Re: [OPSAWG] New Version Notification for draft-ietf-opsawg-tacacs-10.txt

2018-05-10 Thread Joe Clarke
Thanks for the reply, Andrej. Additional comments below. On 5/10/18 10:45, Andrej Ota wrote: 9.1. General Security of The Protocol TACACS+ protocol does not include a security mechanism that would meet modern-day requirements. Support for MD5-based crypto pad

Re: [OPSAWG] New Version Notification for draft-ietf-opsawg-tacacs-10.txt

2018-05-10 Thread Andrej Ota
Hi Joe, We did, but also all three of us got a bit bogged down by other work. I have to wrap up section 9 "digest" while Douglas and Thorsten are doing similar for other sections where they got through the mail history and they're wrapping that up to send out an e-mail as well. Considering

Re: [OPSAWG] New Version Notification for draft-ietf-opsawg-tacacs-10.txt

2018-05-10 Thread Joe Clarke
Hello, T+ authors. Did you have a chance to read over my comments below? What thoughts do you have? Some of these points admittedly need some discussion. Thanks. Joe On 4/30/18 10:30, Joe Clarke wrote: > On 4/15/18 02:27, Douglas Gash (dcmgash) wrote: >> Hello Opsawg, >> >> We have uploaded

Re: [OPSAWG] New Version Notification for draft-ietf-opsawg-tacacs-10.txt

2018-04-30 Thread Andrej Ota
Hi Joe & opsawg, >>> 2) Reactivity of the Authors. >>> >>> As far as I know, we have responded to most posts regarding the content of >>> the document, with point-by-point replies, >> >> No. >> >> See the list archives, especially May 2017. There are multiple people >> suggesting that

Re: [OPSAWG] New Version Notification for draft-ietf-opsawg-tacacs-10.txt

2018-04-30 Thread Joe Clarke
On 4/15/18 02:27, Douglas Gash (dcmgash) wrote: > Hello Opsawg, > > We have uploaded a new version of the TACACS+ informational draft which > includes corrections for typos over the document as a whole, but also revised > the security section. We anticipate this security section will get most

Re: [OPSAWG] New Version Notification for draft-ietf-opsawg-tacacs-10.txt

2018-04-30 Thread Joe Clarke
Alan, T+ authors, and opsawg, Sorry for the noticeable absence from this thread. I've been focused on some dayjob projects these past couple of weeks. I have followed the threads, though. I want to hopefully bring some things to closure and get us all to move forward to come to consensus on

Re: [OPSAWG] New Version Notification for draft-ietf-opsawg-tacacs-10.txt

2018-04-18 Thread Tianran Zhou
.com> > Subject: Re: [OPSAWG] New Version Notification for > draft-ietf-opsawg-tacacs-10.txt > > On Apr 17, 2018, at 10:15 AM, Douglas Gash (dcmgash) <dcmg...@cisco.com> > wrote: > > Initially (up to around version 5) we included just a very simple security > section

Re: [OPSAWG] New Version Notification for draft-ietf-opsawg-tacacs-10.txt

2018-04-17 Thread Alan DeKok
On Apr 17, 2018, at 10:15 AM, Douglas Gash (dcmgash) wrote: > Initially (up to around version 5) we included just a very simple security > section admitting that T+ was insecure and that the second document would > address the issue. This was deemed to be insufficient, and

Re: [OPSAWG] New Version Notification for draft-ietf-opsawg-tacacs-10.txt

2018-04-17 Thread Douglas Gash (dcmgash)
Hi Alan, I hope that we can address your concerns. I think the main points that you raise the we (the authors) need to address are: 1) The security section 2) Reactivity of the authors 3) Change Tracking 1) The Security Section The starting point is that we know that TACACS+ needs

Re: [OPSAWG] New Version Notification for draft-ietf-opsawg-tacacs-10.txt

2018-04-15 Thread Douglas Gash (dcmgash)
Hello Opsawg, We have uploaded a new version of the TACACS+ informational draft which includes corrections for typos over the document as a whole, but also revised the security section. We anticipate this security section will get most comments, so it is reproduced below. We will endeavor to