| < draft-acee-rtg-yang-key-chain-08.txt | draft-acee-rtg-yang-key-chain-09.txt > | |||
|---|---|---|---|---|
| Network Working Group A. Lindem, Ed. | Network Working Group A. Lindem, Ed. | |||
| Internet-Draft Y. Qu | Internet-Draft Y. Qu | |||
| Intended status: Standards Track D. Yeung | Intended status: Standards Track D. Yeung | |||
| Expires: March 28, 2016 Cisco Systems | Expires: April 17, 2016 Cisco Systems | |||
| I. Chen | I. Chen | |||
| Ericsson | Ericsson | |||
| J. Zhang | J. Zhang | |||
| Juniper Networks | Juniper Networks | |||
| Y. Yang | Y. Yang | |||
| Cisco Systems | Cisco Systems | |||
| September 25, 2015 | October 15, 2015 | |||
| Key Chain YANG Data Model | Key Chain YANG Data Model | |||
| draft-acee-rtg-yang-key-chain-08.txt | draft-acee-rtg-yang-key-chain-09.txt | |||
| Abstract | Abstract | |||
| This document describes the key chain YANG data model. A key chain | This document describes the key chain YANG data model. A key chain | |||
| is a list of elements each containing a key, send lifetime, accept | is a list of elements each containing a key, send lifetime, accept | |||
| lifetime, and algorithm. By properly overlapping the send and accept | lifetime, and algorithm. By properly overlapping the send and accept | |||
| lifetimes of multiple key chain elements, keys and algorithms may be | lifetimes of multiple key chain elements, keys and algorithms may be | |||
| gracefully updated. By representing them in a YANG data model, key | gracefully updated. By representing them in a YANG data model, key | |||
| distribution can be automated. Key chains are commonly used for | distribution can be automated. Key chains are commonly used for | |||
| routing protocol authentication and other applications. In some | routing protocol authentication and other applications. In some | |||
| skipping to change at page 1, line 46 ¶ | skipping to change at page 1, line 46 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on March 28, 2016. | This Internet-Draft will expire on April 17, 2016. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2015 IETF Trust and the persons identified as the | Copyright (c) 2015 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 34 ¶ | skipping to change at page 2, line 34 ¶ | |||
| 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2.1. Graceful Key Rollover using Key Chains . . . . . . . . . 3 | 2.1. Graceful Key Rollover using Key Chains . . . . . . . . . 3 | |||
| 3. Design of the Key Chain Model . . . . . . . . . . . . . . . . 4 | 3. Design of the Key Chain Model . . . . . . . . . . . . . . . . 4 | |||
| 3.1. Key Chain Operational State . . . . . . . . . . . . . . . 5 | 3.1. Key Chain Operational State . . . . . . . . . . . . . . . 5 | |||
| 3.2. Key Chain Model Features . . . . . . . . . . . . . . . . 5 | 3.2. Key Chain Model Features . . . . . . . . . . . . . . . . 5 | |||
| 3.3. Key Chain Model Tree . . . . . . . . . . . . . . . . . . 5 | 3.3. Key Chain Model Tree . . . . . . . . . . . . . . . . . . 5 | |||
| 4. Key Chain YANG Model . . . . . . . . . . . . . . . . . . . . 8 | 4. Key Chain YANG Model . . . . . . . . . . . . . . . . . . . . 8 | |||
| 5. Relationship to other Work . . . . . . . . . . . . . . . . . 16 | 5. Relationship to other Work . . . . . . . . . . . . . . . . . 16 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 16 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 16 | |||
| 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 | |||
| 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 16 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 8.1. Normative References . . . . . . . . . . . . . . . . . . 16 | 8.1. Normative References . . . . . . . . . . . . . . . . . . 17 | |||
| 8.2. Informative References . . . . . . . . . . . . . . . . . 17 | 8.2. Informative References . . . . . . . . . . . . . . . . . 17 | |||
| Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 18 | Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 18 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18 | |||
| 1. Introduction | 1. Introduction | |||
| This document describes the key chain YANG data model. A key chain | This document describes the key chain YANG data model. A key chain | |||
| is a list of elements each containing a key, send lifetime, accept | is a list of elements each containing a key, send lifetime, accept | |||
| lifetime, and algorithm. By properly overlapping the send and accept | lifetime, and algorithm. By properly overlapping the send and accept | |||
| lifetimes of multiple key chain elements, keys and algorithms may be | lifetimes of multiple key chain elements, keys and algorithms may be | |||
