Re: [secdir] [OPSAWG] Secdir last call review of draft-ietf-opsawg-tacacs-13

Randy Bush <randy@psg.com> Tue, 23 April 2019 01:25 UTC

Return-Path: <randy@psg.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25B5F120113; Mon, 22 Apr 2019 18:25:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b5WfGD9GKsV6; Mon, 22 Apr 2019 18:25:04 -0700 (PDT)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A8D31200F7; Mon, 22 Apr 2019 18:25:04 -0700 (PDT)
Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.90_1) (envelope-from <randy@psg.com>) id 1hIkB8-0000EB-99; Tue, 23 Apr 2019 01:24:58 +0000
Date: Mon, 22 Apr 2019 18:24:56 -0700
Message-ID: <m24l6pikd3.wl-randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Joseph Salowey <joe@salowey.net>
Cc: Andrej Ota <andrej@ota.si>, opsawg@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-opsawg-tacacs.all@ietf.org, secdir <secdir@ietf.org>
In-Reply-To: <CAOgPGoB1GvQOTWPnTCLmOA=CWsc5znr-Y_Xr9jqmOEzJuepr3g@mail.gmail.com>
References: <155590495142.9736.10585624358883108199@ietfa.amsl.com> <20190422182358.B69FB17821@mta2.toshio.eu> <CAOgPGoB1GvQOTWPnTCLmOA=CWsc5znr-Y_Xr9jqmOEzJuepr3g@mail.gmail.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/26.2 Mule/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset=US-ASCII
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/odFKrEgcuPFG2ERR4x_ZIxsBqak>
Subject: Re: [secdir] [OPSAWG] Secdir last call review of draft-ietf-opsawg-tacacs-13
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Apr 2019 01:25:06 -0000

>> Agreed to replace the section with a simple statement that
>> obfuscation provides no integrity or replay protection. I'm assuming
>> this refers just to 10.1 and not the whole of 10.
>>
> [Joe] I think you could probably replace a large portion of 10.2, 3 and 4
> as well.

hyperbole is not constructive

creaky as it is, this is an informational draft which is documenting an
extremely widely used and distributed protocol.  no one is gonna change
millions of devices and thousands of servers for tweaks.  no one moves
for a 10% improvement, especially if there is no functional improvement.

we need to document it so we can put this in the can and move forward to
modernizing it.  then, if we have a seriously functionally improved and
modernized protocol, we will start the 42 year process of rolling it
out.

randy