Re: [OPSAWG] Éric Vyncke's No Objection on draft-ietf-opsawg-tacacs-13: (with COMMENT)
"Douglas Gash (dcmgash)" <dcmgash@cisco.com> Wed, 26 June 2019 04:08 UTC
Return-Path: <dcmgash@cisco.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62744120605; Tue, 25 Jun 2019 21:08:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Lqi+N+HY; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=wSXSemHg
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X5f8z4_TJoWy; Tue, 25 Jun 2019 21:08:30 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09E7312011E; Tue, 25 Jun 2019 21:08:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5170; q=dns/txt; s=iport; t=1561522110; x=1562731710; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=w54VzuXMQtroI+Uv5dQ5rTFQ2OurIIYLOJdrdjyANCY=; b=Lqi+N+HY413Ku3caP5O1Hhd0LwfSvC/vU/5BpVt3P/VS6YEfyz12i6Vc i3+8392jvS8yoQBp4EC2yDCBbOe9u7puA3Di0fzg7zfO6mkTFelavpXGE zmcgAF6JVsmIkNeabhchS+u51JCz19KfLrwAf5sIbmsaaFuaJu2ddm4rC Y=;
IronPort-PHdr: 9a23:jc6+QhEj9BptJsd0jHrMFp1GYnJ96bzpIg4Y7IYmgLtSc6Oluo7vJ1Hb+e4z1A3SRYuO7fVChqKWqK3mVWEaqbe5+HEZON0pNVcejNkO2QkpAcqLE0r+efLhaiMzB8RqX15+9Hb9Ok9QS47z
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BxAABY7hJd/5tdJa1lHAEBAQQBAQcEAQGBVAYBAQsBgUNQA2pVIAQLKIQVg0cDjmOCNpdegS4UgRADVAkBAQEMAQEjCgIBAYRAAheCXiM1CA4BAwEBBAEBAgEFbYo3DIVLAgQSEREMAQE3AQ8CAQgaAhIBBg0CAgIwFQULAgQBDQUigwABgWoDHQEOmn8CgTiIX3GBMYJ5AQEFgUZBgwAYghEDBoEMKAGLXReBf4EQAScME4JMPoJhAgECAYEqARECAR4XMQKCQDKCJowHL4IfhRyIM410CQKCFYZQiEhog2sbgimHDo4YgySKBIEwhgePWwIEAgQFAg4BAQWBUgI0Z1gRCHAVOyoBgkGCQQwXg02FFIU/cgGBKItBDReCLAEB
X-IronPort-AV: E=Sophos;i="5.63,418,1557187200"; d="scan'208";a="585651715"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 26 Jun 2019 04:08:28 +0000
Received: from XCH-ALN-010.cisco.com (xch-aln-010.cisco.com [173.36.7.20]) by rcdn-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id x5Q48SUx001538 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 26 Jun 2019 04:08:28 GMT
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-ALN-010.cisco.com (173.36.7.20) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 25 Jun 2019 23:08:28 -0500
Received: from xhs-aln-002.cisco.com (173.37.135.119) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 25 Jun 2019 23:08:27 -0500
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 25 Jun 2019 23:08:27 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=w54VzuXMQtroI+Uv5dQ5rTFQ2OurIIYLOJdrdjyANCY=; b=wSXSemHgKBktNANKPeDbqEQvYGGkt8GzyJ2CF6uThzyn4fMi4Z4rwwxI4p886lWAQbLe8XBLI6LiXfrRMSA+l6K8KRYytDy+UMO8S12N59jJHDdLWhs/XRgZ5YvIehmV+NJVZqJ0EUgH3IlEM5rdqJdsW96wVIZsPxRAvh3GI+Y=
Received: from DM5PR11MB1322.namprd11.prod.outlook.com (10.168.104.140) by DM5PR11MB1499.namprd11.prod.outlook.com (10.172.36.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2008.16; Wed, 26 Jun 2019 04:08:26 +0000
Received: from DM5PR11MB1322.namprd11.prod.outlook.com ([fe80::3167:9c96:1d74:4fcd]) by DM5PR11MB1322.namprd11.prod.outlook.com ([fe80::3167:9c96:1d74:4fcd%2]) with mapi id 15.20.2008.018; Wed, 26 Jun 2019 04:08:26 +0000
From: "Douglas Gash (dcmgash)" <dcmgash@cisco.com>
To: "Eric Vyncke (evyncke)" <evyncke@cisco.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-opsawg-tacacs@ietf.org" <draft-ietf-opsawg-tacacs@ietf.org>, "Joe Clarke (jclarke)" <jclarke@cisco.com>, "opsawg-chairs@ietf.org" <opsawg-chairs@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>
Thread-Topic: Éric Vyncke's No Objection on draft-ietf-opsawg-tacacs-13: (with COMMENT)
Thread-Index: AQHVK9TNstuJPt5hpk+txpn05Ag6/w==
Date: Wed, 26 Jun 2019 04:08:26 +0000
Message-ID: <C73F37B5-C1CE-4192-A627-653EF4174A83@cisco.com>
References: <155795250991.30689.1445498577568703956.idtracker@ietfa.amsl.com>
In-Reply-To: <155795250991.30689.1445498577568703956.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.26.0.170902
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dcmgash@cisco.com;
x-originating-ip: [2001:420:c0c0:1008::12e]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d3b2ac36-f409-4114-e897-08d6f9ebf055
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:DM5PR11MB1499;
x-ms-traffictypediagnostic: DM5PR11MB1499:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <DM5PR11MB1499ABDEA7CFC375AC5251A3B7E20@DM5PR11MB1499.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 00808B16F3
