[secdir] Re: Secdir last call review of draft-ietf-opsawg-tacacs-tls13-10
mohamed.boucadair@orange.com Wed, 10 July 2024 08:06 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2A09C14F682; Wed, 10 Jul 2024 01:06:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.807
X-Spam-Level:
X-Spam-Status: No, score=-2.807 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ED85xMbxP5th; Wed, 10 Jul 2024 01:06:09 -0700 (PDT)
Received: from smtp-out.orange.com (smtp-out.orange.com [80.12.126.239]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80BEDC14F60E; Wed, 10 Jul 2024 01:06:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; i=@orange.com; q=dns/txt; s=orange002; t=1720598769; x=1752134769; h=to:cc:subject:date:message-id:references:in-reply-to: mime-version:from; bh=8ai6awsEXrQmqSC1WHcuRzPfoYEUC/2iLjzKSpnqy/8=; b=bx6vx/4aywYqtd8b7p3VFSZ8o2KxdjK+BqvusovwR20p2riysTotI5UJ 1f5etah45Y3M+x88KgbCZOWk3bO69Vh066pCLp0R4B8uQTrjRCEXDEFVv NuoA11ySMR35hG5SCD67lAEUFTw2cbOE/FGuuW+tvT0CjGPfPDD6G/tjc xPAG8plVqS3h0DzmJjBnXMvHCJjRNGJnxvHmqKtv8oRcccZTy/4cXCY/s ztI+ObhQCAWkYS1PyOZatMWqIN60uCmVNXkpRTbnIWMv3NeB46ZKocJPQ w8VSLjXQdV1E5XPAzZM7dbbq30wLx73pRKDw/3M+PGftk4FtvtwA4wKrl A==;
Received: from unknown (HELO opfedv3rlp0a.nor.fr.ftgroup) ([x.x.x.x]) by smtp-out.orange.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Jul 2024 10:06:03 +0200
Received: from unknown (HELO opzinddimail9.si.fr.intraorange) ([x.x.x.x]) by opfedv3rlp0a.nor.fr.ftgroup with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Jul 2024 10:06:04 +0200
Received: from opzinddimail9.si.fr.intraorange (unknown [127.0.0.1]) by DDEI (Postfix) with ESMTP id DFB9A262939; Wed, 10 Jul 2024 10:06:02 +0200 (CEST)
Received: from opzinddimail9.si.fr.intraorange (unknown [127.0.0.1]) by DDEI (Postfix) with ESMTP id C523C262926; Wed, 10 Jul 2024 10:06:02 +0200 (CEST)
Received: from smtp-out365.orange.com (unknown [x.x.x.x]) by opzinddimail9.si.fr.intraorange (Postfix) with ESMTPS; Wed, 10 Jul 2024 10:06:02 +0200 (CEST)
Received: from mail-db8eur05lp2104.outbound.protection.outlook.com (HELO EUR05-DB8-obe.outbound.protection.outlook.com) ([104.47.17.104]) by smtp-out365.orange.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Jul 2024 10:06:02 +0200
Received: from DU2PR02MB10160.eurprd02.prod.outlook.com (2603:10a6:10:49b::6) by AS1PR02MB7869.eurprd02.prod.outlook.com (2603:10a6:20b:4a9::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.36; Wed, 10 Jul 2024 08:06:00 +0000
Received: from DU2PR02MB10160.eurprd02.prod.outlook.com ([fe80::c9a1:d43c:e7c6:dce1]) by DU2PR02MB10160.eurprd02.prod.outlook.com ([fe80::c9a1:d43c:e7c6:dce1%4]) with mapi id 15.20.7741.033; Wed, 10 Jul 2024 08:06:00 +0000
