Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs-08.txt

[Douglas Gash (dcmgash)]

Apologies for delay Alan, I have goofed with mail forwarding.

We still have some work to do on the security section. I will check to see 
which items we missed outside the security section, as I thought we had them 
all covered.

Clearly the last upload took rather longer than initially planned. We will 
respond by the end of this week with plan for schedule for next upload,

-- Forwarded message -
From: Alan DeKok >
Date: Mi., 21. Feb. 2018 um 08:27 Uhr
Subject: Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs-08.txt
To: >
Cc: >, 
>


  A quick review shows that many of my comments have been addressed, thanks.  
This significantly clarifies the document.

  Some comments are still unaddressed.  And, the Security Considerations 
section contains substantial portions of my text as I pointed out earlier, with 
no acknowledgement that this is the case.

  Alan DeKok.

___
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg


--
Thorsten Dahm

Network Engineer
Google Ireland Ltd.
The Gasworks, Barrow Street
Dublin 4,  Ireland

Registered in Dublin, Ireland
Registration Number: 368047
___
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg

Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs-08.txt

[Douglas Gash (dcmgash)]

Apologies for the delay, For some reason the mails did not get through until 
fellow author kindly forwarded them, disturbed by my rudeness for not having 
responded.

Thanks Joe, all very valid and will fix forthwith,

-- Forwarded message -
From: Joe Clarke >
Date: Di., 20. Feb. 2018 um 17:52 Uhr
Subject: Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs-08.txt
To: >


Thank you, authors.  Would you send a synopsis of the changes to the
list as well as what you feel is left to do?  It would be good to spur
some more discussion on this.

I read through the text, focusing on the changes, and found a few typos
and nits.

Section 1:

OLD:

The normative description of Legacy features such as ARAP and
outbound authentication have

NEW:

The normative description of Legacy features such as ARAP and
outbound authentication has

===

Section 1:

s/authroization/authorization/

===

Section 3.3

You have one reference to "Single connection Mode".  Why is the 'c'
lowercase here?  For consistency, it should be uppercase.

===

Section 3.4

OLD:

For example, the client try alternative methods, if they are available,

NEW:

For example, the client tries alternative methods, if they are available,

===

Section 3.4

s/implmentation/implementation/

===

Section 3.5

OLD:

.  for example

NEW:

.  For example

===

Section 3.7

OLD:

refer to section section

NEW:

refer to section

===

Section 4.1

You refer to the Unix su(1) command in man page style notation.  This
may not be fully understood by all readers.  I think it would be better
to describe what su does in a short phrase (This is comparable to the
"su" command on Unix, which substitutes the current user's identity with
another).

===

Section 4.4.2.3

s/alays/always/

===

Sections 4.4.2.4 and 4.4.2.5

OLD:

The TACACS+ server must rejects

NEW:

The TACACS+ server must reject

===

Section 4.4.3

s/temrination/termination/

===

Section 4.4.3

You say, "oplease refer to section" (which has a typo).  But I don't
think you need the please at all here.

===

Section 5

s/clients actions/client's actions/

===

Section 5.1

s/corrsponds/corresponds/

===

Section 7.1

Stardate is canonically inconsistent

:-)

===

Section 7.2

Under nohangup, I think you have a typo with "authorization.y."  Not
sure if you intended something else there, or that "y." just crept in.

===

Section 8

s/()such as/(such as/

===

Section 8

s/starts starts/starts/

===

Section 8

s/reuthentication/reauthentication/

===

Section 8

You mention su again, but do so without man page notation.  you also
refer to unix instead of Unix.  Perhaps a good solution is to point to
one of the web=based man page gateways to create a true xref for su.

===

Section 9.1

s/For this reasons/For these reasons/

===

Section 9.2

s/which may me/which may be/

===

Section 9.5

s/apropriate/appropriate/

===

Section 9.5

s/send send secret keys/send secret keys/

Joe




On 2/19/18 10:40, internet-dra...@ietf.org 
wrote:
>
> A New Internet-Draft is available from the on-line Internet-Drafts 
> directories.
> This draft is a work item of the Operations and Management Area Working Group 
> WG of the IETF.
>
> Title   : The TACACS+ Protocol
> Authors : Thorsten Dahm
>   Andrej Ota
>   Douglas C. Medway Gash
>   David Carrel
>   Lol Grant
>   Filename: draft-ietf-opsawg-tacacs-08.txt
>   Pages   : 43
>   Date: 2018-02-19
>
> Abstract:
>TACACS+ provides Device Administration for routers, network access
>servers and other networked computing devices via one or more
>centralized servers.  This document describes the protocol that is
>used by TACACS+.
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-opsawg-tacacs/
>
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-opsawg-tacacs-08
> https://datatracker.ietf.org/doc/html/draft-ietf-opsawg-tacacs-08
>
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-opsawg-tacacs-08
>
>
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at 
> tools.ietf.org.
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> ___
> OPSAWG mailing list
> OPSAWG@ietf.org
> https://www.ietf.org/mailman/listinfo/opsawg
>

___
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg


--
Thorsten Dahm

Network Engineer
Google Ireland 

[OPSAWG] Datatracker State Update Notice:

[IETF Secretariat]

IANA action state changed to "In Progress"
Datatracker URL: https://datatracker.ietf.org/doc/draft-mm-wg-effect-encrypt/

___
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg

[OPSAWG] Datatracker State Update Notice:

[IETF Secretariat]

IANA action state changed to "No IC"
Datatracker URL: https://datatracker.ietf.org/doc/draft-mm-wg-effect-encrypt/

___
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg

[OPSAWG] Document Action: 'Effects of Pervasive Encryption on Operators' to Informational RFC (draft-mm-wg-effect-encrypt-25.txt)

[The IESG]

The IESG has approved the following document:
- 'Effects of Pervasive Encryption on Operators'
  (draft-mm-wg-effect-encrypt-25.txt) as Informational RFC

This document has been reviewed in the IETF but is not the product of an IETF
Working Group.

The IESG contact person is Warren Kumari.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-mm-wg-effect-encrypt/





Technical Summary

   Pervasive Monitoring (PM) attacks on the privacy of Internet users is
   of serious concern to both the user and the operator communities.
   RFC7258 discussed the critical need to protect users' privacy when
   developing IETF specifications and also recognized making networks
   unmanageable to mitigate PM is not an acceptable outcome, an
   appropriate balance is needed.  This document discusses current
   security and network operations and management practices that may be
   impacted by the shift to increased use of encryption to help guide
   protocol development in support of manageable, secure networks.

Working Group Summary

   This is an AD-sponsored document. It was discussed in SAAG, both on 
   the mailing list and in at least one face-to-face meeting (IETF 97 and 
   before).  First IETF LC completed 2017-03-13, and it was on the
   2017-04-13 telechat. There was significant discussion and revision to 
   address the comments/concerns raised during IESG eval, and so a second 
   IETF LC was held, and additional feedback / review solicited and 
incorporated.



Document Quality

   This Informational document is a fairly extensive collection of security 
   and network management functions that will likely be impacted by the 
   increased use of encryption. Note that this document is a list of issues; 
   there is no attempt to ameliorate the problems in the list. It is meant to 
   help those who are attempting to create solutions to the problem by 
   giving a taxonomy of problems and ab list of useful references. It has 
   been significantly reworked since the first ballot to address the
   comments received, and also to change the tone.

Personnel

   Paul Hoffman is the document shepherd. Stephen Farrell was the
   responsible AD, Warren Kumari has taken the baton since.

___
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg