Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs-tls13-01.txt
"Joe Clarke (jclarke)" <jclarke@cisco.com> Thu, 01 December 2022 18:01 UTC
Return-Path: <jclarke@cisco.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 515F2C14CE46 for <opsawg@ietfa.amsl.com>; Thu, 1 Dec 2022 10:01:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.894
X-Spam-Level:
X-Spam-Status: No, score=-11.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=UR3sefAE; dkim=pass (1024-bit key) header.d=cisco.com header.b=MUoWnQyJ
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p4P1g6D7M8yR for <opsawg@ietfa.amsl.com>; Thu, 1 Dec 2022 10:01:26 -0800 (PST)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 328E5C14CE4D for <opsawg@ietf.org>; Thu, 1 Dec 2022 10:01:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8630; q=dns/txt; s=iport; t=1669917686; x=1671127286; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=S/tyh3CHdYMnQPLA+WWGxVw/VqB3e6VmZjXy9TFJgLI=; b=UR3sefAE1GecxezlKI7NEzLSZlJjxlHhFqBPz/4zj4hSJlrBgSkCmlSD fLN62OKWOnAiBv+Y0fCTknZjd3Z22rfYwCR/or6J8zGn+kMLMaEGWJZNq 5ov58sE4XE+WNn7zvcSTpJH8Z04DFrt/UUCBccpKtg8GaBt5snQLkXQ3a Q=;
X-IPAS-Result: A0A9AgAu64hjmJFdJa1aHgEBCxIMQIFEC4EqMVKBAgJZOkWIGgOFL4gdA4s5izGFHoEsgSUDVg8BAQENAQEuAQoLBAEBhEBFAoUMAiU0CQ4BAgQBAQEBAwIDAQEBAQEBAwEBBQEBAQIBBwQUAQEBAQEBAQEeGQUOECeFaA2GUwEBAQEDAQEQLgEBLAsBDwIBCBEDAQIvIQYLHQgCBAENBQgaglsBghZYAzEDAQ+jbwGBPwKKH3iBNIEBgggBAQYEBJxKDYJGAwaBQIcygVOIEiccgUlEgViCZz6CIEIBAYFiHg2DY4IujymHKDkHNgNEHUADCzsyCkM1BgURTCscGweBDCoJHxUDBAQDAgYTAyICDSgxFAQpEw0rJ28JAgMiYQUDAwQoLAMJIAQcBxURJDwHVhIlAQQDAg8gOAYDCQMCIlN8JSYFAwsVJQgFSQQIOQUGUxICChEDEg8GJkUOSD45FgYnQgEwDg4TA12BaQQzSIEpCgItLpg3gSQKcT4mBBQvEBQOOXFgBgs6kiODIopxfoMQnRRvCoNpmlOGIxaDeJM9kQdelzwgkQyQY4VAAgQCBAUCDgEBBoFiOoFbcBUaIYJnUhkPjiAZg1mFFIVKdTsCBwsBAQMJih8BAQ
IronPort-PHdr: A9a23:rl/QqxKiZ9WscEvJOtmcuWEyDhhOgF28FgIW659yjbVIf+zj+pn5J 0XQ6L1ri0OBRoTU7f9Iyo+0+6DtUGAN+9CN5XYFdpEfWxoMk85DmQsmDYaMAlH6K/i/aSs8E YxCWVZp8mv9P1JSHZP1ZkbZpTu56jtBcig=
IronPort-Data: A9a23:njhd+axuu6cxgNxNJFt6t+caxirEfRIJ4+MujC+fZmUNrF6WrkUEm 2QfWTyFOaqCMTOheth3PYq+8UkEsMDXztdmTABu/FhgHilAwSbn6Xt1DatR0we6dJCroJdPt p1GAjX4BJloCCea/H9BC5C5xZVG/fngqoHUVaiVZEideSc+EH170Eg7wrZj6mJVqYHR7z2l6 IuaT/L3YDdJ6xYsWo7Dw/vewP/HlK2aVAIw5jTSV9gS1LPtvyV94KYkGE2EByCQrr+4sQKNb 72rILmRpgs19vq2Yz+vuu6TnkYiGtY+MeUS45Zbc/DKv/RMmsA9+qQ0LdM/OUkIsW2Iw8hW2 dxkkqeXRD58a8UgmMxFO/VZOzt1MasD87jdLD3u98eS1EbBNXDrxp2CDmlvYtZeobkxUDoIr KBFQNwORkjra+aewrm/Q/Nvi+woLdLgO8UUvXQIITTxXKh2HsyZHc0m4/dZnzxvucwROc3hY vhaRBF+RTTFYVpQbwJ/5JUWxbf02SaXnydjgE6VorAs/2XVigB40L3FP9/ce9jMTsJQ9m6Ro G7c8mbRBQ0TcseeoRKC6mmlmeDnnC7nVsQVDrLQ3v5niUa73WwJFRccWEGq5/+0liaDt8l3M UcY/G8lqrI/sR3tRdjmVBr+q3mB1vIBZzZOO+818SiumqSL2V6YWnAjXzdoT+cBufZjEFTGy WS1t9/uADVutpicRnSc6qqYoFuOBMQFEYMRTXReHFdaubEPtKl230yQFow8eEKgpoetcQwc1 