From: mohamed.boucadair@orange.com
X-TM-AS-ERS: 10.106.160.163-127.5.254.253
X-TM-AS-SMTP: 1.0 c210cC1vdXQzNjUub3JhbmdlLmNvbQ== bW9oYW1lZC5ib3VjYWRhaXJAb 3JhbmdlLmNvbQ==
X-DDEI-TLS-USAGE: Used
Authentication-Results: smtp-out365.orange.com; dkim=none (message not signed) header.i=none; spf=Fail smtp.mailfrom=mohamed.boucadair@orange.com; spf=Pass smtp.helo=postmaster@EUR05-DB8-obe.outbound.protection.outlook.com
Received-SPF: Fail (smtp-in365b.orange.com: domain of mohamed.boucadair@orange.com does not designate 104.47.17.104 as permitted sender) identity=mailfrom; client-ip=104.47.17.104; receiver=smtp-in365b.orange.com; envelope-from="mohamed.boucadair@orange.com"; x-sender="mohamed.boucadair@orange.com"; x-conformance=spf_only; x-record-type="v=spf1"; x-record-text="v=spf1 include:spfa.orange.com include:spfb.orange.com include:spfc.orange.com include:spfd.orange.com include:spfe.orange.com include:spff.orange.com include:spf6a.orange.com include:spffed-ip.orange.com include:spffed-mm.orange.com -all"
Received-SPF: Pass (smtp-in365b.orange.com: domain of postmaster@EUR05-DB8-obe.outbound.protection.outlook.com designates 104.47.17.104 as permitted sender) identity=helo; client-ip=104.47.17.104; receiver=smtp-in365b.orange.com; envelope-from="mohamed.boucadair@orange.com"; x-sender="postmaster@EUR05-DB8-obe.outbound.protection.outlook.com"; x-conformance=spf_only; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:40.92.0.0/15 ip4:40.107.0.0/16 ip4:52.100.0.0/14 ip4:104.47.0.0/17 ip6:2a01:111:f400::/48 ip6:2a01:111:f403::/49 ip6:2a01:111:f403:8000::/51 ip6:2a01:111:f403:c000::/51 ip6:2a01:111:f403:f000::/52 -all"
IronPort-Data: A9a23:D/NF0Kk4LxfS9sB4bjaCMuzo5gxEIURdPkR7XQ2eYbSJt1+Wr1Gzt xIZX2qPMvnYa2L0e9l+ao+1pxsAvp7Tzt5qSQpt/ng1Hi4T+ZvOCOrCIxarNUt+DCFioGGLT Sk6QoOdRCzhZiaE/n9BCpC48T8mk/jgqoPUUIbsIjp2SRJvVBAvgBdin/9RqoNziLBVOSvV0 T/Ji5OZYA7NNwJcaDpOt/rc8Us35ZwehRtD1rAATaES1LPhvylNZH4vDfnZB2f1RIBSAtm7S 47rpF1u1jqEl/uFIorNfofTKiXmcJaLVeS9oiM+t5yZv/R3jndaPpDXlhYrQRw/Zz2hx7idw TjW3HC6YV9B0qbkwIzxX/TEes1zFfUuxVPJHZSwmZDQ7ET8VSbG+fdvABskD6kH6s1OOlgbo JT0KBhVBvyCr8+L+urmD8VG1oEkJsStO54DsHZ9yz2fFewhXZ3IX6TN45lfwSs0gcdNW/3ZY qL1axI2NEiGP0IJYwhRUcpi9AurriGXnzlwrVWVrK867y7ZyxF62bTkMcD9fcaDQ8pY2E2fo woq+kylWUtKb4HAmFJp9Fr3od7fojLRA7goSr++rPVhrH+ZxUM6XUh+uVyT+qLj1hHWt8hkA 0Af/yUntqga/02wRd67VBq9yFaEuQMHX9dBO/M75wCJ0affpQ2eAwAsVTNKZN08nM47WTJs0 UWG9/vlHzVhrPiURG6Ts7CMtjqtNm0JJGQLbjRBUQ8euoKlqYU3phPCUtglF7S65vXxECrsh juDqCwWhrgPg4gMzarT1VffmDuzqbDIQxI7oALNUQqYAhhRYYekY8mk4wjW8OwYcYKBFADZ4 D4DhtSU6/0IAdeVjiuRTe4RHbavofGYLDnbhl0pFJ4kn9iwx5K9VdwTwzhEAhpDCMQFdWX7U mvMqSho36YGaRNGcpRLS462Ds0ry43pGtLkSu3YY7Jyjn5ZJFDvEMZGNR/44oz9rHXAh53TL r+6XK6R4ZsyDK1myH+6TbcQzKVzmyQmnzqLGdb80git1qeYaDiNU7AZPVCSb+c/qqSZvAHS9 NUZPMyPo/m+bAEcSniKmWLwBQlRRZTeOXwQg5IKHgJkClQ6cFzN89eLndscl3VNxsy5bNvg8 HCnQVN/w1Hin3DBIgjiQik8MeK/Acon9ChiYndE0bOUN54LMdbHAEA3J8pfQFXb3LE9nKUco wQtJ5vdXqsVEmyvF8o1Msem8tUzHPhUue5+F3H+OmRgF3KRbwnI8cXjZQzh6GEFCTCv3fbSU JXxvj43taErHlw4ZO6PMKzH5wro4RA1xrguN2OWeYI7UBu3r+BXx9nZ1aNfzzckckibmlN3F m++XX8lmAU6i9ZpqoOQ3fnd99/B/ikXNhMyIlQ3JI2ebUHylldPC6cZOApUVVgxlV8Y+ZlOo c148sukbbgrtgYPtIBxVbF20ag5+t3j4adAyRhpF2nKaFLtDa58Jn6B3o9EsaglKnpxp16tQ kzWkjVFEezhBS8nOAZ5yMkZgiCr0usdnDbfq/8yJS0WIQdpqaGfXxw60wak1ERgEVetDL4Y/ A==
IronPort-HdrOrdr: A9a23:gbOgBKxrRZCIuKdhvlx9KrPxHeskLtp133Aq2lEZdPULSKGlfp GV9sjziyWetN9wYhAdcLG7Sdi9qBbnmaKdjrNhW4tKMDOWwVdAT7sSk7cKvQeQYxEWn9Q1vc gPAssOaqyUfDxHYN7BgDVQL+xQv+VvmJrY9ds2pE0dMT2CBZsQkjuQOmygYzYGPjWuLKBJWq Z00vA31AZJGRwsH7aG7uRsZZmNmzSHruOrXfcBPW9B1OHI5gnYnoLSIly95FMzQjlPybAt/S zslBH43Lyqt7WBxhrVxwbont9rcHeI8KoLOOW8zuwubhn8gAehY4psH5eYuioune2p4FE21P HRvhYJJa1ImjfsV1DwhSGo9xjr0T4o5XOn40Sfm2HfrcvwQy9/I9ZdhLhebgDS5yMbzZRBOZ pwriWkXqdsfFH9dWXGlpv1vihR5wqJSXlLq59as5UQa/pZVFZrl/1pwKpkKuZ0IMvE0vFSLA BPNrCX2B8ESyLWU5mehBgv/OCR
X-Talos-CUID: 9a23:oBKsdW0FhzP9/xNq5fwUxbxfRoMGe0f7kV3qIU60U3RbbKKFYmarwfYx
X-Talos-MUID: 9a23:Qvx7nw0zpDt05KZXX0uE/YPYdzUjuIOfGH8cu848gZeGM3Z7MBu/hjeYa9py
X-IronPort-AV: E=Sophos;i="6.09,197,1716242400"; d="scan'208,217";a="43283579"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YA55ohKll0UcspaDtYI05nsutU9xC3sU/ZqbmB3Xjj1n5WX5SVYCPm95EZgYHk+CUsecSW4ZXTno3NJ6ZYmkwfVnN+IhWUM2QTE7J62uuzT8pqV4ChQyTtNhtKAtkL+qQYoDVe8J/ZYlCzr3U9vyixv9OEHxuB0gTrYABcropNOTHTrWJwY3uRvxfpbJuzjQO3JkdoxKMJ2OGEyXZRI2GPqMIxEO/7ZeULbvGtQIbkpgYGGhciE82EVpeS5s9s7bjPF0XqQGg/19fJ71xn5qmVxx2UO2ORlXB5lIbDRq+XHUp8MOKT1JZ3kOptXdEToQLhLCT42pfFtINdJTFmUo3g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=M7mKCqhQZ1qgJlFlbuPsgVoiWea4tx+raQc7yZw3T3Y=; b=E8nvxrIegttzTHzBrQz+ksvqc9y7Tnh5cONm0z75Rj8xeEY/PsyicgSTTRs56g9+wNxRUfUiCJYf9rJPRXNh/xhaMTdm8kXuPMf6arKLzejGcCPZ37maZW58iWRdlA9FYicpjz1rammz4KzwgZZ5ifTZPzhrt0YgcgVMkv55LbB0rruE1LAKUIDjjQlp63Z82E04QmoCArS86uJlmobdrc6gq6gCS1JwWm33A2GEQ6FOB3hFMFz9wb+JhTdnRfOpEBvBgpaqbuuKwUKEKG8cMI14SDO+CS+u9RWizEi1VYhoS2fYFvRLbm+19mdwdjMJf8SJ9gow9soZCSqChNWCVQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=orange.com; dmarc=pass action=none header.from=orange.com; dkim=pass header.d=orange.com; arc=none
To: "Douglas Gash (dcmgash)" <dcmgash@cisco.com>, Russ Housley <housley@vigilsec.com>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: Secdir last call review of draft-ietf-opsawg-tacacs-tls13-10
Thread-Index: AQHay+FiByFbH08XJUOaEjHWgb0NwbHjESh1gAyVAsA=
Date: Wed, 10 Jul 2024 08:06:00 +0000
Message-ID: <DU2PR02MB10160D0021852665B077D1A1588A42@DU2PR02MB10160.eurprd02.prod.outlook.com>
