Terminal Access Controller Access-Control System Plus over TLS 1.3 (TACACS+ over TLS)
draft-ietf-opsawg-tacacs-tls13-24

• Status
• IESG evaluation record
• IESG writeups
• Email expansions
• History

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-opsawg-tacacs-tls13@ietf.org, jclarke@cisco.com, mohamed.boucadair@orange.com, opsawg-chairs@ietf.org, opsawg@ietf.org, rfc-editor@rfc-editor.org
Subject: Protocol Action: 'Terminal Access Controller Access-Control System Plus over TLS 1.3 (TACACS+ over TLS)' to Proposed Standard (draft-ietf-opsawg-tacacs-tls13-24.txt)

The IESG has approved the following document:
- 'Terminal Access Controller Access-Control System Plus over TLS 1.3
   (TACACS+ over TLS)'
  (draft-ietf-opsawg-tacacs-tls13-24.txt) as Proposed Standard

This document is the product of the Operations and Management Area Working
Group.

The IESG contact persons are Mahesh Jethanandani and Mohamed Boucadair.

A URL of this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-opsawg-tacacs-tls13/

Ballot Text

Technical Summary

   The Terminal Access Controller Access-Control System Plus (TACACS+)
   protocol provides device administration for routers, network access
   servers, and other networked computing devices via one or more
   centralized TACACS+ servers.  This document adds Transport Layer
   Security (TLS 1.3) support to TACACS+ and obsoletes former inferior
   security mechanisms.

   The document removes the security limitations in RFC 8907. As such,
   this document updates RFC 8907.

Working Group Summary

   The document leverages BCPs and specifications developed in other WGs.
   The document avoids customized behaviors when possible and tried to
   maximize factorization of existing behaviors. Also, in order to 
   inherit future guidelines, the document cites BCP195 instead
   of RFC 9325.

   There were some areas where existing BCPs/RFCs do not provide
   sufficient implementation details. The document inspired from other
   applications (e.g., draft-ietf-radext-tls-psk).

   The development of the document revealed the need for global
   guidance (e.g., by UTA) rather that each application relying
   on TLS specifies its own behavior (e.g., Debugging TACACS+ over TLS).

Document Quality

   The WG actively sought early in the process to secure reviews from OPS,
   transport, and security areas. The WG also solicited UTA WG, with
   the WGLC circulated also in UTA. Also, the WG sought for experts
   reviews for the TLS part.

   Many iterations were needed to converge on the current level details.
   Thanks to the support of experts such as Alan DeKok.

   An implementation was disclosed ([link](https://mailarchive.ietf.org/arch/msg/opsawg/XQ3nytQ-bnXmWcrcqZRMvcbQ3ok/).
   
   A plan to implement was also shared [here](https://mailarchive.ietf.org/arch/msg/opsawg/UOWVLRZab_02QzIqevRlS6-shrw/)  

Personnel

   The Document Shepherd for this document is Joe Clarke.
   The Responsible Area Director is Mohamed Boucadair.

RFC Editor Note