idnits 2.17.1 draft-ietf-netconf-tls-client-server-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 9, 2019) is 1847 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-34) exists of draft-ietf-netconf-crypto-types-02 == Outdated reference: A later version (-35) exists of draft-ietf-netconf-keystore-08 == Outdated reference: A later version (-28) exists of draft-ietf-netconf-trust-anchors-03 -- Obsolete informational reference (is this intentional?): RFC 2246 (Obsoleted by RFC 4346) -- Obsolete informational reference (is this intentional?): RFC 2818 (Obsoleted by RFC 9110) -- Obsolete informational reference (is this intentional?): RFC 4346 (Obsoleted by RFC 5246) -- Obsolete informational reference (is this intentional?): RFC 5246 (Obsoleted by RFC 8446) Summary: 0 errors (**), 0 flaws (~~), 4 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NETCONF Working Group K. Watsen 3 Internet-Draft Watsen Networks 4 Intended status: Standards Track G. Wu 5 Expires: September 10, 2019 Cisco Systems 6 L. Xia 7 Huawei 8 March 9, 2019 10 YANG Groupings for TLS Clients and TLS Servers 11 draft-ietf-netconf-tls-client-server-10 13 Abstract 15 This document defines three YANG modules: the first defines groupings 16 for a generic TLS client, the second defines groupings for a generic 17 TLS server, and the third defines common identities and groupings 18 used by both the client and the server. It is intended that these 19 groupings will be used by applications using the TLS protocol. 21 Editorial Note (To be removed by RFC Editor) 23 This draft contains many placeholder values that need to be replaced 24 with finalized values at the time of publication. This note 25 summarizes all of the substitutions that are needed. No other RFC 26 Editor instructions are specified elsewhere in this document. 28 This document contains references to other drafts in progress, both 29 in the Normative References section, as well as in body text 30 throughout. Please update the following references to reflect their 31 final RFC assignments: 33 o I-D.ietf-netconf-trust-anchors 35 o I-D.ietf-netconf-keystore 37 Artwork in this document contains shorthand references to drafts in 38 progress. Please apply the following replacements: 40 o "XXXX" --> the assigned RFC value for this draft 42 o "YYYY" --> the assigned RFC value for I-D.ietf-netconf-trust- 43 anchors 45 o "ZZZZ" --> the assigned RFC value for I-D.ietf-netconf-keystore 47 Artwork in this document contains placeholder values for the date of 48 publication of this draft. Please apply the following replacement: 50 o "2019-03-09" --> the publication date of this draft 52 The following Appendix section is to be removed prior to publication: 54 o Appendix A. Change Log 56 Status of This Memo 58 This Internet-Draft is submitted in full conformance with the 59 provisions of BCP 78 and BCP 79. 61 Internet-Drafts are working documents of the Internet Engineering 62 Task Force (IETF). Note that other groups may also distribute 63 working documents as Internet-Drafts. The list of current Internet- 64 Drafts is at https://datatracker.ietf.org/drafts/current/. 66 Internet-Drafts are draft documents valid for a maximum of six months 67 and may be updated, replaced, or obsoleted by other documents at any 68 time. It is inappropriate to use Internet-Drafts as reference 69 material or to cite them other than as "work in progress." 71 This Internet-Draft will expire on September 10, 2019. 73 Copyright Notice 75 Copyright (c) 2019 IETF Trust and the persons identified as the 76 document authors. All rights reserved. 78 This document is subject to BCP 78 and the IETF Trust's Legal 79 Provisions Relating to IETF Documents 80 (https://trustee.ietf.org/license-info) in effect on the date of 81 publication of this document. Please review these documents 82 carefully, as they describe your rights and restrictions with respect 83 to this document. Code Components extracted from this document must 84 include Simplified BSD License text as described in Section 4.e of 85 the Trust Legal Provisions and are provided without warranty as 86 described in the Simplified BSD License. 88 Table of Contents 90 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 91 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 92 3. The TLS Client Model . . . . . . . . . . . . . . . . . . . . 4 93 3.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 4 94 3.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 5 95 3.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 6 96 4. The TLS Server Model . . . . . . . . . . . . . . . . . . . . 10 97 4.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 10 98 4.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 11 99 4.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 13 100 5. The TLS Common Model . . . . . . . . . . . . . . . . . . . . 17 101 5.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 25 102 5.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 25 103 5.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 25 104 6. Security Considerations . . . . . . . . . . . . . . . . . . . 34 105 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 35 106 7.1. The IETF XML Registry . . . . . . . . . . . . . . . . . . 35 107 7.2. The YANG Module Names Registry . . . . . . . . . . . . . 35 108 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 36 109 8.1. Normative References . . . . . . . . . . . . . . . . . . 36 110 8.2. Informative References . . . . . . . . . . . . . . . . . 37 111 Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 39 112 A.1. 00 to 01 . . . . . . . . . . . . . . . . . . . . . . . . 39 113 A.2. 01 to 02 . . . . . . . . . . . . . . . . . . . . . . . . 39 114 A.3. 02 to 03 . . . . . . . . . . . . . . . . . . . . . . . . 39 115 A.4. 03 to 04 . . . . . . . . . . . . . . . . . . . . . . . . 39 116 A.5. 04 to 05 . . . . . . . . . . . . . . . . . . . . . . . . 40 117 A.6. 05 to 06 . . . . . . . . . . . . . . . . . . . . . . . . 40 118 A.7. 06 to 07 . . . . . . . . . . . . . . . . . . . . . . . . 40 119 A.8. 07 to 08 . . . . . . . . . . . . . . . . . . . . . . . . 40 120 A.9. 08 to 09 . . . . . . . . . . . . . . . . . . . . . . . . 40 121 A.10. 09 to 10 . . . . . . . . . . . . . . . . . . . . . . . . 40 122 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 41 123 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 41 125 1. Introduction 127 This document defines three YANG 1.1 [RFC7950] modules: the first 128 defines a grouping for a generic TLS client, the second defines a 129 grouping for a generic TLS server, and the third defines identities 130 and groupings common to both the client and the server (TLS is 131 defined in [RFC5246]). It is intended that these groupings will be 132 used by applications using the TLS protocol. For instance, these 133 groupings could be used to help define the data model for an HTTPS 134 [RFC2818] server or a NETCONF over TLS [RFC7589] based server. 136 The client and server YANG modules in this document each define one 137 grouping, which is focused on just TLS-specific configuration, and 138 specifically avoids any transport-level configuration, such as what 139 ports to listen-on or connect-to. This affords applications the 140 opportunity to define their own strategy for how the underlying TCP 141 connection is established. For instance, applications supporting 142 NETCONF Call Home [RFC8071] could use the "ssh-server-grouping" 143 grouping for the TLS parts it provides, while adding data nodes for 144 the TCP-level call-home configuration. 146 The modules defined in this document use groupings defined in 147 [I-D.ietf-netconf-keystore] enabling keys to be either locally 148 defined or a reference to globally configured values. 150 2. Terminology 152 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 153 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 154 "OPTIONAL" in this document are to be interpreted as described in BCP 155 14 [RFC2119] [RFC8174] when, and only when, they appear in all 156 capitals, as shown here. 158 3. The TLS Client Model 160 3.1. Tree Diagram 162 This section provides a tree diagram [RFC8340] for the "ietf-tls- 163 client" module that does not have groupings expanded. 