References: <171985717037.490925.11820859477622426711@dt-datatracker-5f88556585-g8gwj> <BL3PR11MB6364AE7DCED83EF125C4E31EB7DC2@BL3PR11MB6364.namprd11.prod.outlook.com>
In-Reply-To: <BL3PR11MB6364AE7DCED83EF125C4E31EB7DC2@BL3PR11MB6364.namprd11.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ActionId=e57b52eb-e222-4178-a543-ca68c0fa6781;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ContentBits=0;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Enabled=true;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Method=Privileged;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Name=unrestricted_parent.2;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SetDate=2024-07-10T08:05:56Z;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SiteId=90c7a20a-f34b-40bf-bc48-b9253b6f5d20;MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_ContentBits=0;MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_Enabled=true;MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_Method=Standard;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DU2PR02MB10160:EE_|AS1PR02MB7869:EE_
x-ms-office365-filtering-correlation-id: 3d8abad5-b4c2-440f-b0a1-08dca0b722d1
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|1800799024|366016|38070700018;
x-microsoft-antispam-message-info: /2S5TD8l+TNUm/zPe+B042KVuxbnjobIg83rihPDmMv3Vc2NcuAcvJhgO9B1s0u/w5qwiVS/RGPQDjh1Owvga7Cuz+I+h2fdOgTWYPCRZwSWb6UljFaO72n7l4+PKW57wXEXcWz2Bw5+wdRbOJlgeBbAHp3V5YrMpQaycL8DherIY3iAyCSoy41hMlew1mpedzzdyyj1K+hAXsIJ1CDeXkAo7NaTq7IL9Hw/yHYiFzkRjisZ9WCLilLN9ufoXKmAH8FIeux0YEtnfYdzLZLyhWGK7nr47utLrO1hRImA12RqGYwmlSJ7ADhjmgrtKfLBdybMh8lGytZSmoS813/BdcNjWFYJ61zcGzkcjMp9yMBjNH8ojZe9fchAWq73CS5I9dLODImORKj0lfX1FV/0tXM8HbsubJevKw0ZAFg0UE5VNZHINneRGNadmrQJNwsCZMeDd4c6PLo2H3hir48FptKL/PkRsCD+mXkqVbrDo3B4c3djVmPMZPH5o1HaX7vX9GeENiz3TsiJv7EfkTtU1ysJX2sWbkfdGI10fXnEgmTkGexvLRmEVFQfrQM3DJn2uCqoL7WAm9o2FFEE4ABQK07bW5rGMxZWpmWs2/zdHUrxM1m5D9KgnkIU6mbstgIkN7ZPwmBUHXd4K5OHsxYz2js2vrhExRZ2G1FgwRaOh9NaYhksQHiUwK5wckMc91L7OhchE1E6kTbWpXCYjKpx/FlMp/XpXVUSfxwhB+c7RXuewHmmDnOJmS2RPD9y233Pahysy8YE4U/rlTaDCk+VDK8mhkfKlbGxdubmu5rYseK1xm7o1l60RfXTCzt7+72izWeCQFMbgZGTrqj/NMX4VV8QCc/fthurtIEJEikv6WldSDUFSMGMuZ1du78Cl8UXbXd8AWOEMVtRVDExEVRXxX5jJXOsJw7f+T6zKl1LcoIBmZItwqSCuRKoNzg//vIftQL7m9/FlN0Y4wRCuiZl8WlKbFQwFC/bzhA/tK1ZWNjvpzxqRF6AjTuSRw3du6tP1gy+hX60eG4cbgp2kbWlHf8gyY17szz4XcR0ikQGEQXmR03txBaTpqKWcLUjYCCH9V/cIAPcmPRsMPxm6HzwkH+bPAx57ZX4hA1/jb03PXHTbeYFZrTEPRU3dWyGgg4usTR7IGMdjwuMouorgfpVUEuq3e+TpqHfH0OIvr+gAM/byoJxIvws8K70LnH8zQlAWpEHb9Q9mKy0uWpH9DfESns83kqXtCnVYv8mZIy6eZwBLY2IJB87asj7cCAsq+4OJqHx+OVcwCznrD/qsfJHe08W/xfOBx9pCRH7bPX5XgiPO455vWznR7dJEg1850J3dg4NeDhCPxhlrtinpK4YzRfNmewColZQYTjp+Y+ZlxU=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR02MB10160.eurprd02.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: cBm90AeKo3DmwNKZ24tAiy1rJbJk9iqYTpAN4zpj7TJjkwXoverUaNtTT+HgZXQHts5DJKU6GiY96urSwSNBiBwGXZGsPyhTmynUFWGUaCHul7WNwlN9bHRSN/ltodeKcXrglpFuuuOydZ0v3rNWunbqydnRF1gX0y4L1KJSG/bTgaaijRPa/IwSk62ekF66ii8fTGvq4WCmpzH9NXkZGuDnhdXL5oxSrTjcI1brINyQuw+W0+hm3HKfcLWKGsEOB9fyUMZLJCicbxFI2QXpVtr8ozlWj2ppagrbPyz2q0PDeOh6p7lSdH4CyyM3qdi5O6ePy1HmvyQ/ESm6IA6+T5pEMK0I1fMcJrImar1Ch0l1/s78FDmfgN4ELp/X4zS6bXOBU8MaoqM1IQtBNuIXeKCJWqjTNjNTEoyg6v1ltHnLDD9OQKHfn5LpJSxGvrpyGoUoss4NC0PjWc8uoW9Lbvwj7ueVvn7NzMWM3Nv9mdLG5V0SpB4KULyDUojujZ2QwjmLEBbAMKn10M+srQ6Aam4murtRBEXdjOnVCjtpaRioncFDhggSTjUkfcW6P7fnYyU9KZ0wdZ/YdoPUP0EX25wIgWzui8DeSEgPBaGic+9u86Xhig787xo/DcbjBFmfNTp5nsBI/tY20gUBe/vChT6CpWYAlNuMnmxdjtxe/TtPEQGEFxGZ6bTaet0bgwWnHSDwM/P7bDpY6EMOV+PQY4+pRhJnpEpQJxKUWRnMorUkhUWT4VN0uPyoGrUEmj1zcy4TkFt6QNXh0XqTRy3DlzTCpiUzr38DCeotiHCJGrpv8rehGrcAy030Rr/7x8InsuSO+1/LY/wBWbs1/+LaveRhrbbplStIRGq91oD/TaLkDwqraVW05JsrZOnRMlxCm9m5Yuk5jpDpjS4mp3bKW9UDqcbziEaBZvU8KPiG1FlTuMn8P9A1hHklNH08JKpg6kmyaEdIqVZrpevDNg30lzVq0IfAYXjGqbQk8ZxMDqjVgLSIx+6E/QDGa5QcDtOACeBZ+n/0QnhT4XurwbKzNcUkxsXSfwqP3KwQxSDLXUSPuehyqS78vQzHO1/1n0DCyJxAqiPzK2aR9KbL/q60C4tWnmP0/dTUxsbZicsm085fvb8FCY2F9qWmEeQ+WcDbrqZP5b7LXZfio9W7iAciRQ4o536pUrGZUzP0impFHlWp9wXhUy4kdb5Ajq0KoyAc5G2JzmOARWuOraF9Is4jQ4qXP/tsTpj85Gr9QbaBTto+cK0V0kUyoo5Ll+1QD0e7gRgBKsAKtLdgGJteXaRZsNf8K80uxpZW1sCAF4dPGqstbvHX6VIRbTw4FEOxTtveEGWAy04KzTUof8gpG2L6+HPpQs3KKt7yzRxmngGmYfU4V9z6yFwYwMwsGXKfyA4PYoQ/Phd43uFHz6uD1+juyUbafcIY7KSh6tII/6A8/5me502AqkK/EDdGWvE4194ay39qcT4Gy5OREC7z4BYL+FDYRVoZw3lZQzvQW1j20KptNO9Y1R3YoeWfck+2A0c7eirSYPrbCro0f2Hxlgkiux1qOYRdBfI07JCq9dC7QK8ABhaGSzUHwSuGX/Z4sqacEDorXZeWfDByBIBQ208LcQ==
Content-Type: multipart/alternative; boundary="_000_DU2PR02MB10160D0021852665B077D1A1588A42DU2PR02MB10160eu_"
MIME-Version: 1.0
X-OriginatorOrg: orange.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU2PR02MB10160.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3d8abad5-b4c2-440f-b0a1-08dca0b722d1
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jul 2024 08:06:00.2819 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 90c7a20a-f34b-40bf-bc48-b9253b6f5d20
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: vp4b549hpRxuj9bH8LKV8cA2gPcz5oP2Khqo+zy52RQ9ryu9blLHsGSc7nu+HoT6jN8Mw6uCDnozlPRGS5lTfo/faeEHqQS83LmqGMKZuTQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS1PR02MB7869
X-TM-AS-ERS: 10.106.160.163-127.5.254.253
X-TM-AS-SMTP: 1.0 c210cC1vdXQzNjUub3JhbmdlLmNvbQ== bW9oYW1lZC5ib3VjYWRhaXJAb 3JhbmdlLmNvbQ==
X-TMASE-Version: DDEI-5.1-9.1.1004-28520.006
X-TMASE-Result: 10--42.504900-10.000000
