Re: [OPSAWG] Alexey Melnikov's Discuss on draft-ietf-opsawg-tacacs-13: (with DISCUSS and COMMENT)

Warren Kumari <warren@kumari.net> Thu, 19 March 2020 00:00 UTC

Return-Path: <warren@kumari.net>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95CCD3A1E9E for <opsawg@ietfa.amsl.com>; Wed, 18 Mar 2020 17:00:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G1FChFLtUMuI for <opsawg@ietfa.amsl.com>; Wed, 18 Mar 2020 17:00:18 -0700 (PDT)
Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 078683A1E8D for <opsawg@ietf.org>; Wed, 18 Mar 2020 17:00:17 -0700 (PDT)
Received: by mail-lj1-x233.google.com with SMTP id d23so366615ljg.13 for <opsawg@ietf.org>; Wed, 18 Mar 2020 17:00:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=bh00a2KnQ6hqRuVQKw9DF+8EyHTpvJjzvadaDTQIPjY=; b=duP/OXDLF0Zf+PieGPMlTh6txchgfexuxXcf3A6t2W0luupVJIktIuZmAWvQXbf4Qd hEIy42asAwpmXycFN2cqdIT9NqNsfsUTcdydnV2t+BeUZDSKhuIb8S2W95j7H+O9CK4Q KAm7+MskuSGFKLQMr7mjBf10PLXgmaTKqGjZjxgGEUMdjwaBUqv+MDj0g3QfAeZB3fLl MqSBTuMYG7SShUHg9EgN17l8h7B4dtnHAdEkOplaAg72RZW8KVQ2YmBBiVMOAEazMc2+ gLZFuZ/2AGilCe6kgyej+sNNLJOEdZvRtqQsBo+vROPMB7wayr5Tw1a9NT5kiTdFPm1X BMtg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=bh00a2KnQ6hqRuVQKw9DF+8EyHTpvJjzvadaDTQIPjY=; b=FPVWdoqX9sHQkPc/anhsTf56/dGFe+PW64RnjmT/czjY9pFHBiyLBJigbYLT8zeMDL 0E9s/u9l5HGvfaC1Dav7l+g9m7+jpbuEE8CngmstQzUiTKTn7ZXwqyaKeiKXd3Sm4WoN A/6F6zgDVy075UbXaAVoNvAGJrK+rT1XQNbyeiXt51B7X4jhL/ZdDn5Y1aqxZRgS+fOw vahY8vC0SBAhyyB+ZExGZoOYkyz5Yn6RZzD7lpnbyt/nPeJ09T3eOY3ZAR1pdk7jQlb3 zACH1NncC3ceNjgy+2+EOH0Jgp16jn4oz+EDXAADQ1UV20xITYTcyhBz0wT8gCl/tl6z JOqA==
X-Gm-Message-State: ANhLgQ2E68bB9mm5qcnRtN+D7X88iFUzUE1MiQZFbPiCxXCJ12hYoDpU Xs4qohZVz8gB6VcNDWTs5pfTxz6C93oDHFXIUV2aWg==
X-Google-Smtp-Source: =?utf-8?q?ADFU+vtMR5kUH43tMEWhkhO9auD9uEboFw69t31XW+Qa?= =?utf-8?q?GlGjUDiR0IIaI/VVOjUn0ICdPCD/IcIuQNyLRH7EAeQbDCM=3D?=
X-Received: by 2002:a2e:a0cd:: with SMTP id f13mr301750ljm.198.1584576015633; Wed, 18 Mar 2020 17:00:15 -0700 (PDT)
MIME-Version: 1.0
References: <155798766808.30465.13613903853679159439.idtracker@ietfa.amsl.com> <93780B8A-40AB-43DF-899E-34DA47E0807C@cisco.com> <6be79839-70a7-4639-a1de-87e47c59cf0f@www.fastmail.com>
In-Reply-To: <6be79839-70a7-4639-a1de-87e47c59cf0f@www.fastmail.com>
From: Warren Kumari <warren@kumari.net>
Date: Wed, 18 Mar 2020 19:59:39 -0400
Message-ID: <CAHw9_iJdaOQbL-07hsVxSPosjw-6Rb3FOnAngFiCebb6_pTCUQ@mail.gmail.com>
To: Alexey Melnikov <aamelnikov@fastmail.fm>
Cc: "Douglas Gash (dcmgash)" <dcmgash@cisco.com>, The IESG <iesg@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>, "draft-ietf-opsawg-tacacs@ietf.org" <draft-ietf-opsawg-tacacs@ietf.org>, "opsawg-chairs@ietf.org" <opsawg-chairs@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/y406cpCM0eCrhQvOdJBom7qjgT0>
Subject: Re: [OPSAWG] Alexey Melnikov's Discuss on draft-ietf-opsawg-tacacs-13: (with DISCUSS and COMMENT)
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Mar 2020 00:00:26 -0000

On Wed, Mar 18, 2020 at 9:28 AM Alexey Melnikov <aamelnikov@fastmail.fm> wrote:
>
> Hi Douglas,
>
> On Mon, Jan 27, 2020, at 8:28 PM, Douglas Gash (dcmgash) wrote:
> >     5) KRB5 and KRB4 need normative references.
> > TA> The KRB5 and KRB4 are not specifically used in this document,
> > rather, there is one field with an option that the client uses to
> > indicate how it authenticated, and these are option. This is not
> > verifiable, so it is recomended in the documen tnot to use this field
> > for policy.For this reason, it is not really useful to provide a
> > normative reference, but it is required for the document to explai
> > this. So have added:[AI+TA]
>
> Please add Informative references for them then. If I decide to implement TACACS+ and don't know anything about Kerberos, I wouldn't know where to look.
>
>
> All your other changes are either good or I can at least live with them.

Thank you very much, Alexey -- authors, please get a new version
posted *soon* - sadly Alexey's term is up in a few days, and we'd
dearly like to get this published before then...

W

>
> Best Regards,
> Alexey
>
> _______________________________________________
> OPSAWG mailing list
> OPSAWG@ietf.org
> https://www.ietf.org/mailman/listinfo/opsawg



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf