Re: [OPSAWG] Alexey Melnikov's Discuss on draft-ietf-opsawg-tacacs-13: (with DISCUSS and COMMENT)

Fri, 20 Mar 2020 04:24:16 -0700 

Hi Alexey,

Many thanks for the review and going through the issues that you found, the 
corrections for which I believe made the document considerably less bad.

Regarding the issue you mentioned below, it is another very valid point. I 
don’t think that the first change I made was sufficiently clear. I am proposing 
to add a new para to this section as follows:

“  As mentioned above, this field is used by the client to indicate how
   it performed the authentication.  One of the options
   (TAC_PLUS_AUTHEN_METH_TACACSPLUS := 0x06) is TACACS+ itself, and so
   the detail of how the client performed this option is given in
   Authentication Section (Section 5).  For all other options, such as
   KRB and RADIUS, then TACACS+ protocol did not play any part in the
   authentication phase; as those interactions were not conducted using
   the TACACS+ protocol they will not be documented here.  For
   implementers of clients who need details of the other protocols,
   please refer to the respective Kerberos [RFC4120] and RADIUS
   [RFC3579] RFCs.”

Originally I had intended to try to avoid adding references to the other 
protocols to minimize references which may go stale, but I’m sure the readers 
can redirect if needed.

Many thanks,

Doug.

On 18/03/2020, 13:28, "Alexey Melnikov" <aamelni...@fastmail.fm> wrote:

    Hi Douglas,
    
    On Mon, Jan 27, 2020, at 8:28 PM, Douglas Gash (dcmgash) wrote:
    >     5) KRB5 and KRB4 need normative references.
    > TA> The KRB5 and KRB4 are not specifically used in this document, 
    > rather, there is one field with an option that the client uses to 
    > indicate how it authenticated, and these are option. This is not 
    > verifiable, so it is recomended in the documen tnot to use this field 
    > for policy.For this reason, it is not really useful to provide a 
    > normative reference, but it is required for the document to explai 
    > this. So have added:[AI+TA]
    
    Please add Informative references for them then. If I decide to implement 
TACACS+ and don't know anything about Kerberos, I wouldn't know where to look.
    
    
    All your other changes are either good or I can at least live with them.
    
    Best Regards,
    Alexey
    

_______________________________________________
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg

Reply via email to