Thanks Mahesh, that helps, it makes sense.
From: Mahesh Jethanandani
Date: Tuesday, 8 July 2025 at 00:21
To: Douglas Gash (dcmgash)
Cc: Gunter van de Velde , The IESG
, draft-ietf-opsawg-tacacs-tl...@ietf.org
, opsawg-cha...@ietf.org
, opsawg@ietf.org ,
mohamed.boucad...@orange.com , Joe
Hi Paul,
Many thanks for the review.
This section also came up in another recent review, we have clarified that the
issue is that the client hello is in cleartext.
Of course, this doesn’t address your real point, which is that it doesn’t
matter that it is in cleartext as the information is ava
Hello Deb,
Many thanks for taking the time and for the comments and insights.
Please see inline:
From: Deb Cooley via Datatracker
Date: Tuesday, 24 June 2025 at 14:11
To: The IESG
Cc: draft-ietf-opsawg-tacacs-tl...@ietf.org
, opsawg-cha...@ietf.org
, opsawg@ietf.org ,
mohamed.boucad...@oran
Hello Gunter,
Many, many thanks for taking the time to digest the doc and to provide some
very significant improvements to the doc.
Please see inline…
From: Gunter Van de Velde via Datatracker
Date: Tuesday, 24 June 2025 at 15:17
To: The IESG
Cc: draft-ietf-opsawg-tacacs-tl...@ietf.org
, ops
Hi Robert, Med,
We’ll update draft-ietf-opsawg-tacacs-tls13 to MUST to align, thanks!
From: mohamed.boucad...@orange.com
Date: Tuesday, 1 July 2025 at 15:57
To: Robert Sparks , sec...@ietf.org
Cc: draft-ietf-opsawg-secure-tacacs-yang@ietf.org
, last-c...@ietf.org
, opsawg@ietf.org
Subjec
Many thanks Eric, for taking the time to dig into the doc.
Please see responses inline, we’ll upgrade the doc appropriately, it will
definitely improve it, and if you have any concerns about the responses, please
let us know.
I have one query (please see below)
Re:
s/separate TCP/IP port numbe
Thanks Mahesh,
All good catches, we will update the doc with fixes.
From: Mahesh Jethanandani via Datatracker
Date: Friday, 13 June 2025 at 15:06
To: The IESG
Cc: draft-ietf-opsawg-tacacs-tl...@ietf.org
, opsawg-cha...@ietf.org
, opsawg@ietf.org ,
mohamed.boucad...@orange.com , Joe Clarke
(
different server (for example, due to man-in-the-middle attacks
or
DNS cache poisoning.)
From: Douglas Gash (dcmgash)
Date: Wednesday, 30 April 2025 at 09:14
To: Viktor Dukhovni , opsawg ,
last-c...@ietf.org
Subject: Re: [Last-Call] Re: Change to draft-ietf-opsawg-tacacs-tls13
Thanks all for the
Thanks all for the feedback.
Viktor, we will ensure that the implications you raise regarding the use of
wildcards are highlighted in the security section. We’ll share that snippet
before uploading the next version.
From: Viktor Dukhovni
Date: Wednesday, 30 April 2025 at 02:14
To: opsawg , las
Dear OPSAWG et al,
We would like to extend an offline discussion onto the group regarding the use
of wildcards for identities in server certificates. The document currently
prohibits them; however, they are supported in the specific TLS 1.3
specifications and the case has been made that they ar
Thanks for the catches Med, we’ll get those fixed directly.
From: mohamed.boucad...@orange.com
Date: Wednesday, 9 April 2025 at 14:43
To: draft-ietf-opsawg-tacacs-tl...@ietf.org
Cc: opsawg@ietf.org
Subject: AD review of draft-ietf-opsawg-tacacs-tls13
Hi Doug, all,
In preparation for the forth
Many Thanks Qin,
We’ll clean up the nits doc for the next revision (19)
From: Qin Wu via Datatracker
Date: Thursday, 13 March 2025 at 08:26
To: ops-...@ietf.org
Cc: draft-ietf-opsawg-tacacs-tls13@ietf.org
, last-c...@ietf.org
, opsawg@ietf.org
Subject: Opsdir last call review of draft-ie
Hi Russ, Med,
Just to confirm, there are three authentication methods (Cert, PSK, RPK). Cert
MUST be implemented, the other two MAY be implemented, as they become mature.
