Hi Bo, Thanks for applying the markups.
I've issued the IESG ballot for this draft. Regards, Rob > -----Original Message----- > From: Wubo (lana) <lana.w...@huawei.com> > Sent: 09 April 2021 02:53 > To: Rob Wilton (rwilton) <rwil...@cisco.com>; tom petch > <ie...@btconnect.com>; Joe Clarke (jclarke) <jcla...@cisco.com> > Cc: opsawg@ietf.org; opsawg-cha...@ietf.org; draft-ietf-opsawg-tacacs- > y...@ietf.org > Subject: Re: [OPSAWG] Last Call: <draft-ietf-opsawg-tacacs-yang-09.txt> > (YANG Data Model for TACACS+) to Proposed Standard > > Hi Rob, all, > > Thanks for your reminding. I just posted rev-10 to address the comment > from Tom and Joe. Please see : > https://www.ietf.org/rfcdiff?url2=draft-ietf-opsawg-tacacs-yang-10 > > Thanks, > Bo > > -----邮件原件----- > 发件人: Rob Wilton (rwilton) [mailto:rwil...@cisco.com] > 发送时间: 2021年4月7日 22:44 > 收件人: Wubo (lana) <lana.w...@huawei.com>; tom petch > <ie...@btconnect.com>; Joe Clarke (jclarke) <jcla...@cisco.com> > 抄送: opsawg@ietf.org; opsawg-cha...@ietf.org; draft-ietf-opsawg-tacacs- > y...@ietf.org > 主题: RE: [OPSAWG] Last Call: <draft-ietf-opsawg-tacacs-yang-09.txt> (YANG > Data Model for TACACS+) to Proposed Standard > > Hi Bo, > > Please can you post an updated version with the comments from Tom/Joe > addressed and then I can get this onto the next Telechat in 2 weeks' time. > > Regards, > Rob > > > > -----Original Message----- > > From: OPSAWG <opsawg-boun...@ietf.org> On Behalf Of Wubo (lana) > > Sent: 23 March 2021 10:56 > > To: tom petch <ie...@btconnect.com>; Joe Clarke (jclarke) > > <jcla...@cisco.com> > > Cc: opsawg@ietf.org; opsawg-cha...@ietf.org; draft-ietf-opsawg-tacacs- > > y...@ietf.org > > Subject: Re: [OPSAWG] Last Call: > > <draft-ietf-opsawg-tacacs-yang-09.txt> > > (YANG Data Model for TACACS+) to Proposed Standard > > > > Hi Tom, Joe, > > > > Thanks for your helpful comments. I will update the draft as you > > suggested. > > > > Best regards, > > Bo > > -----邮件原件----- > > 发件人: tom petch [mailto:ie...@btconnect.com] > > 发送时间: 2021年3月23日 0:42 > > 收件人: Joe Clarke (jclarke) <jcla...@cisco.com>; Wubo (lana) > > <lana.w...@huawei.com> > > 抄送: opsawg@ietf.org; opsawg-cha...@ietf.org; draft-ietf-opsawg-tacacs- > > y...@ietf.org > > 主题: Re: [OPSAWG] Last Call: <draft-ietf-opsawg-tacacs-yang-09.txt> > > (YANG Data Model for TACACS+) to Proposed Standard > > > > From: Joe Clarke (jclarke) <jcla...@cisco.com> > > Sent: 22 March 2021 13:12 > > > > On 3/22/21 07:15, Wubo (lana) wrote: > > > Hi Tom, Joe, > > > > > > Thanks for your review and comments. The issues will fixed in the > > > next > > revision. > > > > > > For 'leaf shared-secret', the following text will be added: > > > "It is highly recommended that shared keys are at least 32 > > > characters > > long and > > > sufficiently complex with mixed different character types." > > > > You're mixing "shared keys" and "shared secrets" again. I think you > > should stick with the latter. And I think something like: "with a mix > > of different character types" reads a bit better. Perhaps Tom will > > have a better way of stating that. > > > > <tp> > > > > Not really! > > Perhaps > > ''... with a mix of different character types i.e. upper case, lower > > case, numeric, punctuation" > > > > That is the sort of terminology I see when being prompted to create a > > password for a website. > > > > Tom Petch > > > > > > Joe > > > > > > > > Best regards, > > > Bo > > > > > > -----邮件原件----- > > > 发件人: tom petch [mailto:ie...@btconnect.com] > > > 发送时间: 2021年3月17日 19:00 > > > 收件人: Joe Clarke (jclarke) <jcla...@cisco.com> > > > 抄送: opsawg@ietf.org; opsawg-cha...@ietf.org; > > > draft-ietf-opsawg-tacacs-y...@ietf.org > > > 主题: Re: [OPSAWG] Last Call: <draft-ietf-opsawg-tacacs-yang-09.txt> > > > (YANG Data Model for TACACS+) to Proposed Standard > > > > > > From: Joe Clarke (jclarke) <jcla...