Thanks Joe, You have caught an important typo there, many thanks! In the first upload of the document (draft-dahm-opsawg-tacacs-00.txt), we used STARTTLS to upgrade the connection type. Post discussions in Prague, we reverted to using a separate port for TLS, and documented in the second upload (draft-dahm-opsawg-tacacs-00.txt). However, I neglected to remove the packet type for the STARTTLS from the enumeration, so thanks for the catch. It will be removed on next upload.
Just to confirm, we are proposing separate port rather than STARTTLS. To your very valid question: in the end, we elected not to add a new version because we are looking to keep the content of the protocol the same as the original draft spec (although deprecating some less secure features). Besides the adoption of a separate port for TLS, this should help avoid breaking current deployments. Many Thanks, Regards, Thorsten, Andrej, Doug. >---------------------------------------------------------------------- > >Message: 1 >Date: Mon, 16 Nov 2015 14:48:34 -0500 >From: Joe Clarke <[email protected]> >To: Warren Kumari <[email protected]>, "[email protected]" > <[email protected]> >Subject: Re: [OPSAWG] FW: New Version Notification for > draft-dahm-opsawg-tacacs-01.txt >Message-ID: <[email protected]> >Content-Type: text/plain; charset=windows-1252; format=flowed > >On 11/13/15 13:37, Warren Kumari wrote: >> We would really appreciate any feedback on this document. Personally I >> think it is really useful, but we need the WG to review and provide >> feedback. >> >> Over the years I've heard a number of people kvetch that TACACS+ isn't >> documented -- well, now you can, you know, actually do something about >> this... > >I may be biased, but I have read the doc, and I support the WG working >on it. I agree with your last sentiment that this would be good to >final document this with industry consensus. > >One thing I wonder is if there shouldn't be some version change for the >support of TLS, or if the Type of 0x00 is enough? > >Joe > >> >> W >> >> On Sun, Oct 4, 2015 at 4:18 PM, Douglas Gash (dcmgash) >> <[email protected]> wrote: >>> Dear Opsawg List, >>> >>> We have uploaded a second revision of the TACACS+ protocol >>>specification >>> which we believe is ready for publication subject subject to port >>> allocation. >>> >>> Please see details below. >>> >>> The essential difference from the first revision is the change of TLS >>> option support using a separate port as opposed to the original Start >>>TLS >>> mechanism. >>> >>> We would be very grateful for the opinion of the list regarding the >>> suitability of document for publication as an RFC. >>> >>> Many thanks, >>> >>> Thorsten, Andrej, Doug. >>> >>> >>> On 02/10/2015 16:25, "[email protected]" >>><[email protected]> >>> wrote: >>> >>>> >>>> A new version of I-D, draft-dahm-opsawg-tacacs-01.txt >>>> has been successfully submitted by Douglas C. Medway Gash and posted >>>>to >>>> the >>>> IETF repository. >>>> >>>> Name: draft-dahm-opsawg-tacacs >>>> Revision: 01 >>>> Title: The TACACS+ Protocol >>>> Document date: 2015-10-02 >>>> Group: Individual Submission >>>> Pages: 38 >>>> URL: >>>> https://www.ietf.org/internet-drafts/draft-dahm-opsawg-tacacs-01.txt >>>> Status: >>>>https://datatracker.ietf.org/doc/draft-dahm-opsawg-tacacs/ >>>> Htmlized: >>>>https://tools.ietf.org/html/draft-dahm-opsawg-tacacs-01 >>>> Diff: >>>> https://www.ietf.org/rfcdiff?url2=draft-dahm-opsawg-tacacs-01 >>>> >>>> Abstract: >>>> TACACS+ provides access control for routers, network access servers >>>> and other networked computing devices via one or more centralized >>>> servers. TACACS+ provides separate authentication, authorization >>>>and >>>> accounting services. This document describes the protocol that is >>>> used by TACACS+. >>>> >>>> >>>> >>>> >>>> >>>> Please note that it may take a couple of minutes from the time of >>>> submission >>>> until the htmlized version and diff are available at tools.ietf.org. >>>> >>>> The IETF Secretariat >>>> >>> >> >> >> > > > >------------------------------ > >Subject: Digest Footer > >_______________________________________________ >OPSAWG mailing list >[email protected] >https://www.ietf.org/mailman/listinfo/opsawg > > >------------------------------ > >End of OPSAWG Digest, Vol 102, Issue 14 >*************************************** _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