We have made two specific changes, which we hope will clarify:
1. We have indicated that the two options (PSK and RPK) a
No, I'm not aware of any IPR that applies to this draft
From: Joe Clarke (jclarke)
Date: Thursday, 27 February 2025 at 16:33
To: opsawg@ietf.org , draft-ietf-opsawg-tacacs-tl...@ietf.org
Subject: IPR POLL: draft-ietf-opsawg-tacacs-tls13 : Terminal Access Controller
Access-Control System Plus (
Thanks Med, good catch, we’ll add this to the next version (16)
From: mohamed.boucad...@orange.com
Date: Tuesday, 26 November 2024 at 13:05
To: draft-ietf-opsawg-tacacs-tl...@ietf.org
Cc: opsawg
Subject: BCP 195 RE: [OPSAWG]Re: draft-ietf-opsawg-tacacs-tls13: Debugging
TACACS+ over TLS
Hi Dou
.
From: Douglas Gash (dcmgash)
Date: Sunday, 10 November 2024 at 12:41
To: Alan DeKok
Cc: mohamed.boucad...@orange.com , Joe Clarke
(jclarke) , opsawg@ietf.org , Thorsten Dahm
, John Heasly , Andrej Ota
Subject: Re: TACACS+ TLS Resumption and PSK.
Dear Alan,
Thank you for your time to review, and
.
Hopefully this clarifies the hierarchy of TLS configuration from the
connection, through the server and the host.
Any concerns, please let us know.
Thanks!
From: mohamed.boucad...@orange.com
Date: Wednesday, 30 October 2024 at 07:02
To: Alan DeKok , Douglas Gash (dcmgash)
Cc: Joe Clarke
the responses to these
issues ASAP.
Thanks!
From: Alan DeKok
Date: Tuesday, 29 October 2024 at 21:35
To: Douglas Gash (dcmgash)
Cc: mohamed.boucad...@orange.com , Joe Clarke
(jclarke) , opsawg@ietf.org , Thorsten Dahm
, John Heasly , Andrej Ota
Subject: Re: TACACS+ TLS Resumption and PSK.
On
previous paucity of coverage of these subjects
was sufficiently remedied. If not, now would be ideal time for us to address
any remaining concerns in this (or any other) area.
Many thanks!
From: Douglas Gash (dcmgash)
Date: Monday, 8 July 2024 at 09:48
To: mohamed.boucad...@orange.com , Joe Clarke
13:04
To: Douglas Gash (dcmgash) , opsawg@ietf.org
, draft-ietf-opsawg-tacacs-tl...@ietf.org
Subject: RE: I-D Action: draft-ietf-opsawg-tacacs-tls13-12.txt
Hi Doug,
Thanks for the follow-up. Please see inline.
Cheers,
Med
Orange Restricted
De : Douglas Gash (dcmgash)
Envoyé : vendredi 27
Hi,
Regarding:
* only a domain name is provisioned
The domain-name is configured for SNI validation, it is not intended to provide
the network address of the server. Is that sufficient to resolve the YANG query?
-We will update the doc to clarify this point.
* when both a domain name and a list
Thanks you for your feedback and insights.
We have uploaded a new version to include corrections.
We have deferred ref to RFC9608 at this stage, as we are still checking to
determine if the provisions would be relevant to the TLS cases used for T+
transport.
If we have missed anything or you h
Dear Opsawg et al,
1) Discussion on External PSK (Related to part of Mohamed’s point 2 below).
Our distillation of the thrust of Alan’s main advice is: The doc needs to
either commit to fully documenting external PSK and its ramifications or
preclude it. The truth is, our doc merely says: TLS
Hi Russ,
Many thanks for taking the time to review.
Before we dig into the issues raised, I’d like to check to see if your comments
spring from the doc misleading due to bad wording, or if you have in mind a
deeper issue.
What the doc is trying to express (and we will refactor a little to make
Thanks, yes, though this is now a little outdated based on further discussions.
From: mohamed.boucad...@orange.com
Date: Tuesday, 2 July 2024 at 08:13
To: Douglas Gash (dcmgash) , EBALARD Arnaud
, opsawg@ietf.org
Cc: John Heasly , Andrej Ota
Subject: RE: WG LC: draft-ietf-opsawg-tacacs-tls13
That is certainly reasonable, we will add.
From: EBALARD Arnaud
Date: Monday, 1 July 2024 at 12:21
To: Douglas Gash (dcmgash) , opsawg@ietf.org
Cc: Thorsten Dahm , John Heasly ,
Andrej Ota
Subject: RE: OPSAWG Digest, Vol 205, Issue 21
Hi Douglas,
Thanks for that feedback.
As you pointed
Hi Arnaud,
The need for enhancing the flow for SSH key authentication is clear, and the
initial version of the document covered this to some degree. However, after
discussion in the group the doc was split to cover TLS (as a priority), and a
second document that is in preparation for SSH keys.
Hi Rod,
Many thanks for your kind words and previous feedback which helped
significantly.
Regarding your comment, It is a good proposal, but just to clarify, the paras
are intended to convey from the flow perspective: para 4 covers the client
start, para 5 then deals with server behaviour i.e.
2024 at 17:57
To: Douglas Gash (dcmgash) , Douglas Gash (dcmgash)
, Andrej Ota , John Heasley
, Thorsten Dahm
Subject: New Version Notification for draft-ietf-opsawg-tacacs-tls13-09.txt
A new version of Internet-Draft draft-ietf-opsawg-tacacs-tls13-09.txt has been
successfully submitted by Douglas C
Thanks Valery, we will incorporate fixes for these along with fixes for
Tirumal’s comments into rev 9 ASAP.
From: mohamed.boucad...@orange.com
Date: Thursday, 16 May 2024 at 14:38
To: Valery Smyslov
Cc: draft-ietf-opsawg-tacacs-tl...@ietf.org
, opsawg@ietf.org
Subject: RE: Request to review d
Many thanks Tirumal for the time taken for the review, and insights. We will
prepare a new revision (rev 9) of the document ASAP, with corrections from your
comments.
Best Regards,
The Authors.
From: tirumal reddy
Date: Tuesday, 7 May 2024 at 15:26
To: mohamed.boucad...@orange.com
Cc: draft-
Thanks Mohamed, we will upload a new version with these changes,
From: mohamed.boucad...@orange.com
Date: Tuesday, 7 May 2024 at 18:03
To: Douglas Gash (dcmgash)
Cc: John Heasley , Andrej Ota , Thorsten
Dahm , opsawg@ietf.org
Subject: RE: New Version Notification for
draft-ietf-opsawg-tacacs
SHOULD include the server
domain name in the SNI "server_name" extension of the client hello.
Certificate Provisioning is out of scope of this document.
From: Douglas Gash (dcmgash)
Date: Monday, 22 April 2024 at 10:21
To: mohamed.boucad...@orange.com
Cc: John Heasley , Andrej Ota
Many thanks for the review, Russ!
Please see below the initial changes based upon your comments, hopefully they
have met the intent. Please advise if the updates are not addressing what you
had in mind, or for any concerns.
Best Regards,
The Authors.
From: Russ Housley via Datatracker
Date:
Will do. Would it be beneficial to enact an immediate new version upload for
this?
From: mohamed.boucad...@orange.com
Date: Tuesday, 23 April 2024 at 16:05
To: Douglas Gash (dcmgash) , opsawg@ietf.org
Cc: Andrej Ota , John Heasley , Thorsten
Dahm
Subject: RE: Confirm submission of I-D draft
related to this draft version, shortly.
