I've done a quick read-through of the draft, and I have a few comments.
* Assuming someone is completely unfamiliar with T+ and they came across this draft, they might assume "TACACS" stood for something, but it is not expanded. Since this draft describes the protocol, I think it would be good to expand the acronym in the intro paragraph.
* There are terminology spread throughout the draft (e.g., MD5, 'TheDraft', session, etc.). I've seen such things summarized early on in a glossary in other long drafts. It might make it easier for a reader to refer to if that was done here as well.
* There is a lot of use of NULL in this document where you either mean NUL byte termination or an empty field. It would be helpful to clarify the usage where you mean a NUL ASCII byte or a field with a zero length value.
* In Section 4.1, the username is stated to be encoded in UTF-8. This is not the case in the _current_ implementation of the protocol. A code inspection of at least the tac_plus4 module shows this is as US-ASCII as some of the other fields.
* In Section 4.1 as well, the various AUTHEN_SVC types are defined, but only ENABLE (and NONE to some extent) is really described. It would be useful to describe the others as well.
* In Section 4.2, the "data" field is mentioned and says it will be described in more detail per authen_type below. Since the START, REPLY, and CONTINUE packets each have a "data" field, and they're respective sections all point to details "below," it's hard to discern what field is being described. While I was able to figure out what I'd see in various START and CONTINUE packets, I didn't see much on what I'd see in the REPLY. For example, where can I expect to see custom authn prompts pushed?
* In Section 5.1, you define TAC_PLUS_AUTHEN_METH_LINE as a "fixed password associated with the line used to gain access." I don't think it's clear what a "line" is. It might be better to say "terminal line" or "terminal port."
That's it for now. Joe On 4/12/16 09:41, internet-dra...@ietf.org wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Operations and Management Area Working Group of the IETF. Title : The TACACS+ Protocol Authors : Thorsten Dahm Andrej Ota Douglas C. Medway Gash David Carrel Lol Grant Filename : draft-ietf-opsawg-tacacs-02.txt Pages : 35 Date : 2016-04-11 Abstract: TACACS+ provides Device Administration for routers, network access servers and other networked computing devices via one or more centralized servers. This document describes the protocol that is used by TACACS+. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-opsawg-tacacs/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-opsawg-tacacs-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-opsawg-tacacs-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
_______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg