{
  "draft": "draft-ietf-opsawg-tacacs-tls13-24",
  "doc_id": "RFC9887",
  "title": "Terminal Access Controller Access-Control System Plus (TACACS+) over TLS 1.3",
  "authors": [
    "T. Dahm",
    "J. Heasley",
    "D.C. Medway Gash",
    "A. Ota"
  ],
  "format": [
    "XML",
    "TEXT",
    "HTML",
    "PDF"
  ],
  "page_count": "15",
  "pub_status": "PROPOSED STANDARD",
  "status": "PROPOSED STANDARD",
  "source": "Operations and Management Area Working Group",
  "abstract": "This document specifies the use of Transport Layer Security (TLS) version 1.3 to secure the communication channel between a Terminal Access Controller Access-Control System Plus (TACACS+) client and server. TACACS+ is a protocol used for Authentication, Authorization, and Accounting (AAA) in networked environments. The original TACACS+ protocol does not mandate the use of encryption or secure transport. This specification defines a profile for using TLS 1.3 with TACACS+, including guidance on authentication, connection establishment, and operational considerations. The goal is to enhance the confidentiality, integrity, and authenticity of TACACS+ traffic, aligning the protocol with modern security best practices.\n\n This document updates RFC 8907.",
  "pub_date": "December 2025",
  "keywords": [
    "TACACS+"
  ],
  "obsoletes": [],
  "obsoleted_by": [],
  "updates": [
    "RFC8907"
  ],
  "updated_by": [],
  "see_also": [],
  "doi": "10.17487/RFC9887",
  "errata_url": null
}