I think that more is needed for security. Security Considerations does not list any sensitive nodes. I see 'secret' as an obvious candidate with its nacm:deny-all and perhaps the list of servers and their addresses.
The model allows for accounting or authorisation or authentication or all three but not two out of three; I do not know if this is a use case. opsawg-tacacs says secret must be 16 preferably 32; YANG can enforce the former and recommend the latter server name is unrestricted in length or character set; is this desirable (YANG has a type for identifiers limited to the usual A-Z 0-9 plus some punctuation)? Overall I was expecting more but that said I cannot think of what to add! Tom Petch ________________________________________ From: OPSAWG <opsawg-boun...@ietf.org> on behalf of Joe Clarke (jclarke) <jclarke=40cisco....@dmarc.ietf.org> Sent: 20 April 2020 14:23 To: opsawg Subject: [OPSAWG] WG LC: draft-ietf-opsawg-tacacs-yang-03 Hello, opsawg. As we stated in the April 7 virtual interim, this draft has reached a point where current WG feedback has been incorporated, and the larger TACACS+ is progressing through the IESG. We are opening a two week last call for this draft. Please comment as to whether or not you feel it is ready and what additional changes are required by May 3, 2020. Thanks. Joe and Tianran Joe _______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg _______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
