IETF Logo Mail Archive

[secdir] Re: [Last-Call] Secdir last call review of draft-ietf-opsawg-tacacs-tls13-18

"Joe Clarke (jclarke)" <jclarke@cisco.com> Thu, 03 April 2025 16:49 UTC

Return-Path: <jclarke@cisco.com>
X-Original-To: secdir@mail2.ietf.org
Delivered-To: secdir@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id EDC731700CA7; Thu, 3 Apr 2025 09:49:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -11.886
X-Spam-Level:
X-Spam-Status: No, score=-11.886 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_NONE=0.001, T_SPF_HELO_PERMERROR=0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=cisco.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AqgAXgTdThSn; Thu, 3 Apr 2025 09:49:07 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 3F31A1700C98; Thu, 3 Apr 2025 09:49:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; i=@cisco.com; l=12234; q=dns/txt; s=iport01; t=1743698947; x=1744908547; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=R55eN/cwXj1zhh4iIo7M0dDu8QBG7cBpl2CH7sw8a24=; b=GQQwQsseBkooyzk+DxNQDp/lhph7URh4wNnvBVtxF5TU2ZStriIWVQK5 1DIUtf1yH+HCEdiqZkjf3C7yBDoxznF6rwHEL/CP9ZGQWV6wP+7egm4I9 fQCT9vB8VlLB0MRVeNQ+2mZugRUiHEDkJbaJz0wri4kxEKIheyNYi1RCp 3vvQAo4FVsovEWv/RUjAkenmeK+BrVjPCkYlDOBxrt+9hwjcXFYzODhso 3num9bOf+1+QchDpyNb05+8HYHLmnSNmIT86J1123BoAOncJZvbPLoj3L METHS7HDoPpM+eMlQTIEYm8Ny71OJux9hUeOHU/uoW8GIRjX0vHBSDPZn Q==;
X-CSE-ConnectionGUID: 9eNVxC0DSKWehaAdRa+FWg==
X-CSE-MsgGUID: 4a9it+xSSeCOA5BJotRGhw==
X-IPAS-Result: A0ADAAAUu+5n/4z/Ja1aGQEBAQEBAQEBAQEBAQEBAQEBARIBAQEBAQEBAQEBAQFlgRoEAQEBAQELAYFAMVIHdoEcSIRUg0wDhE5fiHYDlz+GVIF+DwEBAQ0COwkEAQGFBwIWixICJjQJDgECBAEBAQEDAgMBAQEBAQEBAQEBAQsBAQUBAQECAQcFgQ4ThXsNhloBAQEBAxIRCkwQAgEIEQMBAisCAgIvHQgCBAENBQgagmGCHEgDARCiOwGBQAKKK3qBMoEBg1oC3EAGgUgBiE8BKoEzAg6DfgEbhFwnG4FJRIEVQoI3MT6CYQICGIFIHoM7OoIvBIIvRUEdKJhFfIdAUnUiAyYzLAFVExcLBwWBKUMDgQ8jWAU3AgYgHIFyWycDAwMDgmqFOoIRgVwDAxYQgx51HIRuhF4tT4M+Ph1AAwttPRQjFBsFBIE1BZYuHj6DNYFJU4FkL2SSQ4NRSYtSjluVEgqEG4wYlWYXhAONCZhlZph+Io1jlSyFWAIEAgQFAg8BAQaBZzyBWXAVgyJSGQ+XLsUQeAI6AgcBCgEBAwmRZQEB
IronPort-PHdr: A9a23:BxvDDRauvoRcjolvmZQPSAf/LTAchN3EVzX9orIuj7ZIN6O78IunY ArU5O5mixnCWoCIo/5Hiu+Dq6n7QiRA+peOtnkebYZBHwEIk8QYngEsQYaFBET3IeSsbnkSF 8VZX1gj9Ha+WXU=
