You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Perhaps add a note that TACACS+ TLS servers and clients SHOUD NOT use well-known CAs. i.e. CAs from the web PKI. Doing so would allow clients to connect to any server, and would allow anyone to issue client certs.
5.1.4
... Operators should be cognizant of the potential of TLS TACACS+ server and/or client isolation from their peer's CA by network failures. Isolation from a public key certificate's CA will cause the verification of the certificate to fail and thus TLS authentication of the peer to fail.
The text was updated successfully, but these errors were encountered:
5
Perhaps add a note that TACACS+ TLS servers and clients SHOUD NOT use well-known CAs. i.e. CAs from the web PKI. Doing so would allow clients to connect to any server, and would allow anyone to issue client certs.
5.1.4
... Operators should be cognizant of the potential of TLS TACACS+ server and/or client isolation from their peer's CA by network failures. Isolation from a public key certificate's CA will cause the verification of the certificate to fail and thus TLS authentication of the peer to fail.
The text was updated successfully, but these errors were encountered: