| < draft-ietf-rtgwg-yang-key-chain-00.txt | draft-ietf-rtgwg-yang-key-chain-01.txt > | |||
|---|---|---|---|---|
| Network Working Group A. Lindem, Ed. | Network Working Group A. Lindem, Ed. | |||
| Internet-Draft Y. Qu | Internet-Draft Y. Qu | |||
| Intended status: Standards Track D. Yeung | Intended status: Standards Track D. Yeung | |||
| Expires: June 3, 2016 Cisco Systems | Expires: August 15, 2016 Cisco Systems | |||
| I. Chen | I. Chen | |||
| Ericsson | Ericsson | |||
| J. Zhang | J. Zhang | |||
| Juniper Networks | Juniper Networks | |||
| Y. Yang | Y. Yang | |||
| Cisco Systems | Cisco Systems | |||
| December 1, 2015 | February 12, 2016 | |||
| Key Chain YANG Data Model | Key Chain YANG Data Model | |||
| draft-ietf-rtgwg-yang-key-chain-00.txt | draft-ietf-rtgwg-yang-key-chain-01.txt | |||
| Abstract | Abstract | |||
| This document describes the key chain YANG data model. A key chain | This document describes the key chain YANG data model. A key chain | |||
| is a list of elements each containing a key, send lifetime, accept | is a list of elements each containing a key, send lifetime, accept | |||
| lifetime, and algorithm. By properly overlapping the send and accept | lifetime, and algorithm. By properly overlapping the send and accept | |||
| lifetimes of multiple key chain elements, keys and algorithms may be | lifetimes of multiple key chain elements, keys and algorithms may be | |||
| gracefully updated. By representing them in a YANG data model, key | gracefully updated. By representing them in a YANG data model, key | |||
| distribution can be automated. Key chains are commonly used for | distribution can be automated. Key chains are commonly used for | |||
| routing protocol authentication and other applications. In some | routing protocol authentication and other applications. In some | |||
| skipping to change at page 1, line 46 ¶ | skipping to change at page 1, line 46 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on June 3, 2016. | This Internet-Draft will expire on August 15, 2016. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2015 IETF Trust and the persons identified as the | Copyright (c) 2016 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| skipping to change at page 2, line 33 ¶ | skipping to change at page 2, line 33 ¶ | |||
| 1.1. Requirements Notation . . . . . . . . . . . . . . . . . . 3 | 1.1. Requirements Notation . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2.1. Graceful Key Rollover using Key Chains . . . . . . . . . 3 | 2.1. Graceful Key Rollover using Key Chains . . . . . . . . . 3 | |||
| 3. Design of the Key Chain Model . . . . . . . . . . . . . . . . 4 | 3. Design of the Key Chain Model . . . . . . . . . . . . . . . . 4 | |||
| 3.1. Key Chain Operational State . . . . . . . . . . . . . . . 5 | 3.1. Key Chain Operational State . . . . . . . . . . . . . . . 5 | |||
| 3.2. Key Chain Model Features . . . . . . . . . . . . . . . . 5 | 3.2. Key Chain Model Features . . . . . . . . . . . . . . . . 5 | |||
| 3.3. Key Chain Model Tree . . . . . . . . . . . . . . . . . . 5 | 3.3. Key Chain Model Tree . . . . . . . . . . . . . . . . . . 5 | |||
| 4. Key Chain YANG Model . . . . . . . . . . . . . . . . . . . . 8 | 4. Key Chain YANG Model . . . . . . . . . . . . . . . . . . . . 8 | |||
| 5. Relationship to other Work . . . . . . . . . . . . . . . . . 16 | 5. Relationship to other Work . . . . . . . . . . . . . . . . . 16 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 16 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 16 | |||
