Re: [OPSAWG] Éric Vyncke's No Objection on draft-ietf-opsawg-tacacs-13: (with COMMENT)

"Douglas Gash (dcmgash)" <dcmgash@cisco.com> Wed, 26 June 2019 04:08 UTC

Return-Path: <dcmgash@cisco.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62744120605; Tue, 25 Jun 2019 21:08:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Lqi+N+HY; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=wSXSemHg
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X5f8z4_TJoWy; Tue, 25 Jun 2019 21:08:30 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09E7312011E; Tue, 25 Jun 2019 21:08:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5170; q=dns/txt; s=iport; t=1561522110; x=1562731710; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=w54VzuXMQtroI+Uv5dQ5rTFQ2OurIIYLOJdrdjyANCY=; b=Lqi+N+HY413Ku3caP5O1Hhd0LwfSvC/vU/5BpVt3P/VS6YEfyz12i6Vc i3+8392jvS8yoQBp4EC2yDCBbOe9u7puA3Di0fzg7zfO6mkTFelavpXGE zmcgAF6JVsmIkNeabhchS+u51JCz19KfLrwAf5sIbmsaaFuaJu2ddm4rC Y=;
IronPort-PHdr: 9a23:jc6+QhEj9BptJsd0jHrMFp1GYnJ96bzpIg4Y7IYmgLtSc6Oluo7vJ1Hb+e4z1A3SRYuO7fVChqKWqK3mVWEaqbe5+HEZON0pNVcejNkO2QkpAcqLE0r+efLhaiMzB8RqX15+9Hb9Ok9QS47z
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BxAABY7hJd/5tdJa1lHAEBAQQBAQcEAQGBVAYBAQsBgUNQA2pVIAQLKIQVg0cDjmOCNpdegS4UgRADVAkBAQEMAQEjCgIBAYRAAheCXiM1CA4BAwEBBAEBAgEFbYo3DIVLAgQSEREMAQE3AQ8CAQgaAhIBBg0CAgIwFQULAgQBDQUigwABgWoDHQEOmn8CgTiIX3GBMYJ5AQEFgUZBgwAYghEDBoEMKAGLXReBf4EQAScME4JMPoJhAgECAYEqARECAR4XMQKCQDKCJowHL4IfhRyIM410CQKCFYZQiEhog2sbgimHDo4YgySKBIEwhgePWwIEAgQFAg4BAQWBUgI0Z1gRCHAVOyoBgkGCQQwXg02FFIU/cgGBKItBDReCLAEB
X-IronPort-AV: E=Sophos;i="5.63,418,1557187200"; d="scan'208";a="585651715"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 26 Jun 2019 04:08:28 +0000
Received: from XCH-ALN-010.cisco.com (xch-aln-010.cisco.com [173.36.7.20]) by rcdn-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id x5Q48SUx001538 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 26 Jun 2019 04:08:28 GMT
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-ALN-010.cisco.com (173.36.7.20) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 25 Jun 2019 23:08:28 -0500
Received: from xhs-aln-002.cisco.com (173.37.135.119) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 25 Jun 2019 23:08:27 -0500
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 25 Jun 2019 23:08:27 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=w54VzuXMQtroI+Uv5dQ5rTFQ2OurIIYLOJdrdjyANCY=; b=wSXSemHgKBktNANKPeDbqEQvYGGkt8GzyJ2CF6uThzyn4fMi4Z4rwwxI4p886lWAQbLe8XBLI6LiXfrRMSA+l6K8KRYytDy+UMO8S12N59jJHDdLWhs/XRgZ5YvIehmV+NJVZqJ0EUgH3IlEM5rdqJdsW96wVIZsPxRAvh3GI+Y=
Received: from DM5PR11MB1322.namprd11.prod.outlook.com (10.168.104.140) by DM5PR11MB1499.namprd11.prod.outlook.com (10.172.36.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2008.16; Wed, 26 Jun 2019 04:08:26 +0000
Received: from DM5PR11MB1322.namprd11.prod.outlook.com ([fe80::3167:9c96:1d74:4fcd]) by DM5PR11MB1322.namprd11.prod.outlook.com ([fe80::3167:9c96:1d74:4fcd%2]) with mapi id 15.20.2008.018; Wed, 26 Jun 2019 04:08:26 +0000
From: "Douglas Gash (dcmgash)" <dcmgash@cisco.com>
To: "Eric Vyncke (evyncke)" <evyncke@cisco.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-opsawg-tacacs@ietf.org" <draft-ietf-opsawg-tacacs@ietf.org>, "Joe Clarke (jclarke)" <jclarke@cisco.com>, "opsawg-chairs@ietf.org" <opsawg-chairs@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>
Thread-Topic: Éric Vyncke's No Objection on draft-ietf-opsawg-tacacs-13: (with COMMENT)
Thread-Index: AQHVK9TNstuJPt5hpk+txpn05Ag6/w==
Date: Wed, 26 Jun 2019 04:08:26 +0000
Message-ID: <C73F37B5-C1CE-4192-A627-653EF4174A83@cisco.com>
References: <155795250991.30689.1445498577568703956.idtracker@ietfa.amsl.com>
In-Reply-To: <155795250991.30689.1445498577568703956.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.26.0.170902
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dcmgash@cisco.com;
x-originating-ip: [2001:420:c0c0:1008::12e]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d3b2ac36-f409-4114-e897-08d6f9ebf055
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:DM5PR11MB1499;
x-ms-traffictypediagnostic: DM5PR11MB1499:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <DM5PR11MB1499ABDEA7CFC375AC5251A3B7E20@DM5PR11MB1499.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 00808B16F3
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(346002)(366004)(396003)(39860400002)(376002)(51914003)(199004)(189003)(66946007)(5660300002)(486006)(33656002)(2906002)(54906003)(6486002)(4326008)(73956011)(6506007)(53936002)(76116006)(110136005)(91956017)(316002)(8936002)(53546011)(66446008)(71200400001)(71190400001)(58126008)(81156014)(450100002)(25786009)(81166006)(64756008)(66556008)(7736002)(86362001)(66476007)(14444005)(46003)(224303003)(6512007)(305945005)(256004)(229853002)(186003)(6246003)(6436002)(478600001)(966005)(14454004)(446003)(99286004)(36756003)(102836004)(2616005)(68736007)(11346002)(476003)(76176011)(6306002)(6116002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR11MB1499; H:DM5PR11MB1322.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: NHSCdR4DJtGEM/mXYGiR/HaACbhgf158kyGmhLNOpB0/rnxuy7UsaT5zc439ledS/xLcGG2h2w4tQaJ72df1NYUD/TbT8uAlBGNY8/ktfHYL96YNRMNIF8hIlL/lJQfq4vhe4JbRHkwA61DKj6TeOq8T4AWa6mWxVHItDZ4GOV+jlIo/4xI3P6EBZLvL8tCm064QIuyNv9ydPw8lFgSDLGWbYu0WGGfdRkIV8lqVODlQ80mJXAXDC0pdXAUCUNBwCMjRKn4213PAjxabUaSIt1byjygSdGHHgrH39F+gZonQJ9ZcpsX+dPNGT37YFfCIxZlI0b4SjAAgnKO5zNtK83HKUOtXsPpIyeCzr7Wm2h1HbmFNTcBZA9h8RcA6TbnsdcQqh3fNj3FrEK08WvQuu2paH2xVAIclilge3rRVrbw=
Content-Type: text/plain; charset="utf-8"
Content-ID: <042BD65D72AE9543A9254C2C4471151D@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: d3b2ac36-f409-4114-e897-08d6f9ebf055
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Jun 2019 04:08:26.2555 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: dcmgash@cisco.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1499
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.20, xch-aln-010.cisco.com
X-Outbound-Node: rcdn-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/zLIpmqqwyIys_Q3BQte2Jja9p2o>
Subject: Re: [OPSAWG] Éric Vyncke's No Objection on draft-ietf-opsawg-tacacs-13: (with COMMENT)
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jun 2019 04:08:32 -0000

