Hi Ionathan,
Thanks for your review.
I applied your proposed changes in
https://github.com/IETF-OPSAWG-WG/draft-opsarea-rfc5706bis/pull/160
for the co-author reviews.
Regards, Benoit
Hi all,
In line with the ongoing developments regarding TACACS+ security, the following
suggestions may help strengthen security content in the document:
• 9. Security considerations:
- 2nd paragraph: only management protocols with adequate security apparatus,
such as ***state-of-the-art encryption, mutual*** authentication [...]
- Additional paragraph: ***The security implications of password-based
authentication should be taken into account when designing a New Protocol or
Protocol Extension.***
• Introduction, 1st paragraph: certain protocol design choices may make
deployment, operations, and management particularly difficult ***or insecure***
And possibly:
• 5.8 Security management, 1st paragraph: Protocol Designers should consider
how to monitor and manage security aspects and vulnerabilities of the New
Protocol or Protocol Extension***, including periodically re-assessing the
design of the New Protocol or Protocol Extension as vulnerabilities arise***
Regards,
Ionathan
Les données à caractère personnel recueillies et traitées dans le cadre de cet
échange, le sont à seule fin d’exécution d’une relation professionnelle et
s’opèrent dans cette seule finalité et pour la durée nécessaire à cette
relation. Si vous souhaitez faire usage de vos droits de consultation, de
rectification et de suppression de vos données, veuillez contacter
[email protected]. Si vous avez reçu ce message par erreur, nous vous
remercions d’en informer l’expéditeur et de détruire le message. The personal
data collected and processed during this exchange aims solely at completing a
business relationship and is limited to the necessary duration of that
relationship. If you wish to use your rights of consultation, rectification and
deletion of your data, please contact: [email protected]. If you have
received this message in error, we thank you for informing the sender and
destroying the message.
_______________________________________________
OPSAWG mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________
OPSAWG mailing list -- [email protected]
To unsubscribe send an email to [email protected]