| 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 8.1. Normative References . . . . . . . . . . . . . . . . . . 17 | 8.1. Normative References . . . . . . . . . . . . . . . . . . 17 | |||
| 8.2. Informative References . . . . . . . . . . . . . . . . . 17 | 8.2. Informative References . . . . . . . . . . . . . . . . . 18 | |||
| Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 18 | Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 19 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 1. Introduction | 1. Introduction | |||
| This document describes the key chain YANG data model. A key chain | This document describes the key chain YANG data model. A key chain | |||
| is a list of elements each containing a key, send lifetime, accept | is a list of elements each containing a key, send lifetime, accept | |||
| lifetime, and algorithm. By properly overlapping the send and accept | lifetime, and algorithm. By properly overlapping the send and accept | |||
| lifetimes of multiple key chain elements, keys and algorithms may be | lifetimes of multiple key chain elements, keys and algorithms may be | |||
| gracefully updated. By representing them in a YANG data model, key | gracefully updated. By representing them in a YANG data model, key | |||
| distribution can be automated. Key chains are commonly used for | distribution can be automated. Key chains are commonly used for | |||
| routing protocol authentication and other applications. In some | routing protocol authentication and other applications. In some | |||
| skipping to change at page 5, line 52 ¶ | skipping to change at page 5, line 52 ¶ | |||
| | | +--rw hexadecimal-string? yang:hex-string | | | +--rw hexadecimal-string? yang:hex-string | |||
| | +--rw lifetime | | +--rw lifetime | |||
| | | +--rw (lifetime)? | | | +--rw (lifetime)? | |||
| | | +--:(send-and-accept-lifetime) | | | +--:(send-and-accept-lifetime) | |||
| | | | +--rw send-accept-lifetime | | | | +--rw send-accept-lifetime | |||
| | | | +--rw (lifetime)? | | | | +--rw (lifetime)? | |||
| | | | +--:(always) | | | | +--:(always) | |||
| | | | | +--rw always? empty | | | | | +--rw always? empty | |||
| | | | +--:(start-end-time) | | | | +--:(start-end-time) | |||
| | | | +--rw start-date-time? | | | | +--rw start-date-time? | |||
| | | | yang:date-and-time | | | | | yang:date-and-time | |||
| | | | +--rw (end-time)? | | | | +--rw (end-time)? | |||
| | | | +--:(infinite) | | | | +--:(infinite) | |||
| | | | | +--rw no-end-time? empty | | | | | +--rw no-end-time? empty | |||
| | | | +--:(duration) | | | | +--:(duration) | |||
| | | | | +--rw duration? uint32 | | | | | +--rw duration? uint32 | |||
| | | | +--:(end-date-time) | | | | +--:(end-date-time) | |||
| | | | +--rw end-date-time? | | | | +--rw end-date-time? | |||
| | | | yang:date-and-time | | | | yang:date-and-time | |||
| | | +--:(independent-send-accept-lifetime) | | | +--:(independent-send-accept-lifetime) | |||
| | | {independent-send-accept-lifetime}? | | | | {independent-send-accept-lifetime}? | |||
| | | +--rw send-lifetime | | | +--rw send-lifetime | |||
| | | | +--rw (lifetime)? | | | | +--rw (lifetime)? | |||
| | | | +--:(always) | | | | +--:(always) | |||
| | | | | +--rw always? empty | | | | | +--rw always? empty | |||
| | | | +--:(start-end-time) | | | | +--:(start-end-time) | |||
| | | | +--rw start-date-time? | | | | +--rw start-date-time? | |||
