IETF Logo Mail Archive

Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contributions, Status and Plans

t.petch <ietfc@btconnect.com> Fri, 19 May 2017 10:49 UTC

Return-Path: <ietfc@btconnect.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4C3F12EC42; Fri, 19 May 2017 03:49:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.702
X-Spam-Level:
X-Spam-Status: No, score=-4.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qO8aijVMySDC; Fri, 19 May 2017 03:49:47 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0101.outbound.protection.outlook.com [104.47.1.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A85E1129C55; Fri, 19 May 2017 03:44:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector1-btconnect-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=jwKir5LXNpyf5iAfe5algulXn5VM6Vzwcz9zzRmVvmI=; b=jNs1EWRCsGCgn2dgohW/Am2yqizXES9/7vn0v6v7fpCX5LDoUH9lFp++/t3JZUPN+GU2HUiAXIdXqbKDJfZb1GAr6507J2VR/Cl2E+S0i+us5EXt6IyPhaenmtHCcHGDGYqS90T/B76bi+uaWScHSTjF/NQGNHVKlR5uFJQEXCc=
Authentication-Results: deployingradius.com; dkim=none (message not signed) header.d=none;deployingradius.com; dmarc=none action=none header.from=btconnect.com;
Received: from pc6 (86.169.157.161) by HE1PR0701MB3002.eurprd07.prod.outlook.com (2603:10a6:3:4d::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1101.8; Fri, 19 May 2017 10:44:05 +0000
Message-ID: <017e01d2d08c$6fef0560$4001a8c0@gateway.2wire.net>
From: "t.petch" <ietfc@btconnect.com>
To: Alan DeKok <aland@deployingradius.com>
CC: Tianran Zhou <zhoutianran@huawei.com>, Ignas Bagdonas <ibagdona@gmail.com>, IETF OOPSAWG <opsawg@ietf.org>, draft-ietf-opsawg-tacacs@ietf.org, opsawg-chairs@ietf.org
References: <D53BBCC7.22ECC8%dcmgash@cisco.com> <61D9FC7A-6F10-44E6-8400-578C4FEE1988@deployingradius.com> <D53C62F4.22F82E%dcmgash@cisco.com> <E7D62944-46B9-4091-BF16-0AF8CA47626D@deployingradius.com> <fc8a1ff5-db6f-d463-8ff7-77ec03f1f25f@gmail.com> <006101d2cd9c$e8c0afe0$4001a8c0@gateway.2wire.net> <BBA82579FD347748BEADC4C445EA0F21A237CE44@NKGEML515-MBX.china.huawei.com> <00c501d2cff7$ca31d1a0$4001a8c0@gateway.2wire.net> <ED75808C-16B0-491E-BDA4-688BA05F747E@deployingradius.com>
Date: Fri, 19 May 2017 10:51:55 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Originating-IP: [86.169.157.161]
X-ClientProxiedBy: DB6PR07CA0090.eurprd07.prod.outlook.com (2603:10a6:6:2b::28) To HE1PR0701MB3002.eurprd07.prod.outlook.com (2603:10a6:3:4d::8)
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: HE1PR0701MB3002:
X-MS-Office365-Filtering-Correlation-Id: 612aa585-4568-4825-de8f-08d49ea3f906
