On Jul 9, 2018, at 9:17 PM, Scott O. Bradner <[email protected]> wrote: > imo - documenting existing practice is not the same thing as “rubber stamping”
Perhaps my messages were unclear. I'm not opposed to *documenting* existing practices. I'm opposed to *endorsing* existing practices. Especially where those practices are insecure. There is every reason for the spec to say "A, B, and C are OK if you hold your nose. D, E, and F are right out." But that suggestion is apparently controversial. The reasons given are "existing practices". Which sounds to me like there's a requirement for a "rubber stamp" approval of existing implementations. Let me be clear: if the protocol and existing implementations allow for unauthenticated, insecure, remote access to a root shell... then the spec SHOULD say "OMG that's a terrible idea, don't do that. Yes, I know everyone's done that for 20 years. It's bad. Really, really, bad. Don't do it. Honestly, bad things will happen." That's largely where we are today with TACACS+: a) we document existing practices and implementations, no matter how insecure [1] or b) we describe the protocol, along with recommendations for how best to secure it I choose (b). There is non-trivial support for (a). It's not clear to me why this position is in any way controversial, or misunderstood. Alan DeKok. [1] Without mentioning pesky issues like "security". I mean, why warn people that bad things can happen? _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