| | | | yang:date-and-time | | | | | yang:date-and-time | |||
| | | | +--rw (end-time)? | | | | +--rw (end-time)? | |||
| | | | +--:(infinite) | | | | +--:(infinite) | |||
| | | | | +--rw no-end-time? empty | | | | | +--rw no-end-time? empty | |||
| | | | +--:(duration) | | | | +--:(duration) | |||
| | | | | +--rw duration? uint32 | | | | | +--rw duration? uint32 | |||
| | | | +--:(end-date-time) | | | | +--:(end-date-time) | |||
| | | | +--rw end-date-time? | | | | +--rw end-date-time? | |||
| | | | yang:date-and-time | | | | yang:date-and-time | |||
| | | +--rw accept-lifetime | | | +--rw accept-lifetime | |||
| | | +--rw (lifetime)? | | | +--rw (lifetime)? | |||
| | | +--:(always) | | | +--:(always) | |||
| | | | +--rw always? empty | | | | +--rw always? empty | |||
| | | +--:(start-end-time) | | | +--:(start-end-time) | |||
| | | +--rw start-date-time? | | | +--rw start-date-time? yang:date-and-time | |||
| | | | yang:date-and-time | ||||
| | | +--rw (end-time)? | | | +--rw (end-time)? | |||
| | | +--:(infinite) | | | +--:(infinite) | |||
| | | | +--rw no-end-time? empty | | | | +--rw no-end-time? empty | |||
| | | +--:(duration) | | | +--:(duration) | |||
| | | | +--rw duration? uint32 | | | | +--rw duration? uint32 | |||
| | | +--:(end-date-time) | | | +--:(end-date-time) | |||
| | | +--rw end-date-time? | | | +--rw end-date-time? | |||
| | | yang:date-and-time | | | yang:date-and-time | |||
| | +--ro lifetime-state | | +--ro lifetime-state | |||
| | | +--ro send-lifetime | | | +--ro send-lifetime | |||
| | | | +--ro (lifetime)? | | | | +--ro (lifetime)? | |||
| | | | +--:(always) | | | | +--:(always) | |||
| | | | | +--ro always? empty | | | | | +--ro always? empty | |||
| | | | +--:(start-end-time) | | | | +--:(start-end-time) | |||
| | | | +--ro start-date-time? yang:date-and-time | | | | +--ro start-date-time? yang:date-and-time | |||
| | | | +--ro (end-time)? | | | | +--ro (end-time)? | |||
| | | | +--:(infinite) | | | | +--:(infinite) | |||
| | | | | +--ro no-end-time? empty | | | | | +--ro no-end-time? empty | |||
| | | | +--:(duration) | | | | +--:(duration) | |||
| | | | | +--ro duration? uint32 | | | | | +--ro duration? uint32 | |||
| | | | +--:(end-date-time) | | | | +--:(end-date-time) | |||
| | | | +--ro end-date-time? | | | | +--ro end-date-time? | |||
| | | | yang:date-and-time | | | | yang:date-and-time | |||
| | | +--ro send-valid? boolean | | | +--ro send-valid? boolean | |||
| | | +--ro accept-lifetime | | | +--ro accept-lifetime | |||
| | | | +--ro (lifetime)? | | | | +--ro (lifetime)? | |||
| | | | +--:(always) | | | | +--:(always) | |||
| | | | | +--ro always? empty | | | | | +--ro always? empty | |||
| | | | +--:(start-end-time) | | | | +--:(start-end-time) | |||
| | | | +--ro start-date-time? yang:date-and-time | | | | +--ro start-date-time? yang:date-and-time | |||
| | | | +--ro (end-time)? | | | | +--ro (end-time)? | |||
| | | | +--:(infinite) | | | | +--:(infinite) | |||
| | | | | +--ro no-end-time? empty | | | | | +--ro no-end-time? empty | |||
| skipping to change at page 7, line 44 ¶ | skipping to change at page 7, line 43 ¶ | |||
| | | | +--rw md5? empty | | | | +--rw md5? empty | |||
| | | +--:(sha-1) | | | +--:(sha-1) | |||
| | | | +--rw sha-1? empty | | | | +--rw sha-1? empty | |||
| | | +--:(hmac-sha-1) | | | +--:(hmac-sha-1) | |||
| | | | +--rw hmac-sha-1? empty | | | | +--rw hmac-sha-1? empty | |||
| | | +--:(hmac-sha-256) | | | +--:(hmac-sha-256) | |||
| | | | +--rw hmac-sha-256? empty | | | | +--rw hmac-sha-256? empty | |||
| | | +--:(hmac-sha-384) | | | +--:(hmac-sha-384) | |||
| | | | +--rw hmac-sha-384? empty | | | | +--rw hmac-sha-384? empty | |||
| | | +--:(hmac-sha-512) | | | +--:(hmac-sha-512) | |||
| | | +--rw hmac-sha-512? empty | | | | +--rw hmac-sha-512? empty | |||
| | | +--:(clear-text) {clear-text}? | ||||
| | | +--rw clear-text? empty | ||||
| | +--ro crypto-algorithm-state | | +--ro crypto-algorithm-state | |||
| | +--ro (algorithm)? | | +--ro (algorithm)? | |||
| | +--:(hmac-sha-1-12) {crypto-hmac-sha-1-12}? | | +--:(hmac-sha-1-12) {crypto-hmac-sha-1-12}? | |||
| | | +--ro hmac-sha1-12? empty | | | +--ro hmac-sha1-12? empty | |||
| | +--:(aes-cmac-prf-128) {aes-cmac-prf-128}? | | +--:(aes-cmac-prf-128) {aes-cmac-prf-128}? | |||
| | | +--ro aes-cmac-prf-128? empty | | | +--ro aes-cmac-prf-128? empty | |||
| | +--:(md5) | | +--:(md5) | |||
| | | +--ro md5? empty | | | +--ro md5? empty | |||
| | +--:(sha-1) | | +--:(sha-1) | |||
| | | +--ro sha-1? empty | | | +--ro sha-1? empty | |||
| | +--:(hmac-sha-1) | | +--:(hmac-sha-1) | |||
| | | +--ro hmac-sha-1? empty | | | +--ro hmac-sha-1? empty | |||
| | +--:(hmac-sha-256) | | +--:(hmac-sha-256) | |||
| | | +--ro hmac-sha-256? empty | | | +--ro hmac-sha-256? empty | |||
| | +--:(hmac-sha-384) | | +--:(hmac-sha-384) | |||
| | | +--ro hmac-sha-384? empty | | | +--ro hmac-sha-384? empty | |||
| | +--:(hmac-sha-512) | | +--:(hmac-sha-512) | |||
| | +--ro hmac-sha-512? empty | | | +--ro hmac-sha-512? empty | |||
| | +--:(clear-text) {clear-text}? | ||||
| | +--ro clear-text? empty | ||||
| +--rw aes-key-wrap {aes-key-wrap}? | +--rw aes-key-wrap {aes-key-wrap}? | |||
| | +--rw enable? boolean | | +--rw enable? boolean | |||
| +--ro aes-key-wrap-state {aes-key-wrap}? | +--ro aes-key-wrap-state {aes-key-wrap}? | |||
| +--ro enable? boolean | +--ro enable? boolean | |||
| 4. Key Chain YANG Model | 4. Key Chain YANG Model | |||
| <CODE BEGINS> file "ietf-key-chain@2015-10-15.yang" | <CODE BEGINS> file "ietf-key-chain@2016-02-16.yang" | |||
| module ietf-key-chain { | module ietf-key-chain { | |||
| namespace "urn:ietf:params:xml:ns:yang:ietf-key-chain"; | namespace "urn:ietf:params:xml:ns:yang:ietf-key-chain"; | |||
| // replace with IANA namespace when assigned | // replace with IANA namespace when assigned | |||
| prefix "key-chain"; | prefix "key-chain"; | |||
| import ietf-yang-types { | import ietf-yang-types { | |||
| prefix "yang"; | prefix "yang"; | |||
| } | } | |||
| organization | organization | |||
| skipping to change at page 9, line 7 ¶ | skipping to change at page 9, line 10 ¶ | |||
| Redistribution and use in source and binary forms, with or | Redistribution and use in source and binary forms, with or | |||
| without modification, is permitted pursuant to, and subject | without modification, is permitted pursuant to, and subject | |||
| to the license terms contained in, the Simplified BSD License | to the license terms contained in, the Simplified BSD License | |||
| set forth in Section 4.c of the IETF Trust's Legal Provisions | set forth in Section 4.c of the IETF Trust's Legal Provisions | |||
| Relating to IETF Documents | Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info). | (http://trustee.ietf.org/license-info). | |||
| This version of this YANG module is part of RFC XXXX; see | This version of this YANG module is part of RFC XXXX; see | |||
| the RFC itself for full legal notices."; | the RFC itself for full legal notices."; | |||
