IETF Last Call Review of draft-ietf-opsawg-secure-tacacs-yang-12
review-ietf-opsawg-secure-tacacs-yang-12-secdir-lc-sparks-2025-06-30-00
| Request | Review of | draft-ietf-opsawg-secure-tacacs-yang |
|---|---|---|
| Requested revision | No specific revision (document currently at 13) | |
| Type | IETF Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2025-05-16 | |
| Requested | 2025-05-05 | |
| Requested by | Mahesh Jethanandani | |
| Authors | Mohamed Boucadair , Bo Wu | |
| I-D last updated | 2025-07-10 (Latest revision 2025-07-07) | |
| Completed reviews |
Yangdoctors Early review of -04
by Reshad Rahman
(diff)
Opsdir IETF Last Call review of -09 by Tina Tsou (diff) Yangdoctors IETF Last Call review of -05 by Reshad Rahman (diff) Yangdoctors IETF Last Call review of -11 by Reshad Rahman (diff) Secdir IETF Last Call review of -12 by Robert Sparks (diff) Genart IETF Last Call review of -11 by Ines Robles (diff) |
|
| Comments |
Most of the changes in the document relate to the move to enable TLS for TACACS+, and so the SECDIR review. The last review from a YANG doctor's perspective was done on the -05 version of the document. It should therefore be a quick check to see if any changes need to be reviewed. |
|
| Assignment | Reviewer | Robert Sparks |
| State | Completed | |
| Request | IETF Last Call review on draft-ietf-opsawg-secure-tacacs-yang by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/MeRBeWM89UK_rQTtLiUQyoNgrAo | |
| Reviewed revision | 12 (document currently at 13) | |
| Result | Ready | |
| Completed | 2025-06-30 |
review-ietf-opsawg-secure-tacacs-yang-12-secdir-lc-sparks-2025-06-30-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other review comments. This document is ready for publication as a Proposed Standard RFC This document is reflecting the protocol changes in draft-ietf-opsawg-tacacs-tls13 into a YANG module. As the shepherd review says, "It is essentially a programmatic representation of that work". The security issues around using the model are described in the security considerations section following the usual guidance for YANG modules. Comments: The document restates requirements from draft-ietf-opsawg-tacacs-tls13, and _might_ be stating them more strongly. For instance, draft-ietf-opsawg-tacacs-tls13 says "TLS 1.3 [RFC8446] must be used for transport" (note the lower case must) while this document states "* TLS 1.3 [RFC8446] MUST be used for transport.". The intent is clear, but perhaps draft-ietf-opsawg-tacacs-tls13 needs to be touched at that point.