[Last-Call] Secdir last call review of draft-ietf-opsawg-tacacs-yang-03

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reviewer: Yaron Sheffer
Review result: Has Nits

This document defines a YANG module for the configuration of TACACS+ clients.

The document is short and straightforward, and I only have one significant
comment.

* I am not familiar with common security practices for the devices covered by
this protocol. But I am wondering, should the "shared-secret" field be made
optional, so that it can be entered "out of band" in applications that prefer
not to keep it stored in the YANG configuration store and available to network
management tools?

* Not a security comment: the YANG module includes a reference to
draft-ietf-opsawg-tacacs-18, but I assume that you'll want to replace it with
the RFC number for that draft once it is published. Yet I don't see an RFC
Editor note mentioning that.

* It is confusing that "messages-received" is for messages received by the
server, and "errors-received" is for errors received *from* the server.


-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux