[secdir] Re: [Last-Call] Secdir last call review of draft-ietf-opsawg-tacacs-tls13-18
Russ Housley <housley@vigilsec.com> Thu, 03 April 2025 17:27 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: secdir@mail2.ietf.org
Delivered-To: secdir@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id A5FFE170FE69; Thu, 3 Apr 2025 10:27:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.798
X-Spam-Level:
X-Spam-Status: No, score=-2.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=vigilsec.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VkY1Mm0-9bxL; Thu, 3 Apr 2025 10:27:47 -0700 (PDT)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 77CAE170FE58; Thu, 3 Apr 2025 10:27:47 -0700 (PDT)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id 5F4EE1A3470; Thu, 3 Apr 2025 13:27:47 -0400 (EDT)
Received: from smtpclient.apple (unknown [96.241.2.243]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id 3BCDC1A34CE; Thu, 3 Apr 2025 13:27:47 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <8B8B96D7-D376-4434-9FFF-9AF0FBA38B5F@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_BAD9F7AB-82BE-4886-948F-6D059CAEC778"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.500.181.1.5\))
Date: Thu, 03 Apr 2025 13:27:37 -0400
In-Reply-To: <CH2PR11MB886780FC8F987671880423A2B8AE2@CH2PR11MB8867.namprd11.prod.outlook.com>
To: "Joe Clarke (jclarke)" <jclarke@cisco.com>
References: <174148302104.312909.4945234439928364482@dt-datatracker-775fc5cbb8-824tp> <MR1PPF6395AA9E65B2B5D289A73D3843DD788D72@MR1PPF6395AA9E6.FRAP264.PROD.OUTLOOK.COM> <A29F710F-A777-4353-BC03-2DB2718972D7@vigilsec.com> <BL3PR11MB63643F35D2DD5DC5A5CAC17BB7D32@BL3PR11MB6364.namprd11.prod.outlook.com> <A9ADFA72-966B-4402-81D6-EF138605F937@vigilsec.com> <CH2PR11MB886780FC8F987671880423A2B8AE2@CH2PR11MB8867.namprd11.prod.outlook.com>
X-Mailer: Apple Mail (2.3826.500.181.1.5)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vigilsec.com; h=from:message-id:content-type:mime-version:subject:date:in-reply-to:cc:to:references; s=pair-202402141609; bh=lmtQ8hl7A9Qn5LphChLueSSTe6xNn/iyU6UJkGLQ0wU=; b=swJwfjapMXZXFtntgkitu2LUAVYgDjO9WNZQSfPiM/Gz5tfG1HFLeIwn5aS02hv2WjHp6074B+EHWRx7fN2GF/X+d7N1go+8DqKyWEVBOCqPDqwJpzDOehSKlbA6HEV6xIRWIaubz0wRAX+UsMndPc9dIkfHWteCUP1S7FXF6i2ZhZxPtWfgmy69Xez0nsoo+VzrdpcN60ZxSjec/q3sUbSeTGH41GP6xuAkY78MJBO9z+gAcUjEwIP7Sapdoh+4cPbu1xTvLOkWsiXn6tCD6xns7wnUvOx98+9jb0ig08hIzO5Kz0GVjABGuHEjiN4ZyGXDh7E48Z/wS1pOMdeMCg==
X-Scanned-By: mailmunge 3.09 on 66.39.134.11
Message-ID-Hash: UURU2ZXZYSVM4RRCFKUKGP53MBEJ4TMQ
X-Message-ID-Hash: UURU2ZXZYSVM4RRCFKUKGP53MBEJ4TMQ
X-MailFrom: housley@vigilsec.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "Douglas Gash (dcmgash)" <dcmgash=40cisco.com@dmarc.ietf.org>, Med Boucadair <mohamed.boucadair@orange.com>, IETF SecDir <secdir@ietf.org>, "draft-ietf-opsawg-tacacs-tls13.all@ietf.org" <draft-ietf-opsawg-tacacs-tls13.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [secdir] Re: [Last-Call] Secdir last call review of draft-ietf-opsawg-tacacs-tls13-18
List-Id: Security Area Directorate <secdir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/p9eoXPL8T3V_Ro6q-trZAfbkUgI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Owner: <mailto:secdir-owner@ietf.org>