X-TMASE-MatchedRID: CxmI61mtwh+bL3+KZWspJk4qSw2jMpR9Yi1nZ7WB6LER34ro7k23nXWE /+yg7AkOlDAeOqy4WufKqQkSbOHvRLqIXLlnBtio+ScJ/ljmM9iZ2scyRQcer7cIt210bWgICSf ieByOJzwujcz9/3lsk8ApOsQZ3Oye9JLMCR5S9So8+i/lP6Xo8aVjgXyvS9c/BzatB3jdi1TSwT QHPkH9hg9JmkhCCXuUY2zs49+O1iS2Rzj8Revi1LxygpRxo469GbJMFqqIm9ya+fApLB35t3ig8 HCMVVLuBw3IuWx1w9VQZP5lpv7T+BNXpI2Q1yfbF3wQ0cu1bTNceVBIhfwO9XkCztnOmtvOVhYZ jy1spv5ABrLkaQ2Mq/lh3PEah3h1RF8J0whn5t39KXlxhBAZbw7ykmiMbupKStFk/81wIJID86C sXb/sJnbkRTu4+B9NN4bZW3ROH23/s+8Vrwj8j8x+nfdJm+PijlRp8uau9oYj0vSXSt1uP7QICu E7V6z94CY7pOSMb6XcVZGYb8Z4fBYoHJXE1cfPmmDwg4h7AdApA2ExuipmWpwuBAj6wuhIbNNGU MZTc/NyJu0XD2DXElcHsTrnFJbcnDY0xTYUoiN6a7qHolmGuZkShYcLpGH95qOldExPCaP6rA5s DO02DFTXEHlJoVbT6JBhFChuHBJ9fVx/eCbMOmY0Io4Kxb864cdVSU/OKz0Ome5Hl5koloET1cu APzhG1jypNY0wtab4L/3MzS3bK3hN9wwQ3njezo/4cSt+WNUNsuQOB7UFW0blvOK72ebfnDssoN zp4PTi8zVgXoAltl1qiWE8TdgDXzAzb4Z7JOsURSScn+QSXmNn8XPiALIb0AUPEgVMzF89pVaD1 b4qL9pANIJ8vAOsIG4YlbCDECsWefvMt+drgg==
X-TMASE-SNAP-Result: 1.821001.0001-0-1-22:0,33:0,34:0-0
X-TMASE-INERTIA: 0-0;;;;
X-TMASE-XGENCLOUD: f8a4b383-db46-4bd9-b4c8-9b2104cdadb8-0-0-200-0
Message-ID-Hash: YVHTVVW5QIZBTLXAAOCJLZEFBVJ5TOY3
X-Message-ID-Hash: YVHTVVW5QIZBTLXAAOCJLZEFBVJ5TOY3
X-MailFrom: mohamed.boucadair@orange.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "draft-ietf-opsawg-tacacs-tls13.all@ietf.org" <draft-ietf-opsawg-tacacs-tls13.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [secdir] Re: Secdir last call review of draft-ietf-opsawg-tacacs-tls13-10
List-Id: Security Area Directorate <secdir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/01c9y_BUuuxEcj4I6vW9tgowjtw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Owner: <mailto:secdir-owner@ietf.org>
List-Post: <mailto:secdir@ietf.org>
List-Subscribe: <mailto:secdir-join@ietf.org>
List-Unsubscribe: <mailto:secdir-leave@ietf.org>
Hi Russ, all, While waiting for a follow-up from Russ, I'd like to recall that the reasoning for the CURRENT wording in 3.2.2 was described in an external review (https://mailarchive.ietf.org/arch/msg/opsawg/U3mPq3WlRF48blMmr2uCF80KLiI/; see points# 7 and 8). That reasoning was consistent with the intent described by Doug below. Cheers, Med (Doc Shepherd) De : Douglas Gash (dcmgash) <dcmgash@cisco.com> Envoyé : mardi 2 juillet 2024 10:07 À : Russ Housley <housley@vigilsec.com>; secdir@ietf.org Cc : draft-ietf-opsawg-tacacs-tls13.all@ietf.org; last-call@ietf.org; opsawg@ietf.org Objet : Re: Secdir last call review of draft-ietf-opsawg-tacacs-tls13-10 Hi Russ, Many thanks for taking the time to review. Before we dig into the issues raised, I'd like to check to see if your comments spring from the doc misleading due to bad wording, or if you have in mind a