Hi Andrej, Doug, John, Thorsten, and OPSAWG, Thank you for all your effort (including meticulous reviews during AUTH48 ;-)) to finalize this spec.
There is still some work in this area, though [1]. Looking forward seeing a concrete proposal. Cheers, Med [1] https://mailarchive.ietf.org/arch/msg/opsawg/NAajbRBrdm3Aquq8aCdexVF1Q1A/ > -----Message d'origine----- > De : [email protected] <[email protected]> > Envoyé : mercredi 10 décembre 2025 01:36 > À : [email protected]; [email protected] > Cc : [email protected]; [email protected]; > [email protected] > Objet : [OPSAWG]RFC 9887 on Terminal Access Controller Access- > Control System Plus (TACACS+) over TLS 1.3 > > > A new Request for Comments is now available in online RFC > libraries. > > > RFC 9887 > > Title: Terminal Access Controller Access-Control > System > Plus (TACACS+) over TLS 1.3 > Author: T. Dahm, > J. Heasley, > D.C. Medway Gash, > A. Ota > Status: Standards Track > Stream: IETF > Date: December 2025 > Mailbox: [email protected], > [email protected], > [email protected], > [email protected] > Pages: 15 > Updates: RFC 8907 > > I-D Tag: draft-ietf-opsawg-tacacs-tls13-24.txt > > URL: > https://fra01.safelinks.protection.outlook.com/?url=https%3A%2F%2F > www.rfc- > editor.org%2Finfo%2Frfc9887&data=05%7C02%7Cmohamed.boucadair%40ora > nge.com%7Cb0d39d30a4704c625d6408de378431f1%7C90c7a20af34b40bfbc48b > 9253b6f5d20%7C0%7C0%7C639009238068855633%7CUnknown%7CTWFpbGZsb3d8e > yJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjo > iTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=D15N89aFlfld%2Fu5sair > EvJI90OgMc%2Fd8Jd8V9%2FicPgI%3D&reserved=0 > > DOI: 10.17487/RFC9887 > > This document specifies the use of Transport Layer Security (TLS) > version 1.3 to secure the communication channel between a Terminal > Access Controller Access-Control System Plus (TACACS+) client and > server. TACACS+ is a protocol used for Authentication, > Authorization, and Accounting (AAA) in networked environments. The > original TACACS+ protocol does not mandate the use of encryption > or secure transport. > This specification defines a profile for using TLS 1.3 with > TACACS+, including guidance on authentication, connection > establishment, and operational considerations. The goal is to > enhance the confidentiality, integrity, and authenticity of > TACACS+ traffic, aligning the protocol with modern security best > practices. > > This document updates RFC 8907. > > This document is a product of the Operations and Management Area > Working Group Working Group of the IETF. > > This is now a Proposed Standard. > > STANDARDS TRACK: This document specifies an Internet Standards > Track protocol for the Internet community, and requests discussion > and suggestions for improvements. Please refer to the current > edition of the Official Internet Protocol Standards > (https://fra01.safelinks.protection.outlook.com/?url=https%3A%2F%2 > Fwww.rfc- > editor.org%2Fstandards&data=05%7C02%7Cmohamed.boucadair%40orange.c > om%7Cb0d39d30a4704c625d6408de378431f1%7C90c7a20af34b40bfbc48b9253b > 6f5d20%7C0%7C0%7C639009238068871938%7CUnknown%7CTWFpbGZsb3d8eyJFbX > B0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFp > bCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=5hXSkvoO6Ik%2B%2B83S2fY5xn > XpQaqb2G9ExXs5XkDU0vM%3D&reserved=0) for the standardization state > and status of this protocol. Distribution of this memo is > unlimited. > > This announcement is sent to the IETF-Announce and rfc-dist lists. > To subscribe or unsubscribe, see > > https://fra01.safelinks.protection.outlook.com/?url=https%3A%2F%2F > www.ietf.org%2Fmailman%2Flistinfo%2Fietf- > announce&data=05%7C02%7Cmohamed.boucadair%40orange.com%7Cb0d39d30a > 4704c625d6408de378431f1%7C90c7a20af34b40bfbc48b9253b6f5d20%7C0%7C0 > %7C639009238068889442%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRy > dWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ > %3D%3D%7C0%7C%7C%7C&sdata=3zwjga95vCZei%2BzWuCuEePcLEKrdk3oPkoiL7P > zDWVs%3D&reserved=0 > > https://fra01.safelinks.protection.outlook.com/?url=https%3A%2F%2F > mailman.rfc-editor.org%2Fmailman%2Flistinfo%2Frfc- > dist&data=05%7C02%7Cmohamed.boucadair%40orange.com%7Cb0d39d30a4704 > c625d6408de378431f1%7C90c7a20af34b40bfbc48b9253b6f5d20%7C0%7C0%7C6 > 39009238068900952%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUs > IlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D% > 3D%7C0%7C%7C%7C&sdata=ilyvPNu65d2%2Fr41CE7VDDGLfavk70GsIBqjrUBVb%2 > Bnw%3D&reserved=0 > > For searching the RFC series, see > https://fra01.safelinks.protection.outlook.com/?url=https%3A%2F%2F > www.rfc- > editor.org%2Fsearch&data=05%7C02%7Cmohamed.boucadair%40orange.com% > 7Cb0d39d30a4704c625d6408de378431f1%7C90c7a20af34b40bfbc48b9253b6f5 > d20%7C0%7C0%7C639009238068910362%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0e > U1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCI > sIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=6BZ5MB885RFHrY22eWzp1OjFYlQgu > Q3yoj9NMJqAvhI%3D&reserved=0 > For downloading RFCs, see > https://fra01.safelinks.protection.outlook.com/?url=https%3A%2F%2F > www.rfc- > editor.org%2Fretrieve%2Fbulk&data=05%7C02%7Cmohamed.boucadair%40or > ange.com%7Cb0d39d30a4704c625d6408de378431f1%7C90c7a20af34b40bfbc48 > b9253b6f5d20%7C0%7C0%7C639009238068918978%7CUnknown%7CTWFpbGZsb3d8 > eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIj > oiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=t1X%2FI1nhG7D2kmymOz > scKcPC7SI8lbe6HHMOkDxCivQ%3D&reserved=0 > > Requests for special distribution should be addressed to either > the author of the RFC in question, or to rfc-editor@rfc- > editor.org. Unless specifically noted otherwise on the RFC > itself, all RFCs are for unlimited distribution. > > > The RFC Editor Team > > _______________________________________________ > OPSAWG mailing list -- [email protected] > To unsubscribe send an email to [email protected] ____________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. _______________________________________________ OPSAWG mailing list -- [email protected] To unsubscribe send an email to [email protected]