165 module: ietf-tls-client 167 grouping tls-client-grouping 168 +---u client-identity-grouping 169 +---u server-auth-grouping 170 +---u hello-params-grouping 171 +---u keepalives-grouping 172 grouping client-identity-grouping 173 +-- tls-client-identity 174 +-- (auth-type)? 175 +--:(certificate) 176 +-- certificate 177 +---u client-identity-grouping 178 grouping server-auth-grouping 179 +-- tls-server-auth 180 +-- pinned-ca-certs? ta:pinned-certificates-ref 181 | {ta:x509-certificates}? 182 +-- pinned-server-certs? ta:pinned-certificates-ref 183 {ta:x509-certificates}? 184 grouping hello-params-grouping 185 +-- tls-hello-params {tls-client-hello-params-config}? 186 +---u hello-params-grouping 187 grouping keepalives-grouping 188 +-- tls-keepalives {tls-client-keepalives}? 189 +-- max-wait? uint16 190 +-- max-attempts? uint8 192 3.2. Example Usage 194 This section presents two examples showing the tls-client-grouping 195 populated with some data. These examples are effectively the same 196 except the first configures the client identity using a local key 197 while the second uses a key configured in a keystore. Both examples 198 are consistent with the examples presented in Section 3 of 199 [I-D.ietf-netconf-trust-anchors] and Section 3.2 of 200 [I-D.ietf-netconf-keystore]. 202 The following example configures the client identity using a local 203 key: 205 ========== NOTE: '\\' line wrapping per BCP XX (RFC XXXX) =========== 207 209 210 211 212 213 ct:rsa2048 215 base64encodedvalue== 216 base64encodedvalue== 217 base64encodedvalue== 218 219 220 222 223 224 explicitly-trusted-server-ca-certs 226 explicitly-trusted-server-certs 228 230 231 30 232 3 233 235 237 The following example configures the client identity using a key from 238 the keystore: 240 ========== NOTE: '\\' line wrapping per BCP XX (RFC XXXX) =========== 242 244 245 246 247 ex-rsa-cert 248 249 251 252 253 explicitly-trusted-server-ca-certs 255 explicitly-trusted-server-certs 257 259 260 30 261 3 262 264 266 3.3. YANG Module 268 This YANG module has normative references to 269 [I-D.ietf-netconf-trust-anchors] and [I-D.ietf-netconf-keystore]. 271 file "ietf-tls-client@2019-03-09.yang" 272 module ietf-tls-client { 273 yang-version 1.1; 274 namespace "urn:ietf:params:xml:ns:yang:ietf-tls-client"; 275 prefix tlsc; 277 import ietf-tls-common { 278 prefix tlscmn; 279 revision-date 2019-03-09; // stable grouping definitions 280 reference 281 "RFC XXXX: YANG Groupings for TLS Clients and TLS Servers"; 282 } 284 import ietf-trust-anchors { 285 prefix ta; 286 reference 287 "RFC YYYY: YANG Data Model for Global Trust Anchors"; 289 } 291 import ietf-keystore { 292 prefix ks; 293 reference 294 "RFC ZZZZ: YANG Data Model for a 'Keystore' Mechanism"; 295 } 297 organization 298 "IETF NETCONF (Network Configuration) Working Group"; 300 contact 301 "WG Web: 302 WG List: 303 Author: Kent Watsen 304 Author: Gary Wu "; 306 description 307 "This module defines reusable groupings for TLS clients that 308 can be used as a basis for specific TLS client instances. 310 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 311 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 312 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document 313 are to be interpreted as described in BCP 14 [RFC2119] 314 [RFC8174] when, and only when, they appear in all 315 capitals, as shown here. 317 Copyright (c) 2019 IETF Trust and the persons identified as 318 authors of the code. All rights reserved. 320 Redistribution and use in source and binary forms, with or 321 without modification, is permitted pursuant to, and subject 322 to the license terms contained in, the Simplified BSD 323 License set forth in Section 4.c of the IETF Trust's 324 Legal Provisions Relating to IETF Documents 325 (http://trustee.ietf.org/license-info). 327 This version of this YANG module is part of RFC XXXX; see 328 the RFC itself for full legal notices."; 330 revision 2019-03-09 { 331 description 332 "Initial version"; 333 reference 334 "RFC XXXX: YANG Groupings for TLS Clients and TLS Servers"; 335 } 336 // Features 338 feature tls-client-hello-params-config { 339 description 340 "TLS hello message parameters are configurable on a TLS 341 client."; 342 } 344 feature tls-client-keepalives { 345 description 346 "Per socket TLS keepalive parameters are configurable for 347 TLS clients on the server implementing this feature."; 348 } 350 // Groupings 352 grouping tls-client-grouping { 353 description 354 "A reusable grouping for configuring a TLS client without 355 any consideration for how an underlying TCP session is 356 established."; 357 uses client-identity-grouping; 358 uses server-auth-grouping; 359 uses hello-params-grouping; 360 uses keepalives-grouping; 361 } 363 grouping client-identity-grouping { 364 description 365 "A reusable grouping for configuring a TLS client identity."; 366 container tls-client-identity { 367 description 368 "The credentials used by the client to authenticate to 369 the TLS server."; 370 choice auth-type { 371 description 372 "The authentication type."; 373 container certificate { 374 uses 375 ks:local-or-keystore-end-entity-cert-with-key-grouping; 376 description 377 "A locally-defined or referenced certificate 378 to be used for client authentication."; 379 reference 380 "RFC ZZZZ: YANG Data Model for a 'Keystore' Mechanism"; 381 } 382 } 383 } 385 } 387 grouping server-auth-grouping { 388 description 389 "A reusable grouping for configuring TLS server 390 authentication."; 391 container tls-server-auth { 392 must 'pinned-ca-certs or pinned-server-certs'; 393 description 394 "Trusted server identities."; 395 leaf pinned-ca-certs { 396 if-feature "ta:x509-certificates"; 397 type ta:pinned-certificates-ref; 398 description 399 "A reference to a list of certificate authority (CA) 400 certificates used by the TLS client to authenticate 401 TLS server certificates. A server certificate is 402 authenticated if it has a valid chain of trust to 403 a configured pinned CA certificate."; 404 } 405 leaf pinned-server-certs { 406 if-feature "ta:x509-certificates"; 407 type ta:pinned-certificates-ref; 408 description 409 "A reference to a list of server certificates used by 410 the TLS client to authenticate TLS server certificates. 411 A server certificate is authenticated if it is an 412 exact match to a configured pinned server certificate."; 413 } 414 } 415 } 417 grouping hello-params-grouping { 418 description 419 "A reusable grouping for configuring a TLS transport 420 parameters."; 421 container tls-hello-params { 422 if-feature "tls-client-hello-params-config"; 423 uses tlscmn:hello-params-grouping; 424 description 425 "Configurable parameters for the TLS hello message."; 426 } 427 } 429 grouping keepalives-grouping { 430 description 431 "A reusable grouping for configuring TLS client keepalive 432 parameters."; 434 container tls-keepalives { 435 if-feature "tls-client-keepalives"; 436 description 437 "Configures the keep-alive policy, to proactively test 438 the aliveness of the TLS server. An unresponsive 439 TLS server is dropped after approximately max-wait 440 * max-attempts seconds."; 441 leaf max-wait { 442 type uint16 { 443 range "1..max"; 444 } 445 units "seconds"; 446 default "30"; 447 description 448 "Sets the amount of time in seconds after which if no data 449 has been received from the TLS server, a TLS-level message 450 will be sent to test the aliveness of the TLS server."; 451 } 452 leaf max-attempts { 453 type uint8; 454 default "3"; 455 description 456 "Sets the maximum number of sequential keep-alive messages 457 that can fail to obtain a response from the TLS server 458 before assuming the TLS server is no longer alive."; 459 } 460 } 461 } 462 } 463 465 4. The TLS Server Model 467 4.1. Tree Diagram 469 This section provides a tree diagram [RFC8340] for the "ietf-tls- 470 server" module that does not have groupings expanded. 