[OPSAWG] Alissa Cooper's Discuss on draft-ietf-opsawg-tacacs-13: (with DISCUSS and COMMENT)
Alissa Cooper via Datatracker <noreply@ietf.org> Wed, 15 May 2019 18:55 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: opsawg@ietf.org
Delivered-To: opsawg@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 967B112077E; Wed, 15 May 2019 11:55:40 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Alissa Cooper via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-opsawg-tacacs@ietf.org, Joe Clarke <jclarke@cisco.com>, opsawg-chairs@ietf.org, opsawg-chairs@ietf.org, jclarke@cisco.com, opsawg@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.96.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Alissa Cooper <alissa@cooperw.in>
Message-ID: <155794654061.30693.7206500631491410439.idtracker@ietfa.amsl.com>
Date: Wed, 15 May 2019 11:55:40 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/ramaCqnBk1zqZR_JBXtDYl-iL7w>
Subject: [OPSAWG] Alissa Cooper's Discuss on draft-ietf-opsawg-tacacs-13: (with DISCUSS and COMMENT)
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 May 2019 18:55:41 -0000
Alissa Cooper has entered the following ballot position for draft-ietf-opsawg-tacacs-13: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-opsawg-tacacs/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- (1) The Gen-ART reviewer Stewart Bryant (SB) asked the following: TAC_PLUS_PRIV_LVL_MAX := 0x0f TAC_PLUS_PRIV_LVL_ROOT := 0x0f TAC_PLUS_PRIV_LVL_USER := 0x01 TAC_PLUS_PRIV_LVL_MIN := 0x00 SB> Where are these defined? Please define the semantics of these values. (2) Stewart also noted the following: TAC_PLUS_AUTHEN_TYPE_ASCII := 0x01 TAC_PLUS_AUTHEN_TYPE_PAP := 0x02 TAC_PLUS_AUTHEN_TYPE_CHAP := 0x03 TAC_PLUS_AUTHEN_TYPE_ARAP := 0x04 (deprecated) TAC_PLUS_AUTHEN_TYPE_MSCHAP := 0x05 TAC_PLUS_AUTHEN_TYPE_MSCHAPV2 := 0x06 SB> There are lots of lists similar to the above. SB> I have not checked them all, but a number of the types SB> in this and subsequent parts of the design don't seem SB> to be defined or have a definitive reference The way I would say this is that the document seems to be written for people who have already deployed this protocol, and elides details that would make it comprehensible to a new implementor. But it also contemplates the prospect of new implementations. If new implementations are actually expected (which I was surprised about, but can believe), I agree with Stewart that each of the field values need a definition that explains its semantic. If new implementations are not expected, then the reference to new implementations should be removed. (3) How is "secure deployment" defined? Since this is used as a restriction in several places, I think it needs to be defined precisely. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I agree with Deborah's comment, and would further suggest that the lack of modern security mechanisms in this protocol needs to be called out in the introduction, with a reference to Section 10. Please respond to the Gen-ART review, which makes several suggestions for needed clarifications. In Section 2, please use the RFC 8174 boilerplate.
- [OPSAWG] Alissa Cooper's Discuss on draft-ietf-op… Alissa Cooper via Datatracker
- Re: [OPSAWG] Alissa Cooper's Discuss on draft-iet… Douglas Gash (dcmgash)