Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs-08.txt
Hi Alan, Agreed. In the last cycle we looked to respond quickly to the comments, however, hit a blocker on upload of the resulting doc. We will upload a new version with response to Joe’s comments from the 20 Feb this week, and start cadence of interaction with group to get the security section completed directly after. On 20/03/2018, 12:05, "Alan DeKok"wrote: > On Mar 19, 2018, at 3:37 PM, Douglas Gash (dcmgash) wrote: > > Apologies for delay Alan, I have goofed with mail forwarding. > > We still have some work to do on the security section. I will check to see which items we missed outside the security section, as I thought we had them all covered. The point is to *engage* with the working group. Simply throwing a new draft "over the wall" periodically does not inspire confidence. On top of that, the Security Considerations still contains substantial amounts of my text, verbatim. With no acknowledgement that this is the case. It would be good for the authors to engage with the WG to demonstrate that the document is ready. The document has been shown repeatedly to be not ready for publication, with minimal engagement, feedback, or updates. Alan DeKok. ___ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs-08.txt
> On Mar 19, 2018, at 3:37 PM, Douglas Gash (dcmgash)wrote: > > Apologies for delay Alan, I have goofed with mail forwarding. > > We still have some work to do on the security section. I will check to see > which items we missed outside the security section, as I thought we had them > all covered. The point is to *engage* with the working group. Simply throwing a new draft "over the wall" periodically does not inspire confidence. On top of that, the Security Considerations still contains substantial amounts of my text, verbatim. With no acknowledgement that this is the case. It would be good for the authors to engage with the WG to demonstrate that the document is ready. The document has been shown repeatedly to be not ready for publication, with minimal engagement, feedback, or updates. Alan DeKok. ___ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs-08.txt
Apologies for delay Alan, I have goofed with mail forwarding. We still have some work to do on the security section. I will check to see which items we missed outside the security section, as I thought we had them all covered. Clearly the last upload took rather longer than initially planned. We will respond by the end of this week with plan for schedule for next upload, -- Forwarded message - From: Alan DeKok <al...@deployingradius.com<mailto:al...@deployingradius.com>> Date: Mi., 21. Feb. 2018 um 08:27 Uhr Subject: Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs-08.txt To: <internet-dra...@ietf.org<mailto:internet-dra...@ietf.org>> Cc: <opsawg@ietf.org<mailto:opsawg@ietf.org>>, <i-d-annou...@ietf.org<mailto:i-d-annou...@ietf.org>> A quick review shows that many of my comments have been addressed, thanks. This significantly clarifies the document. Some comments are still unaddressed. And, the Security Considerations section contains substantial portions of my text as I pointed out earlier, with no acknowledgement that this is the case. Alan DeKok. ___ OPSAWG mailing list OPSAWG@ietf.org<mailto:OPSAWG@ietf.org> https://www.ietf.org/mailman/listinfo/opsawg -- Thorsten Dahm Network Engineer Google Ireland Ltd. The Gasworks, Barrow Street Dublin 4, Ireland Registered in Dublin, Ireland Registration Number: 368047 ___ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs-08.txt
Apologies for the delay, For some reason the mails did not get through until fellow author kindly forwarded them, disturbed by my rudeness for not having responded. Thanks Joe, all very valid and will fix forthwith, -- Forwarded message - From: Joe Clarke <jcla...@cisco.com<mailto:jcla...@cisco.com>> Date: Di., 20. Feb. 2018 um 17:52 Uhr Subject: Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs-08.txt To: <opsawg@ietf.org<mailto:opsawg@ietf.org>> Thank you, authors. Would you send a synopsis of the changes to the list as well as what you feel is left to do? It would be good to spur some more discussion on this. I read through the text, focusing on the changes, and found a few typos and nits. Section 1: OLD: The normative description of Legacy features such as ARAP and outbound authentication have NEW: The normative description of Legacy features such as ARAP and outbound authentication has === Section 1: s/authroization/authorization/ === Section 3.3 You have one reference to "Single connection Mode". Why is the 'c' lowercase here? For consistency, it should be uppercase. === Section 3.4 OLD: For example, the client try alternative methods, if they are available, NEW: For example, the client tries alternative methods, if they are available, === Section 3.4 s/implmentation/implementation/ === Section 3.5 OLD: . for example NEW: . For example === Section 3.7 OLD: refer to section section NEW: refer to section === Section 4.1 You refer to the Unix su(1) command in man page style notation. This may not be fully understood by all readers. I think it would be better to describe what su does in a short phrase (This is comparable to the "su" command on Unix, which substitutes the current user's identity with another). === Section 4.4.2.3 s/alays/always/ === Sections 4.4.2.4 and 4.4.2.5 OLD: The TACACS+ server must rejects NEW: The TACACS+ server must reject === Section 4.4.3 s/temrination/termination/ === Section 4.4.3 You say, "oplease refer to section" (which has a typo). But I don't think you need the please at all here. === Section 5 s/clients actions/client's actions/ === Section 5.1 s/corrsponds/corresponds/ === Section 7.1 Stardate is canonically inconsistent :-) === Section 7.2 Under nohangup, I think you have a typo with "authorization.y." Not sure if you intended something else there, or that "y." just crept in. === Section 8 s/()such as/(such as/ === Section 8 s/starts starts/starts/ === Section 8 s/reuthentication/reauthentication/ === Section 8 You mention su again, but do so without man page notation. you also refer to unix instead of Unix. Perhaps a good solution is to point to one of the web=based man page gateways to create a true xref for su. === Section 9.1 s/For this reasons/For these reasons/ === Section 9.2 s/which may me/which may be/ === Section 9.5 s/apropriate/appropriate/ === Section 9.5 s/send send secret keys/send secret keys/ Joe On 2/19/18 10:40, internet-dra...