472 module: ietf-tls-server 474 grouping tls-server-grouping 475 +---u server-identity-grouping 476 +---u client-auth-grouping 477 +---u hello-params-grouping 478 +---u keepalives-grouping 479 grouping server-identity-grouping 480 +-- tls-server-identity 481 +---u server-identity-grouping 482 grouping client-auth-grouping 483 +-- tls-client-auth 484 +-- pinned-ca-certs? ta:pinned-certificates-ref 485 | {ta:x509-certificates}? 486 +-- pinned-client-certs? ta:pinned-certificates-ref 487 {ta:x509-certificates}? 488 grouping hello-params-grouping 489 +-- tls-hello-params {tls-server-hello-params-config}? 490 +---u hello-params-grouping 491 grouping keepalives-grouping 492 +-- tls-keepalives {tls-server-keepalives}? 493 +-- max-wait? uint16 494 +-- max-attempts? uint8 496 4.2. Example Usage 498 This section presents two examples showing the tls-server-grouping 499 populated with some data. These examples are effectively the same 500 except the first configures the server identity using a local key 501 while the second uses a key configured in a keystore. Both examples 502 are consistent with the examples presented in Section 3 of 503 [I-D.ietf-netconf-trust-anchors] and Section 3.2 of 504 [I-D.ietf-netconf-keystore]. 506 The following example configures the server identity using a local 507 key: 509 ========== NOTE: '\\' line wrapping per BCP XX (RFC XXXX) =========== 511 513 514 515 516 ct:rsa2048 518 base64encodedvalue== 519 base64encodedvalue== 520 base64encodedvalue== 521 522 524 525 526 explicitly-trusted-client-ca-certs 528 explicitly-trusted-client-certs 530 532 534 The following example configures the server identity using a key from 535 the keystore: 537 ========== NOTE: '\\' line wrapping per BCP XX (RFC XXXX) =========== 539 541 542 543 ex-rsa-cert 544 546 547 548 explicitly-trusted-client-ca-certs 550 explicitly-trusted-client-certs 552 554 556 4.3. YANG Module 558 This YANG module has a normative references to [RFC5246], 559 [I-D.ietf-netconf-trust-anchors] and [I-D.ietf-netconf-keystore]. 561 file "ietf-tls-server@2019-03-09.yang" 562 module ietf-tls-server { 563 yang-version 1.1; 564 namespace "urn:ietf:params:xml:ns:yang:ietf-tls-server"; 565 prefix tlss; 567 import ietf-tls-common { 568 prefix tlscmn; 569 revision-date 2019-03-09; // stable grouping definitions 570 reference 571 "RFC XXXX: YANG Groupings for TLS Clients and TLS Servers"; 572 } 574 import ietf-trust-anchors { 575 prefix ta; 576 reference 577 "RFC YYYY: YANG Data Model for Global Trust Anchors"; 578 } 580 import ietf-keystore { 581 prefix ks; 582 reference 583 "RFC ZZZZ: YANG Data Model for a 'Keystore' Mechanism"; 584 } 586 organization 587 "IETF NETCONF (Network Configuration) Working Group"; 589 contact 590 "WG Web: 591 WG List: 592 Author: Kent Watsen 593 Author: Gary Wu "; 595 description 596 "This module defines reusable groupings for TLS servers that 597 can be used as a basis for specific TLS server instances. 599 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 600 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 601 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document 602 are to be interpreted as described in BCP 14 [RFC2119] 603 [RFC8174] when, and only when, they appear in all 604 capitals, as shown here. 606 Copyright (c) 2019 IETF Trust and the persons identified as 607 authors of the code. All rights reserved. 609 Redistribution and use in source and binary forms, with or 610 without modification, is permitted pursuant to, and subject 611 to the license terms contained in, the Simplified BSD 612 License set forth in Section 4.c of the IETF Trust's 613 Legal Provisions Relating to IETF Documents 614 (http://trustee.ietf.org/license-info). 616 This version of this YANG module is part of RFC XXXX; see 617 the RFC itself for full legal notices."; 619 revision 2019-03-09 { 620 description 621 "Initial version"; 622 reference 623 "RFC XXXX: YANG Groupings for TLS Clients and TLS Servers"; 624 } 626 // Features 628 feature tls-server-hello-params-config { 629 description 630 "TLS hello message parameters are configurable on a TLS 631 server."; 632 } 634 feature tls-server-keepalives { 635 description 636 "Per socket TLS keepalive parameters are configurable for 637 TLS servers on the server implementing this feature."; 638 } 640 // Groupings 642 grouping tls-server-grouping { 643 description 644 "A reusable grouping for configuring a TLS server without 645 any consideration for how underlying TCP sessions are 646 established."; 647 uses server-identity-grouping; 648 uses client-auth-grouping; 649 uses hello-params-grouping; 650 uses keepalives-grouping; 651 } 652 grouping server-identity-grouping { 653 description 654 "A reusable grouping for configuring a TLS server identity."; 655 container tls-server-identity { 656 description 657 "A locally-defined or referenced end-entity certificate, 658 including any configured intermediate certificates, the 659 TLS server will present when establishing a TLS connection 660 in its Certificate message, as defined in Section 7.4.2 661 in RFC 5246."; 662 reference 663 "RFC 5246: 664 The Transport Layer Security (TLS) Protocol Version 1.2 665 RFC ZZZZ: 666 YANG Data Model for a 'Keystore' Mechanism"; 667 uses ks:local-or-keystore-end-entity-cert-with-key-grouping; 668 } 669 } 671 grouping client-auth-grouping { 672 description 673 "A reusable grouping for configuring a TLS client 674 authentication."; 675 container tls-client-auth { 676 description 677 "A reference to a list of pinned certificate authority (CA) 678 certificates and a reference to a list of pinned client 679 certificates."; 680 leaf pinned-ca-certs { 681 if-feature "ta:x509-certificates"; 682 type ta:pinned-certificates-ref; 683 description 684 "A reference to a list of certificate authority (CA) 685 certificates used by the TLS server to authenticate 686 TLS client certificates. A client certificate is 687 authenticated if it has a valid chain of trust to 688 a configured pinned CA certificate."; 689 reference 690 "RFC YYYY: YANG Data Model for Global Trust Anchors"; 691 } 692 leaf pinned-client-certs { 693 if-feature "ta:x509-certificates"; 694 type ta:pinned-certificates-ref; 695 description 696 "A reference to a list of client certificates used by 697 the TLS server to authenticate TLS client certificates. 698 A clients certificate is authenticated if it is an 699 exact match to a configured pinned client certificate."; 701 reference 702 "RFC YYYY: YANG Data Model for Global Trust Anchors"; 703 } 704 } 705 } 707 grouping hello-params-grouping { 708 description 709 "A reusable grouping for configuring a TLS transport 710 parameters."; 711 container tls-hello-params { 712 if-feature "tls-server-hello-params-config"; 713 uses tlscmn:hello-params-grouping; 714 description 715 "Configurable parameters for the TLS hello message."; 716 } 717 } 719 grouping keepalives-grouping { 720 description 721 "A reusable grouping for configuring TLS server keepalive 722 parameters."; 723 container tls-keepalives { 724 if-feature "tls-server-keepalives"; 725 description 726 "Configures the keep-alive policy, to proactively test 727 the aliveness of the TLS client. An unresponsive 728 TLS client is dropped after approximately max-wait 729 * max-attempts seconds."; 730 leaf max-wait { 731 type uint16 { 732 range "1..max"; 733 } 734 units "seconds"; 735 default "30"; 736 description 737 "Sets the amount of time in seconds after which if no data 738 has been received from the TLS client, a TLS-level message 739 will be sent to test the aliveness of the TLS client."; 740 } 741 leaf max-attempts { 742 type uint8; 743 default "3"; 744 description 745 "Sets the maximum number of sequential keep-alive messages 746 that can fail to obtain a response from the TLS client 747 before assuming the TLS client is no longer alive."; 748 } 750 } 751 } 752 } 753 755 5. The TLS Common Model 757 The TLS common model presented in this section contains identities 758 and groupings common to both TLS clients and TLS servers. The hello- 759 params-grouping can be used to configure the list of TLS algorithms 760 permitted by the TLS client or TLS server. The lists of algorithms 761 are ordered such that, if multiple algorithms are permitted by the 762 client, the algorithm that appears first in its list that is also 763 permitted by the server is used for the TLS transport layer 764 connection. The ability to restrict the algorithms allowed is 765 provided in this grouping for TLS clients and TLS servers that are 766 capable of doing so and may serve to make TLS clients and TLS servers 767 compliant with local security policies. This model supports both 768 TLS1.2 [RFC5246] and TLS 1.3 [RFC8446]. 