The IESG has approved the following document: - 'Terminal Access Controller Access-Control System Plus over TLS 1.3 (TACACS+ over TLS)' (draft-ietf-opsawg-tacacs-tls13-24.txt) as Proposed Standard
This document is the product of the Operations and Management Area Working Group. The IESG contact persons are Mahesh Jethanandani and Mohamed Boucadair. A URL of this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-opsawg-tacacs-tls13/ Technical Summary The Terminal Access Controller Access-Control System Plus (TACACS+) protocol provides device administration for routers, network access servers, and other networked computing devices via one or more centralized TACACS+ servers. This document adds Transport Layer Security (TLS 1.3) support to TACACS+ and obsoletes former inferior security mechanisms. The document removes the security limitations in RFC 8907. As such, this document updates RFC 8907. Working Group Summary The document leverages BCPs and specifications developed in other WGs. The document avoids customized behaviors when possible and tried to maximize factorization of existing behaviors. Also, in order to inherit future guidelines, the document cites BCP195 instead of RFC 9325. There were some areas where existing BCPs/RFCs do not provide sufficient implementation details. The document inspired from other applications (e.g., draft-ietf-radext-tls-psk). The development of the document revealed the need for global guidance (e.g., by UTA) rather that each application relying on TLS specifies its own behavior (e.g., Debugging TACACS+ over TLS). Document Quality The WG actively sought early in the process to secure reviews from OPS, transport, and security areas. The WG also solicited UTA WG, with the WGLC circulated also in UTA. Also, the WG sought for experts reviews for the TLS part. Many iterations were needed to converge on the current level details. Thanks to the support of experts such as Alan DeKok. An implementation was disclosed ([link](https://mailarchive.ietf.org/arch/msg/opsawg/XQ3nytQ-bnXmWcrcqZRMvcbQ3ok/). A plan to implement was also shared [here](https://mailarchive.ietf.org/arch/msg/opsawg/UOWVLRZab_02QzIqevRlS6-shrw/) Personnel The Document Shepherd for this document is Joe Clarke. The Responsible Area Director is Mohamed Boucadair. _______________________________________________ IETF-Announce mailing list -- [email protected] To unsubscribe send an email to [email protected]
