Hi Tom, Joe, Thanks for your helpful comments. I will update the draft as you suggested.
Best regards, Bo -----邮件原件----- 发件人: tom petch [mailto:[email protected]] 发送时间: 2021年3月23日 0:42 收件人: Joe Clarke (jclarke) <[email protected]>; Wubo (lana) <[email protected]> 抄送: [email protected]; [email protected]; [email protected] 主题: Re: [OPSAWG] Last Call: <draft-ietf-opsawg-tacacs-yang-09.txt> (YANG Data Model for TACACS+) to Proposed Standard From: Joe Clarke (jclarke) <[email protected]> Sent: 22 March 2021 13:12 On 3/22/21 07:15, Wubo (lana) wrote: > Hi Tom, Joe, > > Thanks for your review and comments. The issues will fixed in the next > revision. > > For 'leaf shared-secret', the following text will be added: > "It is highly recommended that shared keys are at least 32 characters long and > sufficiently complex with mixed different character types." You're mixing "shared keys" and "shared secrets" again. I think you should stick with the latter. And I think something like: "with a mix of different character types" reads a bit better. Perhaps Tom will have a better way of stating that. <tp> Not really! Perhaps ''... with a mix of different character types i.e. upper case, lower case, numeric, punctuation" That is the sort of terminology I see when being prompted to create a password for a website. Tom Petch Joe > > Best regards, > Bo > > -----邮件原件----- > 发件人: tom petch [mailto:[email protected]] > 发送时间: 2021年3月17日 19:00 > 收件人: Joe Clarke (jclarke) <[email protected]> > 抄送: [email protected]; [email protected]; > [email protected] > 主题: Re: [OPSAWG] Last Call: <draft-ietf-opsawg-tacacs-yang-09.txt> > (YANG Data Model for TACACS+) to Proposed Standard > > From: Joe Clarke (jclarke) <[email protected]> > Sent: 16 March 2021 13:04 > To: tom petch > > On 3/16/21 06:13, tom petch wrote: >> Some editorial quirks >> >> YANG >> revision reference >> the text value is not quite the same as the title of the I-D; perhaps >> both are not quite right > Good catch. These two should be normalized. Perhaps the better title is > YANG module for TACACS+. > <tp> > or else > A YANG Module for TACACS+ > I like the indefinite article there but it is perhaps a matter of > taste > >> leaf shared-secret >> /shared keys/shared secrets/ > Yes, agreed. > >> should we recommend improving the entropy with mixed case, digits, >> punctuation? I note that the example lacks punctuation. A plus sign might >> be appropriate! > Given the weakness, this couldn't hurt. This could be called out in both > Security Considerations as well as in the leaf description. I like the > cheeky notion of a '+' in the example. > > <tp> > Yes, probably both. I have signed up to a lot of services in lockdown and > have been exposed to a wide variety of rules about permissible secrets. One > that caught my eye required nine characters while the one that has stayed > with me forbad the use of punctuation! I do think that for all the very > clever things that come out of the IETF's Security Area, better guidance on > the basics, such as entropy, would do a lot more to improve the Internet! > > Tom Petch > Joe > >> Tom Petch >> >> ________________________________________ >> From: OPSAWG <[email protected]> on behalf of The IESG >> <[email protected]> >> Sent: 15 March 2021 14:08 >> To: IETF-Announce >> Cc: [email protected]; [email protected]; >> [email protected] >> Subject: [OPSAWG] Last Call: <draft-ietf-opsawg-tacacs-yang-09.txt> >> (YANG Data Model for TACACS+) to Proposed Standard >> >> >> The IESG has received a request from the Operations and Management >> Area Working Group WG (opsawg) to consider the following document: - >> 'YANG Data Model for TACACS+' >> <draft-ietf-opsawg-tacacs-yang-09.txt> as Proposed Standard >> >> The IESG plans to make a decision in the next few weeks, and solicits >> final comments on this action. Please send substantive comments to >> the [email protected] mailing lists by 2021-03-29. Exceptionally, >> comments may be sent to [email protected] instead. In either case, please >> retain the beginning of the Subject line to allow automated sorting. >> >> Abstract >> >> >> This document defines a TACACS+ client YANG module, that augments the >> System Management data model, defined in RFC 7317, to allow devices >> to make use of TACACS+ servers for centralized Authentication, >> Authorization and Accounting. >> >> The YANG module in this document conforms to the Network Management >> Datastore Architecture (NMDA) defined in RFC 8342. >> >> >> >> >> The file can be obtained via >> https://datatracker.ietf.org/doc/draft-ietf-opsawg-tacacs-yang/ >> >> >> >> No IPR declarations have been submitted directly on this I-D. >> >> >> The document contains these normative downward references. >> See RFC 3967 for additional information: >> rfc8907: The Terminal Access Controller Access-Control System >> Plus >> (TACACS+) Protocol (Informational - Internent Engineering Task Force >> (IETF)) >> >> >> >> >> _______________________________________________ >> OPSAWG mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/opsawg >> >> _______________________________________________ >> OPSAWG mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/opsawg >> > _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
