Hi,
I'm in favor of keeping the the "external PSK" option. Just like with
IPSec, PSKs are easier to handle than certificates for most
installations. PSKs simpifiy lab setups, make getting started easier,
and are pretty robust -- no time dependency, and no need for renewals
(right now I'm not quit
I am speaking as a contributor and user of TACACS+ in general. I am not
personally implementing a T+ server or this draft.
I think fully supporting and documenting external PSKs would be generally
useful and would possibly aid in the adoption of this new modality for T+. I
would be in favor o
Dear Opsawg et al,
1) Discussion on External PSK (Related to part of Mohamed’s point 2 below).
Our distillation of the thrust of Alan’s main advice is: The doc needs to
either commit to fully documenting external PSK and its ramifications or
preclude it. The truth is, our doc merely says: TLS