Many thanks.
The Authors.
From: IETF I-D Submission Tool
Date: Tuesday, 23 April 2024 at 14:46
To: Douglas Gash (dcmgash) , Andrej Ota ,
John Heasley , Thorsten Dahm
Subject: Confirm submission of I-D draft-ietf-opsawg-tacacs-tls13
Hi,
The IETF
Thanks Mohamed, please see inline…
From: mohamed.boucad...@orange.com
Date: Friday, 19 April 2024 at 18:31
To: Douglas Gash (dcmgash)
Cc: John Heasley , Andrej Ota , Thorsten
Dahm , opsawg@ietf.org
Subject: RE: New Version Notification for draft-ietf-opsawg-tacacs-tls13-06.txt.
Hi Douglas
document is getting
stable more and more.
Cheers,
Med
De : OPSAWG De la part de Douglas Gash (dcmgash)
Envoyé : mercredi 20 mars 2024 16:40
À : opsawg@ietf.org
Cc : John Heasley ; Andrej Ota
Objet : Re: [OPSAWG] New Version Notification for
draft-ietf-opsawg-tacacs-tls13-06.txt
Dear OPSAWG
Many Thanks Mohamed for the time taken and the detailed review.
We’ll work through these (and reach out for any clarifications) ASAP.
From: mohamed.boucad...@orange.com
Date: Wednesday, 17 April 2024 at 16:42
To: Douglas Gash (dcmgash) , opsawg@ietf.org
Cc: John Heasley , Andrej Ota
Subject
omissions or new comments
and rectify quickly.
And we will endeavour to respond ASAP to any other comments of any kind on the
doc.
Many thanks,
Regards,
The Authors.
From: internet-dra...@ietf.org
Date: Wednesday, 20 March 2024 at 15:27
To: Douglas Gash (dcmgash) , Douglas Gash (dcmgash
d...@google.com
, and...@ota.si , Douglas Gash
(dcmgash) , car...@ipsec.org ,
lol.gr...@gmail.com , opsawg@ietf.org ,
RFC Editor
Subject: Re: [Editorial Errata Reported] RFC8907 (7754)
Hi Rebecca, authors, OPSAWG,
I think that this errata is valid for both 5.1 and 6.1. I also noted a similar
at 14:34
To: Douglas Gash (dcmgash) , opsawg@ietf.org
Cc: John Heasly , Andrej Ota
Subject: RE: Submission of new version of TACACS+ TLS Spec (V4)
Hi Authors, all,
Many thanks for your effort on this document.
I managed finally to read the new version. I’m afraid that some of the comments
in
: Douglas Gash (dcmgash)
Cc: opsawg@ietf.org , John Heasly , Andrej
Ota
Subject: Re: [OPSAWG] Submission of new version of TACACS+ TLS Spec (V4)
On Dec 22, 2023, at 11:53 AM, Douglas Gash (dcmgash)
wrote:
> Some brief notes regarding the broader topics raised in v3, all items of
> course, ar
Dear OPSAWG,
Many thank for all the comments on the Secure TACACS+ (TLS) draft v3.
We have submitted a revised doc which intention to address the concerns and
comments. It is rather later than originally planned, our apologies for the
delay. We will look forward to addressing the corresponding
Hi Joe,
An update is underway, current phase is to examine RFC 9325, which seems very
relevant, to see what can be delegated to it.
From: Joe Clarke (jclarke)
Date: Monday, 23 October 2023 at 18:04
To: draft-ietf-opsawg-tacacs-tl...@ietf.org
Cc: opsawg@ietf.org
Subject: Status of T+ TLS work
the data field paradigm discussed earlier in the
thread. We will follow with a document that describes the complete solution in
detail.
From: Douglas Gash (dcmgash)
Date: Thursday, 8 September 2022 at 16:47
To: Alan DeKok
Cc: opsawg@ietf.org , Andrej Ota , Thorsten
Dahm , John Heasly
Subject
.”