IronPort-Data: A9a23:bkqgP6IF2GVK5Rz7FE+RwpQlxSXFcZb7ZxGr2PjKsXjdYENSgTcHz WcZDzuDOfyINzDyeI91bIi+9U0DuMLSx9RnGgcd+CA2RRqmiyZq6fd1j6vUF3nPRiEWZBs/t 63yUvGZcoZsCCea/kr1WlTYhSEU/bmSQbbhA/LzNCl0RAt1IA8skhsLd9QR2uaEuvDnRVrQ0 T/Oi5eHYgL9h2Yvajh8B5+r8XuDgtyj4Fv0gXRmDRx7lAe2v2UYCpsZOZawIxPQKqFIHvS3T vr017qw+GXU5X8FUrtJRZ6iLyXm6paLVeS/oiI+t5qK23CulQRuukoPD8fwXG8M49m/c3+d/ /0W3XC4YV9B0qQhA43xWTEAe811FfUuFLMqvRFTvOTLp3AqfUcAzN0/AWcILaZA1t1UPmxO/ NUUEjlOQC+M0rfeLLKTEoGAh+w5J8XteYdasXZ6wHSBVrAtQIvIROPB4towMDUY358VW62BI ZBENHw2MEyojx5nYj/7DLo8l+OhnHryWzZZs1mS46Ew5gA/ySQtjeC8bIGJKoLiqcN9wk/Jp 36F71/CDzo9HYG16z2ZyF2smbqa9c/8cMdIfFGizdZmmlSd2ikSBQEYEFyjuvCmhQuiUtlWI FdR5i419PN0/UivZtjwQxP+p2SL1jYYUsFMVuYz7AWly6fI7UCeHGdsZjlZc9U5u+c3SCAkk FiTkLvBHjFkvLyPYXOQ6rnSqim9URX5NkcYbiMCCA9A6N75rcRr1VTET81oF+i+idid9SzM/ g1mZRMW3t07pcUKzK68u1vAhlqRSlLhF2bZOi2/srqZ0z5E
IronPort-HdrOrdr: A9a23:2KBKOq4SvID2Br3tIQPXwbWCI+orL9Y04lQ7vn2ZFiYlEfBwxv rPoB1E737JYW4qKQ8dcLC7VJVpQRvnhPhICPoqTMaftWjdySSVxe5ZnPHfKlHbaknDH6tmpN hdmstFeZPN5DpB/LvHCWCDer5KrqjkgcWVbKXlvgtQpGpRGthdBnJCe32m+zpNNXF77PQCZf 2hz/sCjQCNPV4QacO2DGQEWe/sm/3n/aiNXTc2QzQcxE2rlz2H1J7WeiL04v4ZaVxy6IZn1V KAvx3y562lvf3+4ATbzXXv45Nfn8ak4sdfBeSX4/JlagnEu0KNXsBMSreCtDc6rKWE81Axiu TBpB8mIoBa927RRGeouhHgsjOQkwrGqkWSi2Nws0GT5fARdwhKTPapQrgpNCcx3nBQ+e2UFp g7hl5x+aAnVS8o1x6Nl+QgHysa5XZc50BS0NL6SxdkINEjgHg7l/1FwGpFVJgHBy7084YhDa 1nC9zd/u9fdReAY2nepXQH+q3nYp0fJGbPfqE5gL3f7xFG2HRii0cIzs0WmXkNsJo7Vplf/u zBdqBljqtHQMMaZb90QL5pe7r6NkXdBRbXdG6CK1XuE68Kf3rLtp7s+b0woOWnYoYBwpc+kI nIFFlYqWkxcUTzDtDm5uwHzjndBGGmGTj9wMBX4JZ0/rX6WbrwKCWGDEsjlsOxys9vS/Ezm8 zDTq6+L8WTWlcGQ7w5qjHWSt1XMz0EXMUep9Y8XEjmmLO4FmTDjJ2uTMru
X-Talos-CUID: 9a23:1SqUr24KiN2TS+gz1tsspUMyJNAOKlHm70jdI0aRBVxgC5OqRgrF
X-Talos-MUID: 9a23:mwQg8A4/vOQU5umOuuBda0Jdxow06vWvFAMdqq4LkO6taAZSPCunozSoF9o=
X-IronPort-Anti-Spam-Filtered: true
Received: from rcdn-l-core-03.cisco.com ([173.37.255.140]) by alln-iport-4.cisco.com with ESMTP/TLS/TLS_AES_256_GCM_SHA384; 03 Apr 2025 16:49:06 +0000
Received: from alln-opgw-4.cisco.com (alln-opgw-4.cisco.com [173.37.147.252]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by rcdn-l-core-03.cisco.com (Postfix) with ESMTPS id 8C6101800058A; Thu, 3 Apr 2025 16:49:06 +0000 (GMT)
X-CSE-ConnectionGUID: 4gDk0pAxQuOrw/tN/7pWxA==
X-CSE-MsgGUID: ++McoDULQI6FNMvttDqhNA==
Authentication-Results: alln-opgw-4.cisco.com; dkim=pass (signature verified) header.i=@cisco.com
X-IronPort-AV: E=Sophos;i="6.15,184,1739836800"; d="scan'208,217";a="45284144"
