Hi Doug, Thanks for the follow-up. Please see inline.
Cheers, Med Orange Restricted De : Douglas Gash (dcmgash) <dcmg...@cisco.com> Envoyé : vendredi 27 septembre 2024 18:07 À : BOUCADAIR Mohamed INNOV/NET <mohamed.boucad...@orange.com>; opsawg@ietf.org; draft-ietf-opsawg-tacacs-tl...@ietf.org Objet : Re: I-D Action: draft-ietf-opsawg-tacacs-tls13-12.txt Hi, Regarding: * only a domain name is provisioned The domain-name is configured for SNI validation, it is not intended to provide the network address of the server. Is that sufficient to resolve the YANG query? -We will update the doc to clarify this point. [Med] Yes, having an explicit mention is helpful here. * when both a domain name and a list of addresses are provided (e.g., should that domain name passed to a resolution library) I believe that resolving the domain name is not required for its use in the SNI. -I don't think clarification would be needed? [Med] The clarification to the first would be sufficient. * address selection procedure when a list of @ is available (e.g., should 8305 be followed) We had no intent to change from the behaviour described in RFC8907 in this respect. - We will update the doc to clarify this point. [Med] ACK. Thanks. * keepalives T+ connections are generally very short (the connections they configure may be long lasting, but that would not be covered by this config) Single connect mode can extend the connection beyond the very brief, but it most cases this will be timed out in 5 minutes or less and the connection will be closed. For that reason, I'm initially thinking that keepalives would not be souseful. [Med] Please say so in the text. Having that text will help motivate why the provisioning model has not to be concerned with such matters. -I don't think clarification would be needed? If the above conclusions are not controversial, we will update the doc along with response for Arnaud forthwith. Many thanks! From: mohamed.boucad...@orange.com<mailto:mohamed.boucad...@orange.com> <mohamed.boucad...@orange.com<mailto:mohamed.boucad...@orange.com>> Date: Thursday, 19 September 2024 at 08:38 To: opsawg@ietf.org<mailto:opsawg@ietf.org> <opsawg@ietf.org<mailto:opsawg@ietf.org>>, draft-ietf-opsawg-tacacs-tl...@ietf.org<mailto:draft-ietf-opsawg-tacacs-tl...@ietf.org> <draft-ietf-opsawg-tacacs-tl...@ietf.org<mailto:draft-ietf-opsawg-tacacs-tl...@ietf.org>> Subject: RE: I-D Action: draft-ietf-opsawg-tacacs-tls13-12.txt Hi Doug, all, Thank you for publishing this revised version. When checking the diff vs the version that was in the WGLC, I see that you tried to address part of Alan + Russ + Joe's comments. However, I can't tell if all issues were adequately addressed. To ease WG participants and reviewers to track the changes vs issues, can you please detail which specific issues/fixes were implemented so far? Thanks. >From where I sit, I do think that the following are still pending: * https://mailarchive.ietf.org/arch/msg/opsawg/CXMtDH_GWRlZfCRhKhggA4zapuA/ * https://mailarchive.ietf.org/arch/msg/opsawg/pM6BZ3rFXcf1-Id2AlddI-DF19M/ Cheers, Med (Doc Shepherd) > -----Message d'origine----- > De : internet-dra...@ietf.org<mailto:internet-dra...@ietf.org> > <internet-dra...@ietf.org<mailto:internet-dra...@ietf.org>> > Envoyé : mercredi 18 septembre 2024 18:32 > À : i-d-annou...@ietf.org<mailto:i-d-annou...@ietf.org> > Cc : opsawg@ietf.org<mailto:opsawg@ietf.org> > Objet : I-D Action: draft-ietf-opsawg-tacacs-tls13-12.txt > > > Internet-Draft draft-ietf-opsawg-tacacs-tls13-12.txt is now > available. It is a work item of the Operations and Management > Area Working Group (OPSAWG) WG of the IETF. > > Title: Terminal Access Controller Access-Control System Plus > (TACACS+) over TLS 1.3 > Authors: Thorsten Dahm > John Heasley > Douglas C. Medway Gash > Andrej Ota > Name: draft-ietf-opsawg-tacacs-tls13-12.txt > Pages: 17 > Dates: 2024-09-18 > > Abstract: > > The Terminal Access Controller Access-Control System Plus > (TACACS+) > Protocol provides device administration for routers, network > access > servers and other networked computing devices via one or more > centralized TACACS+ Servers. This document adds Transport > Layer > Security (TLS 1.3) support to TACACS+ and obsoletes former > inferior > security mechanisms. > > This document updates RFC8907. > > The IETF datatracker status page for this Internet-Draft is: > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%252> > Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-opsawg-tacacs- > tls13%2F&data=05%7C02%7Cmohamed.boucadair%40orange.com%7C6d3edacd > 43fb4f58fb7708dcd7ff9283%7C90c7a20af34b40bfbc48b9253b6f5d20%7C0%7 > C0%7C638622739882109162%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwM > DAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sd > ata=e8Z5W55u94r2jmcuHGXeU27Sf%2B7wgffvJ7TGb7MfH40%3D&reserved=0 > > There is also an HTML version available at: > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%252> > Fwww.ietf.org%2Farchive%2Fid%2Fdraft-ietf-opsawg-tacacs-tls13- > 12.html&data=05%7C02%7Cmohamed.boucadair%40orange.com%7C6d3edacd4 > 3fb4f58fb7708dcd7ff9283%7C90c7a20af34b40bfbc48b9253b6f5d20%7C0%7C > 0%7C638622739882122164%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMD > AiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sda > ta=iKbJAATJo4q8tZFM8HXi5YAUdTovJb0ZT73l5ppST8M%3D&reserved=0 > > A diff from the previous version is available at: > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%252> > Fauthor-tools.ietf.org%2Fiddiff%3Furl2%3Ddraft-ietf-opsawg- > tacacs-tls13- > 12&data=05%7C02%7Cmohamed.boucadair%40orange.com%7C6d3edacd43fb4f > 58fb7708dcd7ff9283%7C90c7a20af34b40bfbc48b9253b6f5d20%7C0%7C0%7C6 > 38622739882134696%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJ > QIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Kk > YNd8sF4kVjcnHj4IO1G4QViAV9qPPH7W%2BCNx3tic8%3D&reserved=0 > > Internet-Drafts are also available by rsync at: > rsync.ietf.org::internet-drafts > > > _______________________________________________ > I-D-Announce mailing list -- > i-d-annou...@ietf.org<mailto:i-d-annou...@ietf.org> To unsubscribe > send an email to > i-d-announce-le...@ietf.org<mailto:i-d-announce-le...@ietf.org> ____________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. Orange Restricted ____________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
_______________________________________________ OPSAWG mailing list -- opsawg@ietf.org To unsubscribe send an email to opsawg-le...@ietf.org