| revision 2016-02-16 { | ||||
| description | ||||
| "Updated version. Added clear-text algorithm as a | ||||
| feature."; | ||||
| reference | ||||
| "RFC XXXX: A YANG Data Model for key-chain"; | ||||
| } | ||||
| revision 2015-10-15 { | revision 2015-10-15 { | |||
| description | description | |||
| "Updated version, organization, and copyright. | "Updated version, organization, and copyright. | |||
| Added aes-cmac-prf-128 and aes-key-wrap features."; | Added aes-cmac-prf-128 and aes-key-wrap features."; | |||
| reference | reference | |||
| "RFC XXXX: A YANG Data Model for key-chain"; | "RFC XXXX: A YANG Data Model for key-chain"; | |||
| } | } | |||
| revision 2015-06-29 { | revision 2015-06-29 { | |||
| description | description | |||
| "Updated version. Added Operation State following | "Updated version. Added Operation State following | |||
| skipping to change at page 10, line 4 ¶ | skipping to change at page 10, line 15 ¶ | |||
| } | } | |||
| feature accept-tolerance { | feature accept-tolerance { | |||
| description | description | |||
| "To specify the tolerance or acceptance limit."; | "To specify the tolerance or acceptance limit."; | |||
| } | } | |||
| feature independent-send-accept-lifetime { | feature independent-send-accept-lifetime { | |||
| description | description | |||
| "Support for independent send and accept key lifetimes."; | "Support for independent send and accept key lifetimes."; | |||
| } | } | |||
| feature crypto-hmac-sha-1-12 { | feature crypto-hmac-sha-1-12 { | |||
| description | description | |||
| "Support for TCP HMAC-SHA-1 12 byte digest hack."; | "Support for TCP HMAC-SHA-1 12 byte digest hack."; | |||
| } | } | |||
| feature clear-text { | ||||
| description | ||||
| "Support for clear-text algorithm. Usage is NOT RECOMMENDED."; | ||||
| } | ||||
| feature aes-cmac-prf-128 { | feature aes-cmac-prf-128 { | |||
| description | description | |||
| "Support for AES Cipher based Message Authentication Code | "Support for AES Cipher based Message Authentication Code | |||
| Pseudo Random Function."; | Pseudo Random Function."; | |||
| } | } | |||
| feature aes-key-wrap { | feature aes-key-wrap { | |||
| description | description | |||
| "Support for Advanced Encryption Standard (AES) Key Wrap."; | "Support for Advanced Encryption Standard (AES) Key Wrap."; | |||
| } | } | |||
| skipping to change at page 12, line 34 ¶ | skipping to change at page 12, line 49 ¶ | |||
| type empty; | type empty; | |||
| description "HMAC-SHA-384 authentication algorithm."; | description "HMAC-SHA-384 authentication algorithm."; | |||
| } | } | |||
| } | } | |||
| case hmac-sha-512 { | case hmac-sha-512 { | |||
| leaf hmac-sha-512 { | leaf hmac-sha-512 { | |||
| type empty; | type empty; | |||
| description "HMAC-SHA-512 authentication algorithm."; | description "HMAC-SHA-512 authentication algorithm."; | |||
| } | } | |||
| } | } | |||
| case clear-text { | ||||
| if-feature clear-text; | ||||
| leaf clear-text { | ||||
| type empty; | ||||
| description "Clear text."; | ||||
| } | ||||
| } | ||||
| } | } | |||
| } | } | |||
| grouping key-chain { | grouping key-chain { | |||
| description | description | |||
| "key-chain specification grouping."; | "key-chain specification grouping."; | |||
| leaf name { | leaf name { | |||
| type string; | type string; | |||
| description "Name of the key-chain."; | description "Name of the key-chain."; | |||
| } | } | |||