Received: from mail-bn8nam12lp2175.outbound.protection.outlook.com (HELO NAM12-BN8-obe.outbound.protection.outlook.com) ([104.47.55.175]) by alln-opgw-4.cisco.com with ESMTP/TLS/TLS_AES_256_GCM_SHA384; 03 Apr 2025 16:49:06 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=UwHtqCP3IzhZ3UYraAtU7KkrowvGZb0ibTC9D2UWrJFV7RRcUxVTxv2KMXoFwlpfq2ZYLNPg9I7XL0EQKA5VPxvCY3szgKSlrajeG3sS02WXMPErcwKFvMQT+bbVVySTED6W/9Y9edGaT6vaVQXGm7UW8fWLp2c+3mHt8dJMJxm+hYZcjBCFrsarF8Op3IARQLW6id6UYLo7UREyXYb7a3ZBKs3TWurWKOfHlQM6gDBITaFhoQGx4ngOp7PFTvnPnG/w733s+LGErv6bHHotT6V+P4IGgMh4MzIxPz5RDJ27ESzpKsZoQYJhKzWc46Ok3iX9M/SJGdJhVpd+Sar0eA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=R55eN/cwXj1zhh4iIo7M0dDu8QBG7cBpl2CH7sw8a24=; b=ij00sYVOr4P07cPZ/oWADDe0KcID3NAPJvcQY9WAwX030YzznWOG0diiERWXjns7LNKm3T4r/3wfF2glFzccpRL5PWMlEag0tn6krOU5RLKdFdr/xMyBzXRuypxxt2o7TLRWduQ015F9ZI3amlI2kVlSo4+Z7GnlS4Q0ccx947oz39IV4zXSYAoI8rbwHr6sDyEIoMThYXWex4zeg6TQdib6ajinigmEgan8VaPhJSr1O0Re87KlqbKM370nHBFfdYkb4j/mj3sV3LAjBZmpwoHbKWhSnECO4fjhX3ZhNoAQMLeNfAFVFxf6COUg0frypPtTGrt2xF0zQnrDXhW0jQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
Received: from CH2PR11MB8867.namprd11.prod.outlook.com (2603:10b6:610:285::9) by BL3PR11MB6460.namprd11.prod.outlook.com (2603:10b6:208:3bf::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8534.44; Thu, 3 Apr 2025 16:49:04 +0000
Received: from CH2PR11MB8867.namprd11.prod.outlook.com ([fe80::9a8b:90dc:4fce:9bd6]) by CH2PR11MB8867.namprd11.prod.outlook.com ([fe80::9a8b:90dc:4fce:9bd6%2]) with mapi id 15.20.8534.045; Thu, 3 Apr 2025 16:49:04 +0000
From: "Joe Clarke (jclarke)" <jclarke@cisco.com>
To: Russ Housley <housley@vigilsec.com>, "Douglas Gash (dcmgash)" <dcmgash=40cisco.com@dmarc.ietf.org>
Thread-Topic: [Last-Call] Secdir last call review of draft-ietf-opsawg-tacacs-tls13-18
Thread-Index: AQHbkJEGK9PZTi5ZTE6LigLRqMvoIrNqjnYAgACMUwCABbn3AIAAOxEAgCE/YVQ=
Date: Thu, 03 Apr 2025 16:49:03 +0000
Message-ID: <CH2PR11MB886780FC8F987671880423A2B8AE2@CH2PR11MB8867.namprd11.prod.outlook.com>
References: <174148302104.312909.4945234439928364482@dt-datatracker-775fc5cbb8-824tp> <MR1PPF6395AA9E65B2B5D289A73D3843DD788D72@MR1PPF6395AA9E6.FRAP264.PROD.OUTLOOK.COM> <A29F710F-A777-4353-BC03-2DB2718972D7@vigilsec.com> <BL3PR11MB63643F35D2DD5DC5A5CAC17BB7D32@BL3PR11MB6364.namprd11.prod.outlook.com> <A9ADFA72-966B-4402-81D6-EF138605F937@vigilsec.com>
In-Reply-To: <A9ADFA72-966B-4402-81D6-EF138605F937@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-reactions: allow
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH2PR11MB8867:EE_|BL3PR11MB6460:EE_
x-ms-office365-filtering-correlation-id: 56817753-4725-4949-94e6-08dd72cf712f