Regards.
From: Alan DeKok
Date: Thursday, 8 September 2022 at 14:56
To: Douglas Gash (dcmgash)
Cc: opsawg@ietf.org , Andrej Ota , Thorsten
Dahm , John Heasly
Subject: Re: [OPSAWG] TACACS+ SSH Enhancements Document
On Sep 8, 2022, at 6:47 AM, Douglas Gash (dcmgash) wrote:
> The alternat
encapsulated upgrade approach
for implementors, and welcome feedback.
Regards,
The Authors.
From: Alan DeKok
Date: Tuesday, 30 August 2022 at 21:17
To: John Heasly
Cc: Michael Richardson , Douglas Gash (dcmgash)
, opsawg@ietf.org , Andrej Ota
, Thorsten Dahm
Subject: Re: [OPSAWG] TACACS+ SSH
rdson" wrote:
Douglas Gash \(dcmgash\)
mailto:40cisco@dmarc.ietf.org>> wrote:
> By addition here, I mean that the plan was for the original
> Authentication packet to be interfered with in the minimal possible
> way, but the generic arguments section (essentially A
Dear Alan, WG
We are restarting the thread on the T+ enhancements for SSH. As background: on
the recent doc, we had conflated the SSH enhancements with the TLS
modifications, we have taken advice of WG to split these into separate docs,
the TLS doc is being progressed independently.
The first
Cc: opsawg@ietf.org , Douglas Gash (dcmgash)
, Andrej Ota , Thorsten Dahm
Subject: Re: [OPSAWG] I-D Action: draft-dahm-opsawg-tacacs-security-00.txt
Thanks for your continued attention to this work, Alan. Your insight is very
much appreciated.
As an contributor, I rather like the simpler TLS
Dear Alan and OPSAWG,
Many thanks for taking the time to take a scan on the T+ Document.
Apologies for the delay in responding; this document is a collaboration between
multiple authors and we’re getting our internal issue tracking process going.
To this end, we have split your comments into 4
Hi Joe,
Yes, we will plan to get draft submitted before start March.
On 16/01/2022, 18:53, "Joe Clarke (jclarke)" wrote:
Happy new year, Thorsten (and other authors). I wanted to follow up to
see how you are progressing on this T+/TLS work? Would be great to have
a draft in prior
April 2021 at 16:09
To: opsawg , Thorsten Dahm , Andrej
Ota , "Douglas Gash (dcmgash)" ,
"car...@ipsec.org" , "lol.gr...@gmail.com"
Subject: TACACS++, please...
Hi there all,
Last year we published "RFC8907 - The Terminal Access Controller Access-Control
Sy
Dear Opsawg,
Now the T+ draft is released from the editor stage I have asked for Alan’s
comment to be incorporated, and submitted one other addenda for clarification
on command accounting, into the accounting attributes section:
“Where the TACACS+ deployment is used to support the Device Admini
Thanks Alan,
Good point. I believe the largest possible packets would fully loaded author
reply, which is a little over 3* 2^16, so anything over 2^18 must be illegal. I
think that we can add that Implementations MUST allow control over maximum
packet sizes, with recommendations at 2^16, as you
sure the readers
can redirect if needed.
Many thanks,
Doug.
On 18/03/2020, 13:28, "Alexey Melnikov" wrote:
Hi Douglas,
On Mon, Jan 27, 2020, at 8:28 PM, Douglas Gash (dcmgash) wrote:
> 5) KRB5 and KRB4 need normative references.
> TA> The KR
Hi,
I hope that in the last few versions we have updated the document to
sufficiently answer the concerns raised, please let me know if any concerns
remain, many thanks.
The majority of the issues were responded to initially last summer, but the
balance should be by the latest version recentl
Hi,
I hope that in the last few versions we have updated the document to
sufficiently answer the concerns raised, please let me know if any concerns
remain, many thanks.
The majority of the issues were answered last summer, but the balance should be
by the latest version recently uploaded.