Qxmu8TXa187t88A16yh8UvAhVpATbCWE1Zlv207so9Zhz6Viaa/bICurFPc9/sFfcCST0KKu z4PnM32AAEy4XOlynTlrAYlReHBCxO53Nv02gMH834JrG7FxpJbVdoMiAyS3W8wWir+RRfnY VXIpSRa74JJMX2hYMdfOtzvWpRxlvC6RIu9B5g4i+aihLAsJGdrGwkzNSatM5zFyyDAbIlmY 87AKJbwZZrkIf0/nGDeqxghPU8Dn3Bimjy7qWHTxBW82r3Wf2+OVboAKzOzghMRssu5TPHu2 48HbaOikkwHOMWnO3W/2dBIdzgicyNkba0aXuQKLIZv1CI8RjF4YxIQqJt8E7FYc1N9yr2Sr yHmCxAEmDISRxTvcG23V5yqU5u3Nb4XkJ7xFX1ybT5EB1BLjV6T0Zoi
IronPort-HdrOrdr: A9a23:pQoRfqnDmCnda7bF/+VQN04dFdfpDfOSimdD5ihNYBxZY6Wkfp +V8sjzhCWatN9OYh0dcIi7SdW9qXO1z+8Q3WBjB8bcYOCGghrkEGgG1+rfKlLbalXDH4JmpM Vdmu1FeaDN5DtB/IrHCWuDYq0dKbC8mcjC74q/vhRQpENRGttdBmxCe2Gm+zhNNXB77O0CZf yhD6R81l+dUEVSSv7+KmgOXuDFqdGOvonhewQ6Cxku7xTLpS+06ZbheiLokSs2Yndq+/MP4G LFmwv26uGIqPeg0CLR0GfV8tB/hMbh8N1eH8aB4/JlZAkEyzzYJbiJaYfy/wzdk9vfqmrCV+ O85ivICv4Dq085uFvF5ScFlTOQlwrGoEWSt2NwyUGT0PARAghKTfaoQeliA0PkA41KhqAk7E sD5RPoi7NHSRzHhyjz/N7OSlVjkVe1u2MrlaoJg2VYSpZ2Us4YkWUzxjIiLH47JlOy1Kk3VO 11SM3M7vdfdl2XK3jfo2l02dSpGnA+BA2PTEQOstGcl2E+pgEy82IIgMgE2nsQ/pM0TJdJo+ zCL6RzjblLCssbd7h0CusNSda+TmbNXRXPOmSPJkmPLtBNB1vd75rspLkl7uCjf5IFiJM0hZ TaSVtd8XU/fkr/YPf+q6GjMiq9NFlVcQ6dv/22vaIJyYEUbICbQxG+dA==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.96,209,1665446400"; d="scan'208,217";a="9687426"
Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 01 Dec 2022 18:00:58 +0000
Received: from mail.cisco.com (xfe-rcd-003.cisco.com [173.37.227.251]) by rcdn-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id 2B1I0uWc020726 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Thu, 1 Dec 2022 18:00:57 GMT
Received: from xfe-rtp-001.cisco.com (64.101.210.231) by xfe-rcd-003.cisco.com (173.37.227.251) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9; Thu, 1 Dec 2022 12:00:55 -0600
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (64.101.32.56) by xfe-rtp-001.cisco.com (64.101.210.231) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9 via Frontend Transport; Thu, 1 Dec 2022 13:00:55 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mqi95MXqcu8mV5LYRZL4xisvmcLsS5syI5SdEzd3o5CZGQoFa6k0yhEKL4h43wqOsS8SSlxRWqumKar26ydM74eTCF2MUIi3E5if5GuDxbE+wLE1O9aiyN5K0xmY4ShBV5DIT/PKagVE5bPx4Bbtdr4nOp+kIOMEPNs1mGUEutsLu0jrXDNcTOR77E+GFGU1mVyrBdJWDBKRkmX528tYocCZqYiU7Au/w1uu1kQ1ZfnKypAnipXnVqq+6X0nepOYp46qGOpF49YHVnL2e8cEQOhT5huy7Uoaz2+hn0SdfBTuXUstxhEsGaTbfB0CKhhX/Xf2DWLc+ayyBzVFrD/1kA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+ut1pBEiXZC4obWt/v+3YVEsZQ9/f3qgYV/xHWAlt1A=; b=TO7Jnkygrgmolubzxv9q5aQuhIyHX7bSDTblkXt7r3hYuWjDMHnSEOHlKEsjdxReUiRrh6r4+/bSYK33nT6+Lp+iRqz7J+qzbEZWe2I99D8bwKM2d5mMu/DvIgcmEctQESBbPPn+Eqiwdq5qx1GjshAiR3s7t7gVVY6wA4Mz6QUoHX0mx1Cf07k/2XLz5KhZEhyZLH7XOJi+W/uVSXqWCaFJM5Tc+c6p7I3lBhujbqsubCaMfXu/k0D6UzMIorPg0AMbMjFvfGasf8jtZp1jpB8wGhgaGipvQ+vrNNdaN3BS4gwXeG/+pYzlnnn9vlfxi0K/VYt/hTTmGsrVext6zA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+ut1pBEiXZC4obWt/v+3YVEsZQ9/f3qgYV/xHWAlt1A=; b=MUoWnQyJ4+yARGZfnExpICIbA0J0WQfGQAg3t/osl5QnpHUZHAAJeOTrrvHz2/SnyLEVUImHKI9bgJl1ZGtANsQ7O2tLw9+JfLXGBDa7rGpO2MuC4UU581XDu4+c9xiYg5L0Ph338MoZlDkSCRWglRobIWhZLoU2wEVElFgDSX0=
