Hi Robert, Thanks for the review. ACK. Will check and make sure both specs are in sync. Cheers, Med (as author) > -----Message d'origine----- > De : Robert Sparks via Datatracker <noreply@xxxxxxxx> > Envoyé : lundi 30 juin 2025 19:53 > À : secdir@xxxxxxxx > Cc : draft-ietf-opsawg-secure-tacacs-yang.all@xxxxxxxx; last- > call@xxxxxxxx; opsawg@xxxxxxxx > Objet : draft-ietf-opsawg-secure-tacacs-yang-12 ietf last call > Secdir review > > > Document: draft-ietf-opsawg-secure-tacacs-yang > Title: A YANG Data Model for Terminal Access Controller Access- > Control System Plus (TACACS+) Reviewer: Robert Sparks Review result: > Ready > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other review comments. > > This document is ready for publication as a Proposed Standard RFC > > This document is reflecting the protocol changes in > draft-ietf-opsawg-tacacs-tls13 into a YANG module. As the shepherd > review says, "It is essentially a programmatic representation of > that work". The security issues around using the model are described > in the security considerations section following the usual guidance > for YANG modules. > > Comments: > > The document restates requirements from draft-ietf-opsawg-tacacs- > tls13, and _might_ be stating them more strongly. For instance, > draft-ietf-opsawg-tacacs-tls13 says "TLS 1.3 [RFC8446] must be used > for transport" (note the lower case must) while this document states > "* TLS 1.3 [RFC8446] MUST be used for transport.". The intent is > clear, but perhaps > draft-ietf-opsawg-tacacs-tls13 needs to be touched at that point. > > ____________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. -- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
