| < draft-ietf-rtgwg-yang-key-chain-12.txt | draft-ietf-rtgwg-yang-key-chain-13.txt > | |||
|---|---|---|---|---|
| Network Working Group A. Lindem, Ed. | Network Working Group A. Lindem, Ed. | |||
| Internet-Draft Cisco Systems | Internet-Draft Cisco Systems | |||
| Intended status: Standards Track Y. Qu | Intended status: Standards Track Y. Qu | |||
| Expires: July 22, 2017 Huawei | Expires: July 23, 2017 Huawei | |||
| D. Yeung | D. Yeung | |||
| Arrcus, Inc | Arrcus, Inc | |||
| I. Chen | I. Chen | |||
| Ericsson | Ericsson | |||
| J. Zhang | J. Zhang | |||
| Juniper Networks | Juniper Networks | |||
| Y. Yang | Y. Yang | |||
| SockRate | SockRate | |||
| January 18, 2017 | January 19, 2017 | |||
| Routing Key Chain YANG Data Model | Routing Key Chain YANG Data Model | |||
| draft-ietf-rtgwg-yang-key-chain-12.txt | draft-ietf-rtgwg-yang-key-chain-13.txt | |||
| Abstract | Abstract | |||
| This document describes the key chain YANG data model. A key chain | This document describes the key chain YANG data model. A key chain | |||
| is a list of elements each containing a key, send lifetime, accept | is a list of elements each containing a key, send lifetime, accept | |||
| lifetime, and algorithm (authentication or encryption). By properly | lifetime, and algorithm (authentication or encryption). By properly | |||
| overlapping the send and accept lifetimes of multiple key chain | overlapping the send and accept lifetimes of multiple key chain | |||
| elements, keys and algorithms may be gracefully updated. By | elements, keys and algorithms may be gracefully updated. By | |||
| representing them in a YANG data model, key distribution can be | representing them in a YANG data model, key distribution can be | |||
| automated. Key chains are commonly used for routing protocol | automated. Key chains are commonly used for routing protocol | |||
| skipping to change at page 2, line 4 ¶ | skipping to change at page 2, line 4 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on July 22, 2017. | This Internet-Draft will expire on July 23, 2017. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2017 IETF Trust and the persons identified as the | Copyright (c) 2017 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 10, line 9 ¶ | skipping to change at page 10, line 9 ¶ | |||
| | | +--ro keystring? string | | | +--ro keystring? string | |||
| | +--:(hexadecimal) {hex-key-string}? | | +--:(hexadecimal) {hex-key-string}? | |||
| | +--ro hexadecimal-string? yang:hex-string | | +--ro hexadecimal-string? yang:hex-string | |||
| | +--ro send-lifetime-active? boolean | | +--ro send-lifetime-active? boolean | |||
| | +--ro accept-lifetime-active? boolean | | +--ro accept-lifetime-active? boolean | |||
| +--ro aes-key-wrap {aes-key-wrap}? | +--ro aes-key-wrap {aes-key-wrap}? | |||
| +--ro enable? boolean | +--ro enable? boolean | |||
| 4. Key Chain YANG Model | 4. Key Chain YANG Model | |||
| <CODE BEGINS> file "ietf-key-chain@2017-01-20.yang" < | <CODE BEGINS> file "ietf-key-chain@2017-01-20.yang" | |||
| <module ietf-key-chain { | module ietf-key-chain { | |||
| namespace "urn:ietf:params:xml:ns:yang:ietf-key-chain"; | namespace "urn:ietf:params:xml:ns:yang:ietf-key-chain"; | |||
| // replace with IANA namespace when assigned | // replace with IANA namespace when assigned | |||
| prefix "key-chain"; | prefix "key-chain"; | |||
| import ietf-yang-types { | import ietf-yang-types { | |||
| prefix "yang"; | prefix "yang"; | |||
| } | } | |||
| import ietf-netconf-acm { | import ietf-netconf-acm { | |||
| prefix "nacm"; | prefix "nacm"; | |||
| } | } | |||
| skipping to change at page 20, line 22 ¶ | skipping to change at page 20, line 22 ¶ | |||
| type boolean; | type boolean; | |||
| description | description | |||
| "Indicates whether AES Key Wrap encryption | "Indicates whether AES Key Wrap encryption | |||
| is enabled."; | is enabled."; | |||
| } | } | |||
| } | } | |||
| description "State for all configured key-chains | description "State for all configured key-chains | |||
| on the device."; | on the device."; | |||
| } | } | |||
| } | } | |||
| CODE ENDS> | <CODE ENDS> | |||
| 5. Security Considerations | 5. Security Considerations | |||
| This document enables the automated distribution of industry standard | This document enables the automated distribution of industry standard | |||
| key chains using the NETCONF [NETCONF] protocol. As such, the | key chains using the NETCONF [NETCONF] protocol. As such, the | |||
| security considerations for the NETCONF protocol are applicable. | security considerations for the NETCONF protocol are applicable. | |||
| Given that the key chains themselves are sensitive data, it is | Given that the key chains themselves are sensitive data, it is | |||
| RECOMMENDED that the NETCONF communication channel be encrypted. One | RECOMMENDED that the NETCONF communication channel be encrypted. One | |||
| way to do accomplish this would be to invoke and run NETCONF over SSH | way to do accomplish this would be to invoke and run NETCONF over SSH | |||
| as described in [NETCONF-SSH]. | as described in [NETCONF-SSH]. | |||
| End of changes. 6 change blocks. | ||||
| 7 lines changed or deleted | 7 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||