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(201703131423075)(201703031133081); SRVR:HE1PR0701MB3002;
X-Microsoft-Exchange-Diagnostics: 1; HE1PR0701MB3002; 3:3wMeCCndm6mzJ2MBc7jMSIXulmpwytpuIJUV0Bzv68Sjjvjk4nWoM2JCx919SWBjtcJd27CpJ2TYQ9eCTxw6heFtZFM6CM9LBUZ3RhZdJ9vgRodjsqR0E4qeFGZLFvPFxb6L8IjAqVoRqNWPsU5+lO6oCm3fsIE0AY9XKBy6GCas2Jh7xnbY3yTWADPQEPBd7BTQtCZNQHttB5IzRGVgVNfIgPpc1z6BpIAhb8ch3NNNw6XzpS8yfDfqWaNPRzRuRYmzuwGrvOeGTK1Jh04amWaeApiAfmImz3uQt4+JDJCbL5aAtCAHjPAuTpD1JiSLeNq0mft6eBIeMkUnwa1tag==; 25:aTLqIBO5fb4wtXJrVIE/wUc50OHjofqoYLjH8xpFGkwELB3U+/pxxZav6WvNFxpVmn4BLdKIDik+6/HWOS2Ux32SxBZrOrGxTDC0UHMgqvn6dlCJZlNOwPD41Y7NLacE0F035Csni9OUeL0zB7ybUACoQ+u0nnh+Z+K3YWqMP7v/VLkpa6GO7VS0zyZRRDewy1aNThuoqdtiq+vyOl/jtv3s66cE9jVbJHPQr+ExVSOkBaY1KUbc4tf/a6uDKa8qNpJHbJxCDNRJeHMgbdZy5xa3e5SyXQUegP25G2yj/a+usZuzbU+SsUqUZl7HiDaGyiV9EzJ6pTv5S6e4+EKJGvF8R1h69pBVYCt7FH0feXV/EBvwj8otW4dClO4vIncdnk2oJUtLgtsAmCjNLN/S7GtHvI9WH0F1QmBSQMa2wzhVzOYN2RW+7WZYotvLl4dCD4ZOQZWcaAcjvjzK1mYHMLpgRHa7J2RQTpTVnGV7q0I=
X-Microsoft-Exchange-Diagnostics: 1; HE1PR0701MB3002; 31:1FcuHX/3BmO9+P5TQSHt72RZdXDLDpEA1JWMoIsCTgKctdnEhcKw03ECMgaY/QL9kSQ38F9+XuMaROCqZYN6D1TzwxBEP800CWL0vgM2jQ7AJ5VH/zG0dJwmWKw9ByBlJm9W/tie/EnWGPOADSFQzc8gZ7Npp+s5JmrLienhIYvxPzq24bZnNdWtWyEF3CdWo+WmAduNltCu3KNiDjQjnr1CGxWIN3VATaQ6pRAf3JOksLS9HWNjqhMNyvWkrXgE; 20:0hWOJh4LMmZ2It0RAz/z8btxsq2A4b+ehpuO9u6GhBiGaa8/5oRPy42XORVAWibUje1fw3UHvVrtEsjm4PwwVHY7KhPXTHcTCzl9PQ4ka6R0Hm4vzhm/Z51hfd2nrswyKKH4nRPfKOQq3PC4XJhUxNyol0jt4n1dIV6gWgOazEM=
X-Microsoft-Antispam-PRVS: <HE1PR0701MB3002BC57225B43298B2A1F04A0E50@HE1PR0701MB3002.eurprd07.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(178726229863574)(192374486261705);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700036)(100105000095)(100000701036)(100105300095)(100000702036)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(100000703036)(100105400095)(10201501046)(6041248)(20161123558100)(20161123555025)(20161123562025)(20161123560025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(100000704036)(100105200095)(100000705036)(100105500095); SRVR:HE1PR0701MB3002; BCL:0; PCL:0; RULEID:(100000800036)(100110000095)(100000801036)(100110300095)(100000802036)(100110100095)(100000803036)(100110400095)(100000804036)(100110200095)(100000805036)(100110500095); SRVR:HE1PR0701MB3002;
X-Microsoft-Exchange-Diagnostics: 1; HE1PR0701MB3002; 4:OV7a3lMvKOioT62j/r4I9ViuyMnjKb3fA+7er9TKBXbgf7rsD4v41CDyIWvT4l8T1MLE+Kg8uPpN6UA2/IPRUzWs0ped6fWQhfvAeHoIxi2vzyhx5zeHBAw8iLVh4+1LUcl1BiycLO8e60xxnSD2CcrpCmlrcRpPOF5iqewBwan1tZMxS9vUptD15AYh0GlyzS/sHyZEB6I9mLL1PJQMYRZwVmLxbk8DBTYZOpZ30BGOa0Ufey8sI2XDzkPWR/9TGfvc4mZqUjeghS24pYhAlcsjyuRc85j+oznv18YF/kXGkU+C+q/FY8feIPiL4vdpmgGpWn9RR09w0YdfZvlQxA5Zg53OuK9Fvhn7Zx69q9fRA9mg6/n4JMg+tC9o6zLYPvq/NotX2g0fJXkgXiLEPPhiatACk3P18msXaXj/h+AjGqi5RJUTvmKpQZoZc0aM8WWohfyzXZ2fBRo3vA7WjLvmFIrBE+Vg87gWFXF3GmkVgTKaeW0l4KYRKIoBbQCKv44A5S5FAix9Z1mBj5apQuNGj7vEuzJXR61d9PbFixz4C8/+MxncOLz+pFAPH9PsxeAjui/UwXdUyFouAGtZamPwCJaM//Ib6gOkIANQgCuKJ4nd3+Ft+panPUuOqeO9Hv5REjfI+NVtE5TJlpQTCi3VieDDcVjbiLtmeQ7ckomjygF8xgtktZXAx7VHEcFkLuR2a6mhI/KmWal48+GbzIbEYFC2nwh0GfDLRSn3WWuA+BcOt62zXCJ1GwjIVqXonaGxjfAgN/DfS5YdHWviG0bEFt9gEm5FB2eZqQPm5nXs9N35t1JL5LtZHwKwGb8Lf8nLGocSGgGMMX5xiw0JRDkVcgwH1xl5hXNnfWiogIGlOUXeUVijVTgN7iUzJX3VvD8KSz0XqITCLNv1fLs304BWkuGK2fxN0/ZRWd0RYYcYmCh7sX8B0GZNOV0LjxrnHQ2M46lTsO5c6ORW+ptiVuna7IMgmDYtKOsSiunzo5pigSlzhrKCiDFNE3RaOEoO27GcC75Hi77Ftg9Aa5KhyZK2gabw//HGfsQ2arnSlTnKP1p0LhPt4IVxG02YMYmVsFTJfVKaEBmnYxxWL0FA6b5HFf8f4L+iVYKa+ZS0YyVe8NKQQGhfVYhYKIZpYn7CqWyTZab+yg5soZPllq0eCyfAkgJYFJ1pL9ElFI5k7/JTB+mk/TAGP9NwVEi+fzQZO0fqNXYq/uYRLRY4bljEUA==
X-Forefront-PRVS: 031257FE13
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(4630300001)(6009001)(39450400003)(39860400002)(39840400002)(39850400002)(39400400002)(39410400002)(377454003)(13464003)(24454002)(14496001)(33646002)(44716002)(42186005)(229853002)(61296003)(93886004)(4720700003)(6666003)(3846002)(6916009)(230700001)(4326008)(66066001)(478600001)(5660300001)(86362001)(23756003)(81686999)(50986999)(81816999)(189998001)(9686003)(76176999)(6496005)(305945005)(230783001)(50466002)(110136004)(53936002)(6246003)(7736002)(38730400002)(2906002)(44736005)(50226002)(54906002)(84392002)(25786009)(8676002)(6486002)(81166006); DIR:OUT; SFP:1102; SCL:1; SRVR:HE1PR0701MB3002; H:pc6; FPR:; SPF:None; MLV:sfv; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; HE1PR0701MB3002; 23:Ia2JryXvCeAT0Sz+/TnCB2nG2vfN5IT0UnbtPXV3LX/eYh8mcoS8hoLQ1piMO7RiVPi1XgFnIojgzBaby2wRFOCskStMyyZoc9XdNh4vq4SyNQVRCGaS05L+NJaT0fUD+L8pInnJB79E6Kx+Gbkg7WjRamG7xSL5QMmVliWqlEfw7oWD1JbFmiF+fHJ6kTu5K9mkIci9KYNhv6Ah88rDUzHIGuJnk2zwd+3ZlVFRux1fEdNUjOt5HLJRt4VMFAoGMzP3rWHqznnWGRXeMSwC0F2WxHEGFT/bVetvLMMqFUoY+UA8LFf9LKswJmXfN1vXeF/9w44nmh9a/qjRWvuV13rukq3mWOmrOWVXL/ZozCbxhM8ZFO/Qn+GxsvfPMWwyw2JSBjzHUagkPFYgSxb6I/Cx0L68D79j2p6Vnwsm6Z4bS/5qfobOZjaOtXc55nrJSzUw6kV0FaQHJi2+6fnk8c39NGmd4D+7GvequknV2OK8q5sp4gs7+1B/vUlaaE4H7y288q7WpMy94RZY+jTYRJ/Y4td2JOve5Rhuy9WNIlEpMYa+dX9TYeGATKibZXBXs65ECDSAy85WtYIP0FWHEcQGGalQS+gdw8iD63Cn+AEiPDChKoT0bPDV/lG+9umSvJlmmsTapypVEKWyRWgDVf5pifL5BBDhGLw8UJjY4EGFwXG/chwWhCgeEpNWPt4QYvZrXgR+68OsMQ8mk0hO0lIi7E73eKBZN8oOtXk4GX/lZDak1kj9EIZfwsNchLttgaj0MuLexw8h3R6BkyNnj1