List-Post: <mailto:secdir@ietf.org>
List-Subscribe: <mailto:secdir-join@ietf.org>
List-Unsubscribe: <mailto:secdir-leave@ietf.org>
Joe: This resolves my concern. I've asked the SecDir Secretary how to post an unrequested review. Russ > On Apr 3, 2025, at 12:49 PM, Joe Clarke (jclarke) <jclarke@cisco.com> wrote: > > Thanks, Russ. The authors have published -19. The diff is at https://author-tools.ietf.org/iddiff?url2=draft-ietf-opsawg-tacacs-tls13-19. If you agree with the modified text can you amend your DIR review to Ready? > > Thanks. > > Joe > > From: Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com>> > Date: Thursday, March 13, 2025 at 23:02 > To: Douglas Gash (dcmgash) <dcmgash=40cisco.com@dmarc.ietf.org <mailto:dcmgash=40cisco.com@dmarc.ietf.org>> > Cc: mohamed.boucadair@orange.com <mailto:mohamed.boucadair@orange.com> <mohamed.boucadair@orange.com <mailto:mohamed.boucadair@orange.com>>, IETF SecDir <secdir@ietf.org <mailto:secdir@ietf.org>>, draft-ietf-opsawg-tacacs-tls13.all@ietf.org <mailto:draft-ietf-opsawg-tacacs-tls13.all@ietf.org> <draft-ietf-opsawg-tacacs-tls13.all@ietf.org <mailto:draft-ietf-opsawg-tacacs-tls13.all@ietf.org>>, last-call@ietf.org <mailto:last-call@ietf.org> <last-call@ietf.org <mailto:last-call@ietf.org>>, opsawg@ietf.org <mailto:opsawg@ietf.org> <opsawg@ietf.org <mailto:opsawg@ietf.org>> > Subject: Re: [Last-Call] Secdir last call review of draft-ietf-opsawg-tacacs-tls13-18 > > This approach works for me. > > Russ > > > On Mar 13, 2025, at 5:33 AM, Douglas Gash (dcmgash) <dcmgash=40cisco.com@dmarc.ietf.org <mailto:dcmgash=40cisco.com@dmarc.ietf.org>> wrote: > > Just to confirm, there are three authentication methods (Cert, PSK, RPK). Cert MUST be implemented, the other two MAY be implemented, as they become mature. > > We have made two specific changes, which we hope will clarify: > > 1. We have indicated that the two options (PSK and RPK) are alternatives to Cert based, to avoid the impression that they are augmentations which are intended to work in combination. > 2. In the start of the Cert based section, we have clarified that this section covers Cert based only. > > Please let us know if this new version changes clarify this intent.
- [secdir] Secdir last call review of draft-ietf-op… Russ Housley via Datatracker
- [secdir] Re: Secdir last call review of draft-iet… mohamed.boucadair
- [secdir] Re: [Last-Call] Secdir last call review … Russ Housley
- [secdir] Re: [Last-Call] Secdir last call review … mohamed.boucadair
- [secdir] Re: [Last-Call] Secdir last call review … Douglas Gash (dcmgash)
- [secdir] Re: [Last-Call] Secdir last call review … Russ Housley
- [secdir] Re: [Last-Call] Secdir last call review … Joe Clarke (jclarke)
- [secdir] Re: [Last-Call] Secdir last call review … Russ Housley
- [secdir] Re: [Last-Call] Secdir last call review … mohamed.boucadair
- [secdir] Re: [Last-Call] Secdir last call review … Russ Housley
- [secdir] Re: [Last-Call] Secdir last call review … Joe Clarke (jclarke)
- [secdir] Re: [Last-Call] Secdir last call review … Tero Kivinen
- [secdir] Re: [Last-Call] Secdir last call review … Joe Clarke (jclarke)