idnits 2.17.1
draft-ietf-netconf-tls-client-server-08.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
No issues found here.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
-- The document date (October 22, 2018) is 2012 days in the past. Is this
intentional?
Checking references for intended status: Proposed Standard
----------------------------------------------------------------------------
(See RFCs 3967 and 4897 for information about using normative references
to lower-maturity documents in RFCs)
== Outdated reference: A later version (-34) exists of
draft-ietf-netconf-crypto-types-01
== Outdated reference: A later version (-35) exists of
draft-ietf-netconf-keystore-06
== Outdated reference: A later version (-28) exists of
draft-ietf-netconf-trust-anchors-01
-- Obsolete informational reference (is this intentional?): RFC 2246
(Obsoleted by RFC 4346)
-- Obsolete informational reference (is this intentional?): RFC 2818
(Obsoleted by RFC 9110)
-- Obsolete informational reference (is this intentional?): RFC 4346
(Obsoleted by RFC 5246)
-- Obsolete informational reference (is this intentional?): RFC 5246
(Obsoleted by RFC 8446)
Summary: 0 errors (**), 0 flaws (~~), 4 warnings (==), 5 comments (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 NETCONF Working Group K. Watsen
3 Internet-Draft Juniper Networks
4 Intended status: Standards Track G. Wu
5 Expires: April 25, 2019 Cisco Systems
6 L. Xia
7 Huawei
8 October 22, 2018
10 YANG Groupings for TLS Clients and TLS Servers
11 draft-ietf-netconf-tls-client-server-08
13 Abstract
15 This document defines three YANG modules: the first defines groupings
16 for a generic TLS client, the second defines groupings for a generic
17 TLS server, and the third defines common identities and groupings
18 used by both the client and the server. It is intended that these
19 groupings will be used by applications using the TLS protocol.
21 Editorial Note (To be removed by RFC Editor)
23 This draft contains many placeholder values that need to be replaced
24 with finalized values at the time of publication. This note
25 summarizes all of the substitutions that are needed. No other RFC
26 Editor instructions are specified elsewhere in this document.
28 This document contains references to other drafts in progress, both
29 in the Normative References section, as well as in body text
30 throughout. Please update the following references to reflect their
31 final RFC assignments:
33 o I-D.ietf-netconf-trust-anchors
35 o I-D.ietf-netconf-keystore
37 Artwork in this document contains shorthand references to drafts in
38 progress. Please apply the following replacements:
40 o "XXXX" --> the assigned RFC value for this draft
42 o "YYYY" --> the assigned RFC value for I-D.ietf-netconf-trust-
43 anchors
45 o "ZZZZ" --> the assigned RFC value for I-D.ietf-netconf-keystore
47 Artwork in this document contains placeholder values for the date of
48 publication of this draft. Please apply the following replacement:
50 o "2018-10-22" --> the publication date of this draft
52 The following Appendix section is to be removed prior to publication:
54 o Appendix A. Change Log
56 Status of This Memo
58 This Internet-Draft is submitted in full conformance with the
59 provisions of BCP 78 and BCP 79.
61 Internet-Drafts are working documents of the Internet Engineering
62 Task Force (IETF). Note that other groups may also distribute
63 working documents as Internet-Drafts. The list of current Internet-
64 Drafts is at https://datatracker.ietf.org/drafts/current/.
66 Internet-Drafts are draft documents valid for a maximum of six months
67 and may be updated, replaced, or obsoleted by other documents at any
68 time. It is inappropriate to use Internet-Drafts as reference
69 material or to cite them other than as "work in progress."
71 This Internet-Draft will expire on April 25, 2019.
73 Copyright Notice
75 Copyright (c) 2018 IETF Trust and the persons identified as the
76 document authors. All rights reserved.
78 This document is subject to BCP 78 and the IETF Trust's Legal
79 Provisions Relating to IETF Documents
80 (https://trustee.ietf.org/license-info) in effect on the date of
81 publication of this document. Please review these documents
82 carefully, as they describe your rights and restrictions with respect
83 to this document. Code Components extracted from this document must
84 include Simplified BSD License text as described in Section 4.e of
85 the Trust Legal Provisions and are provided without warranty as
86 described in the Simplified BSD License.
88 Table of Contents
90 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
91 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
92 3. The TLS Client Model . . . . . . . . . . . . . . . . . . . . 4
93 3.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 4
94 3.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 4
95 3.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 6
96 4. The TLS Server Model . . . . . . . . . . . . . . . . . . . . 9
97 4.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 9
98 4.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 10
99 4.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 12
100 5. The TLS Common Model . . . . . . . . . . . . . . . . . . . . 15
101 5.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 24
102 5.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 24
103 5.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 24
104 6. Security Considerations . . . . . . . . . . . . . . . . . . . 33
105 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 34
106 7.1. The IETF XML Registry . . . . . . . . . . . . . . . . . . 34
107 7.2. The YANG Module Names Registry . . . . . . . . . . . . . 34
108 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 35
109 8.1. Normative References . . . . . . . . . . . . . . . . . . 35
110 8.2. Informative References . . . . . . . . . . . . . . . . . 36
111 Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 38
112 A.1. 00 to 01 . . . . . . . . . . . . . . . . . . . . . . . . 38
113 A.2. 01 to 02 . . . . . . . . . . . . . . . . . . . . . . . . 38
114 A.3. 02 to 03 . . . . . . . . . . . . . . . . . . . . . . . . 38
115 A.4. 03 to 04 . . . . . . . . . . . . . . . . . . . . . . . . 38
116 A.5. 04 to 05 . . . . . . . . . . . . . . . . . . . . . . . . 39
117 A.6. 05 to 06 . . . . . . . . . . . . . . . . . . . . . . . . 39
118 A.7. 06 to 07 . . . . . . . . . . . . . . . . . . . . . . . . 39
119 A.8. 07 to 08 . . . . . . . . . . . . . . . . . . . . . . . . 39
120 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 39
121 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 39
123 1. Introduction
125 This document defines three YANG 1.1 [RFC7950] modules: the first
126 defines a grouping for a generic TLS client, the second defines a
127 grouping for a generic TLS server, and the third defines identities
128 and groupings common to both the client and the server (TLS is
129 defined in [RFC5246]). It is intended that these groupings will be
130 used by applications using the TLS protocol. For instance, these
131 groupings could be used to help define the data model for an HTTPS
132 [RFC2818] server or a NETCONF over TLS [RFC7589] based server.
134 The client and server YANG modules in this document each define one
135 grouping, which is focused on just TLS-specific configuration, and
136 specifically avoids any transport-level configuration, such as what
137 ports to listen-on or connect-to. This affords applications the
138 opportunity to define their own strategy for how the underlying TCP
139 connection is established. For instance, applications supporting
140 NETCONF Call Home [RFC8071] could use the "ssh-server-grouping"
141 grouping for the TLS parts it provides, while adding data nodes for
142 the TCP-level call-home configuration.
144 The modules defined in this document uses groupings defined in
145 [I-D.ietf-netconf-keystore] enabling keys to be either locally
146 defined or a reference to globally configured values.
148 2. Terminology
150 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
151 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
152 "OPTIONAL" in this document are to be interpreted as described in BCP
153 14 [RFC2119] [RFC8174] when, and only when, they appear in all
154 capitals, as shown here.
156 3. The TLS Client Model
158 3.1. Tree Diagram
160 This section provides a tree diagram [RFC8340] for the "ietf-tls-
161 client" module that does not have groupings expanded.
163 module: ietf-tls-client
165 grouping server-auth-grouping
166 +-- server-auth
167 +-- pinned-ca-certs? ta:pinned-certificates-ref
168 | {ta:x509-certificates}?
169 +-- pinned-server-certs? ta:pinned-certificates-ref
170 {ta:x509-certificates}?
171 grouping tls-client-grouping
172 +---u client-identity-grouping
173 +---u server-auth-grouping
174 +---u hello-params-grouping
175 grouping client-identity-grouping
176 +-- client-identity
177 +-- (auth-type)?
178 +--:(certificate)
179 +-- certificate
180 +---u client-identity-grouping
181 grouping hello-params-grouping
182 +-- hello-params {tls-client-hello-params-config}?
183 +---u hello-params-grouping
185 3.2. Example Usage
187 This section presents two examples showing the tls-client-grouping
188 populated with some data. These examples are effectively the same
189 except the first configures the client identity using a local key
190 while the second uses a key configured in a keystore. Both examples
191 are consistent with the examples presented in Section 3 of
193 [I-D.ietf-netconf-trust-anchors] and Section 3.2 of
194 [I-D.ietf-netconf-keystore].
196 The following example configures the client identity using a local
197 key:
199 [Note: '\' line wrapping for formatting only]
201
203
204
205
206 ct:rsa2048
208 base64encodedvalue==
209 base64encodedvalue==
210 base64encodedvalue==
211
212
214
215
216 explicitly-trusted-server-ca-certs
218 explicitly-trusted-server-certs
220
222
224 The following example configures the client identity using a key from
225 the keystore:
227 [Note: '\' line wrapping for formatting only]
229
231
232
233
234 ex-rsa-cert
235
236
238
239
240 explicitly-trusted-server-ca-certs
242 explicitly-trusted-server-certs
244
246
248 3.3. YANG Module
250 This YANG module has normative references to
251 [I-D.ietf-netconf-trust-anchors] and [I-D.ietf-netconf-keystore].
253 file "ietf-tls-client@2018-10-22.yang"
254 module ietf-tls-client {
255 yang-version 1.1;
257 namespace "urn:ietf:params:xml:ns:yang:ietf-tls-client";
258 prefix "tlsc";
260 import ietf-tls-common {
261 prefix tlscmn;
262 revision-date 2018-10-22; // stable grouping definitions
263 reference
264 "RFC XXXX: YANG Groupings for TLS Clients and TLS Servers";
265 }
267 import ietf-trust-anchors {
268 prefix ta;
269 reference
270 "RFC YYYY: YANG Data Model for Global Trust Anchors";
271 }
273 import ietf-keystore {
274 prefix ks;
275 reference
276 "RFC ZZZZ: YANG Data Model for a 'Keystore' Mechanism";
277 }
279 organization
280 "IETF NETCONF (Network Configuration) Working Group";
282 contact
283 "WG Web:
284 WG List:
286 Author: Kent Watsen
287
289 Author: Gary Wu
290 ";
292 description
293 "This module defines a reusable grouping for a TLS client that
294 can be used as a basis for specific TLS client instances.
296 Copyright (c) 2018 IETF Trust and the persons identified as
297 authors of the code. All rights reserved.
299 Redistribution and use in source and binary forms, with or
300 without modification, is permitted pursuant to, and subject
301 to the license terms contained in, the Simplified BSD
302 License set forth in Section 4.c of the IETF Trust's
303 Legal Provisions Relating to IETF Documents
304 (http://trustee.ietf.org/license-info).
306 This version of this YANG module is part of RFC XXXX; see
307 the RFC itself for full legal notices.";
309 revision "2018-10-22" {
310 description
311 "Initial version";
312 reference
313 "RFC XXXX: YANG Groupings for TLS Clients and TLS Servers";
314 }
316 // features
318 feature tls-client-hello-params-config {
319 description
320 "TLS hello message parameters are configurable on a TLS
321 client.";
323 }
325 // groupings
327 grouping tls-client-grouping {
328 description
329 "A reusable grouping for configuring a TLS client without
330 any consideration for how an underlying TCP session is
331 established.";
332 uses client-identity-grouping;
333 uses server-auth-grouping;
334 uses hello-params-grouping;
335 }
337 grouping client-identity-grouping {
338 description
339 "A reusable grouping for configuring a TLS client identity.";
340 container client-identity {
341 description
342 "The credentials used by the client to authenticate to
343 the TLS server.";
345 choice auth-type {
346 description
347 "The authentication type.";
348 container certificate {
349 uses ks:local-or-keystore-end-entity-cert-with-key-grouping;
350 description
351 "A locally-defined or referenced certificate
352 to be used for client authentication.";
353 reference
354 "RFC ZZZZ: YANG Data Model for a 'Keystore' Mechanism";
355 }
356 }
357 } // end client-identity
358 } // end client-identity-grouping
360 grouping server-auth-grouping {
361 description
362 "A reusable grouping for configuring TLS server
363 authentication.";
364 container server-auth {
365 must 'pinned-ca-certs or pinned-server-certs';
366 description
367 "Trusted server identities.";
368 leaf pinned-ca-certs {
369 if-feature "ta:x509-certificates";
370 type ta:pinned-certificates-ref;
371 description
372 "A reference to a list of certificate authority (CA)
373 certificates used by the TLS client to authenticate
374 TLS server certificates. A server certificate is
375 authenticated if it has a valid chain of trust to
376 a configured pinned CA certificate.";
377 }
378 leaf pinned-server-certs {
379 if-feature "ta:x509-certificates";
380 type ta:pinned-certificates-ref;
381 description
382 "A reference to a list of server certificates used by
383 the TLS client to authenticate TLS server certificates.
384 A server certificate is authenticated if it is an
385 exact match to a configured pinned server certificate.";
386 }
387 }
388 } // end server-auth-grouping
390 grouping hello-params-grouping {
391 description
392 "A reusable grouping for configuring a TLS transport
393 parameters.";
394 container hello-params {
395 if-feature tls-client-hello-params-config;
396 uses tlscmn:hello-params-grouping;
397 description
398 "Configurable parameters for the TLS hello message.";
399 }
400 } // end transport-params-grouping
402 }
403
405 4. The TLS Server Model
407 4.1. Tree Diagram
409 This section provides a tree diagram [RFC8340] for the "ietf-tls-
410 server" module that does not have groupings expanded.
412 module: ietf-tls-server
414 grouping hello-params-grouping
415 +-- hello-params {tls-server-hello-params-config}?
416 +---u hello-params-grouping
417 grouping server-identity-grouping
418 +-- server-identity
419 +---u server-identity-grouping
420 grouping tls-server-grouping
421 +---u server-identity-grouping
422 +---u client-auth-grouping
423 +---u hello-params-grouping
424 grouping client-auth-grouping
425 +-- client-auth
426 +-- pinned-ca-certs? ta:pinned-certificates-ref
427 | {ta:x509-certificates}?
428 +-- pinned-client-certs? ta:pinned-certificates-ref
429 {ta:x509-certificates}?
431 4.2. Example Usage
433 This section presents two examples showing the tls-server-grouping
434 populated with some data. These examples are effectively the same
435 except the first configures the server identity using a local key
436 while the second uses a key configured in a keystore. Both examples
437 are consistent with the examples presented in Section 3 of
438 [I-D.ietf-netconf-trust-anchors] and Section 3.2 of
439 [I-D.ietf-netconf-keystore].
441 The following example configures the server identity using a local
442 key:
444 [Note: '\' line wrapping for formatting only]
446
448
449
450 ct:rsa2048
452 base64encodedvalue==
453 base64encodedvalue==
454 base64encodedvalue==
455
457
458
459 explicitly-trusted-client-ca-certs
461 explicitly-trusted-client-certs
463
465
467 The following example configures the server identity using a key from
468 the keystore:
470 [Note: '\' line wrapping for formatting only]
472
474
475
476 ex-rsa-cert
477
479
480
481 explicitly-trusted-client-ca-certs
483 explicitly-trusted-client-certs
485
487
489 4.3. YANG Module
491 This YANG module has a normative references to [RFC5246],
492 [I-D.ietf-netconf-trust-anchors] and [I-D.ietf-netconf-keystore].
494 file "ietf-tls-server@2018-10-22.yang"
495 module ietf-tls-server {
496 yang-version 1.1;
498 namespace "urn:ietf:params:xml:ns:yang:ietf-tls-server";
499 prefix "tlss";
501 import ietf-tls-common {
502 prefix tlscmn;
503 revision-date 2018-10-22; // stable grouping definitions
504 reference
505 "RFC XXXX: YANG Groupings for TLS Clients and TLS Servers";
506 }
508 import ietf-trust-anchors {
509 prefix ta;
510 reference
511 "RFC YYYY: YANG Data Model for Global Trust Anchors";
512 }
514 import ietf-keystore {
515 prefix ks;
516 reference
517 "RFC ZZZZ: YANG Data Model for a 'Keystore' Mechanism";
518 }
520 organization
521 "IETF NETCONF (Network Configuration) Working Group";
523 contact
524 "WG Web:
525 WG List:
527 Author: Kent Watsen
528
530 Author: Gary Wu
531 ";
533 description
534 "This module defines a reusable grouping for a TLS server that
535 can be used as a basis for specific TLS server instances.
537 Copyright (c) 2018 IETF Trust and the persons identified as
538 authors of the code. All rights reserved.
540 Redistribution and use in source and binary forms, with or
541 without modification, is permitted pursuant to, and subject
542 to the license terms contained in, the Simplified BSD
543 License set forth in Section 4.c of the IETF Trust's
544 Legal Provisions Relating to IETF Documents
545 (http://trustee.ietf.org/license-info).
547 This version of this YANG module is part of RFC XXXX; see
548 the RFC itself for full legal notices.";
550 revision "2018-10-22" {
551 description
552 "Initial version";
553 reference
554 "RFC XXXX: YANG Groupings for TLS Clients and TLS Servers";
555 }
557 // features
559 feature tls-server-hello-params-config {
560 description
561 "TLS hello message parameters are configurable on a TLS
562 server.";
563 }
565 // groupings
567 grouping tls-server-grouping {
568 description
569 "A reusable grouping for configuring a TLS server without
570 any consideration for how underlying TCP sessions are
571 established.";
572 uses server-identity-grouping;
573 uses client-auth-grouping;
574 uses hello-params-grouping;
575 }
577 grouping server-identity-grouping {
578 description
579 "A reusable grouping for configuring a TLS server identity.";
580 container server-identity {
581 description
582 "A locally-defined or referenced end-entity certificate,
583 including any configured intermediate certificates, the
584 TLS server will present when establishing a TLS connection
585 in its Certificate message, as defined in Section 7.4.2
586 in RFC 5246.";
587 reference
588 "RFC 5246:
589 The Transport Layer Security (TLS) Protocol Version 1.2
590 RFC ZZZZ:
591 YANG Data Model for a 'Keystore' Mechanism";
592 uses ks:local-or-keystore-end-entity-cert-with-key-grouping;
593 }
594 } // end server-identity-grouping
596 grouping client-auth-grouping {
597 description
598 "A reusable grouping for configuring a TLS client
599 authentication.";
600 container client-auth {
601 description
602 "A reference to a list of pinned certificate authority (CA)
603 certificates and a reference to a list of pinned client
604 certificates.";
605 leaf pinned-ca-certs {
606 if-feature "ta:x509-certificates";
607 type ta:pinned-certificates-ref;
608 description
609 "A reference to a list of certificate authority (CA)
610 certificates used by the TLS server to authenticate
611 TLS client certificates. A client certificate is
612 authenticated if it has a valid chain of trust to
613 a configured pinned CA certificate.";
614 reference
615 "RFC YYYY: YANG Data Model for Global Trust Anchors";
616 }
617 leaf pinned-client-certs {
618 if-feature "ta:x509-certificates";
619 type ta:pinned-certificates-ref;
620 description
621 "A reference to a list of client certificates used by
622 the TLS server to authenticate TLS client certificates.
623 A clients certificate is authenticated if it is an
624 exact match to a configured pinned client certificate.";
625 reference
626 "RFC YYYY: YANG Data Model for Global Trust Anchors";
627 }
628 }
629 } // end client-auth-grouping
631 grouping hello-params-grouping {
632 description
633 "A reusable grouping for configuring a TLS transport
634 parameters.";
635 container hello-params {
636 if-feature tls-server-hello-params-config;
637 uses tlscmn:hello-params-grouping;
638 description
639 "Configurable parameters for the TLS hello message.";
640 }
642 } // end tls-server-grouping
644 }
645
647 5. The TLS Common Model
649 The TLS common model presented in this section contains identities
650 and groupings common to both TLS clients and TLS servers. The hello-
651 params-grouping can be used to configure the list of TLS algorithms
652 permitted by the TLS client or TLS server. The lists of algorithms
653 are ordered such that, if multiple algorithms are permitted by the
654 client, the algorithm that appears first in its list that is also
655 permitted by the server is used for the TLS transport layer
656 connection. The ability to restrict the the algorithms allowed is
657 provided in this grouping for TLS clients and TLS servers that are
658 capable of doing so and may serve to make TLS clients and TLS servers
659 compliant with local security policies. This model supports both
660 TLS1.2 [RFC5246] and TLS 1.3 [RFC8446].
662 TLS 1.2 and TLS 1.3 have different ways defining their own supported
663 cryptographic algorithms, see TLS and DTLS IANA registries page
664 (https://www.iana.org/assignments/tls-parameters/tls-
665 parameters.xhtml):
667 o TLS 1.2 defines four categories of registries for cryptographic
668 algorithms: TLS Cipher Suites, TLS SignatureAlgorithm, TLS
669 HashAlgorithm, TLS Supported Groups. TLS Cipher Suites plays the
670 role of combining all of them into one set, as each value of the
671 set represents a unique and feasible combination of all the
672 cryptographic algorithms, and thus the other three registry
673 categories do not need to be considered here. In this document,
674 the TLS common model only chooses those TLS1.2 algorithms in TLS
675 Cipher Suites which are marked as recommended:
676 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
677 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
678 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
679 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, and so on. All chosen
680 algorithms are enumerated in Table 1-1 below;
682 o TLS 1.3 defines its supported algorithms differently. Firstly, it
683 defines three categories of registries for cryptographic
684 algorithms: TLS Cipher Suites, TLS SignatureScheme, TLS Supported
685 Groups. Secondly, all three of these categories are useful, since
686 they represent different parts of all the supported algorithms
687 respectively. Thus, all of these registries categories are
688 considered here. In this draft, the TLS common model chooses only
689 those TLS1.3 algorithms specified in B.4, 4.2.3, 4.2.7 of
690 [RFC8446].
692 Thus, in order to support both TLS1.2 and TLS1.3, the cipher-suites
693 part of the hello-params-grouping should include three parameters for
694 configuring its permitted TLS algorithms, which are: TLS Cipher
695 Suites, TLS SignatureScheme, TLS Supported Groups. Note that TLS1.2
696 only uses TLS Cipher Suites.
698 [I-D.ietf-netconf-crypto-types] defines six categories of
699 cryptographic algorithms (hash-algorithm, symmetric-key-encryption-
700 algorithm, mac-algorithm, asymmetric-key-encryption-algorithm,
701 signature-algorithm, key-negotiation-algorithm) and lists several
702 widely accepted algorithms for each of them. The TLS client and
703 server models use one or more of these algorithms. The following
704 tables are provided, in part to define the subset of algorithms
705 defined in the crypto-types model used by TLS, and in part to ensure
706 compatibility of configured TLS cryptographic parameters for
707 configuring its permitted TLS algorithms:
709 +-----------------------------------------------+---------+
710 | ciper-suites in hello-params-grouping | HASH |
711 +-----------------------------------------------+---------+
712 | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | sha-256 |
713 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | sha-384 |
714 | TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 | sha-256 |
715 | TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 | sha-384 |
716 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | sha-256 |
717 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | sha-384 |
718 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | sha-256 |
719 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | sha-384 |
720 | TLS_DHE_RSA_WITH_AES_128_CCM | sha-256 |
721 | TLS_DHE_RSA_WITH_AES_256_CCM | sha-256 |
722 | TLS_DHE_PSK_WITH_AES_128_CCM | sha-256 |
723 | TLS_DHE_PSK_WITH_AES_256_CCM | sha-256 |
724 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | sha-256 |
725 | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 | sha-256 |
726 | TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | sha-256 |
727 | TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 | sha-256 |
728 | TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 | sha-256 |
729 | TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 | sha-256 |
730 | TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 | sha-384 |
731 | TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 | sha-256 |
732 +-----------------------------------------------+---------+
734 Table 1-1 TLS 1.2 Compatibility Matrix Part 1: ciper-suites mapping
735 to hash-algorithm
737 +--------------------------------------------- +---------------------+
738 | ciper-suites in hello-params-grouping | symmetric |
739 | | |
740 +--------------------------------------------- +---------------------+
741 | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | enc-aes-128-gcm |
742 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | enc-aes-256-gcm |
743 | TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 | enc-aes-128-gcm |
744 | TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 | enc-aes-256-gcm |
745 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | enc-aes-128-gcm |
746 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | enc-aes-256-gcm |
747 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | enc-aes-128-gcm |
748 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | enc-aes-256-gcm |
749 | TLS_DHE_RSA_WITH_AES_128_CCM | enc-aes-128-ccm |
750 | TLS_DHE_RSA_WITH_AES_256_CCM | enc-aes-256-ccm |
751 | TLS_DHE_PSK_WITH_AES_128_CCM | enc-aes-128-ccm |
752 | TLS_DHE_PSK_WITH_AES_256_CCM | enc-aes-256-ccm |
753 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |enc-chacha20-poly1305|
754 | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256|enc-chacha20-poly1305|
755 | TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |enc-chacha20-poly1305|
756 | TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 |enc-chacha20-poly1305|
757 | TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 |enc-chacha20-poly1305|
758 | TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 | enc-aes-128-gcm |
759 | TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 | enc-aes-256-gcm |
760 | TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 | enc-aes-128-ccm |
761 +--------------------------------------------- +---------------------+
763 Table 1-2 TLS 1.2 Compatibility Matrix Part 2: ciper-suites mapping
764 to symmetric-key-encryption-algorithm
766 +--------------------------------------------- +---------------------+
767 | ciper-suites in hello-params-grouping | MAC |
768 | | |
769 +--------------------------------------------- +---------------------+
770 | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | mac-aes-128-gcm |
771 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | mac-aes-256-gcm |
772 | TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 | mac-aes-128-gcm |
773 | TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 | mac-aes-256-gcm |
774 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | mac-aes-128-gcm |
775 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | mac-aes-256-gcm |
776 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | mac-aes-128-gcm |
777 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | mac-aes-256-gcm |
778 | TLS_DHE_RSA_WITH_AES_128_CCM | mac-aes-128-ccm |
779 | TLS_DHE_RSA_WITH_AES_256_CCM | mac-aes-256-ccm |
780 | TLS_DHE_PSK_WITH_AES_128_CCM | mac-aes-128-ccm |
781 | TLS_DHE_PSK_WITH_AES_256_CCM | mac-aes-256-ccm |
782 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |mac-chacha20-poly1305|
783 | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256|mac-chacha20-poly1305|
784 | TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |mac-chacha20-poly1305|
785 | TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 |mac-chacha20-poly1305|
786 | TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 |mac-chacha20-poly1305|
787 | TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 | mac-aes-128-gcm |
788 | TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 | mac-aes-256-gcm |
789 | TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 | mac-aes-128-ccm |
790 +--------------------------------------------- +---------------------+
792 Table 1-3 TLS 1.2 Compatibility Matrix Part 3: ciper-suites mapping
793 to MAC-algorithm
795 +----------------------------------------------+----------------------+
796 |ciper-suites in hello-params-grouping | signature |
797 +--------------------------------------------- +----------------------+
798 | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | rsa-pkcs1-sha256 |
799 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | rsa-pkcs1-sha384 |
800 | TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 | N/A |
801 | TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 | N/A |
802 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |ecdsa-secp256r1-sha256|
803 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |ecdsa-secp384r1-sha384|
804 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | rsa-pkcs1-sha256 |
805 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | rsa-pkcs1-sha384 |
806 | TLS_DHE_RSA_WITH_AES_128_CCM | rsa-pkcs1-sha256 |
807 | TLS_DHE_RSA_WITH_AES_256_CCM | rsa-pkcs1-sha256 |
808 | TLS_DHE_PSK_WITH_AES_128_CCM | N/A |
809 | TLS_DHE_PSK_WITH_AES_256_CCM | N/A |
810 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | rsa-pkcs1-sha256 |
811 | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256|ecdsa-secp256r1-sha256|
812 | TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | rsa-pkcs1-sha256 |
813 | TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 | N/A |
814 | TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 | N/A |
815 | TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 | N/A |
816 | TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 | N/A |
817 | TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 | N/A |
818 +----------------------------------------------+----------------------+
820 Table 1-4 TLS 1.2 Compatibility Matrix Part 4: ciper-suites mapping
821 to signature-algorithm
823 +----------------------------------------------+-----------------------+
824 |ciper-suites in hello-params-grouping | key-negotiation |
825 +----------------------------------------------+-----------------------+
826 | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | dhe-ffdhe2048, ... |
827 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | dhe-ffdhe2048, ... |
828 | TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 | psk-dhe-ffdhe2048, ...|
829 | TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 | psk-dhe-ffdhe2048, ...|
830 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | ecdhe-secp256r1, ... |
831 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | ecdhe-secp256r1, ... |
832 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | ecdhe-secp256r1, ... |
833 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | ecdhe-secp256r1, ... |
834 | TLS_DHE_RSA_WITH_AES_128_CCM | dhe-ffdhe2048, ... |
835 | TLS_DHE_RSA_WITH_AES_256_CCM | dhe-ffdhe2048, ... |
836 | TLS_DHE_PSK_WITH_AES_128_CCM | psk-dhe-ffdhe2048, ...|
837 | TLS_DHE_PSK_WITH_AES_256_CCM | psk-dhe-ffdhe2048, ...|
838 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | ecdhe-secp256r1, ... |
839 | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256| ecdhe-secp256r1, ... |
840 | TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | dhe-ffdhe2048, ... |
841 | TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 |psk-ecdhe-secp256r1,...|
842 | TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 | psk-dhe-ffdhe2048, ...|
843 | TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 |psk-ecdhe-secp256r1,...|
844 | TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 |psk-ecdhe-secp256r1,...|
845 | TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 |psk-ecdhe-secp256r1,...|
846 +----------------------------------------------+-----------------------+
848 Table 1-5 TLS 1.2 Compatibility Matrix Part 5: ciper-suites mapping
849 to key-negotiation-algorithm
851 +------------------------------+---------+
852 | ciper-suites in hello | HASH |
853 | -params-grouping | |
854 +------------------------------+---------+
855 | TLS_AES_128_GCM_SHA256 | sha-256 |
856 | TLS_AES_256_GCM_SHA384 | sha-384 |
857 | TLS_CHACHA20_POLY1305_SHA256 | sha-256 |
858 | TLS_AES_128_CCM_SHA256 | sha-256 |
859 +------------------------------+---------+
861 Table 2-1 TLS 1.3 Compatibility Matrix Part 1: ciper-suites mapping
862 to hash-algorithm
864 +------------------------------+-----------------------+
865 | ciper-suites in hello | symmetric |
866 | -params-grouping | |
867 +------------------------------+-----------------------+
868 | TLS_AES_128_GCM_SHA256 | enc-aes-128-gcm |
869 | TLS_AES_256_GCM_SHA384 | enc-aes-128-gcm |
870 | TLS_CHACHA20_POLY1305_SHA256 | enc-chacha20-poly1305 |
871 | TLS_AES_128_CCM_SHA256 | enc-aes-128-ccm |
872 +------------------------------+-----------------------+
874 Table 2-2 TLS 1.3 Compatibility Matrix Part 2: ciper-suites mapping
875 to symmetric-key--encryption-algorithm
877 +------------------------------+-----------------------+
878 | ciper-suites in hello | symmetric |
879 | -params-grouping | |
880 +------------------------------+-----------------------+
881 | TLS_AES_128_GCM_SHA256 | mac-aes-128-gcm |
882 | TLS_AES_256_GCM_SHA384 | mac-aes-128-gcm |
883 | TLS_CHACHA20_POLY1305_SHA256 | mac-chacha20-poly1305 |
884 | TLS_AES_128_CCM_SHA256 | mac-aes-128-ccm |
885 +------------------------------+-----------------------+
887 Table 2-3 TLS 1.3 Compatibility Matrix Part 3: ciper-suites mapping
888 to MAC-algorithm
890 +----------------------------+-------------------------+
891 |signatureScheme in hello | signature |
892 | -params-grouping | |
893 +----------------------------+-------------------------+
894 | rsa-pkcs1-sha256 | rsa-pkcs1-sha256 |
895 | rsa-pkcs1-sha384 | rsa-pkcs1-sha384 |
896 | rsa-pkcs1-sha512 | rsa-pkcs1-sha512 |
897 | rsa-pss-rsae-sha256 | rsa-pss-rsae-sha256 |
898 | rsa-pss-rsae-sha384 | rsa-pss-rsae-sha384 |
899 | rsa-pss-rsae-sha512 | rsa-pss-rsae-sha512 |
900 | rsa-pss-pss-sha256 | rsa-pss-pss-sha256 |
901 | rsa-pss-pss-sha384 | rsa-pss-pss-sha384 |
902 | rsa-pss-pss-sha512 | rsa-pss-pss-sha512 |
903 | ecdsa-secp256r1-sha256 | ecdsa-secp256r1-sha256 |
904 | ecdsa-secp384r1-sha384 | ecdsa-secp384r1-sha384 |
905 | ecdsa-secp521r1-sha512 | ecdsa-secp521r1-sha512 |
906 | ed25519 | ed25519 |
907 | ed448 | ed448 |
908 +----------------------------+-------------------------+
910 Table 2-4 TLS 1.3 Compatibility Matrix Part 4: SignatureScheme
911 mapping to signature-algorithm
913 +----------------------------+-------------------------+
914 |supported Groups in hello | key-negotiation |
915 | -params-grouping | |
916 +----------------------------+-------------------------+
917 | dhe-ffdhe2048 | dhe-ffdhe2048 |
918 | dhe-ffdhe3072 | dhe-ffdhe3072 |
919 | dhe-ffdhe4096 | dhe-ffdhe4096 |
920 | dhe-ffdhe6144 | dhe-ffdhe6144 |
921 | dhe-ffdhe8192 | dhe-ffdhe8192 |
922 | psk-dhe-ffdhe2048 | psk-dhe-ffdhe2048 |
923 | psk-dhe-ffdhe3072 | psk-dhe-ffdhe3072 |
924 | psk-dhe-ffdhe4096 | psk-dhe-ffdhe4096 |
925 | psk-dhe-ffdhe6144 | psk-dhe-ffdhe6144 |
926 | psk-dhe-ffdhe8192 | psk-dhe-ffdhe8192 |
927 | ecdhe-secp256r1 | ecdhe-secp256r1 |
928 | ecdhe-secp384r1 | ecdhe-secp384r1 |
929 | ecdhe-secp521r1 | ecdhe-secp521r1 |
930 | ecdhe-x25519 | ecdhe-x25519 |
931 | ecdhe-x448 | ecdhe-x448 |
932 | psk-ecdhe-secp256r1 | psk-ecdhe-secp256r1 |
933 | psk-ecdhe-secp384r1 | psk-ecdhe-secp384r1 |
934 | psk-ecdhe-secp521r1 | psk-ecdhe-secp521r1 |
935 | psk-ecdhe-x25519 | psk-ecdhe-x25519 |
936 | psk-ecdhe-x448 | psk-ecdhe-x448 |
937 +----------------------------+-------------------------+
939 Table 2-5 TLS 1.3 Compatibility Matrix Part 5: Supported Groups
940 mapping to key-negotiation-algorithm
942 Note that in Table 1-5:
944 o dhe-ffdhe2048, ... is the abbreviation of dhe-ffdhe2048, dhe-
945 ffdhe3072, dhe-ffdhe4096, dhe-ffdhe6144, dhe-ffdhe8192;
947 o psk-dhe-ffdhe2048, ... is the abbreviation of psk-dhe-ffdhe2048,
948 psk-dhe-ffdhe3072, psk-dhe-ffdhe4096, psk-dhe-ffdhe6144, psk-dhe-
949 ffdhe8192;
951 o ecdhe-secp256r1, ... is the abbreviation of ecdhe-secp256r1,
952 ecdhe-secp384r1, ecdhe-secp521r1, ecdhe-x25519, ecdhe-x448;
954 o psk-ecdhe-secp256r1, ... is the abbreviation of psk-ecdhe-
955 secp256r1, psk-ecdhe-secp384r1, psk-ecdhe-secp521r1, psk-ecdhe-
956 x25519, psk-ecdhe-x448.
958 Features are defined for algorithms that are OPTIONAL or are not
959 widely supported by popular implementations. Note that the list of
960 algorithms is not exhaustive.
962 5.1. Tree Diagram
964 The following tree diagram [RFC8340] provides an overview of the data
965 model for the "ietf-tls-common" module.
967 module: ietf-tls-common
969 grouping hello-params-grouping
970 +-- tls-versions
971 | +-- tls-version* identityref
972 +-- cipher-suites
973 +-- cipher-suite* identityref
975 5.2. Example Usage
977 This section shows how it would appear if the transport-params-
978 grouping were populated with some data.
980
983
984 tlscmn:tls-1.1
985 tlscmn:tls-1.2
986
987
988 tlscmn:dhe-rsa-with-aes-128-cbc-sha
989 tlscmn:rsa-with-aes-128-cbc-sha
990 tlscmn:rsa-with-3des-ede-cbc-sha
991
992
994 5.3. YANG Module
996 This YANG module has a normative references to [RFC2246], [RFC4346],
997 [RFC5246], [RFC5288], [RFC5289], and [RFC8422].
999 This YANG module has a informative references to [RFC2246],
1000 [RFC4346], and [RFC5246].
1002 file "ietf-tls-common@2018-10-22.yang"
1003 module ietf-tls-common {
1004 yang-version 1.1;
1006 namespace "urn:ietf:params:xml:ns:yang:ietf-tls-common";
1007 prefix "tlscmn";
1009 organization
1010 "IETF NETCONF (Network Configuration) Working Group";
1012 contact
1013 "WG Web:
1014 WG List:
1016 Author: Kent Watsen
1017
1019 Author: Gary Wu
1020 ";
1022 description
1023 "This module defines a common features, identities, and groupings
1024 for Transport Layer Security (TLS).
1026 Copyright (c) 2018 IETF Trust and the persons identified as
1027 authors of the code. All rights reserved.
1029 Redistribution and use in source and binary forms, with or
1030 without modification, is permitted pursuant to, and subject
1031 to the license terms contained in, the Simplified BSD
1032 License set forth in Section 4.c of the IETF Trust's
1033 Legal Provisions Relating to IETF Documents
1034 (http://trustee.ietf.org/license-info).
1036 This version of this YANG module is part of RFC XXXX; see
1037 the RFC itself for full legal notices.";
1039 revision "2018-10-22" {
1040 description
1041 "Initial version";
1042 reference
1043 "RFC XXXX: YANG Groupings for TLS Clients and TLS Servers";
1044 }
1046 // features
1048 feature tls-1_0 {
1049 description
1050 "TLS Protocol Version 1.0 is supported.";
1051 reference
1052 "RFC 2246: The TLS Protocol Version 1.0";
1053 }
1055 feature tls-1_1 {
1056 description
1057 "TLS Protocol Version 1.1 is supported.";
1058 reference
1059 "RFC 4346: The Transport Layer Security (TLS) Protocol
1060 Version 1.1";
1061 }
1063 feature tls-1_2 {
1064 description
1065 "TLS Protocol Version 1.2 is supported.";
1066 reference
1067 "RFC 5246: The Transport Layer Security (TLS) Protocol
1068 Version 1.2";
1069 }
1071 feature tls-ecc {
1072 description
1073 "Elliptic Curve Cryptography (ECC) is supported for TLS.";
1074 reference
1075 "RFC 8422: Elliptic Curve Cryptography (ECC) Cipher Suites
1076 for Transport Layer Security (TLS)";
1077 }
1079 feature tls-dhe {
1080 description
1081 "Ephemeral Diffie-Hellman key exchange is supported for TLS.";
1082 reference
1083 "RFC 5246: The Transport Layer Security (TLS) Protocol
1084 Version 1.2";
1085 }
1087 feature tls-3des {
1088 description
1089 "The Triple-DES block cipher is supported for TLS.";
1090 reference
1091 "RFC 5246: The Transport Layer Security (TLS) Protocol
1092 Version 1.2";
1093 }
1095 feature tls-gcm {
1096 description
1097 "The Galois/Counter Mode authenticated encryption mode is
1098 supported for TLS.";
1099 reference
1100 "RFC 5288: AES Galois Counter Mode (GCM) Cipher Suites for
1101 TLS";
1102 }
1104 feature tls-sha2 {
1105 description
1106 "The SHA2 family of cryptographic hash functions is supported
1107 for TLS.";
1108 reference
1109 "FIPS PUB 180-4: Secure Hash Standard (SHS)";
1110 }
1112 // identities
1114 identity tls-version-base {
1115 description
1116 "Base identity used to identify TLS protocol versions.";
1117 }
1119 identity tls-1.0 {
1120 base tls-version-base;
1121 if-feature tls-1_0;
1122 description
1123 "TLS Protocol Version 1.0.";
1124 reference
1125 "RFC 2246: The TLS Protocol Version 1.0";
1126 }
1128 identity tls-1.1 {
1129 base tls-version-base;
1130 if-feature tls-1_1;
1131 description
1132 "TLS Protocol Version 1.1.";
1133 reference
1134 "RFC 4346: The Transport Layer Security (TLS) Protocol
1135 Version 1.1";
1136 }
1138 identity tls-1.2 {
1139 base tls-version-base;
1140 if-feature tls-1_2;
1141 description
1142 "TLS Protocol Version 1.2.";
1143 reference
1144 "RFC 5246: The Transport Layer Security (TLS) Protocol
1145 Version 1.2";
1146 }
1148 identity cipher-suite-base {
1149 description
1150 "Base identity used to identify TLS cipher suites.";
1151 }
1152 identity rsa-with-aes-128-cbc-sha {
1153 base cipher-suite-base;
1154 description
1155 "Cipher suite TLS_RSA_WITH_AES_128_CBC_SHA.";
1156 reference
1157 "RFC 5246: The Transport Layer Security (TLS) Protocol
1158 Version 1.2";
1159 }
1161 identity rsa-with-aes-256-cbc-sha {
1162 base cipher-suite-base;
1163 description
1164 "Cipher suite TLS_RSA_WITH_AES_256_CBC_SHA.";
1165 reference
1166 "RFC 5246: The Transport Layer Security (TLS) Protocol
1167 Version 1.2";
1168 }
1170 identity rsa-with-aes-128-cbc-sha256 {
1171 base cipher-suite-base;
1172 if-feature tls-sha2;
1173 description
1174 "Cipher suite TLS_RSA_WITH_AES_128_CBC_SHA256.";
1175 reference
1176 "RFC 5246: The Transport Layer Security (TLS) Protocol
1177 Version 1.2";
1178 }
1180 identity rsa-with-aes-256-cbc-sha256 {
1181 base cipher-suite-base;
1182 if-feature tls-sha2;
1183 description
1184 "Cipher suite TLS_RSA_WITH_AES_256_CBC_SHA256.";
1185 reference
1186 "RFC 5246: The Transport Layer Security (TLS) Protocol
1187 Version 1.2";
1188 }
1190 identity dhe-rsa-with-aes-128-cbc-sha {
1191 base cipher-suite-base;
1192 if-feature tls-dhe;
1193 description
1194 "Cipher suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA.";
1195 reference
1196 "RFC 5246: The Transport Layer Security (TLS) Protocol
1197 Version 1.2";
1198 }
1199 identity dhe-rsa-with-aes-256-cbc-sha {
1200 base cipher-suite-base;
1201 if-feature tls-dhe;
1202 description
1203 "Cipher suite TLS_DHE_RSA_WITH_AES_256_CBC_SHA.";
1204 reference
1205 "RFC 5246: The Transport Layer Security (TLS) Protocol
1206 Version 1.2";
1207 }
1209 identity dhe-rsa-with-aes-128-cbc-sha256 {
1210 base cipher-suite-base;
1211 if-feature "tls-dhe and tls-sha2";
1212 description
1213 "Cipher suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256.";
1214 reference
1215 "RFC 5246: The Transport Layer Security (TLS) Protocol
1216 Version 1.2";
1217 }
1219 identity dhe-rsa-with-aes-256-cbc-sha256 {
1220 base cipher-suite-base;
1221 if-feature "tls-dhe and tls-sha2";
1222 description
1223 "Cipher suite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256.";
1224 reference
1225 "RFC 5246: The Transport Layer Security (TLS) Protocol
1226 Version 1.2";
1227 }
1229 identity ecdhe-ecdsa-with-aes-128-cbc-sha256 {
1230 base cipher-suite-base;
1231 if-feature "tls-ecc and tls-sha2";
1232 description
1233 "Cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256.";
1234 reference
1235 "RFC 5289: TLS Elliptic Curve Cipher Suites with
1236 SHA-256/384 and AES Galois Counter Mode (GCM)";
1237 }
1239 identity ecdhe-ecdsa-with-aes-256-cbc-sha384 {
1240 base cipher-suite-base;
1241 if-feature "tls-ecc and tls-sha2";
1242 description
1243 "Cipher suite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384.";
1244 reference
1245 "RFC 5289: TLS Elliptic Curve Cipher Suites with
1246 SHA-256/384 and AES Galois Counter Mode (GCM)";
1248 }
1250 identity ecdhe-rsa-with-aes-128-cbc-sha256 {
1251 base cipher-suite-base;
1252 if-feature "tls-ecc and tls-sha2";
1253 description
1254 "Cipher suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256.";
1255 reference
1256 "RFC 5289: TLS Elliptic Curve Cipher Suites with
1257 SHA-256/384 and AES Galois Counter Mode (GCM)";
1258 }
1260 identity ecdhe-rsa-with-aes-256-cbc-sha384 {
1261 base cipher-suite-base;
1262 if-feature "tls-ecc and tls-sha2";
1263 description
1264 "Cipher suite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384.";
1265 reference
1266 "RFC 5289: TLS Elliptic Curve Cipher Suites with
1267 SHA-256/384 and AES Galois Counter Mode (GCM)";
1268 }
1270 identity ecdhe-ecdsa-with-aes-128-gcm-sha256 {
1271 base cipher-suite-base;
1272 if-feature "tls-ecc and tls-gcm and tls-sha2";
1273 description
1274 "Cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256.";
1275 reference
1276 "RFC 5289: TLS Elliptic Curve Cipher Suites with
1277 SHA-256/384 and AES Galois Counter Mode (GCM)";
1278 }
1280 identity ecdhe-ecdsa-with-aes-256-gcm-sha384 {
1281 base cipher-suite-base;
1282 if-feature "tls-ecc and tls-gcm and tls-sha2";
1283 description
1284 "Cipher suite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384.";
1285 reference
1286 "RFC 5289: TLS Elliptic Curve Cipher Suites with
1287 SHA-256/384 and AES Galois Counter Mode (GCM)";
1288 }
1290 identity ecdhe-rsa-with-aes-128-gcm-sha256 {
1291 base cipher-suite-base;
1292 if-feature "tls-ecc and tls-gcm and tls-sha2";
1293 description
1294 "Cipher suite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.";
1295 reference
1296 "RFC 5289: TLS Elliptic Curve Cipher Suites with
1297 SHA-256/384 and AES Galois Counter Mode (GCM)";
1298 }
1300 identity ecdhe-rsa-with-aes-256-gcm-sha384 {
1301 base cipher-suite-base;
1302 if-feature "tls-ecc and tls-gcm and tls-sha2";
1303 description
1304 "Cipher suite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384.";
1305 reference
1306 "RFC 5289: TLS Elliptic Curve Cipher Suites with
1307 SHA-256/384 and AES Galois Counter Mode (GCM)";
1308 }
1310 identity rsa-with-3des-ede-cbc-sha {
1311 base cipher-suite-base;
1312 if-feature tls-3des;
1313 description
1314 "Cipher suite TLS_RSA_WITH_3DES_EDE_CBC_SHA.";
1315 reference
1316 "RFC 5246: The Transport Layer Security (TLS) Protocol
1317 Version 1.2";
1318 }
1320 identity ecdhe-rsa-with-3des-ede-cbc-sha {
1321 base cipher-suite-base;
1322 if-feature "tls-ecc and tls-3des";
1323 description
1324 "Cipher suite TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA.";
1325 reference
1326 "RFC 8422: Elliptic Curve Cryptography (ECC) Cipher Suites
1327 for Transport Layer Security (TLS)";
1328 }
1330 identity ecdhe-rsa-with-aes-128-cbc-sha {
1331 base cipher-suite-base;
1332 if-feature "tls-ecc";
1333 description
1334 "Cipher suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA.";
1335 reference
1336 "RFC 8422: Elliptic Curve Cryptography (ECC) Cipher Suites
1337 for Transport Layer Security (TLS)";
1338 }
1340 identity ecdhe-rsa-with-aes-256-cbc-sha {
1341 base cipher-suite-base;
1342 if-feature "tls-ecc";
1343 description
1344 "Cipher suite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA.";
1345 reference
1346 "RFC 8422: Elliptic Curve Cryptography (ECC) Cipher Suites
1347 for Transport Layer Security (TLS)";
1348 }
1350 // groupings
1352 grouping hello-params-grouping {
1353 description
1354 "A reusable grouping for TLS hello message parameters.";
1355 reference
1356 "RFC 5246: The Transport Layer Security (TLS) Protocol
1357 Version 1.2";
1359 container tls-versions {
1360 description
1361 "Parameters regarding TLS versions.";
1362 leaf-list tls-version {
1363 type identityref {
1364 base tls-version-base;
1365 }
1366 description
1367 "Acceptable TLS protocol versions.
1369 If this leaf-list is not configured (has zero elements)
1370 the acceptable TLS protocol versions are implementation-
1371 defined.";
1372 }
1373 }
1374 container cipher-suites {
1375 description
1376 "Parameters regarding cipher suites.";
1377 leaf-list cipher-suite {
1378 type identityref {
1379 base cipher-suite-base;
1380 }
1381 ordered-by user;
1382 description
1383 "Acceptable cipher suites in order of descending
1384 preference. The configured host key algorithms should
1385 be compatible with the algorithm used by the configured
1386 private key. Please see Section 5 of RFC XXXX for
1387 valid combinations.
1389 If this leaf-list is not configured (has zero elements)
1390 the acceptable cipher suites are implementation-
1391 defined.";
1393 reference
1394 "RFC XXXX: YANG Groupings for TLS Clients and TLS Servers";
1395 }
1396 }
1398 } // end hello-params-grouping
1400 }
1401
1403 6. Security Considerations
1405 The YANG modules defined in this document are designed to be accessed
1406 via YANG based management protocols, such as NETCONF [RFC6241] and
1407 RESTCONF [RFC8040]. Both of these protocols have mandatory-to-
1408 implement secure transport layers (e.g., SSH, TLS) with mutual
1409 authentication.
1411 The NETCONF access control model (NACM) [RFC8341] provides the means
1412 to restrict access for particular users to a pre-configured subset of
1413 all available protocol operations and content.
1415 Since the modules defined in this document only define groupings,
1416 these considerations are primarily for the designers of other modules
1417 that use these groupings.
1419 There are a number of data nodes defined in the YANG modules that are
1420 writable/creatable/deletable (i.e., config true, which is the
1421 default). These data nodes may be considered sensitive or vulnerable
1422 in some network environments. Write operations (e.g., edit-config)
1423 to these data nodes without proper protection can have a negative
1424 effect on network operations. These are the subtrees and data nodes
1425 and their sensitivity/vulnerability:
1427 /: The entire data tree of all the groupings defined in this draft
1428 is sensitive to write operations. For instance, the addition
1429 or removal of references to keys, certificates, trusted
1430 anchors, etc., can dramatically alter the implemented security
1431 policy. However, no NACM annotations are applied as the data
1432 SHOULD be editable by users other than a designated 'recovery
1433 session'.
1435 Some of the readable data nodes in the YANG modules may be considered
1436 sensitive or vulnerable in some network environments. It is thus
1437 important to control read access (e.g., via get, get-config, or
1438 notification) to these data nodes. These are the subtrees and data
1439 nodes and their sensitivity/vulnerability:
1441 NONE
1443 Some of the RPC operations in this YANG module may be considered
1444 sensitive or vulnerable in some network environments. It is thus
1445 important to control access to these operations. These are the
1446 operations and their sensitivity/vulnerability:
1448 NONE
1450 7. IANA Considerations
1452 7.1. The IETF XML Registry
1454 This document registers three URIs in the "ns" subregistry of the
1455 IETF XML Registry [RFC3688]. Following the format in [RFC3688], the
1456 following registrations are requested:
1458 URI: urn:ietf:params:xml:ns:yang:ietf-tls-client
1459 Registrant Contact: The NETCONF WG of the IETF.
1460 XML: N/A, the requested URI is an XML namespace.
1462 URI: urn:ietf:params:xml:ns:yang:ietf-tls-server
1463 Registrant Contact: The NETCONF WG of the IETF.
1464 XML: N/A, the requested URI is an XML namespace.
1466 URI: urn:ietf:params:xml:ns:yang:ietf-tls-common
1467 Registrant Contact: The NETCONF WG of the IETF.
1468 XML: N/A, the requested URI is an XML namespace.
1470 7.2. The YANG Module Names Registry
1472 This document registers three YANG modules in the YANG Module Names
1473 registry [RFC6020]. Following the format in [RFC6020], the the
1474 following registrations are requested:
1476 name: ietf-tls-client
1477 namespace: urn:ietf:params:xml:ns:yang:ietf-tls-client
1478 prefix: tlsc
1479 reference: RFC XXXX
1481 name: ietf-tls-server
1482 namespace: urn:ietf:params:xml:ns:yang:ietf-tls-server
1483 prefix: tlss
1484 reference: RFC XXXX
1486 name: ietf-tls-common
1487 namespace: urn:ietf:params:xml:ns:yang:ietf-tls-common
1488 prefix: tlscmn
1489 reference: RFC XXXX
1491 8. References
1493 8.1. Normative References
1495 [I-D.ietf-netconf-crypto-types]
1496 Watsen, K., "Common YANG Data Types for Cryptography",
1497 draft-ietf-netconf-crypto-types-01 (work in progress),
1498 September 2018.
1500 [I-D.ietf-netconf-keystore]
1501 Watsen, K., "YANG Data Model for a Centralized Keystore
1502 Mechanism", draft-ietf-netconf-keystore-06 (work in
1503 progress), September 2018.
1505 [I-D.ietf-netconf-trust-anchors]
1506 Watsen, K., "YANG Data Model for Global Trust Anchors",
1507 draft-ietf-netconf-trust-anchors-01 (work in progress),
1508 September 2018.
1510 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
1511 Requirement Levels", BCP 14, RFC 2119,
1512 DOI 10.17487/RFC2119, March 1997,
1513 .
1515 [RFC5288] Salowey, J., Choudhury, A., and D. McGrew, "AES Galois
1516 Counter Mode (GCM) Cipher Suites for TLS", RFC 5288,
1517 DOI 10.17487/RFC5288, August 2008,
1518 .
1520 [RFC5289] Rescorla, E., "TLS Elliptic Curve Cipher Suites with SHA-
1521 256/384 and AES Galois Counter Mode (GCM)", RFC 5289,
1522 DOI 10.17487/RFC5289, August 2008,
1523 .
1525 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for
1526 the Network Configuration Protocol (NETCONF)", RFC 6020,
1527 DOI 10.17487/RFC6020, October 2010,
1528 .
1530 [RFC7589] Badra, M., Luchuk, A., and J. Schoenwaelder, "Using the
1531 NETCONF Protocol over Transport Layer Security (TLS) with
1532 Mutual X.509 Authentication", RFC 7589,
1533 DOI 10.17487/RFC7589, June 2015,
1534 .
1536 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language",
1537 RFC 7950, DOI 10.17487/RFC7950, August 2016,
1538 .
1540 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
1541 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
1542 May 2017, .
1544 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration
1545 Access Control Model", STD 91, RFC 8341,
1546 DOI 10.17487/RFC8341, March 2018,
1547 .
1549 [RFC8422] Nir, Y., Josefsson, S., and M. Pegourie-Gonnard, "Elliptic
1550 Curve Cryptography (ECC) Cipher Suites for Transport Layer
1551 Security (TLS) Versions 1.2 and Earlier", RFC 8422,
1552 DOI 10.17487/RFC8422, August 2018,
1553 .
1555 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
1556 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
1557 .
1559 8.2. Informative References
1561 [RFC2246] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0",
1562 RFC 2246, DOI 10.17487/RFC2246, January 1999,
1563 .
1565 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818,
1566 DOI 10.17487/RFC2818, May 2000,
1567 .
1569 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
1570 DOI 10.17487/RFC3688, January 2004,
1571 .
1573 [RFC4346] Dierks, T. and E. Rescorla, "The Transport Layer Security
1574 (TLS) Protocol Version 1.1", RFC 4346,
1575 DOI 10.17487/RFC4346, April 2006,
1576 .
1578 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
1579 (TLS) Protocol Version 1.2", RFC 5246,
1580 DOI 10.17487/RFC5246, August 2008,
1581 .
1583 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
1584 and A. Bierman, Ed., "Network Configuration Protocol
1585 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
1586 .
1588 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
1589 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
1590 .
1592 [RFC8071] Watsen, K., "NETCONF Call Home and RESTCONF Call Home",
1593 RFC 8071, DOI 10.17487/RFC8071, February 2017,
1594 .
1596 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams",
1597 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018,
1598 .
1600 Appendix A. Change Log
1602 A.1. 00 to 01
1604 o Noted that '0.0.0.0' and '::' might have special meanings.
1606 o Renamed "keychain" to "keystore".
1608 A.2. 01 to 02
1610 o Removed the groupings containing transport-level configuration.
1611 Now modules contain only the transport-independent groupings.
1613 o Filled in previously incomplete 'ietf-tls-client' module.
1615 o Added cipher suites for various algorithms into new 'ietf-tls-
1616 common' module.
1618 A.3. 02 to 03
1620 o Added a 'must' statement to container 'server-auth' asserting that
1621 at least one of the various auth mechanisms must be specified.
1623 o Fixed description statement for leaf 'trusted-ca-certs'.
1625 A.4. 03 to 04
1627 o Updated title to "YANG Groupings for TLS Clients and TLS Servers"
1629 o Updated leafref paths to point to new keystore path
1631 o Changed the YANG prefix for ietf-tls-common from 'tlscom' to
1632 'tlscmn'.
1634 o Added TLS protocol verions 1.0 and 1.1.
1636 o Made author lists consistent
1638 o Now tree diagrams reference ietf-netmod-yang-tree-diagrams
1640 o Updated YANG to use typedefs around leafrefs to common keystore
1641 paths
1643 o Now inlines key and certificates (no longer a leafref to keystore)
1645 A.5. 04 to 05
1647 o Merged changes from co-author.
1649 A.6. 05 to 06
1651 o Updated to use trust anchors from trust-anchors draft (was
1652 keystore draft)
1654 o Now Uses new keystore grouping enabling asymmetric key to be
1655 either locally defined or a reference to the keystore.
1657 A.7. 06 to 07
1659 o factored the tls-[client|server]-groupings into more reusable
1660 groupings.
1662 o added if-feature statements for the new "x509-certificates"
1663 feature defined in draft-ietf-netconf-trust-anchors.
1665 A.8. 07 to 08
1667 o Added a number of compatibility matricies to Section 5 (thanks
1668 Frank!)
1670 o Claified that any configured "cipher-suite" values need to be
1671 compatible with the configured private key.
1673 Acknowledgements
1675 The authors would like to thank for following for lively discussions
1676 on list and in the halls (ordered by last name): Andy Bierman, Martin
1677 Bjorklund, Benoit Claise, Mehmet Ersue, Balazs Kovacs, David
1678 Lamparter, Alan Luchuk, Ladislav Lhotka, Radek Krejci, Tom Petch,
1679 Juergen Schoenwaelder, Phil Shafer, Sean Turner, and Bert Wijnen.
1681 Authors' Addresses
1683 Kent Watsen
1684 Juniper Networks
1686 EMail: kwatsen@juniper.net
1688 Gary Wu
1689 Cisco Systems
1691 EMail: garywu@cisco.com
1692 Liang Xia
1693 Huawei
1695 EMail: frank.xialiang@huawei.com