draft-ietf-rtgwg-yang-key-chain-18.txt   draft-ietf-rtgwg-yang-key-chain-19.txt 
Network Working Group A. Lindem, Ed. Network Working Group A. Lindem, Ed.
Internet-Draft Cisco Systems Internet-Draft Cisco Systems
Intended status: Standards Track Y. Qu Intended status: Standards Track Y. Qu
Expires: October 13, 2017 Huawei Expires: October 14, 2017 Huawei
D. Yeung D. Yeung
Arrcus, Inc Arrcus, Inc
I. Chen I. Chen
Jabil Jabil
J. Zhang J. Zhang
Juniper Networks Juniper Networks
April 11, 2017 April 12, 2017
Routing Key Chain YANG Data Model Routing Key Chain YANG Data Model
draft-ietf-rtgwg-yang-key-chain-18.txt draft-ietf-rtgwg-yang-key-chain-19.txt
Abstract Abstract
This document describes the key chain YANG data model. Key chains This document describes the key chain YANG data model. Key chains
are commonly used for routing protocol authentication and other are commonly used for routing protocol authentication and other
applications requiring symmetric keys. A key chain is a list of applications requiring symmetric keys. A key chain is a list of
elements each containing a key string, send lifetime, accept elements each containing a key string, send lifetime, accept
lifetime, and algorithm (authentication or encryption). By properly lifetime, and algorithm (authentication or encryption). By properly
overlapping the send and accept lifetimes of multiple key chain overlapping the send and accept lifetimes of multiple key chain
elements, key strings and algorithms may be gracefully updated. By elements, key strings and algorithms may be gracefully updated. By
skipping to change at page 2, line 4 skipping to change at page 2, line 4
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 13, 2017. This Internet-Draft will expire on October 14, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 43 skipping to change at page 2, line 43
4. Key Chain YANG Model . . . . . . . . . . . . . . . . . . . . 9 4. Key Chain YANG Model . . . . . . . . . . . . . . . . . . . . 9
5. Security Considerations . . . . . . . . . . . . . . . . . . . 18 5. Security Considerations . . . . . . . . . . . . . . . . . . . 18
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18
7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 19 7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 19
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 19
8.1. Normative References . . . . . . . . . . . . . . . . . . 19 8.1. Normative References . . . . . . . . . . . . . . . . . . 19
8.2. Informative References . . . . . . . . . . . . . . . . . 20 8.2. Informative References . . . . . . . . . . . . . . . . . 20
Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 21 Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 21
A.1. Simple Key Chain with Always Valid Single Key . . . . . . 21 A.1. Simple Key Chain with Always Valid Single Key . . . . . . 21
A.2. Key Chain with Keys having Different Lifetimes . . . . . 22 A.2. Key Chain with Keys having Different Lifetimes . . . . . 22
A.3. Key Chain with Independent Send and Accept Lifetimes . . 23 A.3. Key Chain with Independent Send and Accept Lifetimes . . 24
Appendix B. Acknowledgments . . . . . . . . . . . . . . . . . . 24 Appendix B. Acknowledgments . . . . . . . . . . . . . . . . . . 25
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 24 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 25
1. Introduction 1. Introduction
This document describes the key chain YANG [YANG] data model. Key This document describes the key chain YANG [YANG] data model. Key
chains are commonly used for routing protocol authentication and chains are commonly used for routing protocol authentication and
other applications requiring symmetric keys. A key chain is a list other applications requiring symmetric keys. A key chain is a list
of elements each containing a key string, send lifetime, accept of elements each containing a key string, send lifetime, accept
lifetime, and algorithm (authentication or encryption). By properly lifetime, and algorithm (authentication or encryption). By properly
overlapping the send and accept lifetimes of multiple key chain overlapping the send and accept lifetimes of multiple key chain
elements, key strings and algorithms may be gracefully updated. By elements, key strings and algorithms may be gracefully updated. By
skipping to change at page 21, line 40 skipping to change at page 21, line 40
<description> <description>
A key chain with a single key that is always valid for tx/rx A key chain with a single key that is always valid for tx/rx
</description> </description>
<key> <key>
<key-id>100</key-id> <key-id>100</key-id>
<lifetime> <lifetime>
<send-accept-lifetime> <send-accept-lifetime>
<always/> <always/>
</send-accept-lifetime> </send-accept-lifetime>
</lifetime> </lifetime>
<crypto-algorithm>md5</crypto-algorithm> <crypto-algorithm>hmac-sha-256</crypto-algorithm>
<key-string> <key-string>
<keystring>keystring_in_ascii_100</keystring> <keystring>keystring_in_ascii_100</keystring>