770 TLS 1.2 and TLS 1.3 have different ways defining their own supported 771 cryptographic algorithms, see TLS and DTLS IANA registries page 772 (https://www.iana.org/assignments/tls-parameters/tls- 773 parameters.xhtml): 775 o TLS 1.2 defines four categories of registries for cryptographic 776 algorithms: TLS Cipher Suites, TLS SignatureAlgorithm, TLS 777 HashAlgorithm, TLS Supported Groups. TLS Cipher Suites plays the 778 role of combining all of them into one set, as each value of the 779 set represents a unique and feasible combination of all the 780 cryptographic algorithms, and thus the other three registry 781 categories do not need to be considered here. In this document, 782 the TLS common model only chooses those TLS1.2 algorithms in TLS 783 Cipher Suites which are marked as recommended: 784 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 785 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, 786 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, 787 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, and so on. All chosen 788 algorithms are enumerated in Table 1-1 below; 790 o TLS 1.3 defines its supported algorithms differently. Firstly, it 791 defines three categories of registries for cryptographic 792 algorithms: TLS Cipher Suites, TLS SignatureScheme, TLS Supported 793 Groups. Secondly, all three of these categories are useful, since 794 they represent different parts of all the supported algorithms 795 respectively. Thus, all of these registries categories are 796 considered here. In this draft, the TLS common model chooses only 797 those TLS1.3 algorithms specified in B.4, 4.2.3, 4.2.7 of 798 [RFC8446]. 800 Thus, in order to support both TLS1.2 and TLS1.3, the cipher-suites 801 part of the hello-params-grouping should include three parameters for 802 configuring its permitted TLS algorithms, which are: TLS Cipher 803 Suites, TLS SignatureScheme, TLS Supported Groups. Note that TLS1.2 804 only uses TLS Cipher Suites. 806 [I-D.ietf-netconf-crypto-types] defines six categories of 807 cryptographic algorithms (hash-algorithm, symmetric-key-encryption- 808 algorithm, mac-algorithm, asymmetric-key-encryption-algorithm, 809 signature-algorithm, key-negotiation-algorithm) and lists several 810 widely accepted algorithms for each of them. The TLS client and 811 server models use one or more of these algorithms. The following 812 tables are provided, in part to define the subset of algorithms 813 defined in the crypto-types model used by TLS, and in part to ensure 814 compatibility of configured TLS cryptographic parameters for 815 configuring its permitted TLS algorithms: 817 +-----------------------------------------------+---------+ 818 | ciper-suites in hello-params-grouping | HASH | 819 +-----------------------------------------------+---------+ 820 | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | sha-256 | 821 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | sha-384 | 822 | TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 | sha-256 | 823 | TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 | sha-384 | 824 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | sha-256 | 825 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | sha-384 | 826 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | sha-256 | 827 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | sha-384 | 828 | TLS_DHE_RSA_WITH_AES_128_CCM | sha-256 | 829 | TLS_DHE_RSA_WITH_AES_256_CCM | sha-256 | 830 | TLS_DHE_PSK_WITH_AES_128_CCM | sha-256 | 831 | TLS_DHE_PSK_WITH_AES_256_CCM | sha-256 | 832 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | sha-256 | 833 | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 | sha-256 | 834 | TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | sha-256 | 835 | TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 | sha-256 | 836 | TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 | sha-256 | 837 | TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 | sha-256 | 838 | TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 | sha-384 | 839 | TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 | sha-256 | 840 +-----------------------------------------------+---------+ 842 Table 1-1 TLS 1.2 Compatibility Matrix Part 1: ciper-suites mapping 843 to hash-algorithm 845 +--------------------------------------------- +---------------------+ 846 | ciper-suites in hello-params-grouping | symmetric | 847 | | | 848 +--------------------------------------------- +---------------------+ 849 | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | enc-aes-128-gcm | 850 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | enc-aes-256-gcm | 851 | TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 | enc-aes-128-gcm | 852 | TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 | enc-aes-256-gcm | 853 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | enc-aes-128-gcm | 854 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | enc-aes-256-gcm | 855 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | enc-aes-128-gcm | 856 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | enc-aes-256-gcm | 857 | TLS_DHE_RSA_WITH_AES_128_CCM | enc-aes-128-ccm | 858 | TLS_DHE_RSA_WITH_AES_256_CCM | enc-aes-256-ccm | 859 | TLS_DHE_PSK_WITH_AES_128_CCM | enc-aes-128-ccm | 860 | TLS_DHE_PSK_WITH_AES_256_CCM | enc-aes-256-ccm | 861 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |enc-chacha20-poly1305| 862 | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256|enc-chacha20-poly1305| 863 | TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |enc-chacha20-poly1305| 864 | TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 |enc-chacha20-poly1305| 865 | TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 |enc-chacha20-poly1305| 866 | TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 | enc-aes-128-gcm | 867 | TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 | enc-aes-256-gcm | 868 | TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 | enc-aes-128-ccm | 869 +--------------------------------------------- +---------------------+ 871 Table 1-2 TLS 1.2 Compatibility Matrix Part 2: ciper-suites mapping 872 to symmetric-key-encryption-algorithm 874 +--------------------------------------------- +---------------------+ 875 | ciper-suites in hello-params-grouping | MAC | 876 | | | 877 +--------------------------------------------- +---------------------+ 878 | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | mac-aes-128-gcm | 879 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | mac-aes-256-gcm | 880 | TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 | mac-aes-128-gcm | 881 | TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 | mac-aes-256-gcm | 882 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | mac-aes-128-gcm | 883 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | mac-aes-256-gcm | 884 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | mac-aes-128-gcm | 885 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | mac-aes-256-gcm | 886 | TLS_DHE_RSA_WITH_AES_128_CCM | mac-aes-128-ccm | 887 | TLS_DHE_RSA_WITH_AES_256_CCM | mac-aes-256-ccm | 888 | TLS_DHE_PSK_WITH_AES_128_CCM | mac-aes-128-ccm | 889 | TLS_DHE_PSK_WITH_AES_256_CCM | mac-aes-256-ccm | 890 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |mac-chacha20-poly1305| 891 | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256|mac-chacha20-poly1305| 892 | TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |mac-chacha20-poly1305| 893 | TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 |mac-chacha20-poly1305| 894 | TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 |mac-chacha20-poly1305| 895 | TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 | mac-aes-128-gcm | 896 | TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 | mac-aes-256-gcm | 897 | TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 | mac-aes-128-ccm | 898 +--------------------------------------------- +---------------------+ 900 Table 1-3 TLS 1.2 Compatibility Matrix Part 3: ciper-suites mapping 901 to MAC-algorithm 903 +----------------------------------------------+----------------------+ 904 |ciper-suites in hello-params-grouping | signature | 905 +--------------------------------------------- +----------------------+ 906 | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | rsa-pkcs1-sha256 | 907 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | rsa-pkcs1-sha384 | 908 | TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 | N/A | 909 | TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 | N/A | 910 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |ecdsa-secp256r1-sha256| 911 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |ecdsa-secp384r1-sha384| 912 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | rsa-pkcs1-sha256 | 913 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | rsa-pkcs1-sha384 | 914 | TLS_DHE_RSA_WITH_AES_128_CCM | rsa-pkcs1-sha256 | 915 | TLS_DHE_RSA_WITH_AES_256_CCM | rsa-pkcs1-sha256 | 916 | TLS_DHE_PSK_WITH_AES_128_CCM | N/A | 917 | TLS_DHE_PSK_WITH_AES_256_CCM | N/A | 918 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | rsa-pkcs1-sha256 | 919 | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256|ecdsa-secp256r1-sha256| 920 | TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | rsa-pkcs1-sha256 | 921 | TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 | N/A | 922 | TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 | N/A | 923 | TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 | N/A | 924 | TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 | N/A | 925 | TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 | N/A | 926 +----------------------------------------------+----------------------+ 928 Table 1-4 TLS 1.2 Compatibility Matrix Part 4: ciper-suites mapping 929 to signature-algorithm 931 +----------------------------------------------+-----------------------+ 932 |ciper-suites in hello-params-grouping | key-negotiation | 933 +----------------------------------------------+-----------------------+ 934 | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | dhe-ffdhe2048, ... | 935 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | dhe-ffdhe2048, ... | 936 | TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 | psk-dhe-ffdhe2048, ...| 937 | TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 | psk-dhe-ffdhe2048, ...| 938 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | ecdhe-secp256r1, ... | 939 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | ecdhe-secp256r1, ... | 940 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | ecdhe-secp256r1, ... | 941 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | ecdhe-secp256r1, ... | 942 | TLS_DHE_RSA_WITH_AES_128_CCM | dhe-ffdhe2048, ... | 943 | TLS_DHE_RSA_WITH_AES_256_CCM | dhe-ffdhe2048, ... | 944 | TLS_DHE_PSK_WITH_AES_128_CCM | psk-dhe-ffdhe2048, ...| 945 | TLS_DHE_PSK_WITH_AES_256_CCM | psk-dhe-ffdhe2048, ...| 946 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | ecdhe-secp256r1, ... | 947 | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256| ecdhe-secp256r1, ... | 948 | TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | dhe-ffdhe2048, ... | 949 | TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 |psk-ecdhe-secp256r1,...| 950 | TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 | psk-dhe-ffdhe2048, ...| 951 | TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 |psk-ecdhe-secp256r1,...| 952 | TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 |psk-ecdhe-secp256r1,...| 953 | TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 |psk-ecdhe-secp256r1,...| 954 +----------------------------------------------+-----------------------+ 956 Table 1-5 TLS 1.2 Compatibility Matrix Part 5: ciper-suites mapping 957 to key-negotiation-algorithm 959 +------------------------------+---------+ 960 | ciper-suites in hello | HASH | 961 | -params-grouping | | 962 +------------------------------+---------+ 963 | TLS_AES_128_GCM_SHA256 | sha-256 | 964 | TLS_AES_256_GCM_SHA384 | sha-384 | 965 | TLS_CHACHA20_POLY1305_SHA256 | sha-256 | 966 | TLS_AES_128_CCM_SHA256 | sha-256 | 967 +------------------------------+---------+ 969 Table 2-1 TLS 1.3 Compatibility Matrix Part 1: ciper-suites mapping 970 to hash-algorithm 972 +------------------------------+-----------------------+ 973 | ciper-suites in hello | symmetric | 974 | -params-grouping | | 975 +------------------------------+-----------------------+ 976 | TLS_AES_128_GCM_SHA256 | enc-aes-128-gcm | 977 | TLS_AES_256_GCM_SHA384 | enc-aes-128-gcm | 978 | TLS_CHACHA20_POLY1305_SHA256 | enc-chacha20-poly1305 | 979 | TLS_AES_128_CCM_SHA256 | enc-aes-128-ccm | 980 +------------------------------+-----------------------+ 982 Table 2-2 TLS 1.3 Compatibility Matrix Part 2: ciper-suites mapping 983 to symmetric-key--encryption-algorithm 985 +------------------------------+-----------------------+ 986 | ciper-suites in hello | symmetric | 987 | -params-grouping | | 988 +------------------------------+-----------------------+ 989 | TLS_AES_128_GCM_SHA256 | mac-aes-128-gcm | 990 | TLS_AES_256_GCM_SHA384 | mac-aes-128-gcm | 991 | TLS_CHACHA20_POLY1305_SHA256 | mac-chacha20-poly1305 | 992 | TLS_AES_128_CCM_SHA256 | mac-aes-128-ccm | 993 +------------------------------+-----------------------+ 995 Table 2-3 TLS 1.3 Compatibility Matrix Part 3: ciper-suites mapping 996 to MAC-algorithm 998 +----------------------------+-------------------------+ 999 |signatureScheme in hello | signature | 1000 | -params-grouping | | 1001 +----------------------------+-------------------------+ 1002 | rsa-pkcs1-sha256 | rsa-pkcs1-sha256 | 1003 | rsa-pkcs1-sha384 | rsa-pkcs1-sha384 | 1004 | rsa-pkcs1-sha512 | rsa-pkcs1-sha512 | 1005 | rsa-pss-rsae-sha256 | rsa-pss-rsae-sha256 | 1006 | rsa-pss-rsae-sha384 | rsa-pss-rsae-sha384 | 1007 | rsa-pss-rsae-sha512 | rsa-pss-rsae-sha512 | 1008 | rsa-pss-pss-sha256 | rsa-pss-pss-sha256 | 1009 | rsa-pss-pss-sha384 | rsa-pss-pss-sha384 | 1010 | rsa-pss-pss-sha512 | rsa-pss-pss-sha512 | 1011 | ecdsa-secp256r1-sha256 | ecdsa-secp256r1-sha256 | 1012 | ecdsa-secp384r1-sha384 | ecdsa-secp384r1-sha384 | 1013 | ecdsa-secp521r1-sha512 | ecdsa-secp521r1-sha512 | 1014 | ed25519 | ed25519 | 1015 | ed448 | ed448 | 1016 +----------------------------+-------------------------+ 1018 Table 2-4 TLS 1.3 Compatibility Matrix Part 4: SignatureScheme 1019 mapping to signature-algorithm 1021 +----------------------------+-------------------------+ 1022 |supported Groups in hello | key-negotiation | 1023 | -params-grouping | | 1024 +----------------------------+-------------------------+ 1025 | dhe-ffdhe2048 | dhe-ffdhe2048 | 1026 | dhe-ffdhe3072 | dhe-ffdhe3072 | 1027 | dhe-ffdhe4096 | dhe-ffdhe4096 | 1028 | dhe-ffdhe6144 | dhe-ffdhe6144 | 1029 | dhe-ffdhe8192 | dhe-ffdhe8192 | 1030 | psk-dhe-ffdhe2048 | psk-dhe-ffdhe2048 | 1031 | psk-dhe-ffdhe3072 | psk-dhe-ffdhe3072 | 1032 | psk-dhe-ffdhe4096 | psk-dhe-ffdhe4096 | 1033 | psk-dhe-ffdhe6144 | psk-dhe-ffdhe6144 | 1034 | psk-dhe-ffdhe8192 | psk-dhe-ffdhe8192 | 1035 | ecdhe-secp256r1 | ecdhe-secp256r1 | 1036 | ecdhe-secp384r1 | ecdhe-secp384r1 | 1037 | ecdhe-secp521r1 | ecdhe-secp521r1 | 1038 | ecdhe-x25519 | ecdhe-x25519 | 1039 | ecdhe-x448 | ecdhe-x448 | 1040 | psk-ecdhe-secp256r1 | psk-ecdhe-secp256r1 | 1041 | psk-ecdhe-secp384r1 | psk-ecdhe-secp384r1 | 1042 | psk-ecdhe-secp521r1 | psk-ecdhe-secp521r1 | 1043 | psk-ecdhe-x25519 | psk-ecdhe-x25519 | 1044 | psk-ecdhe-x448 | psk-ecdhe-x448 | 1045 +----------------------------+-------------------------+ 1047 Table 2-5 TLS 1.3 Compatibility Matrix Part 5: Supported Groups 1048 mapping to key-negotiation-algorithm 1050 Note that in Table 1-5: 1052 o dhe-ffdhe2048, ... is the abbreviation of dhe-ffdhe2048, dhe- 1053 ffdhe3072, dhe-ffdhe4096, dhe-ffdhe6144, dhe-ffdhe8192; 1055 o psk-dhe-ffdhe2048, ... is the abbreviation of psk-dhe-ffdhe2048, 1056 psk-dhe-ffdhe3072, psk-dhe-ffdhe4096, psk-dhe-ffdhe6144, psk-dhe- 1057 ffdhe8192; 1059 o ecdhe-secp256r1, ... is the abbreviation of ecdhe-secp256r1, 1060 ecdhe-secp384r1, ecdhe-secp521r1, ecdhe-x25519, ecdhe-x448; 1062 o psk-ecdhe-secp256r1, ... is the abbreviation of psk-ecdhe- 1063 secp256r1, psk-ecdhe-secp384r1, psk-ecdhe-secp521r1, psk-ecdhe- 1064 x25519, psk-ecdhe-x448. 