> "TACACS+ MUST be used with an addition security mechanism to
> protection of the communication such as IPSEC or a secure network such
> as described in 10.5. "
not operationaly viable
randy
___
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org
Reviewer: Joseph Salowey
Review result: Serious Issues
As the draft mentions the MD5 based stream cipher used by TACACS+ is
completely insecure. I think there is too much discussion in the security
considerations that may lead one to think that in some cases it provides
sufficient protection.
S
The following errata report has been submitted for RFC8520,
"Manufacturer Usage Description Specification".
--
You may review the report below and at:
http://www.rfc-editor.org/errata/eid5702
--
Type: Editorial
Reported by: S
