Re: [OPSAWG] I-D Action: draft-dahm-tacacs-tls13-00.txt
heasley <heas@shrubbery.net> Thu, 07 July 2022 20:58 UTC
Return-Path: <heas@shrubbery.net>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2C08C157B4F for <opsawg@ietfa.amsl.com>; Thu, 7 Jul 2022 13:58:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.905
X-Spam-Level:
X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZOfYM6evZwTe for <opsawg@ietfa.amsl.com>; Thu, 7 Jul 2022 13:58:30 -0700 (PDT)
Received: from sea.shrubbery.net (sea.shrubbery.net [129.250.47.99]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F06BC157B39 for <opsawg@ietf.org>; Thu, 7 Jul 2022 13:58:30 -0700 (PDT)
Received: by sea.shrubbery.net (Postfix, from userid 7053) id B35554A818F; Thu, 7 Jul 2022 20:58:29 +0000 (UTC)
Date: Thu, 07 Jul 2022 20:58:29 +0000
From: heasley <heas@shrubbery.net>
To: "Joe Clarke (jclarke)" <jclarke@cisco.com>
Cc: heasley <heas@shrubbery.net>, "opsawg@ietf.org" <opsawg@ietf.org>, "Douglas Gash (dcmgash)" <dcmgash@cisco.com>, Andrej Ota <andrej@ota.si>, Thorsten Dahm <thorsten.dahm@gmail.com>
Message-ID: <YsdI9bKCHJsWy2/B@shrubbery.net>
References: <165423057408.3428.4172200321096081956@ietfa.amsl.com> <YpmPnrFIGF67oDXJ@shrubbery.net> <BN9PR11MB537175FDD5A21A975272685FB8BB9@BN9PR11MB5371.namprd11.prod.outlook.com> <YryWSpLvE7X4E11H@shrubbery.net> <BN9PR11MB5371D497D5FFE940E37DC1A9B8BA9@BN9PR11MB5371.namprd11.prod.outlook.com> <Yr302mhZNxs/Mf3n@shrubbery.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <Yr302mhZNxs/Mf3n@shrubbery.net>
X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc
X-note: live free, or die!
X-homer: i just want to have a beer while i am caring.
X-Claimation: an engineer needs a manager like a fish needs a bicycle
X-reality: only YOU can put an end to the embarrassment that is Tom Cruise
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/lvM5nfhIHtmgSl9YIS02hpM70A0>
Subject: Re: [OPSAWG] I-D Action: draft-dahm-tacacs-tls13-00.txt
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jul 2022 20:58:32 -0000
Thu, Jun 30, 2022 at 07:09:14PM +0000, heasley: > Thu, Jun 30, 2022 at 03:05:33PM +0000, Joe Clarke (jclarke): > > [JC] As chair, I will call for adoption of this work by the WG. I read Alan’s recent reply and understand how he feels concerning this approach to more of a straight TLS encap around T+. I would like to hear what others in the WG think.</chair> > > Speaking for myself only; I might have misunderstood this point of Alan's > and will have to review that email. I think that the approach is > straight-forward; start tls, once established, start tacacs, tacacs, end > tacacs, end tls. How much easier could it be. > > We did specify a few TLS constraints, that Alan questioned. We're open to > discussing those details, but I think we need input from more tls experts > and believe this can occur after adoption. IIRC, that was our response at > the beginning of May when the composite draft was submitted. Hey Joe. We reviewed the emails and draft and have concluded that we do not understand what you mean by "more of a straight TLS encap around T+." The proposal is as I suggested above. https://www.ietf.org/id/draft-dahm-tacacs-tls13-00.html There is text or lack of regarding SNI, resumption ticket lifetime, and 0RTT data that Alan has commented about, but otherwise nothing unusual. We believe the text is correct but are not TLS experts and think that these can wait for adoption. Please explain which part is not straight. Are you perhaps refering to a part of the other draft? https://datatracker.ietf.org/doc/draft-dahm-opsawg-tacacs-security/ Thanks
- Re: [OPSAWG] I-D Action: draft-dahm-tacacs-tls13-… heasley
- Re: [OPSAWG] I-D Action: draft-dahm-tacacs-tls13-… Joe Clarke (jclarke)
- Re: [OPSAWG] I-D Action: draft-dahm-tacacs-tls13-… heasley
- Re: [OPSAWG] I-D Action: draft-dahm-tacacs-tls13-… Joe Clarke (jclarke)
- Re: [OPSAWG] I-D Action: draft-dahm-tacacs-tls13-… heasley
- Re: [OPSAWG] I-D Action: draft-dahm-tacacs-tls13-… Alan DeKok
- Re: [OPSAWG] I-D Action: draft-dahm-tacacs-tls13-… heasley
- Re: [OPSAWG] I-D Action: draft-dahm-tacacs-tls13-… Joe Clarke (jclarke)
- Re: [OPSAWG] I-D Action: draft-dahm-tacacs-tls13-… Alan DeKok
- Re: [OPSAWG] I-D Action: draft-dahm-tacacs-tls13-… heasley
- Re: [OPSAWG] I-D Action: draft-dahm-tacacs-tls13-… Alan DeKok