| < draft-ietf-rtgwg-yang-key-chain-18.txt | draft-ietf-rtgwg-yang-key-chain-19.txt > | |||
|---|---|---|---|---|
| Network Working Group A. Lindem, Ed. | Network Working Group A. Lindem, Ed. | |||
| Internet-Draft Cisco Systems | Internet-Draft Cisco Systems | |||
| Intended status: Standards Track Y. Qu | Intended status: Standards Track Y. Qu | |||
| Expires: October 13, 2017 Huawei | Expires: October 14, 2017 Huawei | |||
| D. Yeung | D. Yeung | |||
| Arrcus, Inc | Arrcus, Inc | |||
| I. Chen | I. Chen | |||
| Jabil | Jabil | |||
| J. Zhang | J. Zhang | |||
| Juniper Networks | Juniper Networks | |||
| April 11, 2017 | April 12, 2017 | |||
| Routing Key Chain YANG Data Model | Routing Key Chain YANG Data Model | |||
| draft-ietf-rtgwg-yang-key-chain-18.txt | draft-ietf-rtgwg-yang-key-chain-19.txt | |||
| Abstract | Abstract | |||
| This document describes the key chain YANG data model. Key chains | This document describes the key chain YANG data model. Key chains | |||
| are commonly used for routing protocol authentication and other | are commonly used for routing protocol authentication and other | |||
| applications requiring symmetric keys. A key chain is a list of | applications requiring symmetric keys. A key chain is a list of | |||
| elements each containing a key string, send lifetime, accept | elements each containing a key string, send lifetime, accept | |||
| lifetime, and algorithm (authentication or encryption). By properly | lifetime, and algorithm (authentication or encryption). By properly | |||
| overlapping the send and accept lifetimes of multiple key chain | overlapping the send and accept lifetimes of multiple key chain | |||
| elements, key strings and algorithms may be gracefully updated. By | elements, key strings and algorithms may be gracefully updated. By | |||
| skipping to change at page 2, line 4 ¶ | skipping to change at page 2, line 4 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on October 13, 2017. | This Internet-Draft will expire on October 14, 2017. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2017 IETF Trust and the persons identified as the | Copyright (c) 2017 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 43 ¶ | skipping to change at page 2, line 43 ¶ | |||
| 4. Key Chain YANG Model . . . . . . . . . . . . . . . . . . . . 9 | 4. Key Chain YANG Model . . . . . . . . . . . . . . . . . . . . 9 | |||
| 5. Security Considerations . . . . . . . . . . . . . . . . . . . 18 | 5. Security Considerations . . . . . . . . . . . . . . . . . . . 18 | |||
| 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 | 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 | |||
| 7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 19 | 7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 8.1. Normative References . . . . . . . . . . . . . . . . . . 19 | 8.1. Normative References . . . . . . . . . . . . . . . . . . 19 | |||
| 8.2. Informative References . . . . . . . . . . . . . . . . . 20 | 8.2. Informative References . . . . . . . . . . . . . . . . . 20 | |||
| Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 21 | Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 21 | |||
| A.1. Simple Key Chain with Always Valid Single Key . . . . . . 21 | A.1. Simple Key Chain with Always Valid Single Key . . . . . . 21 | |||
| A.2. Key Chain with Keys having Different Lifetimes . . . . . 22 | A.2. Key Chain with Keys having Different Lifetimes . . . . . 22 | |||
| A.3. Key Chain with Independent Send and Accept Lifetimes . . 23 | A.3. Key Chain with Independent Send and Accept Lifetimes . . 24 | |||
| Appendix B. Acknowledgments . . . . . . . . . . . . . . . . . . 24 | Appendix B. Acknowledgments . . . . . . . . . . . . . . . . . . 25 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 24 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 25 | |||
| 1. Introduction | 1. Introduction | |||
| This document describes the key chain YANG [YANG] data model. Key | This document describes the key chain YANG [YANG] data model. Key | |||
| chains are commonly used for routing protocol authentication and | chains are commonly used for routing protocol authentication and | |||
| other applications requiring symmetric keys. A key chain is a list | other applications requiring symmetric keys. A key chain is a list | |||
| of elements each containing a key string, send lifetime, accept | of elements each containing a key string, send lifetime, accept | |||
| lifetime, and algorithm (authentication or encryption). By properly | lifetime, and algorithm (authentication or encryption). By properly | |||
| overlapping the send and accept lifetimes of multiple key chain | overlapping the send and accept lifetimes of multiple key chain | |||
| elements, key strings and algorithms may be gracefully updated. By | elements, key strings and algorithms may be gracefully updated. By | |||
| skipping to change at page 21, line 40 ¶ | skipping to change at page 21, line 40 ¶ | |||
| <description> | <description> | |||
| A key chain with a single key that is always valid for tx/rx | A key chain with a single key that is always valid for tx/rx | |||
| </description> | </description> | |||
| <key> | <key> | |||
| <key-id>100</key-id> | <key-id>100</key-id> | |||
| <lifetime> | <lifetime> | |||
| <send-accept-lifetime> | <send-accept-lifetime> | |||
| <always/> | <always/> | |||
| </send-accept-lifetime> | </send-accept-lifetime> | |||
| </lifetime> | </lifetime> | |||
| <crypto-algorithm>md5</crypto-algorithm> | <crypto-algorithm>hmac-sha-256</crypto-algorithm> | |||
| <key-string> | <key-string> | |||
| <keystring>keystring_in_ascii_100</keystring> | <keystring>keystring_in_ascii_100</keystring> | |||
| </key-string> | </key-string> | |||
| </key> | </key> | |||
| </key-chain> | </key-chain> | |||
| </key-chains> | </key-chains> | |||
| </data> | </data> | |||
| A.2. Key Chain with Keys having Different Lifetimes | A.2. Key Chain with Keys having Different Lifetimes | |||
| <?xml version="1.0" encoding="utf-8"?> | <?xml version="1.0" encoding="utf-8"?> | |||
| <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> | <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> | |||
| <key-chains xmlns="urn:ietf:params:xml:ns:yang:ietf-key-chain"> | <key-chains xmlns="urn:ietf:params:xml:ns:yang:ietf-key-chain"> | |||
| <key-chain> | <key-chain> | |||
| <name>keychain2</name> | <name>keychain2</name> | |||
| <description> | <description> | |||
| A key chain where each key contains different send time | A key chain where each key contains different send time | |||
| and accept time | and accept time and a different algorithm illustrating | |||
| algorithm agility | ||||
| </description> | </description> | |||
| <key> | <key> | |||
| <key-id>35</key-id> | <key-id>35</key-id> | |||
| <lifetime> | <lifetime> | |||
| <send-lifetime> | <send-lifetime> | |||
| <start-date-time>2017-01-01T00:00:00Z</start-date-time> | <start-date-time>2017-01-01T00:00:00Z</start-date-time> | |||
| <end-date-time>2017-02-01T00:00:00Z</end-date-time> | <end-date-time>2017-02-01T00:00:00Z</end-date-time> | |||
| </send-lifetime> | </send-lifetime> | |||
| <accept-lifetime> | <accept-lifetime> | |||
| <start-date-time>2016-12-31T23:59:55Z</start-date-time> | <start-date-time>2016-12-31T23:59:55Z</start-date-time> | |||
| <end-date-time>2017-02-01T00:00:05Z</end-date-time> | <end-date-time>2017-02-01T00:00:05Z</end-date-time> | |||
| </accept-lifetime> | </accept-lifetime> | |||
| </lifetime> | </lifetime> | |||
| <crypto-algorithm>hmac-sha-1</crypto-algorithm> | <crypto-algorithm>hmac-sha-256</crypto-algorithm> | |||
| <key-string> | <key-string> | |||
| <keystring>keystring_in_ascii_35</keystring> | <keystring>keystring_in_ascii_35</keystring> | |||
| </key-string> | </key-string> | |||
| </key> | </key> | |||
| <key> | <key> | |||
| <key-id>36</key-id> | <key-id>36</key-id> | |||
| <lifetime> | <lifetime> | |||
| <send-lifetime> | <send-lifetime> | |||
| <start-date-time>2017-02-01T00:00:00Z</start-date-time> | <start-date-time>2017-02-01T00:00:00Z</start-date-time> | |||
| <end-date-time>2017-03-01T00:00:00Z</end-date-time> | <end-date-time>2017-03-01T00:00:00Z</end-date-time> | |||
| </send-lifetime> | </send-lifetime> | |||
| <accept-lifetime> | <accept-lifetime> | |||
| <start-date-time>2017-01-31T23:59:55Z</start-date-time> | <start-date-time>2017-01-31T23:59:55Z</start-date-time> | |||
| <end-date-time>2017-03-01T00:00:05Z</end-date-time> | <end-date-time>2017-03-01T00:00:05Z</end-date-time> | |||
| </accept-lifetime> | </accept-lifetime> | |||
| </lifetime> | </lifetime> | |||
| <crypto-algorithm>hmac-sha-1</crypto-algorithm> | <crypto-algorithm>hmac-sha-512</crypto-algorithm> | |||
| <key-string> | <key-string> | |||
| <hexadecimal-string>fe:ed:be:af:36</hexadecimal-string> | <hexadecimal-string>fe:ed:be:af:36</hexadecimal-string> | |||
| </key-string> | </key-string> | |||
| </key> | </key> | |||
| </key-chain> | </key-chain> | |||
| </key-chains> | </key-chains> | |||
| </data> | </data> | |||
| A.3. Key Chain with Independent Send and Accept Lifetimes | A.3. Key Chain with Independent Send and Accept Lifetimes | |||
| skipping to change at page 23, line 28 ¶ | skipping to change at page 24, line 28 ¶ | |||
| <lifetime> | <lifetime> | |||
| <send-lifetime> | <send-lifetime> | |||
| <start-date-time>2017-01-01T00:00:00Z</start-date-time> | <start-date-time>2017-01-01T00:00:00Z</start-date-time> | |||
| <end-date-time>2017-02-01T00:00:00Z</end-date-time> | <end-date-time>2017-02-01T00:00:00Z</end-date-time> | |||
| </send-lifetime> | </send-lifetime> | |||
| <accept-lifetime> | <accept-lifetime> | |||
| <start-date-time>2016-12-31T23:59:55Z</start-date-time> | <start-date-time>2016-12-31T23:59:55Z</start-date-time> | |||
| <end-date-time>2017-02-01T00:00:05Z</end-date-time> | <end-date-time>2017-02-01T00:00:05Z</end-date-time> | |||
| </accept-lifetime> | </accept-lifetime> | |||
| </lifetime> | </lifetime> | |||
| <crypto-algorithm>hmac-sha-1</crypto-algorithm> | <crypto-algorithm>hmac-sha-256</crypto-algorithm> | |||
| <key-string> | <key-string> | |||
| <keystring>keystring_in_ascii_35</keystring> | <keystring>keystring_in_ascii_35</keystring> | |||
| </key-string> | </key-string> | |||
| </key> | </key> | |||
| <key> | <key> | |||
| <key-id>36</key-id> | <key-id>36</key-id> | |||
| <lifetime> | <lifetime> | |||
| <send-lifetime> | <send-lifetime> | |||
| <start-date-time>2017-02-01T00:00:00Z</start-date-time> | <start-date-time>2017-02-01T00:00:00Z</start-date-time> | |||
| <end-date-time>2017-03-01T00:00:00Z</end-date-time> | <end-date-time>2017-03-01T00:00:00Z</end-date-time> | |||
| </send-lifetime> | </send-lifetime> | |||
| <accept-lifetime> | <accept-lifetime> | |||
| <start-date-time>2017-01-31T23:59:55Z</start-date-time> | <start-date-time>2017-01-31T23:59:55Z</start-date-time> | |||
| <end-date-time>2017-03-01T00:00:05Z</end-date-time> | <end-date-time>2017-03-01T00:00:05Z</end-date-time> | |||
| </accept-lifetime> | </accept-lifetime> | |||
| </lifetime> | </lifetime> | |||
| <crypto-algorithm>hmac-sha-1</crypto-algorithm> | <crypto-algorithm>hmac-sha-256</crypto-algorithm> | |||
| <key-string> | <key-string> | |||
| <hexadecimal-string>fe:ed:be:af:36</hexadecimal-string> | <hexadecimal-string>fe:ed:be:af:36</hexadecimal-string> | |||
| </key-string> | </key-string> | |||
| </key> | </key> | |||
| </key-chain> | </key-chain> | |||
| </key-chains> | </key-chains> | |||
| </data> | </data> | |||
| Appendix B. Acknowledgments | Appendix B. Acknowledgments | |||
| End of changes. 12 change blocks. | ||||
| 14 lines changed or deleted | 14 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||