On Oct 28, 2024, at 7:51 AM, Douglas Gash (dcmgash) <dcmg...@cisco.com> wrote: > Rev 11 of the T+ TLS doc had new sections for PSK and resumption, with a > slight restructure to accommodate PKI and PSK in regular hierarchy in the > contents. > > We are currently preparing another rev of the doc, so would be very grateful > for any feedback to ensure the previous paucity of coverage of these subjects > was sufficiently remedied. If not, now would be ideal time for us to address > any remaining concerns in this (or any other) area.
From the -14 version: 2.1 nits: ... The algorithm is categorized as Obfuscation in Section 10.5.2 of [RFC8907]. The term should be interpreted to mean "plaintext", it is used to ensure that the algorithm is not mistaken for encryption. The obfuscation method is not "plaintext". Perhaps "while there are no known attacks on this method, it is not known to be secure." Similarly in Section 3: ... Confidentiality and Integrity: The MD5 obfuscation specified in [RFC8907] has been shown to be insecure [RFC6151]. MD5 has been cracked. But there are no known attacks on the obfuscation method used. 3 item (2): ... • Peer authentication: The authentication capabilities of TLS replace the pre-shared keys of obfuscation for mutual authentication. Perhaps use "shared secret' for consistency with RFC 8907. "Pre-shared keys" sounds like PSKs used for TLS. 5 Perhaps add a note that TACACS+ TLS servers and clients SHOUD NOT use well-known CAs. i.e. CAs from the web PKI. Doing so would allow clients to connect to any server, and would allow anyone to issue client certs. 5.1.1 ... Non-TLS connections should not be used for new TACACS+ deployments. Perhaps make this normative: SHOULD NOT be used ... Further, TLS TACACS+ servers and Non-TLS TACACS+ servers SHOULD NOT be deployed on the same host. Why? There's no justification here. I'm not sure why this would be an issue. 5.1.4 ... Operators should be cognizant of the potential of TLS TACACS+ server and/or client isolation from their peer's CA by network failures. Isolation from a public key certificate's CA will cause the verification of the certificate to fail and thus TLS authentication of the peer to fail. I'm not sure why it's an issue if the CA is unreachable. The TACACS+ TLS server has to be configured with the CA cert, and all intermediate certs. The client should ideally also be configured with the CA cert. There's no need to contact the CA, the CA cert is just a file on disk. Why does the CA have to be online? Overall the changes look reasonable, thanks. Alan DeKok. _______________________________________________ OPSAWG mailing list -- opsawg@ietf.org To unsubscribe send an email to opsawg-le...@ietf.org