1066 Features are defined for algorithms that are OPTIONAL or are not 1067 widely supported by popular implementations. Note that the list of 1068 algorithms is not exhaustive. 1070 5.1. Tree Diagram 1072 The following tree diagram [RFC8340] provides an overview of the data 1073 model for the "ietf-tls-common" module. 1075 module: ietf-tls-common 1077 grouping hello-params-grouping 1078 +-- tls-versions 1079 | +-- tls-version* identityref 1080 +-- cipher-suites 1081 +-- cipher-suite* identityref 1083 5.2. Example Usage 1085 This section shows how it would appear if the transport-params- 1086 grouping were populated with some data. 1088 1091 1092 tlscmn:tls-1.1 1093 tlscmn:tls-1.2 1094 1095 1096 tlscmn:dhe-rsa-with-aes-128-cbc-sha 1097 tlscmn:rsa-with-aes-128-cbc-sha 1098 tlscmn:rsa-with-3des-ede-cbc-sha 1099 1100 1102 5.3. YANG Module 1104 This YANG module has a normative references to [RFC4346], [RFC5246], 1105 [RFC5288], [RFC5289], and [RFC8422]. 1107 This YANG module has a informative references to [RFC2246], 1108 [RFC4346], [RFC5246], and [RFC8446]. 1110 file "ietf-tls-common@2019-03-09.yang" 1111 module ietf-tls-common { 1112 yang-version 1.1; 1113 namespace "urn:ietf:params:xml:ns:yang:ietf-tls-common"; 1114 prefix tlscmn; 1116 organization 1117 "IETF NETCONF (Network Configuration) Working Group"; 1119 contact 1120 "WG Web: 1121 WG List: 1122 Author: Kent Watsen 1123 Author: Gary Wu "; 1125 description 1126 "This module defines a common features, identities, and 1127 groupings for Transport Layer Security (TLS). 1129 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 1130 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 1131 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document 1132 are to be interpreted as described in BCP 14 [RFC2119] 1133 [RFC8174] when, and only when, they appear in all 1134 capitals, as shown here. 1136 Copyright (c) 2019 IETF Trust and the persons identified as 1137 authors of the code. All rights reserved. 1139 Redistribution and use in source and binary forms, with or 1140 without modification, is permitted pursuant to, and subject 1141 to the license terms contained in, the Simplified BSD 1142 License set forth in Section 4.c of the IETF Trust's 1143 Legal Provisions Relating to IETF Documents 1144 (http://trustee.ietf.org/license-info). 1146 This version of this YANG module is part of RFC XXXX; see 1147 the RFC itself for full legal notices."; 1149 revision 2019-03-09 { 1150 description 1151 "Initial version"; 1152 reference 1153 "RFC XXXX: YANG Groupings for TLS Clients and TLS Servers"; 1154 } 1156 // Features 1158 feature tls-1_0 { 1159 description 1160 "TLS Protocol Version 1.0 is supported."; 1161 reference 1162 "RFC 2246: The TLS Protocol Version 1.0"; 1163 } 1165 feature tls-1_1 { 1166 description 1167 "TLS Protocol Version 1.1 is supported."; 1168 reference 1169 "RFC 4346: The Transport Layer Security (TLS) Protocol 1170 Version 1.1"; 1171 } 1173 feature tls-1_2 { 1174 description 1175 "TLS Protocol Version 1.2 is supported."; 1176 reference 1177 "RFC 5246: The Transport Layer Security (TLS) Protocol 1178 Version 1.2"; 1179 } 1181 feature tls-1_3 { 1182 description 1183 "TLS Protocol Version 1.2 is supported."; 1184 reference 1185 "RFC 8446: The Transport Layer Security (TLS) Protocol 1186 Version 1.3"; 1187 } 1189 feature tls-ecc { 1190 description 1191 "Elliptic Curve Cryptography (ECC) is supported for TLS."; 1192 reference 1193 "RFC 8422: Elliptic Curve Cryptography (ECC) Cipher Suites 1194 for Transport Layer Security (TLS)"; 1195 } 1197 feature tls-dhe { 1198 description 1199 "Ephemeral Diffie-Hellman key exchange is supported for TLS."; 1200 reference 1201 "RFC 5246: The Transport Layer Security (TLS) Protocol 1202 Version 1.2"; 1203 } 1205 feature tls-3des { 1206 description 1207 "The Triple-DES block cipher is supported for TLS."; 1208 reference 1209 "RFC 5246: The Transport Layer Security (TLS) Protocol 1210 Version 1.2"; 1211 } 1213 feature tls-gcm { 1214 description 1215 "The Galois/Counter Mode authenticated encryption mode is 1216 supported for TLS."; 1217 reference 1218 "RFC 5288: AES Galois Counter Mode (GCM) Cipher Suites for 1219 TLS"; 1220 } 1222 feature tls-sha2 { 1223 description 1224 "The SHA2 family of cryptographic hash functions is supported 1225 for TLS."; 1226 reference 1227 "FIPS PUB 180-4: Secure Hash Standard (SHS)"; 1228 } 1230 // Identities 1232 identity tls-version-base { 1233 description 1234 "Base identity used to identify TLS protocol versions."; 1235 } 1237 identity tls-1.0 { 1238 base tls-version-base; 1239 if-feature "tls-1_0"; 1240 description 1241 "TLS Protocol Version 1.0."; 1242 reference 1243 "RFC 2246: The TLS Protocol Version 1.0"; 1244 } 1246 identity tls-1.1 { 1247 base tls-version-base; 1248 if-feature "tls-1_1"; 1249 description 1250 "TLS Protocol Version 1.1."; 1251 reference 1252 "RFC 4346: The Transport Layer Security (TLS) Protocol 1253 Version 1.1"; 1254 } 1256 identity tls-1.2 { 1257 base tls-version-base; 1258 if-feature "tls-1_2"; 1259 description 1260 "TLS Protocol Version 1.2."; 1261 reference 1262 "RFC 5246: The Transport Layer Security (TLS) Protocol 1263 Version 1.2"; 1264 } 1266 identity cipher-suite-base { 1267 description 1268 "Base identity used to identify TLS cipher suites."; 1269 } 1271 identity rsa-with-aes-128-cbc-sha { 1272 base cipher-suite-base; 1273 description 1274 "Cipher suite TLS_RSA_WITH_AES_128_CBC_SHA."; 1275 reference 1276 "RFC 5246: The Transport Layer Security (TLS) Protocol 1277 Version 1.2"; 1278 } 1280 identity rsa-with-aes-256-cbc-sha { 1281 base cipher-suite-base; 1282 description 1283 "Cipher suite TLS_RSA_WITH_AES_256_CBC_SHA."; 1284 reference 1285 "RFC 5246: The Transport Layer Security (TLS) Protocol 1286 Version 1.2"; 1287 } 1289 identity rsa-with-aes-128-cbc-sha256 { 1290 base cipher-suite-base; 1291 if-feature "tls-sha2"; 1292 description 1293 "Cipher suite TLS_RSA_WITH_AES_128_CBC_SHA256."; 1294 reference 1295 "RFC 5246: The Transport Layer Security (TLS) Protocol 1296 Version 1.2"; 1297 } 1299 identity rsa-with-aes-256-cbc-sha256 { 1300 base cipher-suite-base; 1301 if-feature "tls-sha2"; 1302 description 1303 "Cipher suite TLS_RSA_WITH_AES_256_CBC_SHA256."; 1304 reference 1305 "RFC 5246: The Transport Layer Security (TLS) Protocol 1306 Version 1.2"; 1307 } 1309 identity dhe-rsa-with-aes-128-cbc-sha { 1310 base cipher-suite-base; 1311 if-feature "tls-dhe"; 1312 description 1313 "Cipher suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA."; 1314 reference 1315 "RFC 5246: The Transport Layer Security (TLS) Protocol 1316 Version 1.2"; 1317 } 1319 identity dhe-rsa-with-aes-256-cbc-sha { 1320 base cipher-suite-base; 1321 if-feature "tls-dhe"; 1322 description 1323 "Cipher suite TLS_DHE_RSA_WITH_AES_256_CBC_SHA."; 1324 reference 1325 "RFC 5246: The Transport Layer Security (TLS) Protocol 