Éric Vyncke has entered the following ballot position for draft-ietf-opsawg-tacacs-tls13-23: Yes
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-opsawg-tacacs-tls13/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- # Éric Vyncke, INT AD, comments for draft-ietf-opsawg-tacacs-tls13-23 CC @evyncke Thank you for the work put into this document. Please find below some non-blocking COMMENT points/nits (replies would be appreciated even if only for my own education). Special thanks to Joe Clarke for the shepherd's detailed write-up including the WG consensus *and* the justification of the intended status especially the relationship to the informational RFC 8907. I hope that this review helps to improve the document, Regards, -éric ## COMMENTS (non-blocking) ### Header The header part is missing the draft name (not critical at this stage). ### QUIC At least, some justifications why TLS was preferred to QUIC or HTTPS would be welcome. ### Section 3.1 I was unaware that the TLS handshake can be done not immediately after the TCP handshake as hinted by `Therefore, when a TCP connection is established for the service, a TLS handshake begins immediately.` or should this sentence be removed ? s/separate TCP/IP port number /separate TCP port/ ### Section 3.2 s/in which case the ticket might be invalidated/in which case the *session resumption* ticket might be invalidated/ I am not a security expert, but s/might/SHOULD/ seems more appropriate with an explanation *when* it can be kept. ### Section 3.4.1 When can the "SHOULD" by bypassed in `TLS Cached Information Extension [RFC7924] SHOULD be implemented.` ? ### Section 7 Unsure how to read `IANA (has allocated) is requested ` as the IANA has not yet allocated a port number (you may want to suggest a value). ### Operational considerations Should the impact of the use of mutual TLS authentication be described ? Notably the provisioning of certs to all peers. _______________________________________________ OPSAWG mailing list -- opsawg@ietf.org To unsubscribe send an email to opsawg-le...@ietf.org