Re: [OPSAWG] Alexey Melnikov's Discuss on draft-ietf-opsawg-tacacs-13: (with DISCUSS and COMMENT)

Alexey Melnikov <aamelnikov@fastmail.fm> Wed, 18 March 2020 13:28 UTC

Return-Path: <aamelnikov@fastmail.fm>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 808CF3A1560; Wed, 18 Mar 2020 06:28:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmail.fm header.b=m0vVoebL; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=mPlkr9bz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yRqQ5z2pV2Ac; Wed, 18 Mar 2020 06:28:12 -0700 (PDT)
Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E31F3A1557; Wed, 18 Mar 2020 06:28:12 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 3C2B6528; Wed, 18 Mar 2020 09:28:11 -0400 (EDT)
Received: from imap21 ([10.202.2.71]) by compute3.internal (MEProxy); Wed, 18 Mar 2020 09:28:11 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.fm; h= mime-version:message-id:in-reply-to:references:date:from:to:cc :subject:content-type; s=fm2; bh=JXCfHwf3W/ngrjXqYqeDl+hdVZO0Res U5hPWqn9iapA=; b=m0vVoebLdWjpoZTgrrvql2naYuJNIU3QBE1Qtxc5YWOIBL9 2VNp6Ha7lVxKLWILzGfI5SJ7NtvBC92aLqyRwJ93u/ABfRI82OLKuqQilXVWwqLb l0R6GefeottOVqTmnqOwdJMl1/5pqpCNolqS/xt+UQsS/LwYCGwe8LbPlDabJevl cvBO5Q8WLyRAMMek0FDZKjEIMbjAVbuuSejEHy4HRKumxLcGpA6z/ydlTCG7HIU9 epL00HbZMdrlfecY2LRGxUYyXCVx9o5xwD+NKxlggiEbWMPxOreiWjGLu2fXP6zb bqMUwBHXcK+ovmB6a5T9+sOYdYggm2/sFDgb+WA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=JXCfHw f3W/ngrjXqYqeDl+hdVZO0ResU5hPWqn9iapA=; b=mPlkr9bzPyoWPZpJywVHKl re29h5vFAUPstPn6/tFrX3e3HQBQZM+rFGZjWH8SO8LZdZ2nXkZAsEcDH8FlxY6r Cy0slX2rwCe92ZUTjrTR8LpTgfWQe9npHdkEbXbnBHVbaOSQ14061SsFPn5GIIuD 7lG+IFTqwCdxJAqpZf5u4OEn4SXUVAiPv3dG0nLs0AvLC7UBw0yAM49YDWWTBHlt TS6ZDmHj0LeDpV7eWfRdTT4NjdhKfIXNZgA9IfggfBoH7CUH3d5eLVdebFLqIJbu c5PHSxIdIHAwGtG2z30F92/7uorKqSNYZ5giOcy6h1L/uatFkd44JhOXnsmj1Ujw ==
X-ME-Sender: <xms:6iFyXvMt5UcUE6FknbCYNrfMosW1Ci_HimnrtWDN-eGlA3lx-es5IQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrudefjedgheduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgesthdtredtreerjeenucfhrhhomhepfdetlhgv gigvhicuofgvlhhnihhkohhvfdcuoegrrghmvghlnhhikhhovhesfhgrshhtmhgrihhlrd hfmheqnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhep rggrmhgvlhhnihhkohhvsehfrghsthhmrghilhdrfhhm
X-ME-Proxy: <xmx:6iFyXnIXkW2Z1aORfRD-8MSLF9LUHmopFOyrD8q_DxTQ2lStwuTXCA> <xmx:6iFyXm218g8Fo8PF3klTMO0HyiitwbjIAxcdg5aV83dPB5fjv2TWug> <xmx:6iFyXjXLDlp-j9RKGXZ5-lRPZZk-b4ADDZ2ANpb049XW9wSrPvXvsg> <xmx:6iFyXtj4XzV8HRQ95D27HfergnwMmvCWDAtDQYPGcTBeASRUpH2zVw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 93A3A660069; Wed, 18 Mar 2020 09:28:10 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-991-g5a577d3-fmstable-20200305v3
Mime-Version: 1.0
Message-Id: <6be79839-70a7-4639-a1de-87e47c59cf0f@www.fastmail.com>
In-Reply-To: <93780B8A-40AB-43DF-899E-34DA47E0807C@cisco.com>
References: <155798766808.30465.13613903853679159439.idtracker@ietfa.amsl.com> <93780B8A-40AB-43DF-899E-34DA47E0807C@cisco.com>
Date: Wed, 18 Mar 2020 13:27:49 +0000
From: "Alexey Melnikov" <aamelnikov@fastmail.fm>
To: "Douglas Gash (dcmgash)" <dcmgash@cisco.com>, "The IESG" <iesg@ietf.org>
Cc: "draft-ietf-opsawg-tacacs@ietf.org" <draft-ietf-opsawg-tacacs@ietf.org>, "Joe Clarke (jclarke)" <jclarke@cisco.com>, "opsawg-chairs@ietf.org" <opsawg-chairs@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/pwatuxtxkMXfGkq3aXacFE9exrM>
Subject: Re: [OPSAWG] =?utf-8?q?Alexey_Melnikov=27s_Discuss_on_draft-ietf-ops?= =?utf-8?q?awg-tacacs-13=3A_=28with_DISCUSS_and_COMMENT=29?=
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Mar 2020 13:28:14 -0000

Hi Douglas,

On Mon, Jan 27, 2020, at 8:28 PM, Douglas Gash (dcmgash) wrote:
>     5) KRB5 and KRB4 need normative references.
> TA> The KRB5 and KRB4 are not specifically used in this document, 
> rather, there is one field with an option that the client uses to 
> indicate how it authenticated, and these are option. This is not 
> verifiable, so it is recomended in the documen tnot to use this field 
> for policy.For this reason, it is not really useful to provide a 
> normative reference, but it is required for the document to explai 
> this. So have added:[AI+TA]

Please add Informative references for them then. If I decide to implement TACACS+ and don't know anything about Kerberos, I wouldn't know where to look.


All your other changes are either good or I can at least live with them.

Best Regards,
Alexey