| rfc9645v4.txt | rfc9645.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force (IETF) K. Watsen | Internet Engineering Task Force (IETF) K. Watsen | |||
| Request for Comments: 9645 Watsen Networks | Request for Comments: 9645 Watsen Networks | |||
| Category: Standards Track August 2024 | Category: Standards Track October 2024 | |||
| ISSN: 2070-1721 | ISSN: 2070-1721 | |||
| YANG Groupings for TLS Clients and TLS Servers | YANG Groupings for TLS Clients and TLS Servers | |||
| Abstract | Abstract | |||
| This document presents four YANG 1.1 modules -- three IETF modules | This document presents four YANG 1.1 modules -- three IETF modules | |||
| and one supporting IANA module. | and one supporting IANA module. | |||
| The three IETF modules are "ietf-tls-common", "ietf-tls-client", and | The three IETF modules are "ietf-tls-common", "ietf-tls-client", and | |||
| skipping to change at line 202 ¶ | skipping to change at line 202 ¶ | |||
| | crypto-types | [RFC9640] | | | crypto-types | [RFC9640] | | |||
| +------------------------+--------------------------+ | +------------------------+--------------------------+ | |||
| | truststore | [RFC9641] | | | truststore | [RFC9641] | | |||
| +------------------------+--------------------------+ | +------------------------+--------------------------+ | |||
| | keystore | [RFC9642] | | | keystore | [RFC9642] | | |||
| +------------------------+--------------------------+ | +------------------------+--------------------------+ | |||
| | tcp-client-server | [RFC9643] | | | tcp-client-server | [RFC9643] | | |||
| +------------------------+--------------------------+ | +------------------------+--------------------------+ | |||
| | ssh-client-server | [RFC9644] | | | ssh-client-server | [RFC9644] | | |||
| +------------------------+--------------------------+ | +------------------------+--------------------------+ | |||
| | tls-client-server | RFC XXXX | | | tls-client-server | RFC 9645 | | |||
| +------------------------+--------------------------+ | +------------------------+--------------------------+ | |||
| | http-client-server | [HTTP-CLIENT-SERVER] | | | http-client-server | [HTTP-CLIENT-SERVER] | | |||
| +------------------------+--------------------------+ | +------------------------+--------------------------+ | |||
| | netconf-client-server | [NETCONF-CLIENT-SERVER] | | | netconf-client-server | [NETCONF-CLIENT-SERVER] | | |||
| +------------------------+--------------------------+ | +------------------------+--------------------------+ | |||
| | restconf-client-server | [RESTCONF-CLIENT-SERVER] | | | restconf-client-server | [RESTCONF-CLIENT-SERVER] | | |||
| +------------------------+--------------------------+ | +------------------------+--------------------------+ | |||
| Table 1: Labels in Diagram to RFC Mapping | Table 1: Labels in Diagram to RFC Mapping | |||
| skipping to change at line 2633 ¶ | skipping to change at line 2633 ¶ | |||
| [RFC8407BIS]. | [RFC8407BIS]. | |||
| IANA used the script in Appendix A to generate the IANA-maintained | IANA used the script in Appendix A to generate the IANA-maintained | |||
| "iana-tls-cipher-suite-algs" YANG module. The YANG module is | "iana-tls-cipher-suite-algs" YANG module. The YANG module is | |||
| available from the "YANG Parameters" registry [IANA-YANG-PARAMETERS]. | available from the "YANG Parameters" registry [IANA-YANG-PARAMETERS]. | |||
| IANA has added the following note to the registry: | IANA has added the following note to the registry: | |||
| | New values must not be directly added to the "iana-tls-cipher- | | New values must not be directly added to the "iana-tls-cipher- | |||
| | suite-algs" YANG module. They must instead be added to the "TLS | | suite-algs" YANG module. They must instead be added to the "TLS | |||
| | Cipher Suites" registry in the the "Transport Layer Security (TLS) | | Cipher Suites" registry in the "Transport Layer Security (TLS) | |||
| | Parameters" registry group [IANA-CIPHER-ALGS]. | | Parameters" registry group [IANA-CIPHER-ALGS]. | |||
| When a value is added to the "TLS Cipher Suites" registry, a new | When a value is added to the "TLS Cipher Suites" registry, a new | |||
| "enum" statement must be added to the "iana-tls-cipher-suite-algs" | "enum" statement must be added to the "iana-tls-cipher-suite-algs" | |||
| YANG module. The "enum" statement, and substatements thereof, should | YANG module. The "enum" statement, and substatements thereof, should | |||
| be defined as follows: | be defined as follows: | |||
| enum | enum | |||
| Replicates a name from the registry. | Replicates a name from the registry. | |||
| skipping to change at line 2801 ¶ | skipping to change at line 2801 ¶ | |||
| [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | |||
| Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | |||
| <https://www.rfc-editor.org/info/rfc8446>. | <https://www.rfc-editor.org/info/rfc8446>. | |||
| [RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based | [RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based | |||
| Multiplexed and Secure Transport", RFC 9000, | Multiplexed and Secure Transport", RFC 9000, | |||
| DOI 10.17487/RFC9000, May 2021, | DOI 10.17487/RFC9000, May 2021, | |||
| <https://www.rfc-editor.org/info/rfc9000>. | <https://www.rfc-editor.org/info/rfc9000>. | |||
| [RFC9640] Watsen, K., "YANG Data Types and Groupings for | [RFC9640] Watsen, K., "YANG Data Types and Groupings for | |||
| Cryptography", RFC 9640, DOI 10.17487/RFC9640, September | Cryptography", RFC 9640, DOI 10.17487/RFC9640, October | |||
| 2024, <https://www.rfc-editor.org/info/rfc9640>. | 2024, <https://www.rfc-editor.org/info/rfc9640>. | |||
| [RFC9641] Watsen, K., "A YANG Data Model for a Truststore", | [RFC9641] Watsen, K., "A YANG Data Model for a Truststore", | |||
| RFC 9641, DOI 10.17487/RFC9641, September 2024, | RFC 9641, DOI 10.17487/RFC9641, October 2024, | |||
| <https://www.rfc-editor.org/info/rfc9641>. | <https://www.rfc-editor.org/info/rfc9641>. | |||
| [RFC9642] Watsen, K., "A YANG Data Model for a Keystore", RFC 9642, | [RFC9642] Watsen, K., "A YANG Data Model for a Keystore", RFC 9642, | |||
| DOI 10.17487/RFC9642, September 2024, | DOI 10.17487/RFC9642, October 2024, | |||
| <https://www.rfc-editor.org/info/rfc9642>. | <https://www.rfc-editor.org/info/rfc9642>. | |||
| 7.2. Informative References | 7.2. Informative References | |||
| [HTTP-CLIENT-SERVER] | [HTTP-CLIENT-SERVER] | |||
| Watsen, K., "YANG Groupings for HTTP Clients and HTTP | Watsen, K., "YANG Groupings for HTTP Clients and HTTP | |||
| Servers", Work in Progress, Internet-Draft, draft-ietf- | Servers", Work in Progress, Internet-Draft, draft-ietf- | |||
| netconf-http-client-server-23, 15 August 2024, | netconf-http-client-server-23, 15 August 2024, | |||
| <https://datatracker.ietf.org/doc/html/draft-ietf-netconf- | <https://datatracker.ietf.org/doc/html/draft-ietf-netconf- | |||
| http-client-server-23>. | http-client-server-23>. | |||
| skipping to change at line 2883 ¶ | skipping to change at line 2883 ¶ | |||
| [RFC8407] Bierman, A., "Guidelines for Authors and Reviewers of | [RFC8407] Bierman, A., "Guidelines for Authors and Reviewers of | |||
| Documents Containing YANG Data Models", BCP 216, RFC 8407, | Documents Containing YANG Data Models", BCP 216, RFC 8407, | |||
| DOI 10.17487/RFC8407, October 2018, | DOI 10.17487/RFC8407, October 2018, | |||
| <https://www.rfc-editor.org/info/rfc8407>. | <https://www.rfc-editor.org/info/rfc8407>. | |||
| [RFC8407BIS] | [RFC8407BIS] | |||
| Bierman, A., Boucadair, M., and Q. Wu, "Guidelines for | Bierman, A., Boucadair, M., and Q. Wu, "Guidelines for | |||
| Authors and Reviewers of Documents Containing YANG Data | Authors and Reviewers of Documents Containing YANG Data | |||
| Models", Work in Progress, Internet-Draft, draft-ietf- | Models", Work in Progress, Internet-Draft, draft-ietf- | |||
| netmod-rfc8407bis-15, 10 September 2024, | netmod-rfc8407bis-17, 27 September 2024, | |||
| <https://datatracker.ietf.org/doc/html/draft-ietf-netmod- | <https://datatracker.ietf.org/doc/html/draft-ietf-netmod- | |||
| rfc8407bis-15>. | rfc8407bis-17>. | |||
| [RFC8996] Moriarty, K. and S. Farrell, "Deprecating TLS 1.0 and TLS | [RFC8996] Moriarty, K. and S. Farrell, "Deprecating TLS 1.0 and TLS | |||
| 1.1", BCP 195, RFC 8996, DOI 10.17487/RFC8996, March 2021, | 1.1", BCP 195, RFC 8996, DOI 10.17487/RFC8996, March 2021, | |||
| <https://www.rfc-editor.org/info/rfc8996>. | <https://www.rfc-editor.org/info/rfc8996>. | |||
| [RFC9110] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, | [RFC9110] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, | |||
| Ed., "HTTP Semantics", STD 97, RFC 9110, | Ed., "HTTP Semantics", STD 97, RFC 9110, | |||
| DOI 10.17487/RFC9110, June 2022, | DOI 10.17487/RFC9110, June 2022, | |||
| <https://www.rfc-editor.org/info/rfc9110>. | <https://www.rfc-editor.org/info/rfc9110>. | |||
| skipping to change at line 2907 ¶ | skipping to change at line 2907 ¶ | |||
| "Guidance for External Pre-Shared Key (PSK) Usage in TLS", | "Guidance for External Pre-Shared Key (PSK) Usage in TLS", | |||
| RFC 9257, DOI 10.17487/RFC9257, July 2022, | RFC 9257, DOI 10.17487/RFC9257, July 2022, | |||
| <https://www.rfc-editor.org/info/rfc9257>. | <https://www.rfc-editor.org/info/rfc9257>. | |||
| [RFC9258] Benjamin, D. and C. A. Wood, "Importing External Pre- | [RFC9258] Benjamin, D. and C. A. Wood, "Importing External Pre- | |||
| Shared Keys (PSKs) for TLS 1.3", RFC 9258, | Shared Keys (PSKs) for TLS 1.3", RFC 9258, | |||
| DOI 10.17487/RFC9258, July 2022, | DOI 10.17487/RFC9258, July 2022, | |||
| <https://www.rfc-editor.org/info/rfc9258>. | <https://www.rfc-editor.org/info/rfc9258>. | |||
| [RFC9643] Watsen, K. and M. Scharf, "YANG Groupings for TCP Clients | [RFC9643] Watsen, K. and M. Scharf, "YANG Groupings for TCP Clients | |||
| and TCP Servers", RFC 9643, DOI 10.17487/RFC9643, | and TCP Servers", RFC 9643, DOI 10.17487/RFC9643, October | |||
| September 2024, <https://www.rfc-editor.org/info/rfc9643>. | 2024, <https://www.rfc-editor.org/info/rfc9643>. | |||
| [RFC9644] Watsen, K., "YANG Groupings for SSH Clients and SSH | [RFC9644] Watsen, K., "YANG Groupings for SSH Clients and SSH | |||
| Servers", RFC 9644, DOI 10.17487/RFC9644, September 2024, | Servers", RFC 9644, DOI 10.17487/RFC9644, October 2024, | |||
| <https://www.rfc-editor.org/info/rfc9644>. | <https://www.rfc-editor.org/info/rfc9644>. | |||
| [SYSTEM-CONFIG] | [SYSTEM-CONFIG] | |||
| Ma, Q., Wu, Q., and C. Feng, "System-defined | Ma, Q., Wu, Q., and C. Feng, "System-defined | |||
| Configuration", Work in Progress, Internet-Draft, draft- | Configuration", Work in Progress, Internet-Draft, draft- | |||
| ietf-netmod-system-config-08, 18 June 2024, | ietf-netmod-system-config-09, 29 September 2024, | |||
| <https://datatracker.ietf.org/doc/html/draft-ietf-netmod- | <https://datatracker.ietf.org/doc/html/draft-ietf-netmod- | |||
| system-config-08>. | system-config-09>. | |||
| [W3C.REC-xml-20081126] | [W3C.REC-xml-20081126] | |||
| Bray, T., Paoli, J., Sperberg-McQueen, C. M., Maler, E., | Bray, T., Paoli, J., Sperberg-McQueen, C. M., Maler, E., | |||
| and F. Yergeau, "Extensible Markup Language (XML) 1.0 | and F. Yergeau, "Extensible Markup Language (XML) 1.0 | |||
| (Fifth Edition)", W3C Recommendation REC-xml-20081126, | (Fifth Edition)", W3C Recommendation REC-xml-20081126, | |||
| November 2008, <https://www.w3.org/TR/xml/>. | November 2008, <https://www.w3.org/TR/xml/>. | |||
| Appendix A. Script to Generate IANA-Maintained YANG Modules | Appendix A. Script to Generate IANA-Maintained YANG Modules | |||
| This section is not normative. | This section is not normative. | |||
| End of changes. 12 change blocks. | ||||
| 13 lines changed or deleted | 13 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||