Received: from BN9PR11MB5371.namprd11.prod.outlook.com (2603:10b6:408:11c::11) by CY5PR11MB6317.namprd11.prod.outlook.com (2603:10b6:930:3f::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5857.23; Thu, 1 Dec 2022 18:00:53 +0000
Received: from BN9PR11MB5371.namprd11.prod.outlook.com ([fe80::24f:2d80:607:9ab2]) by BN9PR11MB5371.namprd11.prod.outlook.com ([fe80::24f:2d80:607:9ab2%7]) with mapi id 15.20.5880.008; Thu, 1 Dec 2022 18:00:53 +0000
From: "Joe Clarke (jclarke)" <jclarke@cisco.com>
To: heasley <heas@shrubbery.net>, "opsawg@ietf.org" <opsawg@ietf.org>
CC: "andrej@ota.si" <andrej@ota.si>, "Douglas Gash (dcmgash)" <dcmgash@cisco.com>, "heas@shrubbery.net" <heas@shrubbery.net>, "thorsten.dahm@gmail.com" <thorsten.dahm@gmail.com>
Thread-Topic: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs-tls13-01.txt
Thread-Index: AQHZBUJ9+U4TDUqWN0+8ZzUjpigmsa5Yge2AgADQlxI=
Date: Thu, 01 Dec 2022 18:00:53 +0000
Message-ID: <BN9PR11MB537172F6CBAFD044B490CF09B8149@BN9PR11MB5371.namprd11.prod.outlook.com>
References: <166987104468.50685.985158519755735069@ietfa.amsl.com> <Y4g8SzupPkBSLotd@shrubbery.net>
In-Reply-To: <Y4g8SzupPkBSLotd@shrubbery.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN9PR11MB5371:EE_|CY5PR11MB6317:EE_
x-ms-office365-filtering-correlation-id: c4f975cc-5d83-4995-3fa8-08dad3c5fd15
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: NIbwZBzeW8TDsBVYAUUc3mZYrqm2k3drkKSC/n26WQWSOHb7kV28RGxxICSQS/cmsxfvHRFMIQq1UElDmzvoRH0eel8JqL07wFVSpdmXS91yXOuZrxNbCOhJZpIapqELMH3d8yl+WLQnf9AvIysRVlOmZwZR9BNlXFVv+s+giKpnn8bihdTDHt6SG+lDuWHpKY95VRKo9ZcvLkUgJ0AdgMS3Ts6BMKBpW6H6amDIZgmxRupWoxY5IRgCJhVS+hWRBNpOpmpEFzEYiLWZMAmpKOfR3rRcP6N6NH2YYjvh8JZmkXJ2lSugc8AHPQvtZ8GAz8xnsTYBtSoXlMrYdQt6cGTkANr6ljG3yfG0EykBqSQ0nGd+q8n9b/XTgvvuDehoj1Q29BMFr7hpXn2ahb0L0GRuCjzhR7IdKkINkZbQ1pZ7BYeJq0yV466ylq3Hk2NBiXOP+4wMQGXaKgT4XTPBKN/qHcn4lGhCBm2kuaTl0OihrRcR4gSjjFBsDddU1yq+XyC/s8zzHLmXn/j7yB9L5mmsKUlFpSVfSqa3zKkuXwgJ2zllhbnf1L+oUe2KBt/d1oTIerNv1g99JfJPkFH8eseH9+V6jMC9QYb3RIfrV5J/OwxHvwaB1MscLUe4Qj+pvtASqTUvZB8/M0jpVmZc917J+3FUlQQCF3i74q1KwmVTrebwRGGORDPykAGlx0uJ/t8TYU0LxtZK8bNtg1gxh8c/RLfqoFCqdA8m91LBJiw=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN9PR11MB5371.