Many thanks for the comments.

Please see responses from authors inline, marked “TA”. Action items from this mail to update the document are marked: [AI-TA] to mean: “action item for the authors”.

On 15/05/2019, 21:35, "Éric Vyncke via Datatracker" <noreply@ietf.org> wrote:

    Éric Vyncke has entered the following ballot position for
    draft-ietf-opsawg-tacacs-13: No Objection
    
    When responding, please keep the subject line intact and reply to all
    email addresses included in the To and CC lines. (Feel free to cut this
    introductory paragraph, however.)
    
    
    Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
    for more information about IESG DISCUSS and COMMENT positions.
    
    
    The document, along with other ballot positions, can be found here:
    https://datatracker.ietf.org/doc/draft-ietf-opsawg-tacacs/
    
    
    
    ----------------------------------------------------------------------
    COMMENT:
    ----------------------------------------------------------------------
    
    Thanks for the work everyone has put into this document. I have some comments
    and some nits. I also support most of the other comments issued by the IESG
    members.
    
    And, I appreciate the time taken to document a protocol that I used in the mid
    90's ;-) it took sometime to document it... I also appreciate the use of
    'obfuscation' in section 4.7.
    
    == COMMENTS ==
    - section 1, I am unsure whether the 'today' in 'It is primarily used today...'
    still stands in 2019. - a little late to ask, but, is there any reason why
    draft-dahm-opsawg-tacacs does not refer to 'The Draft' in the datatracker? –

TA> Will check that out and resolve [AI-TA]

    section 4.8, the flag values are 0x01 and 0x04, but what about the other bits?
    Should they be considered as 0 and ignored on reception? 

TA> Good catch. Our opinion is that they should be ignored, we will clarify [AI-TA]

- section 5.1, should
    TAC_PLUS_AUTHEN_SVC_ARAP := 0x04 also be deprecated ? 

TA> Agreed [AI-TA]

- section 5.4.2.1 about
    'ASCII login' while I understand that years ago it was ASCII only hence the
    name of the value but the text is unclear whether UTF-8 could be used (assuming
    that the network devices support this character set) – 

TA> Will clarify and add the restriction as intended, to ASCII [AI-TA]

section 8.2, the route
    attribute is defined only for IPv4 while the T+ can send IPv6 addresses to the
    client. Is it sensible?

TA> Good catch. The original definition was not explicit, but unsurprisingly, it implicitly covered only IPv4 properly. Really with T+ being used only for the device administration use  case, we can probably deprecate these attributes.  [AI-TA]

    == NITS ==
    - abstract TACACS is an acronym which should be expanded in the abstract
TA> Agreed, we will add [AI-TA]

    - section 3 could be updated esp around "character mode front end and then
    allow the user to telnet" - section 4.1 add that the port 49 has been allocated
    by the IANA ?
TA> Agreed, we will follow up on that [AI-TA]

 - section 4.3 talks about flags but the packet format is also
    presented in section . Not a logical flow 
TA> Agreed, will resolve [AI-TA]

- section 8.1 s/IPV6 address text
    representation defined/IPv6 address text representation is defined/ (lower case
    V as well) 
TA> Agreed, will resolve [AI-TA]

- section 8.2, please clarify the inacl value, is it an ACL name or
    an ASCII representation of the list of ACL entries?
TA> Agreed, it is listed as an identifier, will clarify this refers to the name[AI-TA]