Pl
Will do.
On 27/01/2020, 15:42, "Joe Clarke (jclarke)" wrote:
> On Jan 27, 2020, at 10:31, Warren Kumari wrote:
>
> Hi there authors and WG,
>
> I'm now the responsible AD for this document.
>
> There is *significant* history here, and it is going to tak
Many thanks for the comments.
Please see responses from authors inline, marked “TA”. Action items from this
mail to update the document are marked: [AI-TA] to mean: “action item for the
authors”.
On 16/05/2019, 6:10, "Barry Leiba via Datatracker" wrote:
Barry Leiba has entered the followi
Thanks Adam, will do.
On 16/05/2019, 15:34, "Adam Roach" wrote:
On 5/16/19 1:04 AM, Adam Roach via Datatracker wrote:
> Without specification of preparation profiles for usernames and passwords,
> this is an incomplete specification of how to transmit non-ASCII
> usernames and pa
Many thanks for the comments.
Please see responses from authors inline, marked “TA”. Action items from this
mail to update the document are marked: [AI-TA] to mean: “action item for the
authors”.
On 16/05/2019, 7:04, "Adam Roach via Datatracker" wrote:
Adam Roach has entered the following
Many thanks for the comments.
Please see responses from authors inline, marked “TA”. Action items from this
mail to update the document are marked: [AI-TA] to mean: “action item for the
authors”.
On 16/05/2019, 0:11, "Suresh Krishnan via Datatracker" wrote:
Suresh Krishnan has entered the
Many thanks for the comments.
Please see responses from authors inline, marked “TA”. Action items from this
mail to update the document are marked: [AI-TA] to mean: “action item for the
authors”.
On 15/05/2019, 21:35, "Éric Vyncke via Datatracker" wrote:
Éric Vyncke has entered the follow
Many thanks for the comments.
Please see responses from authors inline, marked “TA”. Action items from this
mail to update the document are marked: [AI-TA] to mean: “action item for the
authors”.
On 15/05/2019, 20:12, "Roman Danyliw via Datatracker" wrote:
Roman Danyliw has entered the fo
Many thanks for the comments.
Please see responses from authors inline, marked “TA”. Action items from this
mail to update the document are marked: [AI-TA] to mean: “action item for the
authors”.
On 15/05/2019, 19:55, "Alissa Cooper via Datatracker" wrote:
Alissa Cooper has entered the fo
Many thanks for the comments.
Please see responses from authors inline, marked “TA”. Action items from this
mail to update the document are marked: [AI-TA] to mean: “action item for the
authors”.
On 16/05/2019, 7:21, "Alexey Melnikov via Datatracker" wrote:
Alexey Melnikov has entered the
Many thanks for the comments.
Please see responses from authors inline, marked “TA”. Action items from this
mail to update the document are marked: [AI-TA] to mean: “action item for the
authors”.
On 15/05/2019, 19:03, "Mirja Kühlewind via Datatracker"
wrote:
Mirja Kühlewind has entered t
Many thanks for the comments.
Please see responses from authors inline, marked “TA”. Action items from this
mail to update the document are marked: [AI-TA] to mean: “action item for the
authors”.
On 14/05/2019, 17:33, "Deborah Brungard via Datatracker"
wrote:
Deborah Brungard has entered
Many thanks for the comments.
Please see responses from authors inline, marked “TA”. Action items from this
mail to update the document are marked: [AI-TA] to mean: “action item for the
authors”.
On 13/05/2019, 13:54, "Stewart Bryant via Datatracker" wrote:
Reviewer: Stewart Bryant
Re
Hi Tom,
Many thanks for your comments. Most will be resolved simply in next upload
as a matter of course (see below), but would be good to clarify one point:
I did wonder if TACACS had ever impinged on IANA and so would
this I-D
become a referenc
Confirming I am not aware of any IPR relating to this draft.