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(396003)(136003)(376002)(39860400002)(346002)(366004)(451199015)(66556008)(66574015)(4001150100001)(166002)(966005)(83380400001)(86362001)(2906002)(122000001)(41300700001)(38070700005)(7696005)(5660300002)(8936002)(9686003)(53546011)(55016003)(6506007)(186003)(4326008)(76116006)(64756008)(66446008)(8676002)(54906003)(91956017)(316002)(478600001)(110136005)(71200400001)(66476007)(52536014)(38100700002)(66946007)(33656002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: FavzM9BTFWWitm5Jv9hbt0H/+XKY34UGhn+2BNPOmjtzXnoVNNWsklC4q1q6YbMByVeyIcDLve3d4buHjYDPHTIhn2AeJgKEl/snqvnP5nj6LQT+ZEqAikpFS+TmW/3T/uw3A1li3RyWAPX4TJNi6egapCMxj6SkQk1qN4kV1Sl0WbxNFM0bqdPAbrr6Zo+khGY7oimIrUEvSCfJxBJErf6r40f+ESc2VinPPkFZqmCY4nsvpMWjNIpQ5fRExdzO4hYNorU/IykIiuZRdlKPymd84Gf7DNLZNGJAVA5cLDsuBYWxRfaRHpRtGqXwY2DAYKMatc99BaImfbtnNDh4POSjpaohgCZjsRVYlLXM3VpXvCqANNQj5G1Qxrl+P/XVrJ6O93pDsT7gl/ddNW4ZCKO3aIcv/DWEtH8g9imzVuRkXUgvqV0fqHGHtaUFSwV3t+8+QYTequYCQZCn2IxJWlKJLjSI6UA2aD3QpA80/NQFvIEal9yuW4cozyN3uIzaFF+dw/qM5yCDQMEEYXohzsTsdFLGMDnnS7Ep2wPuMNjdqtd1iRgmH2VbMSHAd2OOP2LuY5+Mu/56n9FjuuALhhf6AnUih/AZAIyKSPfWD2dtcqfm0VpKFOkdp6Kqir7pVONQ7dSz5UM1/mttIq9MghQTzUKwp0jGVOaFwlypLZkRIuMYDfitwefRF2CU5S7R+vPWqZ5rTsStJhdnbZv0vyhPd4PbUe1bUKI5DlBHY1WMOBXqXXix1W7JuM0ULMMRUtfO43mTyjxR2LwViyMMDgdtolnMYtRSjda/1HsALM268EK8JhpdUQoh8G4VjbH8F8JhItqbll770vbGzsFou6ieANJN6eHNHszeDnBXGANkag0WYYGsGkVcCJ7Cr70wem6w4NjpoH3UE8+TYyEWIPCfC8DcTQFXQYT1q+7KiKQJvDzFLAzlQ4Z4vxEndhcjDXWa/UsXftqpdVN2LTJBXVuvgo1N6yTbiteBlKhDeXasJ7XdnNtju9jTABRVnkobXaYjZ5YfVlWWr1aqg04+DQG51Tkro/jjupHrdNMIKluY7v3W5VgO9L9Y8x7iOghnDmp/gcO+E6rothvpmRYFzfLsWqiryinc6hdI73zM7V6SpmG+eHF6WHb2MPSxLDgWG3cBAavFfAHFRgBzFuABH+eyTuDEVxh695xZ6DJoq3xs+CJZu9RX8pNfi09BwJsr1NfGzFev8uUEQrVElqX1HlSPNMcUVQ5vhpyYK1JYzMql05b4EL4V0fx6UPS7bNcJ4WrMd4xRvqtDOoa1khmHaYlYyRJSNtba6xhtSbD1MTRhcEPPUKUvamaV9Q3ynRm6MqpKfj2eDf5zclrlNsj+CnZpCf179osHqn0lv7zKIeluwQsGPTqZkscARm4NhG+2zR7ctENvWdGUMKmlvo8qYiiQs0kfBIImqbChYS9+3ENgPDhJ2kLM+OS3XUMYhMAYDyAMC7tqp5nMylm31HOadOvPOVABzlWP41r3/hbuKz/5aJ5QhElCO/0ra3ND1roiqUWCAtMJfJXOIfdZzCcfKK5BIh74mOUTeK4JLDeyRm0pqrXdk0xfvyyAujPmTySoREj+y8w+9BmhCkwuLrmTJLzSk9Xh9StkGZyAqUvwNfvyLhddl5bpkwbJTjy1aQSY8zIu1BpGElCwx8brhHI3+w==
Content-Type: multipart/alternative; boundary="_000_BN9PR11MB537172F6CBAFD044B490CF09B8149BN9PR11MB5371namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN9PR11MB5371.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c4f975cc-5d83-4995-3fa8-08dad3c5fd15
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Dec 2022 18:00:53.3924 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: HCCCHQzx7Q91zBec87XtYN3Fh6Ven8r1YJACskmAjZUCHTGDIxT+Bx0Y5Q3yXimFXm6c6MAwI9eR/zS6rk/yfg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY5PR11MB6317
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.227.251, xfe-rcd-003.cisco.com
X-Outbound-Node: rcdn-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/hv9c-0F81jMVMJ3NyZhrZl3wW9k>