| skipping to change at page 16, line 41 ¶ | skipping to change at page 17, line 16 ¶ | |||
| When configured, the key-strings can be encrypted using the AES Key | When configured, the key-strings can be encrypted using the AES Key | |||
| Wrap algorithm [AES-KEY-WRAP]. The AES key-encryption key (KEK) is | Wrap algorithm [AES-KEY-WRAP]. The AES key-encryption key (KEK) is | |||
| not included in the YANG model and must be set or derived independent | not included in the YANG model and must be set or derived independent | |||
| of key-chain configuration. | of key-chain configuration. | |||
| The key strings are not included in the operational state. This is a | The key strings are not included in the operational state. This is a | |||
| practice carried over from SNMP MIB modules and is an area for | practice carried over from SNMP MIB modules and is an area for | |||
| further discussion. | further discussion. | |||
| The clear-text algorithm is included as a YANG feature. Usage is NOT | ||||
| RECOMMENDED except in cases where the application and device have no | ||||
| other alternative (e.g., a legacy network device that must | ||||
| authenticate packets at intervals of 10 milliseconds or less for many | ||||
| peers using Bidirectional Forwarding Detection [BFD]). Keys used | ||||
| with the clear-text algorithm are considered insecure and SHOULD NOT | ||||
| be reused with more secure algorithms. | ||||
| 7. IANA Considerations | 7. IANA Considerations | |||
| This document registers a URI in the IETF XML registry | This document registers a URI in the IETF XML registry | |||
| [XML-REGISTRY]. Following the format in RFC 3688, the following | [XML-REGISTRY]. Following the format in RFC 3688, the following | |||
| registration is requested to be made: | registration is requested to be made: | |||
| URI: urn:ietf:params:xml:ns:yang:ietf-key-chain | URI: urn:ietf:params:xml:ns:yang:ietf-key-chain | |||
| Registrant Contact: The IESG. | Registrant Contact: The IESG. | |||
| skipping to change at page 17, line 42 ¶ | skipping to change at page 18, line 28 ¶ | |||
| Network Configuration Protocol (NETCONF)", RFC 6020, | Network Configuration Protocol (NETCONF)", RFC 6020, | |||
| October 2010. | October 2010. | |||
| 8.2. Informative References | 8.2. Informative References | |||
| [AES-KEY-WRAP] | [AES-KEY-WRAP] | |||
| Housley, R. and M. Dworkin, "Advanced Encryption Standard | Housley, R. and M. Dworkin, "Advanced Encryption Standard | |||
| (AES) Key Wrap with Padding Algorithm", RFC 5649, August | (AES) Key Wrap with Padding Algorithm", RFC 5649, August | |||
| 2009. | 2009. | |||
| [BFD] Katz, D. and D. Ward, "Bidirectional Forwarding Detection | ||||
| (BFD)", RFC 5880, June 2010. | ||||
| [CRYPTO-KEYTABLE] | [CRYPTO-KEYTABLE] | |||
| Housley, R., Polk, T., Hartman, S., and D. Zhang, | Housley, R., Polk, T., Hartman, S., and D. Zhang, | |||
| "Table of Cryptographic Keys", RFC 7210, April 2014. | "Table of Cryptographic Keys", RFC 7210, April 2014. | |||
| [IAB-REPORT] | [IAB-REPORT] | |||
| Andersson, L., Davies, E., and L. Zhang, "Report from the | Andersson, L., Davies, E., and L. Zhang, "Report from the | |||
| IAB workshop on Unwanted Traffic March 9-10, 2006", RFC | IAB workshop on Unwanted Traffic March 9-10, 2006", RFC | |||
| 4948, August 2007. | 4948, August 2007. | |||
| [NTP-PROTO] | [NTP-PROTO] | |||
| End of changes. 24 change blocks. | ||||
| 22 lines changed or deleted | 54 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||