draft-ietf-rtgwg-yang-key-chain-10.txt   draft-ietf-rtgwg-yang-key-chain-11.txt 
Network Working Group A. Lindem, Ed. Network Working Group A. Lindem, Ed.
Internet-Draft Y. Qu Internet-Draft Y. Qu
Intended status: Standards Track Cisco Systems Intended status: Standards Track Cisco Systems
Expires: April 30, 2017 D. Yeung Expires: May 18, 2017 D. Yeung
Arrcus, Inc Arrcus, Inc
I. Chen I. Chen
Ericsson Ericsson
J. Zhang J. Zhang
Juniper Networks Juniper Networks
Y. Yang Y. Yang
Individual Contributor Individual Contributor
October 27, 2016 November 14, 2016
Routing Key Chain YANG Data Model Routing Key Chain YANG Data Model
draft-ietf-rtgwg-yang-key-chain-10.txt draft-ietf-rtgwg-yang-key-chain-11.txt
Abstract Abstract
This document describes the key chain YANG data model. A key chain This document describes the key chain YANG data model. A key chain
is a list of elements each containing a key, send lifetime, accept is a list of elements each containing a key, send lifetime, accept
lifetime, and algorithm (authentication or encryption). By properly lifetime, and algorithm (authentication or encryption). By properly
overlapping the send and accept lifetimes of multiple key chain overlapping the send and accept lifetimes of multiple key chain
elements, keys and algorithms may be gracefully updated. By elements, keys and algorithms may be gracefully updated. By
representing them in a YANG data model, key distribution can be representing them in a YANG data model, key distribution can be
automated. Key chains are commonly used for routing protocol automated. Key chains are commonly used for routing protocol
skipping to change at page 1, line 49 skipping to change at page 1, line 49
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 30, 2017. This Internet-Draft will expire on May 18, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 33 skipping to change at page 2, line 33
1.1. Requirements Notation . . . . . . . . . . . . . . . . . . 3 1.1. Requirements Notation . . . . . . . . . . . . . . . . . . 3
1.2. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3
2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3
2.1. Applicability . . . . . . . . . . . . . . . . . . . . . . 4 2.1. Applicability . . . . . . . . . . . . . . . . . . . . . . 4
2.2. Graceful Key Rollover using Key Chains . . . . . . . . . 4 2.2. Graceful Key Rollover using Key Chains . . . . . . . . . 4
3. Design of the Key Chain Model . . . . . . . . . . . . . . . . 5 3. Design of the Key Chain Model . . . . . . . . . . . . . . . . 5
3.1. Key Chain Operational State . . . . . . . . . . . . . . . 5 3.1. Key Chain Operational State . . . . . . . . . . . . . . . 5
3.2. Key Chain Model Features . . . . . . . . . . . . . . . . 6 3.2. Key Chain Model Features . . . . . . . . . . . . . . . . 6
3.3. Key Chain Model Tree . . . . . . . . . . . . . . . . . . 6 3.3. Key Chain Model Tree . . . . . . . . . . . . . . . . . . 6
4. Key Chain YANG Model . . . . . . . . . . . . . . . . . . . . 9 4. Key Chain YANG Model . . . . . . . . . . . . . . . . . . . . 9
5. Security Considerations . . . . . . . . . . . . . . . . . . . 19 5. Security Considerations . . . . . . . . . . . . . . . . . . . 20
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 20 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 21
7.1. Normative References . . . . . . . . . . . . . . . . . . 20 7.1. Normative References . . . . . . . . . . . . . . . . . . 21
7.2. Informative References . . . . . . . . . . . . . . . . . 21 7.2. Informative References . . . . . . . . . . . . . . . . . 21
Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 22 Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 22
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22
1. Introduction 1. Introduction
This document describes the key chain YANG data model. A key chain This document describes the key chain YANG data model. A key chain
is a list of elements each containing a key, send lifetime, accept is a list of elements each containing a key, send lifetime, accept
lifetime, and algorithm (authentication or encryption). By properly lifetime, and algorithm (authentication or encryption). By properly
overlapping the send and accept lifetimes of multiple key chain overlapping the send and accept lifetimes of multiple key chain
skipping to change at page 8, line 13 skipping to change at page 8, line 13
| | +--:(hexadecimal) {hex-key-string}? | | +--:(hexadecimal) {hex-key-string}?
| | +--rw hexadecimal-string? yang:hex-string | | +--rw hexadecimal-string? yang:hex-string
| +--rw aes-key-wrap {aes-key-wrap}? | +--rw aes-key-wrap {aes-key-wrap}?
| +--rw enable? boolean | +--rw enable? boolean
+--ro key-chain-state +--ro key-chain-state
+--ro key-chain-list* [name] +--ro key-chain-list* [name]
| +--ro name string | +--ro name string
| +--ro description? string | +--ro description? string
| +--ro accept-tolerance {accept-tolerance}? | +--ro accept-tolerance {accept-tolerance}?
| | +--ro duration? uint32 | | +--ro duration? uint32
| +--ro last-modified-timestamp? yang:date-and-time
| +--ro key-chain-entries* [key-id] | +--ro key-chain-entries* [key-id]
| +--ro key-id uint64 | +--ro key-id uint64
| +--ro lifetime | +--ro lifetime
| | +--ro (lifetime)? | | +--ro (lifetime)?
| | +--:(send-and-accept-lifetime) | | +--:(send-and-accept-lifetime)
| | | +--ro send-accept-lifetime | | | +--ro send-accept-lifetime
| | | +--ro (lifetime)? | | | +--ro (lifetime)?
| | | +--:(always) | | | +--:(always)
| | | | +--ro always? empty | | | | +--ro always? empty
| | | +--:(start-end-time) | | | +--:(start-end-time)
skipping to change at page 9, line 46 skipping to change at page 9, line 47
| | | +--ro clear-text? empty | | | +--ro clear-text? empty
| | +--:(replay-protection-only) {replay-protection-only}? | | +--:(replay-protection-only) {replay-protection-only}?
| | +--ro replay-protection-only? empty | | +--ro replay-protection-only? empty
| +--ro send-lifetime-active? boolean | +--ro send-lifetime-active? boolean
| +--ro accept-lifetime-active? boolean | +--ro accept-lifetime-active? boolean
+--ro aes-key-wrap {aes-key-wrap}? +--ro aes-key-wrap {aes-key-wrap}?
+--ro enable? boolean +--ro enable? boolean
4. Key Chain YANG Model 4. Key Chain YANG Model
<CODE BEGINS> file "ietf-key-chain@2016-10-27.yang" <CODE BEGINS> file "ietf-key-chain@2016-11-14.yang"
module ietf-key-chain { module ietf-key-chain {
namespace "urn:ietf:params:xml:ns:yang:ietf-key-chain"; namespace "urn:ietf:params:xml:ns:yang:ietf-key-chain";
// replace with IANA namespace when assigned // replace with IANA namespace when assigned
prefix "key-chain"; prefix "key-chain";
import ietf-yang-types { import ietf-yang-types {
prefix "yang"; prefix "yang";
} }
organization organization
skipping to change at page 10, line 32 skipping to change at page 10, line 32
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
revision 2016-11-14 {
description
"Restore last-modified timestamp leaf.";
reference
"RFC XXXX: A YANG Data Model for key-chain";
}
revision 2016-10-27 { revision 2016-10-27 {
description description
"Restructure into separate config and state trees to "Restructure into separate config and state trees to
match YANG structure."; match YANG structure.";
reference reference
"RFC XXXX: A YANG Data Model for key-chain"; "RFC XXXX: A YANG Data Model for key-chain";
} }
revision 2016-08-17 { revision 2016-08-17 {
description description
"Add description and last-modified timestamp leaves."; "Add description and last-modified timestamp leaves.";
skipping to change at page 18, line 30 skipping to change at page 18, line 36
description "Key ID."; description "Key ID.";
} }
uses key-chain-config-entry; uses key-chain-config-entry;
} }
} }
grouping key-chain-state { grouping key-chain-state {
description description
"key-chain state grouping."; "key-chain state grouping.";
uses key-chain-common; uses key-chain-common;
leaf last-modified-timestamp {
type yang:date-and-time;
description "Timestamp of the most recent update
to the key-chain";
}
list key-chain-entries { list key-chain-entries {
key "key-id"; key "key-id";
description "One key."; description "One key.";
leaf key-id { leaf key-id {
type uint64; type uint64;
description "Key ID."; description "Key ID.";
} }
uses key-chain-state-entry; uses key-chain-state-entry;
} }
} }
 End of changes. 10 change blocks. 
8 lines changed or deleted 20 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/