1326 Version 1.2"; 1327 } 1329 identity dhe-rsa-with-aes-128-cbc-sha256 { 1330 base cipher-suite-base; 1331 if-feature "tls-dhe and tls-sha2"; 1332 description 1333 "Cipher suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256."; 1334 reference 1335 "RFC 5246: The Transport Layer Security (TLS) Protocol 1336 Version 1.2"; 1337 } 1339 identity dhe-rsa-with-aes-256-cbc-sha256 { 1340 base cipher-suite-base; 1341 if-feature "tls-dhe and tls-sha2"; 1342 description 1343 "Cipher suite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256."; 1344 reference 1345 "RFC 5246: The Transport Layer Security (TLS) Protocol 1346 Version 1.2"; 1347 } 1349 identity ecdhe-ecdsa-with-aes-128-cbc-sha256 { 1350 base cipher-suite-base; 1351 if-feature "tls-ecc and tls-sha2"; 1352 description 1353 "Cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256."; 1354 reference 1355 "RFC 5289: TLS Elliptic Curve Cipher Suites with 1356 SHA-256/384 and AES Galois Counter Mode (GCM)"; 1357 } 1358 identity ecdhe-ecdsa-with-aes-256-cbc-sha384 { 1359 base cipher-suite-base; 1360 if-feature "tls-ecc and tls-sha2"; 1361 description 1362 "Cipher suite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384."; 1363 reference 1364 "RFC 5289: TLS Elliptic Curve Cipher Suites with 1365 SHA-256/384 and AES Galois Counter Mode (GCM)"; 1366 } 1368 identity ecdhe-rsa-with-aes-128-cbc-sha256 { 1369 base cipher-suite-base; 1370 if-feature "tls-ecc and tls-sha2"; 1371 description 1372 "Cipher suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256."; 1373 reference 1374 "RFC 5289: TLS Elliptic Curve Cipher Suites with 1375 SHA-256/384 and AES Galois Counter Mode (GCM)"; 1376 } 1378 identity ecdhe-rsa-with-aes-256-cbc-sha384 { 1379 base cipher-suite-base; 1380 if-feature "tls-ecc and tls-sha2"; 1381 description 1382 "Cipher suite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384."; 1383 reference 1384 "RFC 5289: TLS Elliptic Curve Cipher Suites with 1385 SHA-256/384 and AES Galois Counter Mode (GCM)"; 1386 } 1388 identity ecdhe-ecdsa-with-aes-128-gcm-sha256 { 1389 base cipher-suite-base; 1390 if-feature "tls-ecc and tls-gcm and tls-sha2"; 1391 description 1392 "Cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256."; 1393 reference 1394 "RFC 5289: TLS Elliptic Curve Cipher Suites with 1395 SHA-256/384 and AES Galois Counter Mode (GCM)"; 1396 } 1398 identity ecdhe-ecdsa-with-aes-256-gcm-sha384 { 1399 base cipher-suite-base; 1400 if-feature "tls-ecc and tls-gcm and tls-sha2"; 1401 description 1402 "Cipher suite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384."; 1403 reference 1404 "RFC 5289: TLS Elliptic Curve Cipher Suites with 1405 SHA-256/384 and AES Galois Counter Mode (GCM)"; 1407 } 1409 identity ecdhe-rsa-with-aes-128-gcm-sha256 { 1410 base cipher-suite-base; 1411 if-feature "tls-ecc and tls-gcm and tls-sha2"; 1412 description 1413 "Cipher suite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256."; 1414 reference 1415 "RFC 5289: TLS Elliptic Curve Cipher Suites with 1416 SHA-256/384 and AES Galois Counter Mode (GCM)"; 1417 } 1419 identity ecdhe-rsa-with-aes-256-gcm-sha384 { 1420 base cipher-suite-base; 1421 if-feature "tls-ecc and tls-gcm and tls-sha2"; 1422 description 1423 "Cipher suite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384."; 1424 reference 1425 "RFC 5289: TLS Elliptic Curve Cipher Suites with 1426 SHA-256/384 and AES Galois Counter Mode (GCM)"; 1427 } 1429 identity rsa-with-3des-ede-cbc-sha { 1430 base cipher-suite-base; 1431 if-feature "tls-3des"; 1432 description 1433 "Cipher suite TLS_RSA_WITH_3DES_EDE_CBC_SHA."; 1434 reference 1435 "RFC 5246: The Transport Layer Security (TLS) Protocol 1436 Version 1.2"; 1437 } 1439 identity ecdhe-rsa-with-3des-ede-cbc-sha { 1440 base cipher-suite-base; 1441 if-feature "tls-ecc and tls-3des"; 1442 description 1443 "Cipher suite TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA."; 1444 reference 1445 "RFC 8422: Elliptic Curve Cryptography (ECC) Cipher Suites 1446 for Transport Layer Security (TLS)"; 1447 } 1449 identity ecdhe-rsa-with-aes-128-cbc-sha { 1450 base cipher-suite-base; 1451 if-feature "tls-ecc"; 1452 description 1453 "Cipher suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA."; 1454 reference 1455 "RFC 8422: Elliptic Curve Cryptography (ECC) Cipher Suites 1456 for Transport Layer Security (TLS)"; 1457 } 1459 identity ecdhe-rsa-with-aes-256-cbc-sha { 1460 base cipher-suite-base; 1461 if-feature "tls-ecc"; 1462 description 1463 "Cipher suite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA."; 1464 reference 1465 "RFC 8422: Elliptic Curve Cryptography (ECC) Cipher Suites 1466 for Transport Layer Security (TLS)"; 1467 } 1469 // Groupings 1471 grouping hello-params-grouping { 1472 description 1473 "A reusable grouping for TLS hello message parameters."; 1474 reference 1475 "RFC 5246: The Transport Layer Security (TLS) Protocol 1476 Version 1.2"; 1477 container tls-versions { 1478 description 1479 "Parameters regarding TLS versions."; 1480 leaf-list tls-version { 1481 type identityref { 1482 base tls-version-base; 1483 } 1484 description 1485 "Acceptable TLS protocol versions. 1487 If this leaf-list is not configured (has zero elements) 1488 the acceptable TLS protocol versions are implementation- 1489 defined."; 1490 } 1491 } 1492 container cipher-suites { 1493 description 1494 "Parameters regarding cipher suites."; 1495 leaf-list cipher-suite { 1496 type identityref { 1497 base cipher-suite-base; 1498 } 1499 ordered-by user; 1500 description 1501 "Acceptable cipher suites in order of descending 1502 preference. The configured host key algorithms should 1503 be compatible with the algorithm used by the configured 1504 private key. Please see Section 5 of RFC XXXX for 1505 valid combinations. 1507 If this leaf-list is not configured (has zero elements) 1508 the acceptable cipher suites are implementation- 1509 defined."; 1510 reference 1511 "RFC XXXX: YANG Groupings for TLS Clients and TLS Servers"; 1512 } 1513 } 1514 } 1515 } 1516 1518 6. Security Considerations 1520 The YANG modules defined in this document are designed to be accessed 1521 via YANG based management protocols, such as NETCONF [RFC6241] and 1522 RESTCONF [RFC8040]. Both of these protocols have mandatory-to- 1523 implement secure transport layers (e.g., SSH, TLS) with mutual 1524 authentication. 1526 The NETCONF access control model (NACM) [RFC8341] provides the means 1527 to restrict access for particular users to a pre-configured subset of 1528 all available protocol operations and content. 1530 Since the modules defined in this document only define groupings, 1531 these considerations are primarily for the designers of other modules 1532 that use these groupings. 1534 There are a number of data nodes defined in the YANG modules that are 1535 writable/creatable/deletable (i.e., config true, which is the 1536 default). These data nodes may be considered sensitive or vulnerable 1537 in some network environments. Write operations (e.g., edit-config) 1538 to these data nodes without proper protection can have a negative 1539 effect on network operations. These are the subtrees and data nodes 1540 and their sensitivity/vulnerability: 1542 /: The entire data tree of all the groupings defined in this draft 1543 is sensitive to write operations. For instance, the addition 1544 or removal of references to keys, certificates, trusted 1545 anchors, etc., can dramatically alter the implemented security 1546 policy. However, no NACM annotations are applied as the data 1547 SHOULD be editable by users other than a designated 'recovery 1548 session'. 