< draft-ietf-rtgwg-yang-key-chain-10.txt		draft-ietf-rtgwg-yang-key-chain-11.txt >
	Network Working Group A. Lindem, Ed.		Network Working Group A. Lindem, Ed.
	Internet-Draft Y. Qu		Internet-Draft Y. Qu
	Intended status: Standards Track Cisco Systems		Intended status: Standards Track Cisco Systems
	Expires: April 30, 2017 D. Yeung		Expires: May 18, 2017 D. Yeung
	Arrcus, Inc		Arrcus, Inc
	I. Chen		I. Chen
	Ericsson		Ericsson
	J. Zhang		J. Zhang
	Juniper Networks		Juniper Networks
	Y. Yang		Y. Yang
	Individual Contributor		Individual Contributor
	October 27, 2016		November 14, 2016
	Routing Key Chain YANG Data Model		Routing Key Chain YANG Data Model
	draft-ietf-rtgwg-yang-key-chain-10.txt		draft-ietf-rtgwg-yang-key-chain-11.txt
	Abstract		Abstract
	This document describes the key chain YANG data model. A key chain		This document describes the key chain YANG data model. A key chain
	is a list of elements each containing a key, send lifetime, accept		is a list of elements each containing a key, send lifetime, accept
	lifetime, and algorithm (authentication or encryption). By properly		lifetime, and algorithm (authentication or encryption). By properly
	overlapping the send and accept lifetimes of multiple key chain		overlapping the send and accept lifetimes of multiple key chain
	elements, keys and algorithms may be gracefully updated. By		elements, keys and algorithms may be gracefully updated. By
	representing them in a YANG data model, key distribution can be		representing them in a YANG data model, key distribution can be
	automated. Key chains are commonly used for routing protocol		automated. Key chains are commonly used for routing protocol
	skipping to change at page 1, line 49 ¶		skipping to change at page 1, line 49 ¶
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute		Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-		working documents as Internet-Drafts. The list of current Internet-
	Drafts is at http://datatracker.ietf.org/drafts/current/.		Drafts is at http://datatracker.ietf.org/drafts/current/.
	Internet-Drafts are draft documents valid for a maximum of six months		Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any		and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference		time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."		material or to cite them other than as "work in progress."
	This Internet-Draft will expire on April 30, 2017.		This Internet-Draft will expire on May 18, 2017.
	Copyright Notice		Copyright Notice
	Copyright (c) 2016 IETF Trust and the persons identified as the		Copyright (c) 2016 IETF Trust and the persons identified as the
	document authors. All rights reserved.		document authors. All rights reserved.
	This document is subject to BCP 78 and the IETF Trust's Legal		This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents		Provisions Relating to IETF Documents
	(http://trustee.ietf.org/license-info) in effect on the date of		(http://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents		publication of this document. Please review these documents
	skipping to change at page 2, line 33 ¶		skipping to change at page 2, line 33 ¶
	1.1. Requirements Notation . . . . . . . . . . . . . . . . . . 3		1.1. Requirements Notation . . . . . . . . . . . . . . . . . . 3
	1.2. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3		1.2. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3
	2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3		2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3
	2.1. Applicability . . . . . . . . . . . . . . . . . . . . . . 4		2.1. Applicability . . . . . . . . . . . . . . . . . . . . . . 4
	2.2. Graceful Key Rollover using Key Chains . . . . . . . . . 4		2.2. Graceful Key Rollover using Key Chains . . . . . . . . . 4
	3. Design of the Key Chain Model . . . . . . . . . . . . . . . . 5		3. Design of the Key Chain Model . . . . . . . . . . . . . . . . 5
	3.1. Key Chain Operational State . . . . . . . . . . . . . . . 5		3.1. Key Chain Operational State . . . . . . . . . . . . . . . 5
	3.2. Key Chain Model Features . . . . . . . . . . . . . . . . 6		3.2. Key Chain Model Features . . . . . . . . . . . . . . . . 6
	3.3. Key Chain Model Tree . . . . . . . . . . . . . . . . . . 6		3.3. Key Chain Model Tree . . . . . . . . . . . . . . . . . . 6
	4. Key Chain YANG Model . . . . . . . . . . . . . . . . . . . . 9		4. Key Chain YANG Model . . . . . . . . . . . . . . . . . . . . 9
	5. Security Considerations . . . . . . . . . . . . . . . . . . . 19		5. Security Considerations . . . . . . . . . . . . . . . . . . . 20
	6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20		6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20
	7. References . . . . . . . . . . . . . . . . . . . . . . . . . 20		7. References . . . . . . . . . . . . . . . . . . . . . . . . . 21
	7.1. Normative References . . . . . . . . . . . . . . . . . . 20		7.1. Normative References . . . . . . . . . . . . . . . . . . 21
	7.2. Informative References . . . . . . . . . . . . . . . . . 21		7.2. Informative References . . . . . . . . . . . . . . . . . 21
	Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 22		Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 22
	Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22		Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22
	1. Introduction		1. Introduction
	This document describes the key chain YANG data model. A key chain		This document describes the key chain YANG data model. A key chain
	is a list of elements each containing a key, send lifetime, accept		is a list of elements each containing a key, send lifetime, accept
	lifetime, and algorithm (authentication or encryption). By properly		lifetime, and algorithm (authentication or encryption). By properly
	overlapping the send and accept lifetimes of multiple key chain		overlapping the send and accept lifetimes of multiple key chain
	skipping to change at page 8, line 13 ¶		skipping to change at page 8, line 13 ¶
	| | +--:(hexadecimal) {hex-key-string}?		| | +--:(hexadecimal) {hex-key-string}?
