On Jun 24, 2024, at 8:38 AM, Joe Clarke (jclarke) <jclarke=40cisco....@dmarc.ietf.org> wrote: > > Grrr, forgot the link for convenience. Please provide WG LC reviews for the > following draft: > > https://datatracker.ietf.org/doc/draft-ietf-opsawg-tacacs-tls13/
I have general concerns about the document, which I've raised before. The document is extremely small, and offers little guidance around most implementation and operational issues related to OpenSSL. I've made these comments before, and there appears to be few changes which address my concerns. For similar issues with there protocols, I would refer the reader to RFC 9190 for discussions of EAP over TLS, and RFC 6614 / RFC 7360 for discussions of RADIUS over TLS. Both of those documentations contain significantly more content which can guide the reader. In contrast, this document comes across as "send TACACS over TLS". Almost every operational or implementation consideration is left as an exercise for the reader. Experience shows that this is a way to get non-interoperable implementations. The document is also Standards Track. Has anyone implemented it? Given the lack of guidance in the draft, and the lack of experience with implementations, I'd suggest that "Experimental" is more appropriate. Alan DeKok. _______________________________________________ OPSAWG mailing list -- opsawg@ietf.org To unsubscribe send an email to opsawg-le...@ietf.org