1550 Some of the readable data nodes in the YANG modules may be considered 1551 sensitive or vulnerable in some network environments. It is thus 1552 important to control read access (e.g., via get, get-config, or 1553 notification) to these data nodes. These are the subtrees and data 1554 nodes and their sensitivity/vulnerability: 1556 NONE 1558 Some of the RPC operations in this YANG module may be considered 1559 sensitive or vulnerable in some network environments. It is thus 1560 important to control access to these operations. These are the 1561 operations and their sensitivity/vulnerability: 1563 NONE 1565 7. IANA Considerations 1567 7.1. The IETF XML Registry 1569 This document registers three URIs in the "ns" subregistry of the 1570 IETF XML Registry [RFC3688]. Following the format in [RFC3688], the 1571 following registrations are requested: 1573 URI: urn:ietf:params:xml:ns:yang:ietf-tls-client 1574 Registrant Contact: The NETCONF WG of the IETF. 1575 XML: N/A, the requested URI is an XML namespace. 1577 URI: urn:ietf:params:xml:ns:yang:ietf-tls-server 1578 Registrant Contact: The NETCONF WG of the IETF. 1579 XML: N/A, the requested URI is an XML namespace. 1581 URI: urn:ietf:params:xml:ns:yang:ietf-tls-common 1582 Registrant Contact: The NETCONF WG of the IETF. 1583 XML: N/A, the requested URI is an XML namespace. 1585 7.2. The YANG Module Names Registry 1587 This document registers three YANG modules in the YANG Module Names 1588 registry [RFC6020]. Following the format in [RFC6020], the following 1589 registrations are requested: 1591 name: ietf-tls-client 1592 namespace: urn:ietf:params:xml:ns:yang:ietf-tls-client 1593 prefix: tlsc 1594 reference: RFC XXXX 1596 name: ietf-tls-server 1597 namespace: urn:ietf:params:xml:ns:yang:ietf-tls-server 1598 prefix: tlss 1599 reference: RFC XXXX 1601 name: ietf-tls-common 1602 namespace: urn:ietf:params:xml:ns:yang:ietf-tls-common 1603 prefix: tlscmn 1604 reference: RFC XXXX 1606 8. References 1608 8.1. Normative References 1610 [I-D.ietf-netconf-crypto-types] 1611 Watsen, K. and H. Wang, "Common YANG Data Types for 1612 Cryptography", draft-ietf-netconf-crypto-types-02 (work in 1613 progress), October 2018. 1615 [I-D.ietf-netconf-keystore] 1616 Watsen, K., "YANG Data Model for a Centralized Keystore 1617 Mechanism", draft-ietf-netconf-keystore-08 (work in 1618 progress), March 2019. 1620 [I-D.ietf-netconf-trust-anchors] 1621 Watsen, K., "YANG Data Model for Global Trust Anchors", 1622 draft-ietf-netconf-trust-anchors-03 (work in progress), 1623 March 2019. 1625 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1626 Requirement Levels", BCP 14, RFC 2119, 1627 DOI 10.17487/RFC2119, March 1997, 1628 . 1630 [RFC5288] Salowey, J., Choudhury, A., and D. McGrew, "AES Galois 1631 Counter Mode (GCM) Cipher Suites for TLS", RFC 5288, 1632 DOI 10.17487/RFC5288, August 2008, 1633 . 1635 [RFC5289] Rescorla, E., "TLS Elliptic Curve Cipher Suites with SHA- 1636 256/384 and AES Galois Counter Mode (GCM)", RFC 5289, 1637 DOI 10.17487/RFC5289, August 2008, 1638 . 1640 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1641 the Network Configuration Protocol (NETCONF)", RFC 6020, 1642 DOI 10.17487/RFC6020, October 2010, 1643 . 1645 [RFC7589] Badra, M., Luchuk, A., and J. Schoenwaelder, "Using the 1646 NETCONF Protocol over Transport Layer Security (TLS) with 1647 Mutual X.509 Authentication", RFC 7589, 1648 DOI 10.17487/RFC7589, June 2015, 1649 . 1651 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 1652 RFC 7950, DOI 10.17487/RFC7950, August 2016, 1653 . 1655 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1656 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1657 May 2017, . 1659 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 1660 Access Control Model", STD 91, RFC 8341, 1661 DOI 10.17487/RFC8341, March 2018, 1662 . 1664 [RFC8422] Nir, Y., Josefsson, S., and M. Pegourie-Gonnard, "Elliptic 1665 Curve Cryptography (ECC) Cipher Suites for Transport Layer 1666 Security (TLS) Versions 1.2 and Earlier", RFC 8422, 1667 DOI 10.17487/RFC8422, August 2018, 1668 . 1670 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 1671 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 1672 . 1674 8.2. Informative References 1676 [RFC2246] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", 1677 RFC 2246, DOI 10.17487/RFC2246, January 1999, 1678 . 1680 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, 1681 DOI 10.17487/RFC2818, May 2000, 1682 . 1684 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 1685 DOI 10.17487/RFC3688, January 2004, 1686 . 1688 [RFC4346] Dierks, T. and E. Rescorla, "The Transport Layer Security 1689 (TLS) Protocol Version 1.1", RFC 4346, 1690 DOI 10.17487/RFC4346, April 2006, 1691 . 1693 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 1694 (TLS) Protocol Version 1.2", RFC 5246, 1695 DOI 10.17487/RFC5246, August 2008, 1696 . 1698 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1699 and A. Bierman, Ed., "Network Configuration Protocol 1700 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1701 . 1703 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 1704 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 1705 . 1707 [RFC8071] Watsen, K., "NETCONF Call Home and RESTCONF Call Home", 1708 RFC 8071, DOI 10.17487/RFC8071, February 2017, 1709 . 1711 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 1712 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 1713 . 1715 Appendix A. Change Log 1717 A.1. 00 to 01 1719 o Noted that '0.0.0.0' and '::' might have special meanings. 1721 o Renamed "keychain" to "keystore". 1723 A.2. 01 to 02 1725 o Removed the groupings containing transport-level configuration. 1726 Now modules contain only the transport-independent groupings. 1728 o Filled in previously incomplete 'ietf-tls-client' module. 1730 o Added cipher suites for various algorithms into new 'ietf-tls- 1731 common' module. 1733 A.3. 02 to 03 1735 o Added a 'must' statement to container 'server-auth' asserting that 1736 at least one of the various auth mechanisms must be specified. 1738 o Fixed description statement for leaf 'trusted-ca-certs'. 1740 A.4. 03 to 04 1742 o Updated title to "YANG Groupings for TLS Clients and TLS Servers" 1744 o Updated leafref paths to point to new keystore path 1746 o Changed the YANG prefix for ietf-tls-common from 'tlscom' to 1747 'tlscmn'. 1749 o Added TLS protocol verions 1.0 and 1.1. 1751 o Made author lists consistent 1753 o Now tree diagrams reference ietf-netmod-yang-tree-diagrams 1755 o Updated YANG to use typedefs around leafrefs to common keystore 1756 paths 1758 o Now inlines key and certificates (no longer a leafref to keystore) 1760 A.5. 04 to 05 1762 o Merged changes from co-author. 1764 A.6. 05 to 06 1766 o Updated to use trust anchors from trust-anchors draft (was 1767 keystore draft) 1769 o Now Uses new keystore grouping enabling asymmetric key to be 1770 either locally defined or a reference to the keystore. 1772 A.7. 06 to 07 1774 o factored the tls-[client|server]-groupings into more reusable 1775 groupings. 1777 o added if-feature statements for the new "x509-certificates" 1778 feature defined in draft-ietf-netconf-trust-anchors. 1780 A.8. 07 to 08 1782 o Added a number of compatibility matrices to Section 5 (thanks 1783 Frank!) 1785 o Clarified that any configured "cipher-suite" values need to be 1786 compatible with the configured private key. 1788 A.9. 08 to 09 1790 o Updated examples to reflect update to groupings defined in the 1791 keystore draft. 1793 o Add TLS keepalives features and groupings. 1795 o Prefixed top-level TLS grouping nodes with 'tls-' and support 1796 mashups. 1798 o Updated copyright date, boilerplate template, affiliation, and 1799 folding algorithm. 1801 A.10. 09 to 10 1803 o Reformatted the YANG modules. 1805 Acknowledgements 1807 The authors would like to thank for following for lively discussions 1808 on list and in the halls (ordered by last name): Andy Bierman, Martin 1809 Bjorklund, Benoit Claise, Mehmet Ersue, Balazs Kovacs, David 1810 Lamparter, Alan Luchuk, Ladislav Lhotka, Radek Krejci, Tom Petch, 1811 Juergen Schoenwaelder, Phil Shafer, Sean Turner, and Bert Wijnen. 1813 Authors' Addresses 1815 Kent Watsen 1816 Watsen Networks 1818 EMail: kent+ietf@watsen.net 1820 Gary Wu 1821 Cisco Systems 1823 EMail: garywu@cisco.com 1825 Liang Xia 1826 Huawei 1828 EMail: frank.xialiang@huawei.com