	| | +--rw hexadecimal-string? yang:hex-string		| | +--rw hexadecimal-string? yang:hex-string
	| +--rw aes-key-wrap {aes-key-wrap}?		| +--rw aes-key-wrap {aes-key-wrap}?
	| +--rw enable? boolean		| +--rw enable? boolean
	+--ro key-chain-state		+--ro key-chain-state
	+--ro key-chain-list* [name]		+--ro key-chain-list* [name]
	| +--ro name string		| +--ro name string
	| +--ro description? string		| +--ro description? string
	| +--ro accept-tolerance {accept-tolerance}?		| +--ro accept-tolerance {accept-tolerance}?
	| | +--ro duration? uint32		| | +--ro duration? uint32
			| +--ro last-modified-timestamp? yang:date-and-time
	| +--ro key-chain-entries* [key-id]		| +--ro key-chain-entries* [key-id]
	| +--ro key-id uint64		| +--ro key-id uint64
	| +--ro lifetime		| +--ro lifetime
	| | +--ro (lifetime)?		| | +--ro (lifetime)?
	| | +--:(send-and-accept-lifetime)		| | +--:(send-and-accept-lifetime)
	| | | +--ro send-accept-lifetime		| | | +--ro send-accept-lifetime
	| | | +--ro (lifetime)?		| | | +--ro (lifetime)?
	| | | +--:(always)		| | | +--:(always)
	| | | | +--ro always? empty		| | | | +--ro always? empty
	| | | +--:(start-end-time)		| | | +--:(start-end-time)
	skipping to change at page 9, line 46 ¶		skipping to change at page 9, line 47 ¶
	| | | +--ro clear-text? empty		| | | +--ro clear-text? empty
	| | +--:(replay-protection-only) {replay-protection-only}?		| | +--:(replay-protection-only) {replay-protection-only}?
	| | +--ro replay-protection-only? empty		| | +--ro replay-protection-only? empty
	| +--ro send-lifetime-active? boolean		| +--ro send-lifetime-active? boolean
	| +--ro accept-lifetime-active? boolean		| +--ro accept-lifetime-active? boolean
	+--ro aes-key-wrap {aes-key-wrap}?		+--ro aes-key-wrap {aes-key-wrap}?
	+--ro enable? boolean		+--ro enable? boolean
	4. Key Chain YANG Model		4. Key Chain YANG Model
	<CODE BEGINS> file "ietf-key-chain@2016-10-27.yang"		<CODE BEGINS> file "ietf-key-chain@2016-11-14.yang"
	module ietf-key-chain {		module ietf-key-chain {
	namespace "urn:ietf:params:xml:ns:yang:ietf-key-chain";		namespace "urn:ietf:params:xml:ns:yang:ietf-key-chain";
	// replace with IANA namespace when assigned		// replace with IANA namespace when assigned
	prefix "key-chain";		prefix "key-chain";
	import ietf-yang-types {		import ietf-yang-types {
	prefix "yang";		prefix "yang";
	}		}
	organization		organization
	skipping to change at page 10, line 32 ¶		skipping to change at page 10, line 32 ¶
	Redistribution and use in source and binary forms, with or		Redistribution and use in source and binary forms, with or
	without modification, is permitted pursuant to, and subject		without modification, is permitted pursuant to, and subject
	to the license terms contained in, the Simplified BSD License		to the license terms contained in, the Simplified BSD License
	set forth in Section 4.c of the IETF Trust's Legal Provisions		set forth in Section 4.c of the IETF Trust's Legal Provisions
	Relating to IETF Documents		Relating to IETF Documents
	(http://trustee.ietf.org/license-info).		(http://trustee.ietf.org/license-info).
	This version of this YANG module is part of RFC XXXX; see		This version of this YANG module is part of RFC XXXX; see
	the RFC itself for full legal notices.";		the RFC itself for full legal notices.";
			revision 2016-11-14 {
			description
			"Restore last-modified timestamp leaf.";
			reference
			"RFC XXXX: A YANG Data Model for key-chain";
			}
	revision 2016-10-27 {		revision 2016-10-27 {
	description		description
	"Restructure into separate config and state trees to		"Restructure into separate config and state trees to
	match YANG structure.";		match YANG structure.";
	reference		reference
	"RFC XXXX: A YANG Data Model for key-chain";		"RFC XXXX: A YANG Data Model for key-chain";
	}		}
	revision 2016-08-17 {		revision 2016-08-17 {
	description		description
	"Add description and last-modified timestamp leaves.";		"Add description and last-modified timestamp leaves.";
	skipping to change at page 18, line 30 ¶		skipping to change at page 18, line 36 ¶
	description "Key ID.";		description "Key ID.";
	}		}
	uses key-chain-config-entry;		uses key-chain-config-entry;
	}		}
	}		}
	grouping key-chain-state {		grouping key-chain-state {
	description		description
	"key-chain state grouping.";		"key-chain state grouping.";
	uses key-chain-common;		uses key-chain-common;
			leaf last-modified-timestamp {
			type yang:date-and-time;
			description "Timestamp of the most recent update
			to the key-chain";
			}
	list key-chain-entries {		list key-chain-entries {
	key "key-id";		key "key-id";
	description "One key.";		description "One key.";
	leaf key-id {		leaf key-id {
	type uint64;		type uint64;
	description "Key ID.";		description "Key ID.";
	}		}
	uses key-chain-state-entry;		uses key-chain-state-entry;
	}		}
	}		}
End of changes. 10 change blocks.
	8 lines changed or deleted		20 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/