Early Review of draft-ietf-opsawg-secure-tacacs-yang-04
review-ietf-opsawg-secure-tacacs-yang-04-yangdoctors-early-rahman-2025-01-22-00

Disclaimer: I am not a TACACS+ nor a TLS expert.

Overall the document looks good. Here are what I perceive are issues which
should be addressed.

"leaf address": it is of type inet:host, so is not necessarily an IP address as
per the name and description. Rename to "server" or "host"? But this would be a
non backwards compatible change.... At least change the description to say "IP
address or host name of the ACACS+ server."

           leaf address {
             type inet:host;
             mandatory true;
             description
               "The address of the TACACS+ server.";
           }

It is not clear to me why "leaf domain-name" was added. Section 3 refers to
section 3.3 of [I-D.ietf-opsawg-tacacs-tls13] but that section does not mention
domain-name.

   'domain-name':  Provides a domain name of the server per Section 3.3
      of [I-D.ietf-opsawg-tacacs-tls13].

"leaf vrf-instance": not needed if source-type is source-interface (since the
VRF of the source interface would be used)? Add "must not()" statement or
describe the behaviour if vrf-instance does not have the same value as
source-interface's VRF.

"leaf port": remove the commented out “default 49”?

"choice source-type": do we need “mandatary true”? Same question for the 2
instances of “choice ref-or-explicit”

"leaf single-connection": please add a reference. I think that should be to
Section 4.3 of [RFC8907].