@cisco.com> > > > Sent: 16 March 2021 13:04 > > > To: tom petch > > > > > > On 3/16/21 06:13, tom petch wrote: > > >> Some editorial quirks > > >> > > >> YANG > > >> revision reference > > >> the text value is not quite the same as the title of the I-D; > > >> perhaps both are not quite right > > > Good catch. These two should be normalized. Perhaps the better > > > title > > is YANG module for TACACS+. > > > <tp> > > > or else > > > A YANG Module for TACACS+ > > > I like the indefinite article there but it is perhaps a matter of > > > taste > > > > > >> leaf shared-secret > > >> /shared keys/shared secrets/ > > > Yes, agreed. > > > > > >> should we recommend improving the entropy with mixed case, digits, > > punctuation? I note that the example lacks punctuation. A plus sign > > might be appropriate! > > > Given the weakness, this couldn't hurt. This could be called out in > > both Security Considerations as well as in the leaf description. I > > like the cheeky notion of a '+' in the example. > > > > > > <tp> > > > Yes, probably both. I have signed up to a lot of services in > > > lockdown > > and have been exposed to a wide variety of rules about permissible > > secrets. One that caught my eye required nine characters while the > > one that has stayed with me forbad the use of punctuation! I do think > > that for all the very clever things that come out of the IETF's > > Security Area, better guidance on the basics, such as entropy, would > > do a lot more to improve the Internet! > > > > > > Tom Petch > > > Joe > > > > > >> Tom Petch > > >> > > >> ________________________________________ > > >> From: OPSAWG <opsawg-boun...@ietf.org> on behalf of The IESG > > >> <iesg-secret...@ietf.org> > > >> Sent: 15 March 2021 14:08 > > >> To: IETF-Announce > > >> Cc: opsawg@ietf.org; opsawg-cha...@ietf.org; > > >> draft-ietf-opsawg-tacacs-y...@ietf.org > > >> Subject: [OPSAWG] Last Call: <draft-ietf-opsawg-tacacs-yang-09.txt> > > >> (YANG Data Model for TACACS+) to Proposed Standard > > >> > > >> > > >> The IESG has received a request from the Operations and Management > > >> Area Working Group WG (opsawg) to consider the following document: > > >> - 'YANG Data Model for TACACS+' > > >> <draft-ietf-opsawg-tacacs-yang-09.txt> as Proposed Standard > > >> > > >> The IESG plans to make a decision in the next few weeks, and > > >> solicits final comments on this action. Please send substantive > > >> comments to the last-c...@ietf.org mailing lists by 2021-03-29. > > >> Exceptionally, comments may be sent to i...@ietf.org instead. In > > >> either case, please retain the beginning of the Subject line to allow > automated sorting. > > >> > > >> Abstract > > >> > > >> > > >> This document defines a TACACS+ client YANG module, that > > >> augments > > the > > >> System Management data model, defined in RFC 7317, to allow > devices > > >> to make use of TACACS+ servers for centralized Authentication, > > >> Authorization and Accounting. > > >> > > >> The YANG module in this document conforms to the Network > Management > > >> Datastore Architecture (NMDA) defined in RFC 8342. > > >> > > >> > > >> > > >> > > >> The file can be obtained via > > >> https://datatracker.ietf.org/doc/draft-ietf-opsawg-tacacs-yang/ > > >> > > >> > > >> > > >> No IPR declarations have been submitted directly on this I-D. > > >> > > >> > > >> The document contains these normative downward references. > > >> See RFC 3967 for additional information: > > >> rfc8907: The Terminal Access Controller Access-Control System > > >> Plus > > >> (TACACS+) Protocol (Informational - Internent Engineering Task > > >> Force > > >> (IETF)) > > >> > > >> > > >> > > >> > > >> _______________________________________________ > > >> OPSAWG mailing list > > >> OPSAWG@ietf.org > > >> https://www.ietf.org/mailman/listinfo/opsawg > > >> > > >> _______________________________________________ > > >> OPSAWG mailing list > > >> OPSAWG@ietf.org > > >> https://www.ietf.org/mailman/listinfo/opsawg > > >> > > > > > > > _______________________________________________ > > OPSAWG mailing list > > OPSAWG@ietf.org > > https://www.ietf.org/mailman/listinfo/opsawg _______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg