Diff: rfc9348v2.txt - rfc9348.txt

	rfc9348v2.txt	rfc9348.txt

	skipping to change at line 101 ¶	skipping to change at line 101 ¶
	characteristics that improve traffic confidentiality and reduce	characteristics that improve traffic confidentiality and reduce
	bandwidth efficiency loss. These documents assume familiarity with	bandwidth efficiency loss. These documents assume familiarity with
	the IPsec concepts described in [RFC4301].	the IPsec concepts described in [RFC4301].

	IP-TFS uses tunnel mode to improve confidentiality by hiding inner	IP-TFS uses tunnel mode to improve confidentiality by hiding inner
	packet identifiable information, packet size, and packet timing. IP-	packet identifiable information, packet size, and packet timing. IP-
	TFS provides a general capability allowing aggregation of multiple	TFS provides a general capability allowing aggregation of multiple
	packets in uniform-size outer tunnel IPsec packets. It maintains the	packets in uniform-size outer tunnel IPsec packets. It maintains the
	outer packet size by utilizing combinations of aggregating, padding,	outer packet size by utilizing combinations of aggregating, padding,
	and fragmenting inner packets to fill out the IPsec outer tunnel	and fragmenting inner packets to fill out the IPsec outer tunnel

	packet. Zero byte padding is used to fill the packet when no data is	packet. Padding is used to fill the packet when no data is available
	available to send.	to send.

	This document specifies an extensible configuration model for IP-TFS.	This document specifies an extensible configuration model for IP-TFS.
	This version utilizes the capabilities of IP-TFS to configure fixed-	This version utilizes the capabilities of IP-TFS to configure fixed-
	size IP-TFS packets that are transmitted at a constant rate. This	size IP-TFS packets that are transmitted at a constant rate. This
	model is structured to allow for different types of operation through	model is structured to allow for different types of operation through
	future augmentation.	future augmentation.

	The IP-TFS YANG module augments the IPsec YANG module from [RFC9061].	The IP-TFS YANG module augments the IPsec YANG module from [RFC9061].
	IP-TFS makes use of IPsec tunnel mode and adds a small number of	IP-TFS makes use of IPsec tunnel mode and adds a small number of
	configuration items to IPsec tunnel mode. As defined in [RFC9347],	configuration items to IPsec tunnel mode. As defined in [RFC9347],

	skipping to change at line 974 ¶	skipping to change at line 974 ¶
	nodes and their sensitivity/vulnerability:	nodes and their sensitivity/vulnerability:

	../iptfs-inner-pkt-stats and ../iptfs-outer-pkt-stats: Access to IP-	../iptfs-inner-pkt-stats and ../iptfs-outer-pkt-stats: Access to IP-
	TFS statistics can provide information that IP-TFS obscures, such	TFS statistics can provide information that IP-TFS obscures, such
	as the true activity of the flows using IP-TFS.	as the true activity of the flows using IP-TFS.

	6. References	6. References

	6.1. Normative References	6.1. Normative References


	[RFC4301] Kent, S., Seo, K., and RFC Publisher, "Security	[RFC4301] Kent, S. and K. Seo, "Security Architecture for the
	Architecture for the Internet Protocol", RFC 4301,	Internet Protocol", RFC 4301, DOI 10.17487/RFC4301,
	DOI 10.17487/RFC4301, December 2005,	December 2005, <https://www.rfc-editor.org/info/rfc4301>.
	<https://www.rfc-editor.org/info/rfc4301>.


	[RFC6020] Bjorklund, M., Ed. and RFC Publisher, "YANG - A Data	[RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for
	Modeling Language for the Network Configuration Protocol	the Network Configuration Protocol (NETCONF)", RFC 6020,
	(NETCONF)", RFC 6020, DOI 10.17487/RFC6020, October 2010,	DOI 10.17487/RFC6020, October 2010,
	<https://www.rfc-editor.org/info/rfc6020>.	<https://www.rfc-editor.org/info/rfc6020>.

	[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,	[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,

	Bierman, A., Ed., and RFC Publisher, "Network	and A. Bierman, Ed., "Network Configuration Protocol
	Configuration Protocol (NETCONF)", RFC 6241,	(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
	DOI 10.17487/RFC6241, June 2011,
	<https://www.rfc-editor.org/info/rfc6241>.	<https://www.rfc-editor.org/info/rfc6241>.


	[RFC6242] Wasserman, M. and RFC Publisher, "Using the NETCONF	[RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure
	Protocol over Secure Shell (SSH)", RFC 6242,	Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011,
	DOI 10.17487/RFC6242, June 2011,
	<https://www.rfc-editor.org/info/rfc6242>.	<https://www.rfc-editor.org/info/rfc6242>.


	[RFC6991] Schoenwaelder, J., Ed. and RFC Publisher, "Common YANG	[RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types",
	Data Types", RFC 6991, DOI 10.17487/RFC6991, July 2013,	RFC 6991, DOI 10.17487/RFC6991, July 2013,
	<https://www.rfc-editor.org/info/rfc6991>.	<https://www.rfc-editor.org/info/rfc6991>.


