Thanks all for the feedback. Viktor, we will ensure that the implications you raise regarding the use of wildcards are highlighted in the security section. We’ll share that snippet before uploading the next version.
From: Viktor Dukhovni <[email protected]> Date: Wednesday, 30 April 2025 at 02:14 To: opsawg <[email protected]>, [email protected] <[email protected]> Subject: [Last-Call] Re: Change to draft-ietf-opsawg-tacacs-tls13 On Tue, Apr 29, 2025 at 06:15:35PM +0000, Salz, Rich wrote: > And yet, they're still best avoided, unless there a good reason to > support them. The security story with wildcards is all bad news, > > Shrug. It’s trade-offs, like most things in the security area. I > assume that the WG decided they’re worth doing, according to an IETF > consensus standards-track RFC. You disagree; that’s fine. My comment was actually about the security considerations being incomplete, and secondly that *if* wildcard support (originally excluded) is to be added at this late point in the process, then along with some more detail in the security considerations, there could be a phrase discouraging their use, i.e. some approximation of "best avoided". -- Viktor. -- last-call mailing list -- [email protected] To unsubscribe send an email to [email protected]
_______________________________________________ OPSAWG mailing list -- [email protected] To unsubscribe send an email to [email protected]