From: Thorsten Dahm
Date: Thursday, 11 October 2018 at 16:11
To: "Joe Clarke (jclarke)"
Cc: "opsawg@ietf.org" , Andrej Ota , "Douglas
Gash (dcmgash)" , "dcar...@viptela.com"
, "lol.gr.
Dear Opsawg,
Revision 11 of the T+ information draft has been uploaded. The changes cover:
- Updates to Security section 9, primarily sections 9.5-9.7 has been
rationalized into a single section
- Updates to CHAP authentication, removing erroneous paras.
- Corrections of some typographic/style e
Apologies for the interruption in the conversation.
Attached should incorporate yours and Alan’s latest comments, and some client
side comments have been addressed.
Please find attached.
Many thanks.
On 16/07/2018, 6:56, "Douglas Gash (dcmgash)" wrote:
Hi Joe,
Hi Joe,
Thanks Joe, all useful comments. I believe that most of them were caught in the
previous upload (in which we responded to Alan’s last mail), I will make sure
that any missing are in the next.
On 16/07/2018, 0:20, "Joe Clarke" wrote:
On 7/14/18 00:57, Douglas Gash (dcmg
Thanks Alan…
On 14/07/2018, 15:00, "Alan DeKok" wrote:
On Jul 14, 2018, at 12:57 AM, Douglas Gash (dcmgash)
wrote:
>
> Dear Alan,
>
> Do the changes below clarify the intent sufficiently? (please find diff
below) The changes are mainly in first sec
Dear Alan,
Do the changes below clarify the intent sufficiently? (please find diff below)
The changes are mainly in first section with a few tweaks in later sections.
Many thanks.
9.5 Deployment Best Practices
With respect to the observations about the security issues described above, a
netw
Thanks Alan...
> On 13 Jul 2018, at 14:30, Alan DeKok wrote:
>
>> On Jul 13, 2018, at 1:00 AM, Douglas Gash (dcmgash)
>> wrote:
>> 9.5 Deployment Best Practices
>>
>> With respect to the observations about the security issues described above,
>> a
Dear OPSAWG,
Below is a revised version of the recommendations. I have understood the
consensus to be, that we should keep the strength of the recommendations, but
explain how these should be applies in the real world with many, potentially
very old implementations in place.
Consequently, pret
your question on
current implmentations,
On 09/07/2018, 23:55, "Joe Clarke" wrote:
On 7/6/18 09:39, Douglas Gash (dcmgash) wrote:
>
> Hi,
>
> Below is revised version of the subsection, based upon Alan’s comments,
>
> Many thanks.
Hi,
I believe the MUST/SHOULD debate pertains only to the recommendations section,
the rest of the documents sticks to description of current status apart from
the documented deprecations that no sensible implementation would do today,
i.e. a few deletions but no updates.
The discussion focuss
, 17:23, "Douglas Gash (dcmgash)" wrote:
Hi Alan,
Thank you for the response. Please see responses below.
On 28/06/2018, 14:22, "Alan DeKok" wrote:
On Jun 28, 2018, at 2:03 AM, Douglas Gash (dcmgash)
wrote:
>
Hi Alan,
Thank you for the response. Please see responses below.
On 28/06/2018, 14:22, "Alan DeKok" wrote:
On Jun 28, 2018, at 2:03 AM, Douglas Gash (dcmgash)
wrote:
>
> Dear Opsawg,
>
> The TACACS+ Draft Version 9 contains a security s
Dear Opsawg,
The TACACS+ Draft Version 9 contains a security section, the last three
subsections of which are recommendations. There is some overlap and repetition
between sections where the same issues are covered from different angles, which
we believe may lead to ambiguity.
So instead we pr
Hi Joe,
We will update on 1) by end of the week.
2) Was sent previously, any feedback on it welcome.
3) I will send out initial proposal today to the list.
Thanks,
Doug.
On 27/06/2018, 16:13, "Joe Clarke" wrote:
On 6/10/18 04:43, Douglas Gash (dcmgash) wrote:
>
Dear Opsawg,
A status update on informational T+ Draft:
1) Current discussion between Andrej and (mainly) Joe Clarke on some section 9
(Security), ongoing, Andrej/Authors will respond to Joe’s latest comments
shortly.
