Hi all, Bo raised a question about keepalives: https://github.com/boucadair/secure-tacacs-yang/issues/1
As indicated below, we don't have a clear view on whether this is needed or not. My hope is to record the intended behavior in the base secure tacacs+ spec. Cheers, Med > -----Message d'origine----- > De : mohamed.boucad...@orange.com <mohamed.boucad...@orange.com> > Envoyé : mardi 28 mai 2024 16:53 > À : opsawg@ietf.org; draft-ietf-opsawg-tacacs-tl...@ietf.org > Objet : [OPSAWG]TR: I-D Action: draft-boucadair-opsawg-secure- > tacacs-yang-01.txt > > Hi all, > > In order to asses whether manageability considerations are well > covered in draft-ietf-opsawg-tacacs-tls13, I edited this I-D to > specify a module for managing secure tacacs+ clients, based on > RFC9105. > > Key requirements as drawn in draft-ietf-opsawg-tacacs-tls13 are > covered in this version. However, this exercise triggered some > questions for which we have no text in the base spec: for > example, keepalive considerations. > > This spec also reveals some issues with 9105 such as the lack of > support of dual stack. Bo raised a comment offline whether we > define this draft as a bis or keep the current augmentation > approach. This point is recorded as a pending issue. > > Please note that the module does not reuse the tls-client > grouping from draft-ietf-netconf-tls-client-server but adopts a > pruning approach. > > Comments and suggestions are more than welcome. > > Cheers, > Med > > -----Message d'origine----- > De : internet-dra...@ietf.org <internet-dra...@ietf.org> Envoyé : > mardi 28 mai 2024 16:27 À : i-d-annou...@ietf.org Objet : I-D > Action: draft-boucadair-opsawg-secure-tacacs-yang-01.txt > > > Internet-Draft draft-boucadair-opsawg-secure-tacacs-yang-01.txt > is now available. > > Title: A YANG Model for Terminal Access Controller Access- > Control System Plus (TACACS+) over TLS 1.3 > Author: Mohamed Boucadair > Name: draft-boucadair-opsawg-secure-tacacs-yang-01.txt > Pages: 23 > Dates: 2024-05-28 > > Abstract: > > This document defines a YANG module for Terminal Access > Controller > Access-Control System Plus (TACACS+) over TLS 1.3. This > modules > augments the YANG Data Model for Terminal Access Controller > Access- > Control System Plus (TACACS+) defined in the RFC 9105 with > TLS- > related data nodes. > > The IETF datatracker status page for this Internet-Draft is: > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2 > Fdatatracker.ietf.org%2Fdoc%2Fdraft-boucadair-opsawg-secure- > tacacs- > yang%2F&data=05%7C02%7Cmohamed.boucadair%40orange.com%7Cdf56fa17d > 8d64f91ea1f08dc7f25f463%7C90c7a20af34b40bfbc48b9253b6f5d20%7C0%7C > 0%7C638525048204684318%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMD > AiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sda > ta=PpSijI6HGOZp7vs7ZHJNEKCf1cgK5TaJaH5yV0c4PJ8%3D&reserved=0 > > There is also an HTML version available at: > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2 > Fwww.ietf.org%2Farchive%2Fid%2Fdraft-boucadair-opsawg-secure- > tacacs-yang- > 01.html&data=05%7C02%7Cmohamed.boucadair%40orange.com%7Cdf56fa17d > 8d64f91ea1f08dc7f25f463%7C90c7a20af34b40bfbc48b9253b6f5d20%7C0%7C > 0%7C638525048204698876%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMD > AiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sda > ta=G0NCidDOYDkOyS%2FQryI%2FscfmESg%2F4bSDaJltJCk2CKA%3D&reserved= > 0 > > A diff from the previous version is available at: > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2 > Fauthor-tools.ietf.org%2Fiddiff%3Furl2%3Ddraft-boucadair-opsawg- > secure-tacacs-yang- > 01&data=05%7C02%7Cmohamed.boucadair%40orange.com%7Cdf56fa17d8d64f > 91ea1f08dc7f25f463%7C90c7a20af34b40bfbc48b9253b6f5d20%7C0%7C0%7C6 > 38525048204710333%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJ > QIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Wk > 0QHm%2B2NaNcdvLSa%2B8T506%2FTSg7SWuBh9yi9Z9kvds%3D&reserved=0 > > Internet-Drafts are also available by rsync at: > rsync.ietf.org::internet-drafts > > > _______________________________________________ > I-D-Announce mailing list -- i-d-annou...@ietf.org To unsubscribe > send an email to i-d-announce-le...@ietf.org > _________________________________________________________________ > ___________________________________________ > Ce message et ses pieces jointes peuvent contenir des > informations confidentielles ou privilegiees et ne doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si vous > avez recu ce message par erreur, veuillez le signaler a > l'expediteur et le detruire ainsi que les pieces jointes. Les > messages electroniques etant susceptibles d'alteration, Orange > decline toute responsabilite si ce message a ete altere, deforme > ou falsifie. Merci. > > This message and its attachments may contain confidential or > privileged information that may be protected by law; they should > not be distributed, used or copied without authorisation. > If you have received this email in error, please notify the > sender and delete this message and its attachments. > As emails may be altered, Orange is not liable for messages that > have been modified, changed or falsified. > Thank you. > > _______________________________________________ > OPSAWG mailing list -- opsawg@ietf.org > To unsubscribe send an email to opsawg-le...@ietf.org ____________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. _______________________________________________ OPSAWG mailing list -- opsawg@ietf.org To unsubscribe send an email to opsawg-le...@ietf.org