8w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=orange.com; dmarc=pass action=none header.from=orange.com; dkim=pass header.d=orange.com; arc=none
To: "Douglas Gash (dcmgash)" <dcmgash=40cisco.com@dmarc.ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>
CC: John Heasly <heas@shrubbery.net>, Andrej Ota <andrej@ota.si>
Thread-Topic: Submission of new version of TACACS+ TLS Spec (V4)
Thread-Index: AQHaNPX0ejHHIV+6kEWYbEbyJeE0bbDqyWyQ
Date: Thu, 25 Jan 2024 14:33:20 +0000
Message-ID: <DU2PR02MB1016022202D515B9E8B9B5F81887A2@DU2PR02MB10160.eurprd02.prod.outlook.com>
References: <BL3PR11MB63644D3F5582B72ECC98B6BEB794A@BL3PR11MB6364.namprd11.prod.outlook.com>
In-Reply-To: <BL3PR11MB63644D3F5582B72ECC98B6BEB794A@BL3PR11MB6364.namprd11.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ActionId=2fc7119c-df9a-4b95-aab6-c3fb9bba6916; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ContentBits=0; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Enabled=true; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Method=Privileged; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Name=unrestricted_parent.2; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SetDate=2024-01-25T14:30:42Z; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SiteId=90c7a20a-f34b-40bf-bc48-b9253b6f5d20; MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_ContentBits=0; MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_Enabled=true; MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_Method=Standard;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DU2PR02MB10160:EE_|DB9PR02MB6618:EE_
x-ms-office365-filtering-correlation-id: e009c72a-2333-4d48-2970-08dc1db2945f
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: AC4SylQdy4bImA/flSL/ut6cTj99MHzbI0Wyy6LzpkGWC59yfEhtzCzGF0xzpkebNwJlougAxr+dVttiXzoqkFnSrcRwPmNuaAeEfiZjciOdi/Czr4HhqCJrt/nQ/0TuWmwrEKHWrt36NkXxfQ2MJfJxGkdWSK2v+qgjHH7lb51an0/7tH1cRTwr1cujPkZIfS2uLmMFSysBpBL3AHcOwe/bmY6AndqtumPFoBrlr0QwPUh5im2s2l66U1QZ5J3eUuzkn0AQepPZRdI0KSPUCWwwB5bLOOP2Zk2Y+2bja3kBew0ByWgglJoAT7NebkciiIWCWmvlZxIVIeA+tkF0CrB1ddZQMjX11nDiu87fgB9kAcBX/pdMtWYzL3Hebn8ZM+BpP+PPPQnNJR1F13HRj594fWCm/PPn6RpiwXS3aJWnUdZ/P4Tw7V9b2A11AsHA149lHQLKITxW8+3VuhuE8pCC3qp75F3emMnSCiyPJkMQ6wKNrBWqV2ET+5lyAXb+HUqfMNS5txAFlIBupAkqO9nynQoOq16S1i3xsCwPTD+A9zQcVXKcnNDGRxuoxJCJ3EmjWooRP+Gh7VoMx6iV87O44D9bRh4+YNdux+IW73c=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU2PR02MB10160.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(396003)(376002)(346002)(136003)(39860400002)(366004)(230922051799003)(1800799012)(64100799003)(186009)(451199024)(41300700001)(66574015)(26005)(55016003)(316002)(966005)(38070700009)(54906003)(9686003)(478600001)(7696005)(6506007)(71200400001)(83380400001)(166002)(38100700002)(64756008)(122000001)(66476007)(5660300002)(2906002)(33656002)(66556008)(66946007)(76116006)(86362001)(110136005)(4326008)(8676002)(8936002)(66446008)(52536014); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: W67Mt7vOVt7JIf6NxynBqC9JYdAmGiqm04af8cDe+EdWfAlITzF6aXBmAxMrdiicvzN+WmeuyJM0vLAJWx14oTFG4Jn7cRwyGtBRK9YoIPGhkn+Qyu3vYPcMGroJrQLXqtmALCI/8Krh2RC5xXRtkknag6WDEZxLySyrxScaXqnILl1mucpbDsElgvP+j6PCq+9gAEfgihLpyo5tbCZtIgS2WUK/2a4iS/sl0gASu1zeE4dhhblSH4qqBChyh7aPFbCEx9rnUBgBNWVt15Z6+5ysOViPD0eesEWSYVqpn+9nzKGjW4ue+8gz5DHkvvsovn8ow4rNgjsoUT67/4FSCVrtEwRvN8K96BMkVNoqHe95JbYBmo/uvsenz2HzfECWFx3KzhiYwMoNEIQhNxhk9lCdseX1n0Dy6NkivhLdUbYhCqkTCJbC1/Y7u3G3ayq+SptfOLeVHayoessFpJpakhm8bwfLcS6IFkC2yVacr8SzVis5eeLenzPCtlopOQAa4zhKsq0zDk16/MuZl/jnT+G1x+x/t/VFyNXs2fq1xq6BycRDXyYrQ9eTbrODL9EdFVFVavpD1uETfZ3cvFcxGLVZ3jVqdQ+gWyugYqs0KBVMPjGVXqZ9hVp4hjUvqFdaqKaXZqjartcuzXJQXac6XQrnpc8yK+3NehbQDz08oQR1Z296XEGd5NBeduZY5Z3wHQ32a9DB7Rg4mueZGHK3JHAfbUa7UeZ5rnV1/MVLCmvqL1koTxkIKenpSVodW2uy9/iDo0RuksnKF2p8Aqkw6Ud6sgyQBoJNgksKml5qUgQJsucqa273q5sY3+uQzWCRvGgmAmD2OXJvhzH6fKS6s/V/JoYbgd+/0C6XqkvgCdjvj5LBmb7YZkrYkvFjbqS1DMmu949BuP8jvBw1m9MsiNWk5XC+r4QLTuueS7JWSKU5IzPLFhfazzLesPGIWvAXC/Bye0gkHSWPB6dfks/h/7nhHrwPe6hAk4zVRqHWeO96wuK5jHPKSckGwnPvjLXxgBeqXfJfrqfIXjGg+J2j6JvUdlLhiARvM6CsiZWmLj6vc0xgF5RF22SQfCAtq8uTovl89awFHqn0rNJaIaGKkEcnfohH2JlQj2x2sM0kZJEYWVqp+JA2B6rmUy6phGfJz3shWtWYnR6CAwoENCTHgkhLjuDVG6yX/R6Zjl2LHX4pMiP7MpIKqBbC0R/bI1JQVHk3BJrplZPDgXXnVyNyMrtzoQekzDNX2vrocCoUsgNZwj+wyA41ARUxONQxevqG/iYUtAE4m9zbsuya/6wvwdyqHvdZrn1hO0FUOxgRWw7qjE3F9k6C76jIh/iSyffBN2ERviZ4ww+A7ou9Nu+8UFIyBnrMYiIru6+ta8mPKAQCXdTyyZm+/r7uXIitM++C6ChMt5lwexLor1qiOMSgOod8t/ve4iHAjd81zNudB8CL0Kj0fq4TwZ/jmAbQECDrX9R/HmZPtKT7EPSCIb5tqPSvNoXqLXvNymWCJrpHc56ZJJ32+TF3FNI0xH51LDMuD4vUvGnC18PhBsUxGjr2LIz8AMaNZ5EFSB8g0iqlLMX/zMzwj+EewauGtI2dIGwbDk73TrCI95poMR7vxsziRQ==
Content-Type: multipart/alternative; boundary="_000_DU2PR02MB1016022202D515B9E8B9B5F81887A2DU2PR02MB10160eu_"
MIME-Version: 1.0
X-OriginatorOrg: orange.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU2PR02MB10160.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e009c72a-2333-4d48-2970-08dc1db2945f
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jan 2024 14:33:20.9909 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 90c7a20a-f34b-40bf-bc48-b9253b6f5d20
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: CGuLUIvINnGhWAo6B1ngy8Rn4xuGvBk5zHhxHVmTbLKZjPHHrCVrAxkuvr4QerW6xANTrjpsGTYocHZXp92Hy9Ha2dkrYX8yRozlKO1yp3g=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR02MB6618
X-TM-AS-ERS: 10.218.35.130-127.5.254.253
X-TM-AS-SMTP: 1.0 c210cC1vdXQzNjUub3JhbmdlLmNvbQ== bW9oYW1lZC5ib3VjYWRhaXJAb 3JhbmdlLmNvbQ==
X-TMASE-Version: DDEI-5.1-9.0.1002-28142.000
X-TMASE-Result: 10--29.862300-10.000000
X-TMASE-MatchedRID: 7u3eoxEoplBI8cDIi5gIDdLYKRd+gtJeiH95tLFH8edZDdHiTk9OcE5o N2XumCC9ZFKn69JpHvjfNm9SJCTV27dSv1HlUd6o7ABo0upccSp9v8t4yaa1EOio2PgrXLs4teX jSBMYnmkZIQoSDur4PLy9I2PfyfkAHQrNtipgHTkeGuSxrAJqrZOJz/rUIvq2yXegBedTewROha GUVCnS5OucmoymVzLPb7vhAFDgsdMPW5wQsFsru0G2i2xb1c3/4wC/ww+XmnNRwfT2oEaYdG7B7 UNCfebUOUJGvwdveqKvYAqwvbf+XoqxcuRrpj7r0VbAGdt+hp50fqHuAOPuO3VNoFzxmabnquRH 0gOc9z9pktf2qtk8ohyfyP7djNQgH3OtAypLUUa1XI2ULftjOMey/eARp1rEyi3S0YyyoacVdew hX2WAATvlkZNZDnOTrJhKLl9HiwJ9H7jaVSoagGCO3QhAoxmUOWUWxTQJdI8qs+sOb/Dxc4c5XW Jfryop3sQcC5EB/BQT3lt0llWDGFYKZ34+ZtO3P0RMDgPThrU7Cl8sx4HBG2VhoCe85hQHsp5O0 52MzLqf7y5OBAioaDba6gSbbjl+iONMOkcrBiaHO/kG/PtN6RuurbgYp+HQCCo+lsDuynVWIjPH gtaVHPdIm8S+G8+gLsvndq11AZKbVVXilP6Qq/CDFvXZFmYyYeSLiGsUzvkIJ2rqTcuYdhh1mpC XNVC8tAOCwsfpNBTewdUEx6HxWYJTD2jSMqCsIU+ehk8Xygd7Gtyy745tZ7igBuDjJcn/ODaN+C /dmn3352h5EyPfUB6cyCyJFmun++9Cnyn7f7hvjUUOEPBA+H11ZumDuRp7fS0Ip2eEHny8eR0+G c2mPyE95pUwcexM4wnhOb+JR+RO+3uGNcav94GPZcQEXn13rSFs54Y4wbUlCGssfkpInQ==
X-TMASE-SNAP-Result: 1.821001.0001-0-1-22:0,33:0,34:0-0
X-TMASE-INERTIA: 0-0;;;;
X-TMASE-XGENCLOUD: e6885ee3-928f-4314-b5d3-de118a1bd902-0-0-200-0
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/fumz1FpJEk4eliRkjWqRZqUxxyM>
Subject: Re: [OPSAWG] Submission of new version of TACACS+ TLS Spec (V4)
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jan 2024 14:33:58 -0000
Hi Authors, all, Many thanks for your effort on this document. I managed finally to read the new version. I'm afraid that some of the comments in https://github.com/boucadair/IETF-Drafts-Reviews/blob/master/draft-ietf-opsawg-tacacs-tls13-03-rev%20Med.pdf were not addressed or at least I fail to see how they are. For example, I still don't think that we can separate the discussion of the port number from how the IP address of the server is configured. I still also think that cipher suite discuss can be offloaded to RFC9325 (which btw should be cited as normative; also, please note that RFC7525 is now obsoleted by RFC9325). Cheers, Med De : OPSAWG <opsawg-bounces@ietf.org> De la part de Douglas Gash (dcmgash) Envoyé : vendredi 22 décembre 2023 17:54 À : opsawg@ietf.org Cc : John Heasly <heas@shrubbery.net>; Andrej Ota <andrej@ota.si> Objet : [OPSAWG] Submission of new version of TACACS+ TLS Spec (V4) Dear OPSAWG, Many thank for all the comments on the Secure TACACS+ (TLS) draft v3. We have submitted a revised doc which intention to address the concerns and comments. It is rather later than originally planned, our apologies for the delay. We will look forward to addressing the corresponding issues form this revision in a timelier manner. Some brief notes regarding the broader topics raised in v3, all items of course, are open for re-aligning as the group sees fit. * Regarding the allocation of a specific port, a key motivation concerns the pervasive use of default ports in current configurations. Ensuring the client implementations work correctly with default ports now TLS is introduced, to minimise burden for operators whilst avoiding wrinkles with downgrade attacks does require said new default port to be allocated, and we will explicitly mention this in a new section in the new doc. We hope this should help account for our request for an allocated port. * RFC9325 does look a timely reference, and we have tried to delegate what we can from the new TACACS+ doc to it. * Tracking the discussion on the deprecation of obfuscation option inside TLS, our current reading is that: * All TLS traffic must NOT use obfuscation. * Setting the non-obfuscation option (TACACS has a flag for unencrypted) is mandatory for all TLS TACACS+ traffic. * The aim is to avoid any ambiguity and to remove MD5 operations from this level of the protocol. * We hope we have addressed the raised issues nits and ambiguities. Best regards, the Authors. ____________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
- [OPSAWG] Submission of new version of TACACS+ TLS… Douglas Gash (dcmgash)
- Re: [OPSAWG] Submission of new version of TACACS+… Alan DeKok
- Re: [OPSAWG] Submission of new version of TACACS+… Michael Richardson
- Re: [OPSAWG] Submission of new version of TACACS+… Alan DeKok
- Re: [OPSAWG] Submission of new version of TACACS+… Douglas Gash (dcmgash)
- Re: [OPSAWG] Submission of new version of TACACS+… mohamed.boucadair
- Re: [OPSAWG] Submission of new version of TACACS+… Douglas Gash (dcmgash)
- Re: [OPSAWG] Submission of new version of TACACS+… Joe Clarke (jclarke)