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(346002)(366004)(396003)(39860400002)(376002)(51914003)(199004)(189003)(66946007)(5660300002)(486006)(33656002)(2906002)(54906003)(6486002)(4326008)(73956011)(6506007)(53936002)(76116006)(110136005)(91956017)(316002)(8936002)(53546011)(66446008)(71200400001)(71190400001)(58126008)(81156014)(450100002)(25786009)(81166006)(64756008)(66556008)(7736002)(86362001)(66476007)(14444005)(46003)(224303003)(6512007)(305945005)(256004)(229853002)(186003)(6246003)(6436002)(478600001)(966005)(14454004)(446003)(99286004)(36756003)(102836004)(2616005)(68736007)(11346002)(476003)(76176011)(6306002)(6116002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR11MB1499; H:DM5PR11MB1322.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: NHSCdR4DJtGEM/mXYGiR/HaACbhgf158kyGmhLNOpB0/rnxuy7UsaT5zc439ledS/xLcGG2h2w4tQaJ72df1NYUD/TbT8uAlBGNY8/ktfHYL96YNRMNIF8hIlL/lJQfq4vhe4JbRHkwA61DKj6TeOq8T4AWa6mWxVHItDZ4GOV+jlIo/4xI3P6EBZLvL8tCm064QIuyNv9ydPw8lFgSDLGWbYu0WGGfdRkIV8lqVODlQ80mJXAXDC0pdXAUCUNBwCMjRKn4213PAjxabUaSIt1byjygSdGHHgrH39F+gZonQJ9ZcpsX+dPNGT37YFfCIxZlI0b4SjAAgnKO5zNtK83HKUOtXsPpIyeCzr7Wm2h1HbmFNTcBZA9h8RcA6TbnsdcQqh3fNj3FrEK08WvQuu2paH2xVAIclilge3rRVrbw=
Content-Type: text/plain; charset="utf-8"
Content-ID: <042BD65D72AE9543A9254C2C4471151D@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: d3b2ac36-f409-4114-e897-08d6f9ebf055
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Jun 2019 04:08:26.2555 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: dcmgash@cisco.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1499
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.20, xch-aln-010.cisco.com
X-Outbound-Node: rcdn-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/zLIpmqqwyIys_Q3BQte2Jja9p2o>
Subject: Re: [OPSAWG] Éric Vyncke's No Objection on draft-ietf-opsawg-tacacs-13: (with COMMENT)
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jun 2019 04:08:32 -0000
Many thanks for the comments. Please see responses from authors inline, marked “TA”. Action items from this mail to update the document are marked: [AI-TA] to mean: “action item for the authors”. On 15/05/2019, 21:35, "Éric Vyncke via Datatracker" <noreply@ietf.org> wrote: Éric Vyncke has entered the following ballot position for draft-ietf-opsawg-tacacs-13: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-opsawg-tacacs/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for the work everyone has put into this document. I have some comments and some nits. I also support most of the other comments issued by the IESG members. And, I appreciate the time taken to document a protocol that I used in the mid 90's ;-) it took sometime to document it... I also appreciate the use of 'obfuscation' in section 4.7. == COMMENTS == - section 1, I am unsure whether the 'today' in 'It is primarily used today...' still stands in 2019. - a little late to ask, but, is there any reason why draft-dahm-opsawg-tacacs does not refer to 'The Draft' in the datatracker? – TA> Will check that out and resolve [AI-TA] section 4.8, the flag values are 0x01 and 0x04, but what about the other bits? Should they be considered as 0 and ignored on reception? TA> Good catch. Our opinion is that they should be ignored, we will clarify [AI-TA] - section 5.1, should TAC_PLUS_AUTHEN_SVC_ARAP := 0x04 also be deprecated ? TA> Agreed [AI-TA] - section 5.4.2.1 about 'ASCII login' while I understand that years ago it was ASCII only hence the name of the value but the text is unclear whether UTF-8 could be used (assuming that the network devices support this character set) – TA> Will clarify and add the restriction as intended, to ASCII [AI-TA] section 8.2, the route attribute is defined only for IPv4 while the T+ can send IPv6 addresses to the client. Is it sensible? TA> Good catch. The original definition was not explicit, but unsurprisingly, it implicitly covered only IPv4 properly. Really with T+ being used only for the device administration use case, we can probably deprecate these attributes. [AI-TA] == NITS == - abstract TACACS is an acronym which should be expanded in the abstract TA> Agreed, we will add [AI-TA] - section 3 could be updated esp around "character mode front end and then allow the user to telnet" - section 4.1 add that the port 49 has been allocated by the IANA ? TA> Agreed, we will follow up on that [AI-TA] - section 4.3 talks about flags but the packet format is also presented in section . Not a logical flow TA> Agreed, will resolve [AI-TA] - section 8.1 s/IPV6 address text representation defined/IPv6 address text representation is defined/ (lower case V as well) TA> Agreed, will resolve [AI-TA] - section 8.2, please clarify the inacl value, is it an ACL name or an ASCII representation of the list of ACL entries? TA> Agreed, it is listed as an identifier, will clarify this refers to the name[AI-TA]
- [OPSAWG] Éric Vyncke's No Objection on draft-ietf… Éric Vyncke via Datatracker
- Re: [OPSAWG] Éric Vyncke's No Objection on draft-… Douglas Gash (dcmgash)
- Re: [OPSAWG] Éric Vyncke's No Objection on draft-… Eric Vyncke (evyncke)