Subject: Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs-tls13-01.txt
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Dec 2022 18:01:32 -0000
I’ve read the -01 revision, and the new text in Section 4 seems logical to me. Being a bit pedantic, it might be good to reference that section when deciding on the correct ERROR to send. Joe From: OPSAWG <opsawg-bounces@ietf.org> on behalf of heasley <heas@shrubbery.net> Date: Thursday, December 1, 2022 at 00:32 To: opsawg@ietf.org <opsawg@ietf.org> Cc: andrej@ota.si <andrej@ota.si>, Douglas Gash (dcmgash) <dcmgash@cisco.com>, heas@shrubbery.net <heas@shrubbery.net>, thorsten.dahm@gmail.com <thorsten.dahm@gmail.com> Subject: Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs-tls13-01.txt Wed, Nov 30, 2022 at 09:04:04PM -0800, internet-drafts@ietf.org: > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Operations and Management Area Working Group WG of the IETF. > > Title : TACACS+ TLS 1.3 > Authors : Thorsten Dahm > Douglas Gash > Andrej Ota > John Heasley > Filename : draft-ietf-opsawg-tacacs-tls13-01.txt > Pages : 11 > Date : 2022-11-30 > > Abstract: > The TACACS+ Protocol [RFC8907] provides device administration for > routers, network access servers and other networked computing devices > via one or more centralized servers. This document, a companion to > the TACACS+ protocol [RFC8907], adds Transport Layer Security > (currently defined by TLS 1.3 [RFC8446]) support and obsoletes former > inferior security mechanisms. > This addresses two of the comments made by Joe Clarke. Among which, Joe asked that mishandling of the TAC_PLUS_UNENCRYPTED_FLAG in a TLS connection be treated as FAIL, which means that the authen or author failed and the client would stop and not proceed to other servers or methods. Upon reviewing to make this change, we concluded that this was not quite the correct behavior, based on the current behavior of similar errors in RFC8907 (S4.5 specifically), it should proceed to other servers or methods. So, the draft, in S4, now specifies returning ERROR rather than FAIL or ignoring the deprecated flag. Hopefully, this change agrees with everyone. We still have some operators/security considerations to address and the issues raised by Alan. _______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
- [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs-tls… internet-drafts
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs… heasley
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs… Joe Clarke (jclarke)
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs… Marc Huber
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs… Alan DeKok
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs… heasley
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs… heasley