WRbK263IIqZ3oHZtQIDotut+AnCTt7uQcPO8R13GmxDP1pSgePnXAdofUAZ2xwBZc33EH+1ehf0Z+O79BDo7bC12RcWPWTZWyYRljULppuH0DIeyuDq0jNw+y7/gw0hymQ5vUl6oqh87I9kQuCHbNFHbHVko/bYdMpPPUs/1FPZrK1oxFKb+jI0HYplGyjYoV+anWuso4fqYMFbV2OicHaFDvqZfGH/WORQVO3qf3XyXnCjKeV9pai+HnllNRegKqdU2r5yI0njEd5SJ8XEBs8T+xC1FMdOnBxj33Hv+7zuKUbZsdWj9+xM62+t7rAJQErCihEVce1CZcRWfXHRwAJ7zVE9vQUmS3mw+uF09kf6MNBQD6TzeQNcqSjjQCEhqblHmIlqmPyl9I2ll/XFpTGefmnHL9uxBrA7MXahmf2FamIkzIZXBumxx+PVGbfgbIkG/li9FOBWTfyO1szhfM42KazeYwcCBY3g35ZTtrZQfL9h+obnYA8lDet6LjOpQ==
X-Microsoft-Exchange-Diagnostics: 1; HE1PR0701MB3002; 6:DT0wSqK/mwNumTWoPXo+xYbX/mmPF3oQLEbruDHZsI4DCZ8XHMkxnF+uOllwcHoOVhXnerPquAw7OgvaKahqWBrXHjJuBXoY0Nb/QPNgOXEl+G/zVsQFE8JGZD/UT+MheDzLHkmEQL1E3Jh48lM5/u1UjF2bGhkcpxr4E+iFyLs0MNupXdkhkByZ2cAXqlnxxvFkSX4GoR3mKjradSlxlW3IDlYE2sWaofPAoSrqOKPlrNTaKTbRPblY+ERBV7jaA1M5rfVMSs6HYNk7GUOwVzkzJzSTO/GJ4rqnhqYBihendtyn34X18tMXEPBqKesBI+j/+kzPz0ZClh0NV8A6zlQIbj72B91y0KFJJ3CpHTzPLqywtq632z6zPXGOt9tUhi/quhWIYjcQXoILDHXEhcZO9h8/59JGGY9LgafrKLNUUt9Y89R1ILTYQ6zrRNX04L9zsbZHwSqgZXnnQJGg2AEeZSO4DVxw18w/A2f4rUKQy77Qp+au31efC0LOteRCOnW5Rpqzd2EQue9QxTpM4w==
X-Microsoft-Exchange-Diagnostics: 1; HE1PR0701MB3002; 5:C9PieBB865/1XAddXFQBTgdjN6remh/YujFi1W1M5W8rxDFGZKcEWtnMp3L2Equhuk42BZVzlIp1Ej1gzkwvI/NoIWqVp574WcXUijlqfjfuQ9ytLL/QViXseGsQaKqioyO0e8sIPeUWRdwPfY49TDngD//XdE5DU411gjcKnZN4c1B9lb65hU2Yru3o+MtwgQulAxpNpk6Co/5rbtr6QJ6twWAcXUlrvwk4qLy37hgWM9E8wbxcLe39LG4abRSrwSoJ8aF5UsPNvlRZGEsoBijBAndoehYDIn3r99uShA6V2wk30razX94oU49IA3NDC4MHMbg8V3ktKht+HVylaSaJwkAUZATsPnT9mqEFQFqYVYhCGE76uMiNfIoWaAoJkA+lZ6axjnRPequMpJiMtod54y14hU6nKQbSKgwgUK3jwsRUFd1PSy4jwTedHGqJ9b1Pm0t22GVnjJKciah87zufbM1Ym6L4KJpF8pVGy+imQT24gfpXbLaR6EczEipB; 24:dLKDRJ33aJ2LzzEp/FahBvlu8f9CaGz8cZA8xNx9S2F6CfcKKDxgONar/CnuaRB0XR7s7UNSqhI+Xdtvwk6jIsO5i4VTrPs4SsPBV71uyhE=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; HE1PR0701MB3002; 7:gSGNDgS5GkYaV0exE/c9wrLfE2NZbeCTJllOLT6a9ztBYRexZX5eO/ieaPr2E4s8lg3jBmKqFzCxSdzNph06R4T12n/xfq3nSr5trIxJi5AjMP9DtgDkC/IeZCW7IoXqaHGeBAa/8nNp1jY8s/S87SlCVqLZbjcBj/niEA3Pm9X7CRbzhOabuKtX5mPqLaEb732i1oaUItDYIcv8ZKQvrywvYF97ZyedFLXYZU21PyfGEYn1hHL97PTWhS0KIxIaU+Ishago3NUjy8DeaC2q2fxKfwGf1g65L9LX4vmOBuaW5RCj7FNOSAIzvhFCGSfFZgdb+nmbzXLyCBPbWca6tg==
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 May 2017 10:44:05.1919 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB3002
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/pnWU0rwndLWGxiLxjzLYaOr-6so>
Subject: Re: [OPSAWG] draft-ietf-opsawg-tacacs-06 Contributions, Status and Plans
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 May 2017 10:49:50 -0000