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|10070799003|38070700018|7053199007|8096899003|13003099007;
x-microsoft-antispam-message-info: T1aGxOFFyShU9+DlnKYsmnGlPApcq/aHUyey15HWaaxXFJenh+gCK3yvNSQuz9yLgb7q1oeT18xQ3wnQaEY95GoNv70+cADlScb0M7Q9RZRVJOc92uzw+csC0hurCcqYVWhn12xAG8hnKybZbSyPSRtzlimTZAQ5E+d1oqBzDsOcnSH6y/k4hMOX23HjDan8wc/i6YgDJTB3QKbX2ZNxbtDM7+59M5tccSm2rOzaMXanLZwK3jUZyN758tT6coxz/YYUfKKwgJDSw+kef1iPGx4K8C7kE1t3hZ+DwJ31SxhzR+ClYdE+plxBFFYSRjLFP6ghCNz823qTeXcJf8ha2dgxe2rtE9CfPSTKFICSinOLe7QMpskFcjzkbIOWYbydN0WIlPW9yBI09CvcYxqu+CWO+JPfYCDdZJSApYh/FBNlXzZrsI9gw+3dFhww2q1XZ893GNHqXuUXG3PRRtEYlXkOeliaRE9p7XeBar9QWM/CzrY9Q4yQnytgJStQTEXWWmtgM9v015DZHFlVe4/wo+x137U2pBa5U70rh4DjEj2qvVNAjPUsuFg2fgwBocxP+Gs0apPAWw1JRbE9uJ7UnMHYjX/Koynh2v091ncolzFwWZExdXubZmV7aMRLA7phoB5ESIShQu0kYDMopWYafKacPMa2mjJswKhNS5LhhL8IdnsU0HYKSacYgrK9siLH3yQICtacGP8YUUlCkHVfPSBzDCPia01C+hDDCUpRcIT7+J+6mc9WQNxf6JahfC7VSW/CptnY6MVxK1IM+DTgagFU0mPJwp7Ag33BZ49Gp/tdzlE+kZhcLptnLl+XaS/HZI6cfamRodQfb0/eDPYG+ReantUq3e6is3nQKyfqlbcxo7xIf3n71nIkoRTAXuTEPbFGg6U4mRvbIcT0x9OGa4Y8UVAaKBUhxVnGui49n4zqNaq+G5XG4wBJ5VVHWiqdqTaobZsYKsi1dmAqE30P2+Rt9ZCc8ceDdWUoGz6Emu5uI33k4AAeiAYqRubBMjUNFwCckkX3++HquRPxZH5D6UxRHD2O+DdcRLgXM6VB3CcmrdpDBEu9a6yLfePykjKG+Mj+hsVDp0Bme+ddEUp4+P6Zzzpxm+YrrdOnmDILm06GyFIZ5gzKKyx79zvXzlIeRuJZPhOUqEH63Yp0E/8ob7E39+8xEXS49lTmDUfUEimxMfQTcaaww4zxsPw5QUG8qYXgy9ubRuWE8ghfMC57ZwrvVbjA5hivprTRa3LmTxn34RIAW+mNTeFsjAiH/wo9yX83/hSUv1x301ZwFSUwUofUA1OP6MGiZzaVRop5l0+Ywlcz2Nw/YwKUJHfrVtHzdsZvjmGd1509G/AMyXphF2nQsFmhHJ/mG3Ehxqg1ReyxCE9GugaDn+s/R63gDbOL76deG+oKZge16oI/5COibW1oM9OWrX3vTjXMxLiO7CJySHYoS53+UwncZ6tSO8VM
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH2PR11MB8867.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(10070799003)(38070700018)(7053199007)(8096899003)(13003099007);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: H4BsyMUucGEF2p+l85dqdR4dmDnj2tEv1arJVKfnDox0nFg+TuwVK91alcpgLLBrLosZNMYllfdQvyANxHCDr0vvcjL/PQUAbt9pRzroKF91J1j9FDnLA+Ym/3x1gn7qyYXU9U23k8W9XdqpCn20fNj6/c4PLhhWItUWkPRN6mQ65ovV972lvcIgdmnYTitbJt8y/IGZJVAhbd2qGJRohLoEHgave9MD77sL+V54qD+jcmwBPGrj99vUWHMUe3I+YHGOeL55M6CDnIq3sznWbQzHaJshusNco4wiXVqQ5LbfGuzPzDUCaKoqK2rYRxV56f8CCJ6OhejeovTIV/2S3yd8yTPwiP/yaiWGLyxoQKGigiYzxFqlW8lclKCd6Wp9xkHDGEz5u6PteWSEm3XWHfYBzm/Ut/DJOKZ3CSEHRKgiSs7JaSZ3JFYlQ97DO9ik+97r5FDsdOnlpQq0zqhiL/FI3j9LDhyzCDG2XVTfphy7PDA2aNL2PGVpVt7zZ2RzMIPlRGtqZWr2r7xvqpHWj75ReGa8ode5wsnvXPQdsyQjJT09aJIanm82GS5wVXGW9M7zBEGYh8Esk+5gEBRtDSFoYn13/3g4fsmynj44epLBgk9JrgSURAg/cNlRkUrdjxYBTkWRl2R/lGEuhu4ZN338AEfI9D4UAiV9vrssYVTAyEJw7p+Bz1jkwPlZcu9nb7cMJGuGS7B21m7/s85VIkilcviT2QR8XvZ6EhMHdf/YrUoLnfoN1/2kytQcQid5ksbVfK2UCzyQurSjc8XBhRQTrm4RILgyERZ7NBwL14iVsGX2xlHItZGc2WY10ATMuYpVD1dOnSlgZbdWv/2dFYgvdNCDiAz61aTt+MQd0LXNKGUxK4ZdXhzuqtrSmKuLTnZljX2JX4xQIn5T+gptFoBKd/3wMrHKGO5sQq7D41g9ttnoisYi7d6wflPLzxDlIFADj14YZl7ybx2x5qBavBNCb8HTQRobwNn+9i7AQjqICC0XIii/8Evn6jwTqAo1i9d0EF+LIU3bFopL0sclIDPd1FTwlHIpjzA9qCKisWxGYVVvSuIC2wZ9caM59CCLxcHUe5uB8WGEKmJyuClcLM+blIeCrWyNSnuoCzV3uULKRu7ci8881aQ2tpQZPmyN4lFnKLgTGoUXEfqj9lBv6crAdx2JauDmkEd6EfXYhD1XG4Q68SUuQyMrXd33KkXNGpUodOY/4D9Oyzk6MB6YsQHyXb6Mj7sKYWdOOaVrGJfv/v7vn2ZMV+y0jH44rJ3AVW3ILDxj5eStmut18wMjiTHvaU3bK6OPsUdWVOBEqHt9YghbMJdwULB6Q5fWCDcYX1g+wzyzA00w2YB3r+1u/d2B81vJxteaQDCjbdf0Uq0tC/HCkTltwVqVrRjyHPm2OJy0PGt1EEhuz3/uCNgRebTb89AP06Wpssrs8zl/thDEo+bL59XU7MfV4xw1kqTasFNoOd2ldPyvjFEaW3TCp3KXnITKcDmXHYc/WWTGhqFHVmkK/N0RDh8TgWpdt5R/DDQqOxkWQGLJxkL5AD/Igi7wXCDqYGKGzqRzRy8toKcPdhdLI7lEN+J/eMge+d/rS+e7UKNVFZJGSX1FSTCy31rCub7TLaLim9OgufVyRcQPzx3pKT1238nWhPkNnVf/yWljPe1orkx/8/lALYaIBg==
Content-Type: multipart/alternative; boundary="_000_CH2PR11MB886780FC8F987671880423A2B8AE2CH2PR11MB8867namp_"
MIME-Version: 1.0
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH2PR11MB8867.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 56817753-4725-4949-94e6-08dd72cf712f
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Apr 2025 16:49:03.8676 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: B0u8piTkbovTJETjryRcVjf3tILggDpKwL6e8baD9zjqMtalD7dCHN4xey/bCk5zbo7k2s7PuQ1x6wgQlgNrMA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL3PR11MB6460
X-Outbound-SMTP-Client: 173.37.147.252, alln-opgw-4.cisco.com
X-Outbound-Node: rcdn-l-core-03.cisco.com
Message-ID-Hash: NQE5PBAVKNOYYS3YYJMUUHDSPOLQE2RI
X-Message-ID-Hash: NQE5PBAVKNOYYS3YYJMUUHDSPOLQE2RI
X-MailFrom: jclarke@cisco.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, IETF SecDir <secdir@ietf.org>, "draft-ietf-opsawg-tacacs-tls13.all@ietf.org" <draft-ietf-opsawg-tacacs-tls13.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [secdir] Re: [Last-Call] Secdir last call review of draft-ietf-opsawg-tacacs-tls13-18
List-Id: Security Area Directorate <secdir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/6xt1wROX7hhc9KfDEZb349PeNGk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Owner: <mailto:secdir-owner@ietf.org>
List-Post: <mailto:secdir@ietf.org>
List-Subscribe: <mailto:secdir-join@ietf.org>
List-Unsubscribe: <mailto:secdir-leave@ietf.org>