	[RFC7950] Bjorklund, M., Ed. and RFC Publisher, "The YANG 1.1 Data	[RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language",
	Modeling Language", RFC 7950, DOI 10.17487/RFC7950, August	RFC 7950, DOI 10.17487/RFC7950, August 2016,
	2016, <https://www.rfc-editor.org/info/rfc7950>.	<https://www.rfc-editor.org/info/rfc7950>.


	[RFC8040] Bierman, A., Bjorklund, M., Watsen, K., and RFC Publisher,	[RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
	"RESTCONF Protocol", RFC 8040, DOI 10.17487/RFC8040,	Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
	January 2017, <https://www.rfc-editor.org/info/rfc8040>.	<https://www.rfc-editor.org/info/rfc8040>.


	[RFC8341] Bierman, A., Bjorklund, M., and RFC Publisher, "Network	[RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration
	Configuration Access Control Model", STD 91, RFC 8341,	Access Control Model", STD 91, RFC 8341,
	DOI 10.17487/RFC8341, March 2018,	DOI 10.17487/RFC8341, March 2018,
	<https://www.rfc-editor.org/info/rfc8341>.	<https://www.rfc-editor.org/info/rfc8341>.

	[RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K.,	[RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K.,

	Wilton, R., and RFC Publisher, "Network Management	and R. Wilton, "Network Management Datastore Architecture
	Datastore Architecture (NMDA)", RFC 8342,	(NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018,
	DOI 10.17487/RFC8342, March 2018,
	<https://www.rfc-editor.org/info/rfc8342>.	<https://www.rfc-editor.org/info/rfc8342>.


	[RFC8446] Rescorla, E. and RFC Publisher, "The Transport Layer	[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
	Security (TLS) Protocol Version 1.3", RFC 8446,	Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
	DOI 10.17487/RFC8446, August 2018,
	<https://www.rfc-editor.org/info/rfc8446>.	<https://www.rfc-editor.org/info/rfc8446>.


	[RFC9061] Marin-Lopez, R., Lopez-Millan, G., Pereniguez-Garcia, F.,	[RFC9061] Marin-Lopez, R., Lopez-Millan, G., and F. Pereniguez-
	and RFC Publisher, "A YANG Data Model for IPsec Flow	Garcia, "A YANG Data Model for IPsec Flow Protection Based
	Protection Based on Software-Defined Networking (SDN)",	on Software-Defined Networking (SDN)", RFC 9061,
	RFC 9061, DOI 10.17487/RFC9061, July 2021,	DOI 10.17487/RFC9061, July 2021,
	<https://www.rfc-editor.org/info/rfc9061>.	<https://www.rfc-editor.org/info/rfc9061>.

	[RFC9347] Hopps, C., "Aggregation and Fragmentation Mode for	[RFC9347] Hopps, C., "Aggregation and Fragmentation Mode for
	Encapsulating Security Payload (ESP) and Its Use for IP	Encapsulating Security Payload (ESP) and Its Use for IP
	Traffic Flow Security (IP-TFS)", RFC 9347,	Traffic Flow Security (IP-TFS)", RFC 9347,

	DOI 10.17487/RFC9347, December 2022,	DOI 10.17487/RFC9347, January 2023,
	<https://www.rfc-editor.org/info/rfc9347>.	<https://www.rfc-editor.org/info/rfc9347>.

	6.2. Informative References	6.2. Informative References


	[RFC3688] Mealling, M. and RFC Publisher, "The IETF XML Registry",	[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
	BCP 81, RFC 3688, DOI 10.17487/RFC3688, January 2004,	DOI 10.17487/RFC3688, January 2004,
	<https://www.rfc-editor.org/info/rfc3688>.	<https://www.rfc-editor.org/info/rfc3688>.


	[RFC5348] Floyd, S., Handley, M., Padhye, J., Widmer, J., and RFC	[RFC5348] Floyd, S., Handley, M., Padhye, J., and J. Widmer, "TCP
	Publisher, "TCP Friendly Rate Control (TFRC): Protocol	Friendly Rate Control (TFRC): Protocol Specification",
	Specification", RFC 5348, DOI 10.17487/RFC5348, September	RFC 5348, DOI 10.17487/RFC5348, September 2008,
	2008, <https://www.rfc-editor.org/info/rfc5348>.	<https://www.rfc-editor.org/info/rfc5348>.


	[RFC8340] Bjorklund, M., Berger, L., Ed., and RFC Publisher, "YANG	[RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams",
	Tree Diagrams", BCP 215, RFC 8340, DOI 10.17487/RFC8340,	BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018,
	March 2018, <https://www.rfc-editor.org/info/rfc8340>.	<https://www.rfc-editor.org/info/rfc8340>.

	Appendix A. Examples	Appendix A. Examples

	The following examples show configuration and operational data for	The following examples show configuration and operational data for
	the IKE-less and IKE cases using XML and JSON. Also, the operational	the IKE-less and IKE cases using XML and JSON. Also, the operational
	statistics for the IKE-less case is illustrated.	statistics for the IKE-less case is illustrated.

	A.1. Example XML Configuration	A.1. Example XML Configuration

	This example illustrates configuration for IP-TFS in the IKE-less	This example illustrates configuration for IP-TFS in the IKE-less

End of changes. 16 change blocks.
	45 lines changed or deleted	40 lines changed or added
This html diff was produced by rfcdiff 1.48.