</key-string> </key-string>
</key> </key>
</key-chain> </key-chain>
</key-chains> </key-chains>
</data> </data>
A.2. Key Chain with Keys having Different Lifetimes A.2. Key Chain with Keys having Different Lifetimes
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<key-chains xmlns="urn:ietf:params:xml:ns:yang:ietf-key-chain"> <key-chains xmlns="urn:ietf:params:xml:ns:yang:ietf-key-chain">
<key-chain> <key-chain>
<name>keychain2</name> <name>keychain2</name>
<description> <description>
A key chain where each key contains different send time A key chain where each key contains different send time
and accept time and accept time and a different algorithm illustrating
algorithm agility
</description> </description>
<key> <key>
<key-id>35</key-id> <key-id>35</key-id>
<lifetime> <lifetime>
<send-lifetime> <send-lifetime>
<start-date-time>2017-01-01T00:00:00Z</start-date-time> <start-date-time>2017-01-01T00:00:00Z</start-date-time>
<end-date-time>2017-02-01T00:00:00Z</end-date-time> <end-date-time>2017-02-01T00:00:00Z</end-date-time>
</send-lifetime> </send-lifetime>
<accept-lifetime> <accept-lifetime>
<start-date-time>2016-12-31T23:59:55Z</start-date-time> <start-date-time>2016-12-31T23:59:55Z</start-date-time>
<end-date-time>2017-02-01T00:00:05Z</end-date-time> <end-date-time>2017-02-01T00:00:05Z</end-date-time>
</accept-lifetime> </accept-lifetime>
</lifetime> </lifetime>
<crypto-algorithm>hmac-sha-1</crypto-algorithm> <crypto-algorithm>hmac-sha-256</crypto-algorithm>
<key-string> <key-string>
<keystring>keystring_in_ascii_35</keystring> <keystring>keystring_in_ascii_35</keystring>
</key-string> </key-string>
</key> </key>
<key> <key>
<key-id>36</key-id> <key-id>36</key-id>
<lifetime> <lifetime>
<send-lifetime> <send-lifetime>
<start-date-time>2017-02-01T00:00:00Z</start-date-time> <start-date-time>2017-02-01T00:00:00Z</start-date-time>
<end-date-time>2017-03-01T00:00:00Z</end-date-time> <end-date-time>2017-03-01T00:00:00Z</end-date-time>
</send-lifetime> </send-lifetime>
<accept-lifetime> <accept-lifetime>
<start-date-time>2017-01-31T23:59:55Z</start-date-time> <start-date-time>2017-01-31T23:59:55Z</start-date-time>
<end-date-time>2017-03-01T00:00:05Z</end-date-time> <end-date-time>2017-03-01T00:00:05Z</end-date-time>
</accept-lifetime> </accept-lifetime>
</lifetime> </lifetime>
<crypto-algorithm>hmac-sha-1</crypto-algorithm> <crypto-algorithm>hmac-sha-512</crypto-algorithm>
<key-string> <key-string>
<hexadecimal-string>fe:ed:be:af:36</hexadecimal-string> <hexadecimal-string>fe:ed:be:af:36</hexadecimal-string>
</key-string> </key-string>
</key> </key>
</key-chain> </key-chain>
</key-chains> </key-chains>
</data> </data>
A.3. Key Chain with Independent Send and Accept Lifetimes A.3. Key Chain with Independent Send and Accept Lifetimes
skipping to change at page 23, line 28 skipping to change at page 24, line 28
<lifetime> <lifetime>
<send-lifetime> <send-lifetime>
<start-date-time>2017-01-01T00:00:00Z</start-date-time> <start-date-time>2017-01-01T00:00:00Z</start-date-time>
<end-date-time>2017-02-01T00:00:00Z</end-date-time> <end-date-time>2017-02-01T00:00:00Z</end-date-time>
</send-lifetime> </send-lifetime>
<accept-lifetime> <accept-lifetime>
<start-date-time>2016-12-31T23:59:55Z</start-date-time> <start-date-time>2016-12-31T23:59:55Z</start-date-time>
<end-date-time>2017-02-01T00:00:05Z</end-date-time> <end-date-time>2017-02-01T00:00:05Z</end-date-time>
</accept-lifetime> </accept-lifetime>
</lifetime> </lifetime>
<crypto-algorithm>hmac-sha-1</crypto-algorithm> <crypto-algorithm>hmac-sha-256</crypto-algorithm>
<key-string> <key-string>
<keystring>keystring_in_ascii_35</keystring> <keystring>keystring_in_ascii_35</keystring>
</key-string> </key-string>
</key> </key>
<key> <key>
<key-id>36</key-id> <key-id>36</key-id>
<lifetime> <lifetime>
<send-lifetime> <send-lifetime>
<start-date-time>2017-02-01T00:00:00Z</start-date-time> <start-date-time>2017-02-01T00:00:00Z</start-date-time>
<end-date-time>2017-03-01T00:00:00Z</end-date-time> <end-date-time>2017-03-01T00:00:00Z</end-date-time>
</send-lifetime> </send-lifetime>
<accept-lifetime> <accept-lifetime>
<start-date-time>2017-01-31T23:59:55Z</start-date-time> <start-date-time>2017-01-31T23:59:55Z</start-date-time>
<end-date-time>2017-03-01T00:00:05Z</end-date-time> <end-date-time>2017-03-01T00:00:05Z</end-date-time>
</accept-lifetime> </accept-lifetime>
</lifetime> </lifetime>
<crypto-algorithm>hmac-sha-1</crypto-algorithm> <crypto-algorithm>hmac-sha-256</crypto-algorithm>
<key-string> <key-string>
<hexadecimal-string>fe:ed:be:af:36</hexadecimal-string> <hexadecimal-string>fe:ed:be:af:36</hexadecimal-string>
</key-string> </key-string>
</key> </key>
</key-chain> </key-chain>
</key-chains> </key-chains>
</data> </data>
Appendix B. Acknowledgments Appendix B. Acknowledgments
 End of changes. 12 change blocks. 
14 lines changed or deleted 14 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/