2) Diffs between Version 6 and Version 10 with brief annotations of each diff
Dear OPSAWG,
Please find below a first attempt to run through the differences between the
document version 6 (Feb 10 2017) and version 10 (April 15 2018).
The Diff was generated using the “Change Bar” option of the Document History
page. (https://datatracker.ietf.org/doc/draft-ietf-opsawg-tacac
Hi Alan,
I hope that we can address your concerns. I think the main points that you
raise the we (the authors) need to address are:
1) The security section
2) Reactivity of the authors
3) Change Tracking
1) The Security Section
The starting point is that we know that TACACS+ needs enhancement
Hello Opsawg,
We have uploaded a new version of the TACACS+ informational draft which
includes corrections for typos over the document as a whole, but also revised
the security section. We anticipate this security section will get most
comments, so it is reproduced below.
We will endeavor to b
Hello OPSAWG,
Regarding the T+ document: Version 9 (below) had a small number of mainly
typographic corrections.
We believe that the main area of deficiency in the document is section 9
(Security).
Our plan is to post this specific section to the list for review next week
(after some initial
section completed directly after.
On 20/03/2018, 12:05, "Alan DeKok" wrote:
> On Mar 19, 2018, at 3:37 PM, Douglas Gash (dcmgash)
wrote:
>
> Apologies for delay Alan, I have goofed with mail forwarding.
>
> We still have some work to do on the
Apologies for delay Alan, I have goofed with mail forwarding.
We still have some work to do on the security section. I will check to see
which items we missed outside the security section, as I thought we had them
all covered.
Clearly the last upload took rather longer than initially planned. W
Apologies for the delay, For some reason the mails did not get through until
fellow author kindly forwarded them, disturbed by my rudeness for not having
responded.
Thanks Joe, all very valid and will fix forthwith,
-- Forwarded message -
From: Joe Clarke mailto:jcla...@cisco.co
y rewritten by the recent submissions.
Thanks,
Regards,
Doug.
On 17/09/2017 15:26, "Alan DeKok" wrote:
>On Sep 16, 2017, at 11:41 PM, Douglas Gash (dcmgash)
>wrote:
>>
>> We¹re preparing the next revision. Regarding attribute value encoding,
>> we¹re pr
>in a username, anyone?
>
>RFC4234 is to me a good example of an RFC that starts with RFC20 (or the
>equivalent thereof) and produces something more usable.
>
>Tom Petch
>
>On 5/19/17 7:51 PM, Douglas Gash (dcmgash) wrote:
>>
>> On 19/05/2017 18:11, "Alan DeKo
15:03, "Alan DeKok" wrote:
>On May 20, 2017, at 8:24 AM, Douglas Gash (dcmgash)
>wrote:
>>> If the field is unused, the spec should say the field is ignored, and
>>> treated as if it did not exist.
>>
>> Agreed, though I¹m not sure how an u
is opaque type as needed and
> required by the security protocols utilized.
>
> dataAn opaque type representing data obtained from
> measurements.
>
> Names of objects are generally assumed to be unique within an
> implementation.
>
>
As always, thanks for the comments!
Regards,
Doug
Inline...
On 17/05/2017 15:54, "Alan DeKok" wrote:
>On May 16, 2017, at 4:06 PM, Douglas Gash (dcmgash)
>wrote:
>> Many items are marked with just [Agree], if it seems there is a trivial
>>way to adjust according
On 19/05/2017 18:11, "Alan DeKok" wrote:
>On May 19, 2017, at 6:38 AM, t.petch wrote:
>>
>> Another fresh topic, so a slight change in the Subject:
>>
>> I think that the use of the term ASCII needs more thought.
>
> Speaking only as an opinionated WG member... yes.
>
>> d) in some places,
1 - 100 of 139 matches
Mail list logo