----- Original Message -----
From: "Alan DeKok" <aland@deployingradius.com>
Sent: Thursday, May 18, 2017 6:40 PM

On May 18, 2017, at 12:57 PM, t.petch <ietfc@btconnect.com> wrote: of
thought.
>
> This I-D, as Alan has commented and Doug acknowledges, has several
> places where the description of security is more 1997 than 2017.  If
we
> turn such parts into a clear, concise specification, we may then find
> that we have wasted our time since the Security Directorate then says
> that no
> way can that appear in an RFC, even an Informational one.

  They've approved RADIUS RFCs... by holding their nose.

> Would it be worth seeking guidance now on what is or is not likely to
be
> acceptable to a Security Directorate review?  Not a line by line
> analysis but rather
> higher level guidance as to whether such things as MD4, ASCII login,
> RFC2433 as Best Practice and so on can appear.

  I've been on the Security Directorate for a while now.  While I don't
claim to speak for everyone, I think the current approach in the draft
will be fine.

<tp>
Ah, I did not know that.

Scrub my suggestion (while I hold my nose:-)

Tom Petch

p.s.  I notice that one of the addressees is now OOPS A WG; mmm, yes.

  They may ask for some sections to be removed (i.e. servers pushing
keys to clients). But everything else is pretty much fine.

  The idea is that having a documented protocol, with warnings and
caveats, is much better than an undocumented one.

  Alan DeKok.

v2.23.0 | Report a Bug | By Email