deeper issue. What the doc is trying to express (and we will refactor a little to make this clearer), is that: * Implementations MUST always support the core implementation of mutual Cert based authentication. There is always the core of "compatibility" * Implementations MAY support other options as these options mature and are widely accepted, such as PSK, RPK * Deployments do not have to use Cert based if implementations support these other options. I suspect that this may not actually address your real concerns though: please let us know if the issues you see are deeper than the implementation/deployment matrix of options. Many Thanks! From: Russ Housley via Datatracker <noreply@ietf.org<mailto:noreply@ietf.org>> Date: Monday, 1 July 2024 at 19:06 To: secdir@ietf.org<mailto:secdir@ietf.org> <secdir@ietf.org<mailto:secdir@ietf.org>> Cc: draft-ietf-opsawg-tacacs-tls13.all@ietf.org<mailto:draft-ietf-opsawg-tacacs-tls13.all@ietf.org> <draft-ietf-opsawg-tacacs-tls13.all@ietf.org<mailto:draft-ietf-opsawg-tacacs-tls13.all@ietf.org>>, last-call@ietf.org<mailto:last-call@ietf.org> <last-call@ietf.org<mailto:last-call@ietf.org>>, opsawg@ietf.org<mailto:opsawg@ietf.org> <opsawg@ietf.org<mailto:opsawg@ietf.org>> Subject: Secdir last call review of draft-ietf-opsawg-tacacs-tls13-10 Reviewer: Russ Housley Review result: Not Ready I reviewed this document as part of the Security Directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the Security Area Directors. Document authors, document editors, and WG chairs should treat these comments just like any other IETF Last Call comments. Document: draft-ietf-opsawg-tacacs-tls13-10 Reviewer: Russ Housley Review Date: 2024-07-01 IETF LC End Date: Unknown IESG Telechat date: Unknown Summary: Not Ready Major Concerns: Section 3.2.2 says: "Certificate based mutual authentication MUST be supported." I assume that this means that it MUST be supported, but I does not have to be used. However, the next sentence seems to require certificates, Section 3.2.2: With the removal of the reference to [RFC8773], how is the requirement for certificates accomplished while also using external PSKs? I am unaware of any other way to do so. Section 3.2.2 says: "...[RFC7250] must be used in context of [RFC8446]". How is the requirement for certificates accomplished with raw public keys? I am unaware of any way to do so. Minor Concerns: None Nits: None ____________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
- [secdir] Secdir last call review of draft-ietf-op… Russ Housley via Datatracker
- [secdir] Re: Secdir last call review of draft-iet… Douglas Gash (dcmgash)
- [secdir] Re: Secdir last call review of draft-iet… mohamed.boucadair