Skip to main content

Early Review of draft-ietf-opsawg-tacacs-tls13-07
review-ietf-opsawg-tacacs-tls13-07-tsvart-early-perkins-2024-05-05-00

Request Review of draft-ietf-opsawg-tacacs-tls13
Requested revision No specific revision (document currently at 10)
Type Early Review
Team Transport Area Review Team (tsvart)
Deadline 2024-05-03
Requested 2024-04-20
Requested by Joe Clarke
Authors Thorsten Dahm , John Heasley , dcmgash@cisco.com , Andrej Ota
I-D last updated 2024-05-05
Completed reviews Secdir Early review of -07 by Russ Housley (diff)
Tsvart Early review of -07 by Colin Perkins (diff)
Comments
In particular, please review the justification for a unique port number for "tacacss".
Assignment Reviewer Colin Perkins
State Completed
Request Early review on draft-ietf-opsawg-tacacs-tls13 by Transport Area Review Team Assigned
Posted at https://mailarchive.ietf.org/arch/msg/tsv-art/U54XP_Chv2aPXonh9XxuS_oXMtc
Reviewed revision 07 (document currently at 10)
Result Ready
Completed 2024-05-05
review-ietf-opsawg-tacacs-tls13-07-tsvart-early-perkins-2024-05-05-00
This document has been reviewed as part of the transport area review team's
ongoing effort to review key IETF documents. These comments were written
primarily for the transport area directors, but are copied to the document's
authors and WG to allow them to address any issues raised and also to the IETF
discussion list for information.

When done at the time of IETF Last Call, the authors should consider this
review as part of the last-call comments they receive. Please always CC
tsv-art@ietf.org if you reply to or forward this review.

From a transport perspective, this appears ready. The key transport-related
concern is the use of a separate TCP port for "tacacss" than for insecure
TACACS+ connections, but this is well justified in Section 5.3 of the draft and
seems entirely appropriate.

I am not a TLS expert, so did not review the security-related content of the
draft.

Regards,
Colin