| skipping to change at page 8, line 22 ¶ | skipping to change at page 8, line 22 ¶ | |||
| | | +--ro hmac-sha-384? empty | | | +--ro hmac-sha-384? empty | |||
| | +--:(hmac-sha-512) | | +--:(hmac-sha-512) | |||
| | +--ro hmac-sha-512? empty | | +--ro hmac-sha-512? empty | |||
| +--rw aes-key-wrap {aes-key-wrap}? | +--rw aes-key-wrap {aes-key-wrap}? | |||
| | +--rw enable? boolean | | +--rw enable? boolean | |||
| +--ro aes-key-wrap-state {aes-key-wrap}? | +--ro aes-key-wrap-state {aes-key-wrap}? | |||
| +--ro enable? boolean | +--ro enable? boolean | |||
| 4. Key Chain YANG Model | 4. Key Chain YANG Model | |||
| <CODE BEGINS> file "ietf-key-chain@2015-09-26.yang" | <CODE BEGINS> file "ietf-key-chain@2015-10-15.yang" | |||
| module ietf-key-chain { | module ietf-key-chain { | |||
| namespace "urn:ietf:params:xml:ns:yang:ietf-key-chain"; | namespace "urn:ietf:params:xml:ns:yang:ietf-key-chain"; | |||
| // replace with IANA namespace when assigned | // replace with IANA namespace when assigned | |||
| prefix "key-chain"; | prefix "key-chain"; | |||
| import ietf-yang-types { | import ietf-yang-types { | |||
| prefix "yang"; | prefix "yang"; | |||
| } | } | |||
| organization | organization | |||
| "Cisco Systems | "IETF RTG (Routing) Working Group"; | |||
| 170 West Tasman Drive | ||||
| San Jose, CA 95134-1706 | ||||
| USA"; | ||||
| contact | contact | |||
| "Acee Lindem - acee@cisco.com"; | "Acee Lindem - acee@cisco.com"; | |||
| description | description | |||
| "This YANG module defines the generic configuration | "This YANG module defines the generic configuration | |||
| data for key-chain. It is intended that the module | data for key-chain. It is intended that the module | |||
| will be extended by vendors to define vendor-specific | will be extended by vendors to define vendor-specific | |||
| key-chain configuration parameters. | key-chain configuration parameters. | |||
| "; | ||||
| Copyright (c) 2015 IETF Trust and the persons identified as | ||||
| authors of the code. All rights reserved. | ||||
| Redistribution and use in source and binary forms, with or | ||||
| without modification, is permitted pursuant to, and subject | ||||
| to the license terms contained in, the Simplified BSD License | ||||
| set forth in Section 4.c of the IETF Trust's Legal Provisions | ||||
| Relating to IETF Documents | ||||
| (http://trustee.ietf.org/license-info). | ||||
| This version of this YANG module is part of RFC XXXX; see | ||||
| the RFC itself for full legal notices."; | ||||
| revision 2015-10-15 { | ||||
| description | ||||
| "Updated version, organization, and copyright. | ||||
| Added aes-cmac-prf-128 and aes-key-wrap features."; | ||||
| reference | ||||
| "RFC XXXX: A YANG Data Model for key-chain"; | ||||
| } | ||||
| revision 2015-06-29 { | revision 2015-06-29 { | |||
| description | description | |||
| "Updated version. Added Operation State following | "Updated version. Added Operation State following | |||
| draft-openconfig-netmod-opstate-00."; | draft-openconfig-netmod-opstate-00."; | |||
| reference | reference | |||
| "RFC XXXX: A YANG Data Model for key-chain"; | "RFC XXXX: A YANG Data Model for key-chain"; | |||
| } | } | |||
| revision 2015-02-24 { | revision 2015-02-24 { | |||
| description | description | |||
| "Initial revision."; | "Initial revision."; | |||
| skipping to change at page 13, line 18 ¶ | skipping to change at page 13, line 33 ¶ | |||
| description | description | |||
| "Configured tolerance range, in seconds."; | "Configured tolerance range, in seconds."; | |||
| } | } | |||
| } | } | |||
| list key-chain-entry { | list key-chain-entry { | |||
| key "key-id"; | key "key-id"; | |||
| description "One key."; | description "One key."; | |||
| leaf key-id { | leaf key-id { | |||
| type uint64; | type uint64; | |||
| description "Key id."; | description "Key ID."; | |||
| } | } | |||
| leaf key-id-state { | leaf key-id-state { | |||
| type uint64; | type uint64; | |||
| config false; | config false; | |||
| description "Configured key id."; | description "Configured Key ID."; | |||
| } | } | |||
| container key-string { | container key-string { | |||
| description "The key string."; | description "The key string."; | |||
| choice key-string-style { | choice key-string-style { | |||
| description | description | |||
| "Key string styles"; | "Key string styles"; | |||
| case keystring { | case keystring { | |||
| leaf keystring { | leaf keystring { | |||
| type string; | type string; | |||
| description "Key string in ASCII format."; | description "Key string in ASCII format."; | |||
| End of changes. 11 change blocks. | ||||
| 14 lines changed or deleted | 29 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||