On Feb 12, 2016, at 1:01 AM, Mikael Abrahamsson <[email protected]> wrote: > > It is not vendor specific. In the past 15 years I have used TAC+ on Cisco, > Juniper, Huawei and others. That's what we used, and if you wanted to provide > IP core equipment, that's what you had to support.
I understand. But let's be realistic here. TACACS+ started out as a vendor-specific protocol. Undocumented. Proprietary. Everyone else implemented it in order to be compatible with the major vendor at the time. Like IPX. Like any number of Microsoft proprietary protocols, for example. And for those protocols, everyone agrees they're really vendor-specific, even though we have multiple implementations. Why do you have a different standard for TACACS+? > Basically, if you're sending packets through an IP core network today, those > devices are likely to do AAA using TAC+. Apart from that, these IP core > routers use mechanisms that are "all" documented in an IETF RFC. So it *is* a AAA protocol? Good. The requirements of RFC 2989 should apply. And the conclusions of RFC 3127 should apply. TACACS+ was such a poor AAA protocol that it wasn't even considered in RFC 3127. Since the protocol hasn't changed since then, there are no *technical* reasons why we should re-visit the consensus shown in RFC 3127. > I just don't understand your objection to also documenting the AAA protocol > that is in super widespread use in the industry. I've been explaining in detail. > To me, it's like you would be saying that IS-IS shouldn't be in the IETF > because it was originally an ISO protocol. It's equally absurd. To me, it's like you're not even reading my counter-arguments. It's easy to dismiss someone's views when you don't pay attention to them. Alan DeKok. _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