@ietf.org<mailto:internet-dra...@ietf.org> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Operations and Management Area Working Group > WG of the IETF. > > Title : The TACACS+ Protocol > Authors : Thorsten Dahm > Andrej Ota > Douglas C. Medway Gash > David Carrel > Lol Grant > Filename: draft-ietf-opsawg-tacacs-08.txt > Pages : 43 > Date: 2018-02-19 > > Abstract: >TACACS+ provides Device Administration for routers, network access >servers and other networked computing devices via one or more >centralized servers. This document describes the protocol that is >used by TACACS+. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-opsawg-tacacs/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-opsawg-tacacs-08 > https://datatracker.ietf.org/doc/html/draft-ietf-opsawg-tacacs-08 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-opsawg-tacacs-08 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at > tools.ietf.org<http://tools.ietf.org>. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > ___ > OPSAWG mailing list > OPSAWG@ietf.org<mailto:OPSAWG@ietf.org> > https://www.ietf.org/mail
Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs-08.txt
A quick review shows that many of my comments have been addressed, thanks. This significantly clarifies the document. Some comments are still unaddressed. And, the Security Considerations section contains substantial portions of my text as I pointed out earlier, with no acknowledgement that this is the case. Alan DeKok. ___ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
Re: [OPSAWG] I-D Action: draft-ietf-opsawg-tacacs-08.txt
Thank you, authors. Would you send a synopsis of the changes to the list as well as what you feel is left to do? It would be good to spur some more discussion on this. I read through the text, focusing on the changes, and found a few typos and nits. Section 1: OLD: The normative description of Legacy features such as ARAP and outbound authentication have NEW: The normative description of Legacy features such as ARAP and outbound authentication has === Section 1: s/authroization/authorization/ === Section 3.3 You have one reference to "Single connection Mode". Why is the 'c' lowercase here? For consistency, it should be uppercase. === Section 3.4 OLD: For example, the client try alternative methods, if they are available, NEW: For example, the client tries alternative methods, if they are available, === Section 3.4 s/implmentation/implementation/ === Section 3.5 OLD: . for example NEW: . For example === Section 3.7 OLD: refer to section section NEW: refer to section === Section 4.1 You refer to the Unix su(1) command in man page style notation. This may not be fully understood by all readers. I think it would be better to describe what su does in a short phrase (This is comparable to the "su" command on Unix, which substitutes the current user's identity with another). === Section 4.4.2.3 s/alays/always/ === Sections 4.4.2.4 and 4.4.2.5 OLD: The TACACS+ server must rejects NEW: The TACACS+ server must reject === Section 4.4.3 s/temrination/termination/ === Section 4.4.3 You say, "oplease refer to section" (which has a typo). But I don't think you need the please at all here. === Section 5 s/clients actions/client's actions/ === Section 5.1 s/corrsponds/corresponds/ === Section 7.1 Stardate is canonically inconsistent :-) === Section 7.2 Under nohangup, I think you have a typo with "authorization.y." Not sure if you intended something else there, or that "y." just crept in. === Section 8 s/()such as/(such as/ === Section 8 s/starts starts/starts/ === Section 8 s/reuthentication/reauthentication/ === Section 8 You mention su again, but do so without man page notation. you also refer to unix instead of Unix. Perhaps a good solution is to point to one of the web=based man page gateways to create a true xref for su. === Section 9.1 s/For this reasons/For these reasons/ === Section 9.2 s/which may me/which may be/ === Section 9.5 s/apropriate/appropriate/ === Section 9.5 s/send send secret keys/send secret keys/ Joe On 2/19/18 10:40, internet-dra...@ietf.org wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Operations and Management Area Working Group > WG of the IETF. > > Title : The TACACS+ Protocol > Authors : Thorsten Dahm > Andrej Ota > Douglas C. Medway Gash > David Carrel > Lol Grant > Filename: draft-ietf-opsawg-tacacs-08.txt > Pages : 43 > Date: 2018-02-19 > > Abstract: >TACACS+ provides Device Administration for routers, network access >servers and other networked computing devices via one or more >centralized servers. This document describes the protocol that is >used by TACACS+. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-opsawg-tacacs/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-opsawg-tacacs-08 > https://datatracker.ietf.org/doc/html/draft-ietf-opsawg-tacacs-08 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-opsawg-tacacs-08 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > ___ > OPSAWG mailing list > OPSAWG@ietf.org > https://www.ietf.org/mailman/listinfo/opsawg > ___ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
[OPSAWG] I-D Action: draft-ietf-opsawg-tacacs-08.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Operations and Management Area Working Group WG of the IETF. Title : The TACACS+ Protocol Authors : Thorsten Dahm Andrej Ota Douglas C. Medway Gash David Carrel Lol Grant Filename: draft-ietf-opsawg-tacacs-08.txt Pages : 43 Date: 2018-02-19 Abstract: TACACS+ provides Device Administration for routers, network access servers and other networked computing devices via one or more centralized servers. This document describes the protocol that is used by TACACS+. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-opsawg-tacacs/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-opsawg-tacacs-08 https://datatracker.ietf.org/doc/html/draft-ietf-opsawg-tacacs-08 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-opsawg-tacacs-08 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg