idnits 2.17.1
draft-ietf-netconf-ssh-client-server-17.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
No issues found here.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
== Line 534 has weird spacing: '...ificate has a...'
-- The document date (November 20, 2019) is 1617 days in the past. Is this
intentional?
Checking references for intended status: Proposed Standard
----------------------------------------------------------------------------
(See RFCs 3967 and 4897 for information about using normative references
to lower-maturity documents in RFCs)
== Outdated reference: A later version (-34) exists of
draft-ietf-netconf-crypto-types-12
== Outdated reference: A later version (-35) exists of
draft-ietf-netconf-keystore-14
== Outdated reference: A later version (-28) exists of
draft-ietf-netconf-trust-anchors-07
Summary: 0 errors (**), 0 flaws (~~), 5 warnings (==), 1 comment (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 NETCONF Working Group K. Watsen
3 Internet-Draft Watsen Networks
4 Intended status: Standards Track G. Wu
5 Expires: May 23, 2020 Cisco Systems
6 L. Xia
7 Huawei
8 November 20, 2019
10 YANG Groupings for SSH Clients and SSH Servers
11 draft-ietf-netconf-ssh-client-server-17
13 Abstract
15 This document defines three YANG modules: the first defines groupings
16 for a generic SSH client, the second defines groupings for a generic
17 SSH server, and the third defines common identities and groupings
18 used by both the client and the server. It is intended that these
19 groupings will be used by applications using the SSH protocol.
21 Editorial Note (To be removed by RFC Editor)
23 This draft contains many placeholder values that need to be replaced
24 with finalized values at the time of publication. This note
25 summarizes all of the substitutions that are needed. No other RFC
26 Editor instructions are specified elsewhere in this document.
28 This document contains references to other drafts in progress, both
29 in the Normative References section, as well as in body text
30 throughout. Please update the following references to reflect their
31 final RFC assignments:
33 o I-D.ietf-netconf-trust-anchors
35 o I-D.ietf-netconf-keystore
37 Artwork in this document contains shorthand references to drafts in
38 progress. Please apply the following replacements:
40 o "XXXX" --> the assigned RFC value for this draft
42 o "YYYY" --> the assigned RFC value for I-D.ietf-netconf-trust-
43 anchors
45 o "ZZZZ" --> the assigned RFC value for I-D.ietf-netconf-keystore
47 Artwork in this document contains placeholder values for the date of
48 publication of this draft. Please apply the following replacement:
50 o "2019-11-20" --> the publication date of this draft
52 The following Appendix section is to be removed prior to publication:
54 o Appendix A. Change Log
56 Status of This Memo
58 This Internet-Draft is submitted in full conformance with the
59 provisions of BCP 78 and BCP 79.
61 Internet-Drafts are working documents of the Internet Engineering
62 Task Force (IETF). Note that other groups may also distribute
63 working documents as Internet-Drafts. The list of current Internet-
64 Drafts is at https://datatracker.ietf.org/drafts/current/.
66 Internet-Drafts are draft documents valid for a maximum of six months
67 and may be updated, replaced, or obsoleted by other documents at any
68 time. It is inappropriate to use Internet-Drafts as reference
69 material or to cite them other than as "work in progress."
71 This Internet-Draft will expire on May 23, 2020.
73 Copyright Notice
75 Copyright (c) 2019 IETF Trust and the persons identified as the
76 document authors. All rights reserved.
78 This document is subject to BCP 78 and the IETF Trust's Legal
79 Provisions Relating to IETF Documents
80 (https://trustee.ietf.org/license-info) in effect on the date of
81 publication of this document. Please review these documents
82 carefully, as they describe your rights and restrictions with respect
83 to this document. Code Components extracted from this document must
84 include Simplified BSD License text as described in Section 4.e of
85 the Trust Legal Provisions and are provided without warranty as
86 described in the Simplified BSD License.
88 Table of Contents
90 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
91 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
92 3. The SSH Client Model . . . . . . . . . . . . . . . . . . . . 4
93 3.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 4
94 3.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 5
95 3.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 8
96 4. The SSH Server Model . . . . . . . . . . . . . . . . . . . . 13
97 4.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 13
98 4.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 14
99 4.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 18
100 5. The SSH Common Model . . . . . . . . . . . . . . . . . . . . 25
101 5.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 28
102 5.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 28
103 5.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 29
104 6. Security Considerations . . . . . . . . . . . . . . . . . . . 39
105 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 40
106 7.1. The IETF XML Registry . . . . . . . . . . . . . . . . . . 40
107 7.2. The YANG Module Names Registry . . . . . . . . . . . . . 41
108 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 41
109 8.1. Normative References . . . . . . . . . . . . . . . . . . 41
110 8.2. Informative References . . . . . . . . . . . . . . . . . 43
111 Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 45
112 A.1. 00 to 01 . . . . . . . . . . . . . . . . . . . . . . . . 45
113 A.2. 01 to 02 . . . . . . . . . . . . . . . . . . . . . . . . 45
114 A.3. 02 to 03 . . . . . . . . . . . . . . . . . . . . . . . . 45
115 A.4. 03 to 04 . . . . . . . . . . . . . . . . . . . . . . . . 45
116 A.5. 04 to 05 . . . . . . . . . . . . . . . . . . . . . . . . 46
117 A.6. 05 to 06 . . . . . . . . . . . . . . . . . . . . . . . . 46
118 A.7. 06 to 07 . . . . . . . . . . . . . . . . . . . . . . . . 46
119 A.8. 07 to 08 . . . . . . . . . . . . . . . . . . . . . . . . 46
120 A.9. 08 to 09 . . . . . . . . . . . . . . . . . . . . . . . . 46
121 A.10. 09 to 10 . . . . . . . . . . . . . . . . . . . . . . . . 47
122 A.11. 10 to 11 . . . . . . . . . . . . . . . . . . . . . . . . 47
123 A.12. 11 to 12 . . . . . . . . . . . . . . . . . . . . . . . . 47
124 A.13. 12 to 13 . . . . . . . . . . . . . . . . . . . . . . . . 47
125 A.14. 13 to 14 . . . . . . . . . . . . . . . . . . . . . . . . 47
126 A.15. 14 to 15 . . . . . . . . . . . . . . . . . . . . . . . . 48
127 A.16. 15 to 16 . . . . . . . . . . . . . . . . . . . . . . . . 48
128 A.17. 16 to 17 . . . . . . . . . . . . . . . . . . . . . . . . 48
129 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 48
130 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 48
132 1. Introduction
134 This document defines three YANG 1.1 [RFC7950] modules: the first
135 defines a grouping for a generic SSH client, the second defines a
136 grouping for a generic SSH server, and the third defines identities
137 and groupings common to both the client and the server. It is
138 intended that these groupings will be used by applications using the
139 SSH protocol [RFC4252], [RFC4253], and [RFC4254]. For instance,
140 these groupings could be used to help define the data model for an
141 OpenSSH [OPENSSH] server or a NETCONF over SSH [RFC6242] based
142 server.
144 The client and server YANG modules in this document each define one
145 grouping, which is focused on just SSH-specific configuration, and
146 specifically avoids any transport-level configuration, such as what
147 ports to listen on or connect to. This affords applications the
148 opportunity to define their own strategy for how the underlying TCP
149 connection is established. For instance, applications supporting
150 NETCONF Call Home [RFC8071] could use the "ssh-server-grouping"
151 grouping for the SSH parts it provides, while adding data nodes for
152 the TCP-level call-home configuration.
154 The modules defined in this document use groupings defined in
155 [I-D.ietf-netconf-keystore]
157 enabling keys
159 to be either locally defined or a reference to globally configured
160 values.
162 The modules defined in this document optionally support [RFC6187]
163 enabling X.509v3 certificate based host keys and public keys.
165 2. Terminology
167 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
168 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
169 "OPTIONAL" in this document are to be interpreted as described in BCP
170 14 [RFC2119] [RFC8174] when, and only when, they appear in all
171 capitals, as shown here.
173 3. The SSH Client Model
175 3.1. Tree Diagram
177 This section provides a tree diagram [RFC8340] for the "ietf-ssh-
178 client" module that does not have groupings expanded.
180 ========== NOTE: '\' line wrapping per BCP XXX (RFC XXXX) ===========
182 module: ietf-ssh-client
184 grouping ssh-client-grouping
185 +-- client-identity
186 | +-- username? string
187 | +-- (auth-type)
188 | +--:(password)
189 | | +-- password? string
190 | +--:(public-key)
191 | | +-- public-key
192 | | +---u ks:local-or-keystore-asymmetric-key-grouping
193 | +--:(certificate)
194 | +-- certificate {sshcmn:ssh-x509-certs}?
195 | +---u ks:local-or-keystore-end-entity-cert-with-key-\
196 grouping
197 +-- server-authentication
198 | +-- ssh-host-keys!
199 | | +---u ts:local-or-truststore-host-keys-grouping
200 | +-- ca-certs! {sshcmn:ssh-x509-certs}?
201 | | +---u ts:local-or-truststore-certs-grouping
202 | +-- server-certs! {sshcmn:ssh-x509-certs}?
203 | +---u ts:local-or-truststore-certs-grouping
204 +-- transport-params {ssh-client-transport-params-config}?
205 | +---u sshcmn:transport-params-grouping
206 +-- keepalives! {ssh-client-keepalives}?
207 +-- max-wait? uint16
208 +-- max-attempts? uint8
210 3.2. Example Usage
212 This section presents two examples showing the ssh-client-grouping
213 populated with some data. These examples are effectively the same
214 except the first configures the client identity using a local key
215 while the second uses a key configured in a keystore. Both examples
216 are consistent with the examples presented in Section 2 of
217 [I-D.ietf-netconf-trust-anchors] and Section 3.2 of
218 [I-D.ietf-netconf-keystore].
220 The following example configures the client identity using a local
221 key:
223 ========== NOTE: '\' line wrapping per BCP XXX (RFC XXXX) ===========
225
230
231
232 foobar
233
234
235 rsa2048
236 ct:ssh-public-key-format
238 base64encodedvalue==
239 ct:rsa-private-key-format
241 base64encodedvalue==
242
243
244
246
247
248
249 explicitly-trusted-ssh-host-keys
251
252
254
255
256 algs:ssh-rsa
257
258
259
260 algs:diffie-hellman-group-exchange-sha256
261
262
263
264 algs:aes256-ctr
265 algs:aes192-ctr
266 algs:aes128-ctr
267 algs:aes256-cbc
268 algs:aes192-cbc
269 algs:aes128-cbc
270
271
272 algs:hmac-sha2-256
273 algs:hmac-sha2-512
274
275
276
277 30
278 3
279
281
283 The following example configures the client identity using a key from
284 the keystore:
286 ========== NOTE: '\' line wrapping per BCP XXX (RFC XXXX) ===========
288
292
293
294 foobar
295
296 rsa-asymmetric-key
297
298
300
301
302
303 explicitly-trusted-ssh-host-keys
305
306
308
309
310 algs:ssh-rsa
311
312
313
314 algs:diffie-hellman-group-exchange-sha256
315
316
317
318 algs:aes256-ctr
319 algs:aes192-ctr
320 algs:aes128-ctr
321 algs:aes256-cbc
322 algs:aes192-cbc
323 algs:aes128-cbc
325
326
327 algs:hmac-sha2-256
328 algs:hmac-sha2-512
329
330
332
333 30
334 3
335
337
339 3.3. YANG Module
341 This YANG module has normative references to
342 [I-D.ietf-netconf-trust-anchors], and [I-D.ietf-netconf-keystore].
344 file "ietf-ssh-client@2019-11-20.yang"
346 module ietf-ssh-client {
347 yang-version 1.1;
348 namespace "urn:ietf:params:xml:ns:yang:ietf-ssh-client";
349 prefix sshc;
351 import ietf-ssh-common {
352 prefix sshcmn;
353 revision-date 2019-11-20; // stable grouping definitions
354 reference
355 "RFC XXXX: YANG Groupings for SSH Clients and SSH Servers";
356 }
358 import ietf-crypto-types {
359 prefix ct;
360 reference
361 "RFC AAAA: Common YANG Data Types for Cryptography";
362 }
364 import ietf-truststore {
365 prefix ts;
366 reference
367 "RFC BBBB: A YANG Data Model for a Truststore";
368 }
370 import ietf-keystore {
371 prefix ks;
372 reference
373 "RFC CCCC: A YANG Data Model for a Keystore";
374 }
376 import ietf-netconf-acm {
377 prefix nacm;
378 reference
379 "RFC 8341: Network Configuration Access Control Model";
380 }
382 organization
383 "IETF NETCONF (Network Configuration) Working Group";
385 contact
386 "WG Web:
387 WG List:
388 Author: Kent Watsen
389 Author: Gary Wu ";
391 description
392 "This module defines reusable groupings for SSH clients that
393 can be used as a basis for specific SSH client instances.
395 Copyright (c) 2019 IETF Trust and the persons identified
396 as authors of the code. All rights reserved.
398 Redistribution and use in source and binary forms, with
399 or without modification, is permitted pursuant to, and
400 subject to the license terms contained in, the Simplified
401 BSD License set forth in Section 4.c of the IETF Trust's
402 Legal Provisions Relating to IETF Documents
403 (https://trustee.ietf.org/license-info).
405 This version of this YANG module is part of RFC XXXX
406 (https://www.rfc-editor.org/info/rfcXXXX); see the RFC
407 itself for full legal notices.;
409 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
410 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
411 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
412 are to be interpreted as described in BCP 14 (RFC 2119)
413 (RFC 8174) when, and only when, they appear in all
414 capitals, as shown here.";
416 revision 2019-11-20 {
417 description
418 "Initial version";
419 reference
420 "RFC XXXX: YANG Groupings for SSH Clients and SSH Servers";
422 }
424 // Features
426 feature ssh-client-transport-params-config {
427 description
428 "SSH transport layer parameters are configurable on an SSH
429 client.";
430 }
432 feature ssh-client-keepalives {
433 description
434 "Per socket SSH keepalive parameters are configurable for
435 SSH clients on the server implementing this feature.";
436 }
438 // Groupings
440 grouping ssh-client-grouping {
441 description
442 "A reusable grouping for configuring a SSH client without
443 any consideration for how an underlying TCP session is
444 established.
446 Note that this grouping uses fairly typical descendent
447 node names such that a stack of 'uses' statements will
448 have name conflicts. It is intended that the consuming
449 data model will resolve the issue (e.g., by wrapping
450 the 'uses' statement in a container called
451 'ssh-client-parameters'). This model purposely does
452 not do this itself so as to provide maximum flexibility
453 to consuming models.";
455 container client-identity {
456 nacm:default-deny-write;
457 description
458 "The credentials used by the client to authenticate to
459 the SSH server.";
460 leaf username {
461 type string;
462 description
463 "The username of this user. This will be the username
464 used, for instance, to log into an SSH server.";
465 }
466 choice auth-type {
467 mandatory true;
468 description
469 "The authentication type. What happens when more than
470 one decendent is configured is undefined. FIXME.";
471 leaf password {
472 nacm:default-deny-all;
473 type string;
474 description
475 "A password to be used for client authentication.";
476 }
477 container public-key {
478 uses ks:local-or-keystore-asymmetric-key-grouping {
479 refine "local-or-keystore/local/local-definition" {
480 must 'public-key-format = "ct:ssh-public-key-format"';
481 }
482 // FIXME: also need a must expression to ensure the
483 // *referenced* key's public-key-format is
484 // "ct:ssh-public-key-format"
485 }
486 description
487 "A locally-defined or referenced asymmetric key
488 pair to be used for client authentication.";
489 reference
490 "RFC ZZZZ: YANG Data Model for a Centralized
491 Keystore Mechanism";
492 }
493 container certificate {
494 if-feature "sshcmn:ssh-x509-certs";
495 uses
496 ks:local-or-keystore-end-entity-cert-with-key-grouping;
497 description
498 "A locally-defined or referenced certificate
499 to be used for client authentication.";
500 reference
501 "RFC ZZZZ: YANG Data Model for a Centralized
502 Keystore Mechanism";
503 }
504 }
505 } // container client-identity
507 container server-authentication {
508 nacm:default-deny-write;
509 must 'ssh-host-keys or ca-certs or server-certs';
510 description
511 "Specifies how the SSH client can authenticate SSH servers.
512 Any combination of credentials is additive and unordered.";
513 container ssh-host-keys {
514 presence
515 "Indicates that the client can authenticate servers
516 using the configured SSH host keys.";
517 description
518 "A list of SSH host keys used by the SSH client to
519 authenticate SSH server host keys. A server host key
520 is authenticated if it is an exact match to a
521 configured SSH host key.";
522 reference
523 "RFC YYYY: YANG Data Model for Global Trust Anchors";
524 uses ts:local-or-truststore-host-keys-grouping;
525 }
526 container ca-certs {
527 if-feature "sshcmn:ssh-x509-certs";
528 presence
529 "Indicates that the client can authenticate servers
530 using the configured trust anchor certificates.";
531 description
532 "A set of certificate authority (CA) certificates used by
533 the SSH client to authenticate SSH servers. A server
534 is authenticated if its certificate has a valid chain
535 of trust to a configured CA certificate.";
536 reference
537 "RFC YYYY: YANG Data Model for Global Trust Anchors";
538 uses ts:local-or-truststore-certs-grouping;
539 }
540 container server-certs {
541 if-feature "sshcmn:ssh-x509-certs";
542 presence
543 "Indicates that the client can authenticate servers
544 using the configured server certificates.";
545 description
546 "A set of end-entity certificates used by the SSH client
547 to authenticate SSH servers. A server is authenticated
548 if its certificate is an exact match to a configured
549 server certificate.";
550 reference
551 "RFC YYYY: YANG Data Model for Global Trust Anchors";
552 uses ts:local-or-truststore-certs-grouping;
553 }
554 } // container server-authentication
556 container transport-params {
557 nacm:default-deny-write;
558 if-feature "ssh-client-transport-params-config";
559 description
560 "Configurable parameters of the SSH transport layer.";
561 uses sshcmn:transport-params-grouping;
562 } // container transport-parameters
564 container keepalives {
565 nacm:default-deny-write;
566 if-feature "ssh-client-keepalives";
567 presence "Indicates that keepalives are enabled.";
568 description
569 "Configures the keep-alive policy, to proactively test
570 the aliveness of the SSH server. An unresponsive TLS
571 server is dropped after approximately max-wait *
572 max-attempts seconds.";
573 leaf max-wait {
574 type uint16 {
575 range "1..max";
576 }
577 units "seconds";
578 default "30";
579 description
580 "Sets the amount of time in seconds after which if
581 no data has been received from the SSH server, a
582 TLS-level message will be sent to test the
583 aliveness of the SSH server.";
584 }
585 leaf max-attempts {
586 type uint8;
587 default "3";
588 description
589 "Sets the maximum number of sequential keep-alive
590 messages that can fail to obtain a response from
591 the SSH server before assuming the SSH server is
592 no longer alive.";
593 }
594 } // container keepalives
595 } // grouping ssh-client-grouping
596 }
598
600 4. The SSH Server Model
602 4.1. Tree Diagram
604 This section provides a tree diagram [RFC8340] for the "ietf-ssh-
605 server" module that does not have groupings expanded.
607 ========== NOTE: '\' line wrapping per BCP XXX (RFC XXXX) ===========
609 module: ietf-ssh-server
611 grouping ssh-server-grouping
612 +-- server-identity
613 | +-- host-key* [name]
614 | +-- name? string
615 | +-- (host-key-type)
616 | +--:(public-key)
617 | | +-- public-key
618 | | +---u ks:local-or-keystore-asymmetric-key-grouping
619 | +--:(certificate)
620 | +-- certificate {sshcmn:ssh-x509-certs}?
621 | +---u ks:local-or-keystore-end-entity-cert-with-k\
622 ey-grouping
623 +-- client-authentication
624 | +-- supported-authentication-methods
625 | | +-- publickey? empty
626 | | +-- passsword? empty
627 | | +-- hostbased? empty
628 | | +-- none? empty
629 | | +-- other* string
630 | +-- users {client-auth-config-supported}?
631 | | +-- user* [name]
632 | | +-- name? string
633 | | +-- password? ianach:crypt-hash
634 | | +-- host-keys!
635 | | +---u ts:local-or-truststore-host-keys-grouping
636 | +-- ca-certs!
637 | | {client-auth-config-supported,sshcmn:ssh-x509-certs}?
638 | | +---u ts:local-or-truststore-certs-grouping
639 | +-- client-certs!
640 | {client-auth-config-supported,sshcmn:ssh-x509-certs}?
641 | +---u ts:local-or-truststore-certs-grouping
642 +-- transport-params {ssh-server-transport-params-config}?
643 | +---u sshcmn:transport-params-grouping
644 +-- keepalives! {ssh-server-keepalives}?
645 +-- max-wait? uint16
646 +-- max-attempts? uint8
648 4.2. Example Usage
650 This section presents two examples showing the ssh-server-grouping
651 populated with some data. These examples are effectively the same
652 except the first configures the server identity using a local key
653 while the second uses a key configured in a keystore. Both examples
654 are consistent with the examples presented in Section 2 of
656 [I-D.ietf-netconf-trust-anchors] and Section 3.2 of
657 [I-D.ietf-netconf-keystore].
659 The following example configures the server identity using a local
660 key:
662 ========== NOTE: '\' line wrapping per BCP XXX (RFC XXXX) ===========
664
669
670
671
672 deployment-specific-certificate
673
674
675 rsa2048
676 rsa2048
677 ct:ssh-public-key-format
679 base64encodedvalue==
680 ct:rsa-private-key-format
682 base64encodedvalue==
683
684
685
686
688
689
690
691
692
693
694
695 mary
696 $0$secret
697
698 explicitly-trusted-ssh-host-keys
700
701
702
703
704 explicitly-trusted-client-ca-certs
706
707
708 explicitly-trusted-client-certs
710
711
713
714
715 algs:ssh-rsa
716
717
718
719 algs:diffie-hellman-group-exchange-sha256
720
721
722
723 algs:aes256-ctr
724 algs:aes192-ctr
725 algs:aes128-ctr
726 algs:aes256-cbc
727 algs:aes192-cbc
728 algs:aes128-cbc
729
730
731 algs:hmac-sha2-256
732 algs:hmac-sha2-512
733
734
736
738 The following example configures the server identity using a key from
739 the keystore:
741 ========== NOTE: '\' line wrapping per BCP XXX (RFC XXXX) ===========
743
747
748
749
750 deployment-specific-certificate
751
752 rsa-asymmetric-key
753
754
755
757
758
759
760
761
762
763
764 mary
765 $0$secret
766
767 explicitly-trusted-ssh-host-keys
769
770
771
772
773 explicitly-trusted-client-ca-certs
775
776
777 explicitly-trusted-client-certs
779
780
782
783
784 algs:ssh-rsa
785
786
787
788 algs:diffie-hellman-group-exchange-sha256
789
790
791
792 algs:aes256-ctr
793 algs:aes192-ctr
794 algs:aes128-ctr
795 algs:aes256-cbc
796 algs:aes192-cbc
797 algs:aes128-cbc
798
799
800 algs:hmac-sha2-256
801 algs:hmac-sha2-512
802
803
805
807 4.3. YANG Module
809 This YANG module has normative references to
810 [I-D.ietf-netconf-trust-anchors] and [I-D.ietf-netconf-keystore] and
811 informative references to [RFC4253] and [RFC7317].
813 file "ietf-ssh-server@2019-11-20.yang"
815 module ietf-ssh-server {
816 yang-version 1.1;
817 namespace "urn:ietf:params:xml:ns:yang:ietf-ssh-server";
818 prefix sshs;
820 import ietf-ssh-common {
821 prefix sshcmn;
822 revision-date 2019-11-20; // stable grouping definitions
823 reference
824 "RFC XXXX: YANG Groupings for SSH Clients and SSH Servers";
825 }
827 import ietf-crypto-types {
828 prefix ct;
829 reference
830 "RFC AAAA: Common YANG Data Types for Cryptography";
831 }
833 import ietf-truststore {
834 prefix ts;
835 reference
836 "RFC BBBB: A YANG Data Model for a Truststore";
837 }
839 import ietf-keystore {
840 prefix ks;
841 reference
842 "RFC CCCC: A YANG Data Model for a Keystore";
843 }
845 import iana-crypt-hash {
846 prefix ianach;
847 reference
848 "RFC 7317: A YANG Data Model for System Management";
849 }
851 import ietf-netconf-acm {
852 prefix nacm;
853 reference
854 "RFC 8341: Network Configuration Access Control Model";
855 }
857 organization
858 "IETF NETCONF (Network Configuration) Working Group";
860 contact
861 "WG Web:
862 WG List:
863 Author: Kent Watsen
864 Author: Gary Wu ";
866 description
867 "This module defines reusable groupings for SSH servers that
868 can be used as a basis for specific SSH server instances.
870 Copyright (c) 2019 IETF Trust and the persons identified
871 as authors of the code. All rights reserved.
873 Redistribution and use in source and binary forms, with
874 or without modification, is permitted pursuant to, and
875 subject to the license terms contained in, the Simplified
876 BSD License set forth in Section 4.c of the IETF Trust's
877 Legal Provisions Relating to IETF Documents
878 (https://trustee.ietf.org/license-info).
880 This version of this YANG module is part of RFC XXXX
881 (https://www.rfc-editor.org/info/rfcXXXX); see the RFC
882 itself for full legal notices.;
884 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
885 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
886 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
887 are to be interpreted as described in BCP 14 (RFC 2119)
888 (RFC 8174) when, and only when, they appear in all
889 capitals, as shown here.";
891 revision 2019-11-20 {
892 description
893 "Initial version";
894 reference
895 "RFC XXXX: YANG Groupings for SSH Clients and SSH Servers";
897 }
899 // Features
901 feature ssh-server-transport-params-config {
902 description
903 "SSH transport layer parameters are configurable on an SSH
904 server.";
905 }
907 feature ssh-server-keepalives {
908 description
909 "Per socket SSH keepalive parameters are configurable for
910 SSH servers on the server implementing this feature.";
911 }
913 feature client-auth-config-supported {
914 description
915 "Indicates that the configuration for how to authenticate
916 clients can be configured herein, as opposed to in an
917 application specific location. That is, to support the
918 consuming data models that prefer to place client
919 authentication with client definitions, rather then
920 in a data model principally concerned with configuring
921 the transport.";
922 }
924 feature external-client-auth-supported {
925 description
926 "Indicates that the SSH server supports external configuration
927 of client credentials.";
928 }
930 // Groupings
932 grouping ssh-server-grouping {
933 description
934 "A reusable grouping for configuring a SSH server without
935 any consideration for how underlying TCP sessions are
936 established.
938 Note that this grouping uses fairly typical descendent
939 node names such that a stack of 'uses' statements will
940 have name conflicts. It is intended that the consuming
941 data model will resolve the issue (e.g., by wrapping
942 the 'uses' statement in a container called
943 'ssh-server-parameters'). This model purposely does
944 not do this itself so as to provide maximum flexibility
945 to consuming models.";
947 container server-identity {
948 nacm:default-deny-write;
949 description
950 "The list of host-keys the SSH server will present when
951 establishing a SSH connection.";
952 list host-key {
953 key "name";
954 min-elements 1;
955 ordered-by user;
956 description
957 "An ordered list of host keys the SSH server will use to
958 construct its ordered list of algorithms, when sending
959 its SSH_MSG_KEXINIT message, as defined in Section 7.1
960 of RFC 4253.";
961 reference
962 "RFC 4253: The Secure Shell (SSH) Transport Layer
963 Protocol";
964 leaf name {
965 type string;
966 description
967 "An arbitrary name for this host-key";
968 }
969 choice host-key-type {
970 mandatory true;
971 description
972 "The type of host key being specified";
973 container public-key {
974 uses ks:local-or-keystore-asymmetric-key-grouping {
975 refine "local-or-keystore/local/local-definition" {
976 must
977 'public-key-format = "ct:ssh-public-key-format"';
978 }
979 // FIXME: also need a must expression to ensure the
980 // *referenced* key's public-key-format is
981 // "ct:ssh-public-key-format"
982 }
983 description
984 "A locally-defined or referenced asymmetric key pair
985 to be used for the SSH server's host key.";
986 reference
987 "RFC ZZZZ: YANG Data Model for a Centralized
988 Keystore Mechanism";
989 }
990 container certificate {
991 if-feature "sshcmn:ssh-x509-certs";
992 uses
993 ks:local-or-keystore-end-entity-cert-with-key-grouping;
994 must "public-key-format = ct:ssh-public-key-format";
995 description
996 "A locally-defined or referenced end-entity
997 certificate to be used for the SSH server's
998 host key.";
999 reference
1000 "RFC ZZZZ: YANG Data Model for a Centralized
1001 Keystore Mechanism";
1002 }
1003 }
1004 }
1005 } // container server-identity
1007 container client-authentication {
1008 nacm:default-deny-write;
1009 description
1010 "Specifies how the SSH server can authenticate SSH clients.";
1011 container supported-authentication-methods {
1012 description
1013 "Indicates which authentication methods the server
1014 supports.";
1015 leaf publickey {
1016 type empty;
1017 description
1018 "Indicates that the 'publickey' method is supported.
1019 Note that RFC 6187 X.509v3 Certificates for SSH uses
1020 the 'publickey' method name.";
1021 reference
1022 "RFC 4252: The Secure Shell (SSH) Authentication
1023 Protocol.
1024 RFC 6187: X.509v3 Certificates for Secure Shell
1025 Authentication.";
1026 }
1027 leaf passsword {
1028 type empty;
1029 description
1030 "Indicates that the 'password' method is supported.";
1031 reference
1032 "RFC 4252: The Secure Shell (SSH) Authentication
1033 Protocol.";
1034 }
1035 leaf hostbased {
1036 type empty;
1037 description
1038 "Indicates that the 'hostbased' method is supported.";
1039 reference
1040 "RFC 4252: The Secure Shell (SSH) Authentication
1041 Protocol.";
1042 }
1043 leaf none {
1044 type empty;
1045 description
1046 "Indicates that the 'none' method is supported.";
1047 reference
1048 "RFC 4252: The Secure Shell (SSH) Authentication
1049 Protocol.";
1050 }
1051 leaf-list other {
1052 type string;
1053 description
1054 "Indicates a supported method name not defined by
1055 RFC 4253.";
1056 reference
1057 "RFC 4252: The Secure Shell (SSH) Authentication
1058 Protocol.";
1059 }
1060 }
1062 container users {
1063 if-feature "client-auth-config-supported";
1064 description
1065 "A list of locally configured users.";
1066 list user {
1067 key name;
1068 description
1069 "The list of local users configured on this device.";
1071 leaf name {
1072 type string;
1073 description
1074 "The user name string identifying this entry.";
1075 }
1076 leaf password {
1077 type ianach:crypt-hash;
1078 description
1079 "The password for this entry.";
1080 }
1081 container host-keys { // FIXME: plural too much?
1082 presence
1083 "Indicates that the server can authenticate this
1084 user using the configured SSH host keys.";
1085 description
1086 "A set of SSH host keys used by the SSH server to
1087 authenticate this user. A user is authenticated
1088 if its host key is an exact match to a configured
1089 host key.";
1090 reference
1091 "RFC 4253: The Secure Shell (SSH) Transport Layer";
1092 uses ts:local-or-truststore-host-keys-grouping;
1093 }
1094 }
1095 }
1096 container ca-certs {
1097 if-feature "client-auth-config-supported";
1098 if-feature "sshcmn:ssh-x509-certs";
1099 presence
1100 "Indicates that the SSH server can authenticate SSH
1101 clients using configured certificate authority (CA)
1102 certificates.";
1103 description
1104 "A set of certificate authority (CA) certificates used by
1105 the SSH server to authenticate SSH client certificates.
1106 A client certificate is authenticated if it has a valid
1107 chain of trust to a configured CA certificate.";
1108 reference
1109 "RFC YYYY:
1110 YANG Data Model for Global Trust Anchors";
1111 uses ts:local-or-truststore-certs-grouping;
1112 }
1113 container client-certs { // FIXME: plural too much?
1114 if-feature "client-auth-config-supported";
1115 if-feature "sshcmn:ssh-x509-certs";
1116 presence
1117 "Indicates that the SSH server can authenticate SSH
1118 clients using configured client certificates.";
1119 description
1120 "A set of client certificates (i.e., end entity
1121 certificates) used by the SSH server to authenticate
1122 the certificates presented by SSH clients. A client
1123 certificate is authenticated if it is an exact match
1124 to a configured client certificate.";
1125 reference
1126 "RFC YYYY:
1127 YANG Data Model for Global Trust Anchors";
1128 uses ts:local-or-truststore-certs-grouping;
1129 }
1130 } // container client-authentication
1132 container transport-params {
1133 nacm:default-deny-write;
1134 if-feature "ssh-server-transport-params-config";
1135 description
1136 "Configurable parameters of the SSH transport layer.";
1138 uses sshcmn:transport-params-grouping;
1139 } // container transport-params
1141 container keepalives {
1142 nacm:default-deny-write;
1143 if-feature "ssh-server-keepalives";
1144 presence "Indicates that keepalives are enabled.";
1145 description
1146 "Configures the keep-alive policy, to proactively test
1147 the aliveness of the SSL client. An unresponsive SSL
1148 client is dropped after approximately max-wait *
1149 max-attempts seconds.";
1150 leaf max-wait {
1151 type uint16 {
1152 range "1..max";
1153 }
1154 units "seconds";
1155 default "30";
1156 description
1157 "Sets the amount of time in seconds after which
1158 if no data has been received from the SSL client,
1159 a SSL-level message will be sent to test the
1160 aliveness of the SSL client.";
1161 }
1162 leaf max-attempts {
1163 type uint8;
1164 default "3";
1165 description
1166 "Sets the maximum number of sequential keep-alive
1167 messages that can fail to obtain a response from
1168 the SSL client before assuming the SSL client is
1169 no longer alive.";
1170 }
1171 } // container keepalives
1172 } // grouping server-identity-grouping
1173 }
1175
1177 5. The SSH Common Model
1179 The SSH common model presented in this section contains identities
1180 and groupings common to both SSH clients and SSH servers. The
1181 transport-params-grouping can be used to configure the list of SSH
1182 transport algorithms permitted by the SSH client or SSH server. The
1183 lists of algorithms are ordered such that, if multiple algorithms are
1184 permitted by the client, the algorithm that appears first in its list
1185 that is also permitted by the server is used for the SSH transport
1186 layer connection. The ability to restrict the algorithms allowed is
1187 provided in this grouping for SSH clients and SSH servers that are
1188 capable of doing so and may serve to make SSH clients and SSH servers
1189 compliant with security policies.
1191 [I-D.ietf-netconf-crypto-types] defines six categories of
1192 cryptographic algorithms (hash-algorithm, symmetric-key-encryption-
1193 algorithm, mac-algorithm, asymmetric-key-encryption-algorithm,
1194 signature-algorithm, key-negotiation-algorithm) and lists several
1195 widely accepted algorithms for each of them. The SSH client and
1196 server models use one or more of these algorithms. The SSH common
1197 model includes four parameters for configuring its permitted SSH
1198 algorithms, which are: host-key-alg, key-exchange-alg, encryption-alg
1199 and mac-alg. The following tables are provided, in part, to define
1200 the subset of algorithms defined in the crypto-types model used by
1201 SSH and, in part, to ensure compatibility of configured SSH
1202 cryptographic parameters for configuring its permitted SSH algorithms
1203 ("sshcmn" representing SSH common model, and "ct" representing
1204 crypto-types model which the SSH client/server model is based on):
1206 +-------------------------------+-------------------------------+
1207 | sshcmn:host-key-alg | ct:signature-algorithm |
1208 +-------------------------------+-------------------------------+
1209 | dsa-sha1 | dsa-sha1 |
1210 | rsa-pkcs1-sha1 | rsa-pkcs1-sha1 |
1211 | rsa-pkcs1-sha256 | rsa-pkcs1-sha256 |
1212 | rsa-pkcs1-sha512 | rsa-pkcs1-sha512 |
1213 | ecdsa-secp256r1-sha256 | ecdsa-secp256r1-sha256 |
1214 | ecdsa-secp384r1-sha384 | ecdsa-secp384r1-sha384 |
1215 | ecdsa-secp521r1-sha512 | ecdsa-secp521r1-sha512 |
1216 | x509v3-rsa-pkcs1-sha1 | x509v3-rsa-pkcs1-sha1 |
1217 | x509v3-rsa2048-pkcs1-sha256 | x509v3-rsa2048-pkcs1-sha1 |
1218 | x509v3-ecdsa-secp256r1-sha256 | x509v3-ecdsa-secp256r1-sha256 |
1219 | x509v3-ecdsa-secp384r1-sha384 | x509v3-ecdsa-secp384r1-sha384 |
1220 | x509v3-ecdsa-secp521r1-sha512 | x509v3-ecdsa-secp521r1-sha512 |
1221 +-------------------------------+-------------------------------+
1223 Table 1 The SSH Host-key-alg Compatibility Matrix
1225 +-------------------------------+-------------------------------+
1226 | sshcmn:key-exchange-alg | ct:key-negotiation-algorithm |
1227 +-------------------------------+-------------------------------+
1228 | diffie-hellman-group14-sha1 | diffie-hellman-group14-sha1 |
1229 | diffie-hellman-group14-sha256 | diffie-hellman-group14-sha256 |
1230 | diffie-hellman-group15-sha512 | diffie-hellman-group15-sha512 |
1231 | diffie-hellman-group16-sha512 | diffie-hellman-group16-sha512 |
1232 | diffie-hellman-group17-sha512 | diffie-hellman-group17-sha512 |
1233 | diffie-hellman-group18-sha512 | diffie-hellman-group18-sha512 |
1234 | ecdh-sha2-secp256r1 | ecdh-sha2-secp256r1 |
1235 | ecdh-sha2-secp384r1 | ecdh-sha2-secp384r1 |
1236 +-------------------------------+-------------------------------+
1238 Table 2 The SSH Key-exchange-alg Compatibility Matrix
1240 +-----------------------+---------------------------------------+
1241 | sshcmn:encryption-alg | ct:symmetric-key-encryption-algorithm |
1242 +-----------------------+---------------------------------------+
1243 | aes-128-cbc | aes-128-cbc |
1244 | aes-192-cbc | aes-192-cbc |
1245 | aes-256-cbc | aes-256-cbc |
1246 | aes-128-ctr | aes-128-ctr |
1247 | aes-192-ctr | aes-192-ctr |
1248 | aes-256-ctr | aes-256-ctr |
1249 +-----------------------+---------------------------------------+
1251 Table 3 The SSH Encryption-alg Compatibility Matrix
1253 +----------------+-------------------+
1254 | sshcmn:mac-alg | ct:mac-algorithm |
1255 +----------------+-------------------+
1256 | hmac-sha1 | hmac-sha1 |
1257 | hmac-sha1-96 | hmac-sha1-96 |
1258 | hmac-sha2-256 | hmac-sha2-256 |
1259 | hmac-sha2-512 | hmac-sha2-512 |
1260 +----------------+-------------------+
1262 Table 4 The SSH Mac-alg Compatibility Matrix
1264 As is seen in the tables above, the names of the "sshcmn" algorithms
1265 are all identical to the names of algorithms defined in
1266 [I-D.ietf-netconf-crypto-types]. While appearing to be redundant, it
1267 is important to realize that not all the algorithms defined in
1268 [I-D.ietf-netconf-crypto-types] are supported by SSH. That is, the
1269 algorithms supported by SSH are a subset of the algorithms defined in
1270 [I-D.ietf-netconf-crypto-types]. The algorithms used by SSH are
1271 redefined in this document in order to constrain the algorithms that
1272 may be selected to just the ones used by SSH.
1274 Features are defined for algorithms that are OPTIONAL or are not
1275 widely supported by popular implementations. Note that the list of
1276 algorithms is not exhaustive. As well, some algorithms that are
1277 REQUIRED by [RFC4253] are missing, notably "ssh-dss" and "diffie-
1278 hellman-group1-sha1" due to their weak security and there being
1279 alternatives that are widely supported.
1281 5.1. Tree Diagram
1283 The following tree diagram [RFC8340] provides an overview of the data
1284 model for the "ietf-ssh-common" module.
1286 module: ietf-ssh-common
1288 grouping transport-params-grouping
1289 +-- host-key
1290 | +-- host-key-alg* identityref
1291 +-- key-exchange
1292 | +-- key-exchange-alg* identityref
1293 +-- encryption
1294 | +-- encryption-alg* identityref
1295 +-- mac
1296 +-- mac-alg* identityref
1298 5.2. Example Usage
1300 This following example illustrates how the transport-params-grouping
1301 appears when populated with some data.
1303
1306
1307 algs:x509v3-rsa2048-sha256
1308 algs:ssh-rsa
1309
1310
1311
1312 algs:diffie-hellman-group-exchange-sha256
1313
1314
1315
1316 algs:aes256-ctr
1317 algs:aes192-ctr
1318 algs:aes128-ctr
1319 algs:aes256-cbc
1320 algs:aes192-cbc
1321 algs:aes128-cbc
1322
1323
1324 algs:hmac-sha2-256
1325 algs:hmac-sha2-512
1326
1327
1329 5.3. YANG Module
1331 This YANG module has normative references to [RFC4253], [RFC4344],
1332 [RFC4419], [RFC5656], [RFC6187], and [RFC6668].
1334 file "ietf-ssh-common@2019-11-20.yang"
1336 module ietf-ssh-common {
1337 yang-version 1.1;
1338 namespace "urn:ietf:params:xml:ns:yang:ietf-ssh-common";
1339 prefix sshcmn;
1341 organization
1342 "IETF NETCONF (Network Configuration) Working Group";
1344 contact
1345 "WG Web:
1346 WG List:
1347 Author: Kent Watsen
1348 Author: Gary Wu ";
1350 description
1351 "This module defines a common features, identities, and
1352 groupings for Secure Shell (SSH).
1354 Copyright (c) 2019 IETF Trust and the persons identified
1355 as authors of the code. All rights reserved.
1357 Redistribution and use in source and binary forms, with
1358 or without modification, is permitted pursuant to, and
1359 subject to the license terms contained in, the Simplified
1360 BSD License set forth in Section 4.c of the IETF Trust's
1361 Legal Provisions Relating to IETF Documents
1362 (https://trustee.ietf.org/license-info).
1364 This version of this YANG module is part of RFC XXXX
1365 (https://www.rfc-editor.org/info/rfcXXXX); see the RFC
1366 itself for full legal notices.;
1368 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
1369 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
1370 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
1371 are to be interpreted as described in BCP 14 (RFC 2119)
1372 (RFC 8174) when, and only when, they appear in all
1373 capitals, as shown here.";
1375 revision 2019-11-20 {
1376 description
1377 "Initial version";
1378 reference
1379 "RFC XXXX: YANG Groupings for SSH Clients and SSH Servers";
1380 }
1382 // Features
1384 feature ssh-ecc {
1385 description
1386 "Elliptic Curve Cryptography is supported for SSH.";
1387 reference
1388 "RFC 5656: Elliptic Curve Algorithm Integration in the
1389 Secure Shell Transport Layer";
1390 }
1392 feature ssh-x509-certs {
1393 description
1394 "X.509v3 certificates are supported for SSH per RFC 6187.";
1395 reference
1396 "RFC 6187: X.509v3 Certificates for Secure Shell
1397 Authentication";
1398 }
1399 feature ssh-dh-group-exchange {
1400 description
1401 "Diffie-Hellman Group Exchange is supported for SSH.";
1402 reference
1403 "RFC 4419: Diffie-Hellman Group Exchange for the
1404 Secure Shell (SSH) Transport Layer Protocol";
1405 }
1407 feature ssh-ctr {
1408 description
1409 "SDCTR encryption mode is supported for SSH.";
1410 reference
1411 "RFC 4344: The Secure Shell (SSH) Transport Layer
1412 Encryption Modes";
1413 }
1415 feature ssh-sha2 {
1416 description
1417 "The SHA2 family of cryptographic hash functions is
1418 supported for SSH.";
1419 reference
1420 "FIPS PUB 180-4: Secure Hash Standard (SHS)";
1421 }
1423 // Identities
1425 identity public-key-alg-base {
1426 description
1427 "Base identity used to identify public key algorithms.";
1428 }
1430 identity ssh-dss {
1431 base public-key-alg-base;
1432 description
1433 "Digital Signature Algorithm using SHA-1 as the
1434 hashing algorithm.";
1435 reference
1436 "RFC 4253:
1437 The Secure Shell (SSH) Transport Layer Protocol";
1438 }
1440 identity ssh-rsa {
1441 base public-key-alg-base;
1442 description
1443 "RSASSA-PKCS1-v1_5 signature scheme using SHA-1 as the
1444 hashing algorithm.";
1445 reference
1446 "RFC 4253:
1448 The Secure Shell (SSH) Transport Layer Protocol";
1449 }
1451 identity ecdsa-sha2-nistp256 {
1452 if-feature "ssh-ecc and ssh-sha2";
1453 base public-key-alg-base;
1454 description
1455 "Elliptic Curve Digital Signature Algorithm (ECDSA) using the
1456 nistp256 curve and the SHA2 family of hashing algorithms.";
1457 reference
1458 "RFC 5656: Elliptic Curve Algorithm Integration in the
1459 Secure Shell Transport Layer";
1460 }
1462 identity ecdsa-sha2-nistp384 {
1463 if-feature "ssh-ecc and ssh-sha2";
1464 base public-key-alg-base;
1465 description
1466 "Elliptic Curve Digital Signature Algorithm (ECDSA) using the
1467 nistp384 curve and the SHA2 family of hashing algorithms.";
1468 reference
1469 "RFC 5656: Elliptic Curve Algorithm Integration in the
1470 Secure Shell Transport Layer";
1471 }
1473 identity ecdsa-sha2-nistp521 {
1474 if-feature "ssh-ecc and ssh-sha2";
1475 base public-key-alg-base;
1476 description
1477 "Elliptic Curve Digital Signature Algorithm (ECDSA) using the
1478 nistp521 curve and the SHA2 family of hashing algorithms.";
1479 reference
1480 "RFC 5656: Elliptic Curve Algorithm Integration in the
1481 Secure Shell Transport Layer";
1482 }
1484 identity x509v3-ssh-rsa {
1485 if-feature "ssh-x509-certs";
1486 base public-key-alg-base;
1487 description
1488 "RSASSA-PKCS1-v1_5 signature scheme using a public key stored
1489 in an X.509v3 certificate and using SHA-1 as the hashing
1490 algorithm.";
1491 reference
1492 "RFC 6187: X.509v3 Certificates for Secure Shell
1493 Authentication";
1494 }
1495 identity x509v3-rsa2048-sha256 {
1496 if-feature "ssh-x509-certs and ssh-sha2";
1497 base public-key-alg-base;
1498 description
1499 "RSASSA-PKCS1-v1_5 signature scheme using a public key stored
1500 in an X.509v3 certificate and using SHA-256 as the hashing
1501 algorithm. RSA keys conveyed using this format MUST have a
1502 modulus of at least 2048 bits.";
1503 reference
1504 "RFC 6187: X.509v3 Certificates for Secure Shell
1505 Authentication";
1506 }
1508 identity x509v3-ecdsa-sha2-nistp256 {
1509 if-feature "ssh-ecc and ssh-x509-certs and ssh-sha2";
1510 base public-key-alg-base;
1511 description
1512 "Elliptic Curve Digital Signature Algorithm (ECDSA)
1513 using the nistp256 curve with a public key stored in
1514 an X.509v3 certificate and using the SHA2 family of
1515 hashing algorithms.";
1516 reference
1517 "RFC 6187: X.509v3 Certificates for Secure Shell
1518 Authentication";
1519 }
1521 identity x509v3-ecdsa-sha2-nistp384 {
1522 if-feature "ssh-ecc and ssh-x509-certs and ssh-sha2";
1523 base public-key-alg-base;
1524 description
1525 "Elliptic Curve Digital Signature Algorithm (ECDSA)
1526 using the nistp384 curve with a public key stored in
1527 an X.509v3 certificate and using the SHA2 family of
1528 hashing algorithms.";
1529 reference
1530 "RFC 6187: X.509v3 Certificates for Secure Shell
1531 Authentication";
1532 }
1534 identity x509v3-ecdsa-sha2-nistp521 {
1535 if-feature "ssh-ecc and ssh-x509-certs and ssh-sha2";
1536 base public-key-alg-base;
1537 description
1538 "Elliptic Curve Digital Signature Algorithm (ECDSA)
1539 using the nistp521 curve with a public key stored in
1540 an X.509v3 certificate and using the SHA2 family of
1541 hashing algorithms.";
1542 reference
1543 "RFC 6187: X.509v3 Certificates for Secure Shell
1544 Authentication";
1545 }
1547 identity key-exchange-alg-base {
1548 description
1549 "Base identity used to identify key exchange algorithms.";
1550 }
1552 identity diffie-hellman-group14-sha1 {
1553 base key-exchange-alg-base;
1554 description
1555 "Diffie-Hellman key exchange with SHA-1 as HASH and
1556 Oakley Group 14 (2048-bit MODP Group).";
1557 reference
1558 "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol";
1559 }
1561 identity diffie-hellman-group-exchange-sha1 {
1562 if-feature "ssh-dh-group-exchange";
1563 base key-exchange-alg-base;
1564 description
1565 "Diffie-Hellman Group and Key Exchange with SHA-1 as HASH.";
1566 reference
1567 "RFC 4419: Diffie-Hellman Group Exchange for the
1568 Secure Shell (SSH) Transport Layer Protocol";
1569 }
1571 identity diffie-hellman-group-exchange-sha256 {
1572 if-feature "ssh-dh-group-exchange and ssh-sha2";
1573 base key-exchange-alg-base;
1574 description
1575 "Diffie-Hellman Group and Key Exchange with SHA-256 as HASH.";
1576 reference
1577 "RFC 4419: Diffie-Hellman Group Exchange for the
1578 Secure Shell (SSH) Transport Layer Protocol";
1579 }
1581 identity ecdh-sha2-nistp256 {
1582 if-feature "ssh-ecc and ssh-sha2";
1583 base key-exchange-alg-base;
1584 description
1585 "Elliptic Curve Diffie-Hellman (ECDH) key exchange using the
1586 nistp256 curve and the SHA2 family of hashing algorithms.";
1587 reference
1588 "RFC 5656: Elliptic Curve Algorithm Integration in the
1589 Secure Shell Transport Layer";
1590 }
1591 identity ecdh-sha2-nistp384 {
1592 if-feature "ssh-ecc and ssh-sha2";
1593 base key-exchange-alg-base;
1594 description
1595 "Elliptic Curve Diffie-Hellman (ECDH) key exchange using the
1596 nistp384 curve and the SHA2 family of hashing algorithms.";
1597 reference
1598 "RFC 5656: Elliptic Curve Algorithm Integration in the
1599 Secure Shell Transport Layer";
1600 }
1602 identity ecdh-sha2-nistp521 {
1603 if-feature "ssh-ecc and ssh-sha2";
1604 base key-exchange-alg-base;
1605 description
1606 "Elliptic Curve Diffie-Hellman (ECDH) key exchange using the
1607 nistp521 curve and the SHA2 family of hashing algorithms.";
1608 reference
1609 "RFC 5656: Elliptic Curve Algorithm Integration in the
1610 Secure Shell Transport Layer";
1611 }
1613 identity encryption-alg-base {
1614 description
1615 "Base identity used to identify encryption algorithms.";
1616 }
1618 identity triple-des-cbc {
1619 base encryption-alg-base;
1620 description
1621 "Three-key 3DES in CBC mode.";
1622 reference
1623 "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol";
1624 }
1626 identity aes128-cbc {
1627 base encryption-alg-base;
1628 description
1629 "AES in CBC mode, with a 128-bit key.";
1630 reference
1631 "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol";
1632 }
1634 identity aes192-cbc {
1635 base encryption-alg-base;
1636 description
1637 "AES in CBC mode, with a 192-bit key.";
1638 reference
1639 "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol";
1640 }
1642 identity aes256-cbc {
1643 base encryption-alg-base;
1644 description
1645 "AES in CBC mode, with a 256-bit key.";
1646 reference
1647 "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol";
1648 }
1650 identity aes128-ctr {
1651 if-feature "ssh-ctr";
1652 base encryption-alg-base;
1653 description
1654 "AES in SDCTR mode, with 128-bit key.";
1655 reference
1656 "RFC 4344: The Secure Shell (SSH) Transport Layer Encryption
1657 Modes";
1658 }
1660 identity aes192-ctr {
1661 if-feature "ssh-ctr";
1662 base encryption-alg-base;
1663 description
1664 "AES in SDCTR mode, with 192-bit key.";
1665 reference
1666 "RFC 4344: The Secure Shell (SSH) Transport Layer Encryption
1667 Modes";
1668 }
1670 identity aes256-ctr {
1671 if-feature "ssh-ctr";
1672 base encryption-alg-base;
1673 description
1674 "AES in SDCTR mode, with 256-bit key.";
1675 reference
1676 "RFC 4344: The Secure Shell (SSH) Transport Layer Encryption
1677 Modes";
1678 }
1680 identity mac-alg-base {
1681 description
1682 "Base identity used to identify message authentication
1683 code (MAC) algorithms.";
1684 }
1686 identity hmac-sha1 {
1687 base mac-alg-base;
1688 description
1689 "HMAC-SHA1";
1690 reference
1691 "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol";
1692 }
1694 identity hmac-sha2-256 {
1695 if-feature "ssh-sha2";
1696 base mac-alg-base;
1697 description
1698 "HMAC-SHA2-256";
1699 reference
1700 "RFC 6668: SHA-2 Data Integrity Verification for the
1701 Secure Shell (SSH) Transport Layer Protocol";
1702 }
1704 identity hmac-sha2-512 {
1705 if-feature "ssh-sha2";
1706 base mac-alg-base;
1707 description
1708 "HMAC-SHA2-512";
1709 reference
1710 "RFC 6668: SHA-2 Data Integrity Verification for the
1711 Secure Shell (SSH) Transport Layer Protocol";
1712 }
1714 // Groupings
1716 grouping transport-params-grouping {
1717 description
1718 "A reusable grouping for SSH transport parameters.";
1719 reference
1720 "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol";
1721 container host-key {
1722 description
1723 "Parameters regarding host key.";
1724 leaf-list host-key-alg {
1725 type identityref {
1726 base public-key-alg-base;
1727 }
1728 ordered-by user;
1729 description
1730 "Acceptable host key algorithms in order of descending
1731 preference. The configured host key algorithms should
1732 be compatible with the algorithm used by the configured
1733 private key. Please see Section 5 of RFC XXXX for
1734 valid combinations.
1736 If this leaf-list is not configured (has zero elements)
1737 the acceptable host key algorithms are implementation-
1738 defined.";
1739 reference
1740 "RFC XXXX: YANG Groupings for SSH Clients and SSH Servers";
1741 }
1742 }
1743 container key-exchange {
1744 description
1745 "Parameters regarding key exchange.";
1746 leaf-list key-exchange-alg {
1747 type identityref {
1748 base key-exchange-alg-base;
1749 }
1750 ordered-by user;
1751 description
1752 "Acceptable key exchange algorithms in order of descending
1753 preference.
1755 If this leaf-list is not configured (has zero elements)
1756 the acceptable key exchange algorithms are implementation
1757 defined.";
1758 }
1759 }
1760 container encryption {
1761 description
1762 "Parameters regarding encryption.";
1763 leaf-list encryption-alg {
1764 type identityref {
1765 base encryption-alg-base;
1766 }
1767 ordered-by user;
1768 description
1769 "Acceptable encryption algorithms in order of descending
1770 preference.
1772 If this leaf-list is not configured (has zero elements)
1773 the acceptable encryption algorithms are implementation
1774 defined.";
1775 }
1776 }
1777 container mac {
1778 description
1779 "Parameters regarding message authentication code (MAC).";
1780 leaf-list mac-alg {
1781 type identityref {
1782 base mac-alg-base;
1783 }
1784 ordered-by user;
1785 description
1786 "Acceptable MAC algorithms in order of descending
1787 preference.
1789 If this leaf-list is not configured (has zero elements)
1790 the acceptable MAC algorithms are implementation-
1791 defined.";
1792 }
1793 }
1794 }
1795 }
1797
1799 6. Security Considerations
1801 The YANG modules defined in this document are designed to be accessed
1802 via YANG based management protocols, such as NETCONF [RFC6241] and
1803 RESTCONF [RFC8040]. Both of these protocols have mandatory-to-
1804 implement secure transport layers (e.g., SSH, TLS) with mutual
1805 authentication.
1807 The NETCONF access control model (NACM) [RFC8341] provides the means
1808 to restrict access for particular users to a pre-configured subset of
1809 all available protocol operations and content.
1811 Since the modules in this document only define groupings, these
1812 considerations are primarily for the designers of other modules that
1813 use these groupings.
1815 There are a number of data nodes defined in the YANG modules that are
1816 writable/creatable/deletable (i.e., config true, which is the
1817 default). These data nodes may be considered sensitive or vulnerable
1818 in some network environments. Write operations (e.g., edit-config)
1819 to these data nodes without proper protection can have a negative
1820 effect on network operations. These are the subtrees and data nodes
1821 and their sensitivity/vulnerability:
1823 *: All of the nodes defined by the grouping statement in both the
1824 "ietf-ssh-client" and "ietf-ssh-server" modules are sensitive
1825 to write operations. For instance, the addition or removal of
1826 references to keys, certificates, trusted anchors, etc., or
1827 even the modification of transport or keepalive parameters can
1828 dramatically alter the implemented security policy. For this
1829 reason, all the nodes are protected the NACM extension
1830 "default-deny-write".
1832 Some of the readable data nodes in the YANG modules may be considered
1833 sensitive or vulnerable in some network environments. It is thus
1834 important to control read access (e.g., via get, get-config, or
1835 notification) to these data nodes. These are the subtrees and data
1836 nodes and their sensitivity/vulnerability:
1838 ssh-client-grouping/client-identity/: This subtree in the "ietf-
1839 ssh-client" module contains nodes that are additionally
1840 sensitive to read operations such that, in normal use cases,
1841 they should never be returned to a client. Specifically, the
1842 descendent nodes 'password', 'public-key/local-definition/
1843 private-key' and 'certificate/local-definition/private-key'.
1844 For this reason, all of these node are protected by the NACM
1845 extension "default-deny-all".
1847 ssh-server-grouping/server-identity/: This subtree in the "ietf-
1848 ssh-server" module contains nodes that are additionally
1849 sensitive to read operations such that, in normal use cases,
1850 they should never be returned to a client. Specifically, the
1851 descendent nodes 'host-key/public-key/local-definition/private-
1852 key' and 'host-key/certificate/local-definition/private-key'.
1853 For this reason, both of these node are protected by the NACM
1854 extension "default-deny-all".
1856 Some of the operations in this YANG module may be considered
1857 sensitive or vulnerable in some network environments. It is thus
1858 important to control access to these operations. These are the
1859 operations and their sensitivity/vulnerability:
1861 *: The groupings defined in this document include "action"
1862 statements that come from groupings defined in
1863 [I-D.ietf-netconf-crypto-types]. Please consult that document
1864 for the security considerations of the "action" statements
1865 defined by the "grouping" statements defined in this document.
1867 7. IANA Considerations
1869 7.1. The IETF XML Registry
1871 This document registers three URIs in the "ns" subregistry of the
1872 IETF XML Registry [RFC3688]. Following the format in [RFC3688], the
1873 following registrations are requested:
1875 URI: urn:ietf:params:xml:ns:yang:ietf-ssh-client
1876 Registrant Contact: The NETCONF WG of the IETF.
1877 XML: N/A, the requested URI is an XML namespace.
1879 URI: urn:ietf:params:xml:ns:yang:ietf-ssh-server
1880 Registrant Contact: The NETCONF WG of the IETF.
1881 XML: N/A, the requested URI is an XML namespace.
1883 URI: urn:ietf:params:xml:ns:yang:ietf-ssh-common
1884 Registrant Contact: The NETCONF WG of the IETF.
1885 XML: N/A, the requested URI is an XML namespace.
1887 7.2. The YANG Module Names Registry
1889 This document registers three YANG modules in the YANG Module Names
1890 registry [RFC6020]. Following the format in [RFC6020], the following
1891 registrations are requested:
1893 name: ietf-ssh-client
1894 namespace: urn:ietf:params:xml:ns:yang:ietf-ssh-client
1895 prefix: sshc
1896 reference: RFC XXXX
1898 name: ietf-ssh-server
1899 namespace: urn:ietf:params:xml:ns:yang:ietf-ssh-server
1900 prefix: sshs
1901 reference: RFC XXXX
1903 name: ietf-ssh-common
1904 namespace: urn:ietf:params:xml:ns:yang:ietf-ssh-common
1905 prefix: sshcmn
1906 reference: RFC XXXX
1908 8. References
1910 8.1. Normative References
1912 [I-D.ietf-netconf-crypto-types]
1913 Watsen, K. and H. Wang, "Common YANG Data Types for
1914 Cryptography", draft-ietf-netconf-crypto-types-12 (work in
1915 progress), November 2019.
1917 [I-D.ietf-netconf-keystore]
1918 Watsen, K., "A YANG Data Model for a Keystore", draft-
1919 ietf-netconf-keystore-14 (work in progress), November
1920 2019.
1922 [I-D.ietf-netconf-trust-anchors]
1923 Watsen, K. and H. Birkholz, "A YANG Data Model for a
1924 Truststore", draft-ietf-netconf-trust-anchors-07 (work in
1925 progress), November 2019.
1927 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
1928 Requirement Levels", BCP 14, RFC 2119,
1929 DOI 10.17487/RFC2119, March 1997,
1930 .
1932 [RFC4344] Bellare, M., Kohno, T., and C. Namprempre, "The Secure
1933 Shell (SSH) Transport Layer Encryption Modes", RFC 4344,
1934 DOI 10.17487/RFC4344, January 2006,
1935 .
1937 [RFC4419] Friedl, M., Provos, N., and W. Simpson, "Diffie-Hellman
1938 Group Exchange for the Secure Shell (SSH) Transport Layer
1939 Protocol", RFC 4419, DOI 10.17487/RFC4419, March 2006,
1940 .
1942 [RFC5656] Stebila, D. and J. Green, "Elliptic Curve Algorithm
1943 Integration in the Secure Shell Transport Layer",
1944 RFC 5656, DOI 10.17487/RFC5656, December 2009,
1945 .
1947 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for
1948 the Network Configuration Protocol (NETCONF)", RFC 6020,
1949 DOI 10.17487/RFC6020, October 2010,
1950 .
1952 [RFC6187] Igoe, K. and D. Stebila, "X.509v3 Certificates for Secure
1953 Shell Authentication", RFC 6187, DOI 10.17487/RFC6187,
1954 March 2011, .
1956 [RFC6668] Bider, D. and M. Baushke, "SHA-2 Data Integrity
1957 Verification for the Secure Shell (SSH) Transport Layer
1958 Protocol", RFC 6668, DOI 10.17487/RFC6668, July 2012,
1959 .
1961 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language",
1962 RFC 7950, DOI 10.17487/RFC7950, August 2016,
1963 .
1965 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
1966 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
1967 May 2017, .
1969 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration
1970 Access Control Model", STD 91, RFC 8341,
1971 DOI 10.17487/RFC8341, March 2018,
1972 .
1974 8.2. Informative References
1976 [OPENSSH] Project, T. O., "OpenSSH", 2016, .
1978 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
1979 DOI 10.17487/RFC3688, January 2004,
1980 .
1982 [RFC4252] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH)
1983 Authentication Protocol", RFC 4252, DOI 10.17487/RFC4252,
1984 January 2006, .
1986 [RFC4253] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH)
1987 Transport Layer Protocol", RFC 4253, DOI 10.17487/RFC4253,
1988 January 2006, .
1990 [RFC4254] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH)
1991 Connection Protocol", RFC 4254, DOI 10.17487/RFC4254,
1992 January 2006, .
1994 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
1995 and A. Bierman, Ed., "Network Configuration Protocol
1996 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
1997 .
1999 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure
2000 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011,
2001 .
2003 [RFC7317] Bierman, A. and M. Bjorklund, "A YANG Data Model for
2004 System Management", RFC 7317, DOI 10.17487/RFC7317, August
2005 2014, .
2007 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
2008 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
2009 .
2011 [RFC8071] Watsen, K., "NETCONF Call Home and RESTCONF Call Home",
2012 RFC 8071, DOI 10.17487/RFC8071, February 2017,
2013 .
2015 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams",
2016 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018,
2017 .
2019 Appendix A. Change Log
2021 A.1. 00 to 01
2023 o Noted that '0.0.0.0' and '::' might have special meanings.
2025 o Renamed "keychain" to "keystore".
2027 A.2. 01 to 02
2029 o Removed the groupings 'listening-ssh-client-grouping' and
2030 'listening-ssh-server-grouping'. Now modules only contain the
2031 transport-independent groupings.
2033 o Simplified the "client-auth" part in the ietf-ssh-client module.
2034 It now inlines what it used to point to keystore for.
2036 o Added cipher suites for various algorithms into new 'ietf-ssh-
2037 common' module.
2039 A.3. 02 to 03
2041 o Removed 'RESTRICTED' enum from 'password' leaf type.
2043 o Added a 'must' statement to container 'server-auth' asserting that
2044 at least one of the various auth mechanisms must be specified.
2046 o Fixed description statement for leaf 'trusted-ca-certs'.
2048 A.4. 03 to 04
2050 o Change title to "YANG Groupings for SSH Clients and SSH Servers"
2052 o Added reference to RFC 6668
2054 o Added RFC 8174 to Requirements Language Section.
2056 o Enhanced description statement for ietf-ssh-server's "trusted-ca-
2057 certs" leaf.
2059 o Added mandatory true to ietf-ssh-client's "client-auth" 'choice'
2060 statement.
2062 o Changed the YANG prefix for module ietf-ssh-common from 'sshcom'
2063 to 'sshcmn'.
2065 o Removed the compression algorithms as they are not commonly
2066 configurable in vendors' implementations.
2068 o Updating descriptions in transport-params-grouping and the
2069 servers's usage of it.
2071 o Now tree diagrams reference ietf-netmod-yang-tree-diagrams
2073 o Updated YANG to use typedefs around leafrefs to common keystore
2074 paths
2076 o Now inlines key and certificates (no longer a leafref to keystore)
2078 A.5. 04 to 05
2080 o Merged changes from co-author.
2082 A.6. 05 to 06
2084 o Updated to use trust anchors from trust-anchors draft (was
2085 keystore draft)
2087 o Now uses new keystore grouping enabling asymmetric key to be
2088 either locally defined or a reference to the keystore.
2090 A.7. 06 to 07
2092 o factored the ssh-[client|server]-groupings into more reusable
2093 groupings.
2095 o added if-feature statements for the new "ssh-host-keys" and
2096 "x509-certificates" features defined in draft-ietf-netconf-trust-
2097 anchors.
2099 A.8. 07 to 08
2101 o Added a number of compatibility matrices to Section 5 (thanks
2102 Frank!)
2104 o Clarified that any configured "host-key-alg" values need to be
2105 compatible with the configured private key.
2107 A.9. 08 to 09
2109 o Updated examples to reflect update to groupings defined in the
2110 keystore -09 draft.
2112 o Add SSH keepalives features and groupings.
2114 o Prefixed top-level SSH grouping nodes with 'ssh-' and support
2115 mashups.
2117 o Updated copyright date, boilerplate template, affiliation, and
2118 folding algorithm.
2120 A.10. 09 to 10
2122 o Reformatted the YANG modules.
2124 A.11. 10 to 11
2126 o Reformatted lines causing folding to occur.
2128 A.12. 11 to 12
2130 o Collapsed all the inner groupings into the top-level grouping.
2132 o Added a top-level "demux container" inside the top-level grouping.
2134 o Added NACM statements and updated the Security Considerations
2135 section.
2137 o Added "presence" statements on the "keepalive" containers, as was
2138 needed to address a validation error that appeared after adding
2139 the "must" statements into the NETCONF/RESTCONF client/server
2140 modules.
2142 o Updated the boilerplate text in module-level "description"
2143 statement to match copyeditor convention.
2145 A.13. 12 to 13
2147 o Removed the "demux containers", floating the nacm:default-deny-
2148 write to each descendent node, and adding a note to model
2149 designers regarding the potential need to add their own demux
2150 containers.
2152 o Fixed a couple references (section 2 --> section 3)
2154 o In the server model, replaced with and introduced 'local-or-external' choice.
2157 A.14. 13 to 14
2159 o Updated to reflect changes in trust-anchors drafts (e.g., s/trust-
2160 anchors/truststore/g + s/pinned.//)
2162 A.15. 14 to 15
2164 o Updated examples to reflect ietf-crypto-types change (e.g.,
2165 identities --> enumerations)
2167 o Updated "server-authentication" and "client-authentication" nodes
2168 from being a leaf of type "ts:host-keys-ref" or "ts:certificates-
2169 ref" to a container that uses "ts:local-or-truststore-host-keys-
2170 grouping" or "ts:local-or-truststore-certs-grouping".
2172 A.16. 15 to 16
2174 o Removed unnecessary if-feature statements in the -client and
2175 -server modules.
2177 o Cleaned up some description statements in the -client and -server
2178 modules.
2180 o Fixed a canonical ordering issue in ietf-ssh-common detected by
2181 new pyang.
2183 A.17. 16 to 17
2185 o Removed choice local-or-external by removing the 'external' case
2186 and flattening the 'local' case and adding a "client-auth-config-
2187 supported" feature.
2189 o Updated examples to include the "*-key-format" nodes.
2191 o Augmented-in "must" expressions ensuring that locally-defined
2192 public-key-format are "ct:ssh-public-key-format" (must expr for
2193 ref'ed keys are TBD).
2195 Acknowledgements
2197 The authors would like to thank for following for lively discussions
2198 on list and in the halls (ordered by last name): Andy Bierman, Martin
2199 Bjorklund, Benoit Claise, Mehmet Ersue, Balazs Kovacs, David
2200 Lamparter, Alan Luchuk, Ladislav Lhotka, Radek Krejci, Tom Petch,
2201 Juergen Schoenwaelder, Phil Shafer, Sean Turner, Michal Vasko, and
2202 Bert Wijnen.
2204 Authors' Addresses
2206 Kent Watsen
2207 Watsen Networks
2209 EMail: kent+ietf@watsen.net
2210 Gary Wu
2211 Cisco Systems
2213 EMail: garywu@cisco.com
2215 Liang Xia
2216 Huawei
2218 EMail: frank.xialiang@huawei.com