Thanks, Russ.  The authors have published -19.  The diff is at https://author-tools.ietf.org/iddiff?url2=draft-ietf-opsawg-tacacs-tls13-19.  If you agree with the modified text can you amend your DIR review to Ready?

Thanks.

Joe

From: Russ Housley <housley@vigilsec.com>
Date: Thursday, March 13, 2025 at 23:02
To: Douglas Gash (dcmgash) <dcmgash=40cisco.com@dmarc.ietf.org>
Cc: mohamed.boucadair@orange.com <mohamed.boucadair@orange.com>, IETF SecDir <secdir@ietf.org>, draft-ietf-opsawg-tacacs-tls13.all@ietf.org <draft-ietf-opsawg-tacacs-tls13.all@ietf.org>, last-call@ietf.org <last-call@ietf.org>, opsawg@ietf.org <opsawg@ietf.org>
Subject: Re: [Last-Call] Secdir last call review of draft-ietf-opsawg-tacacs-tls13-18
This approach works for me.

Russ


On Mar 13, 2025, at 5:33 AM, Douglas Gash (dcmgash) <dcmgash=40cisco.com@dmarc.ietf.org> wrote:

Just to confirm, there are three authentication methods (Cert, PSK, RPK). Cert MUST be implemented, the other two MAY be implemented, as they become mature.

We have made two specific changes, which we hope will clarify:


1.      We have indicated that the two options (PSK and RPK) are alternatives to Cert based, to avoid the impression that they are augmentations which are intended to work in combination.

2.      In the start of the Cert based section, we have clarified that this section covers Cert based only.

Please let us know if this new version changes clarify this intent.

v2.31.3 | Report a Bug | By Email | System Status