Internet Draft I. Chen
<draft-chen-rtg-key-table-yang-00.txt> Ericsson
Intended Status: Standards Track
Expires in 6 months March 9, 2015
YANG Data Model for RFC 7210 Key Table
<draft-chen-rtg-key-table-yang-00.txt>
Status of this Memo
Distribution of this memo is unlimited.
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on date.
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as
the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Chen Expires in 6 months [Page 1]
Internet Draft Key Table YANG March 9, 2015
Abstract
This document defines a YANG data model to describe the key table
defined in RFC 7210. The data model defined in this document
augments the existing key-chain model with additional key attributes
specified in RFC 7210.
Chen Expires in 6 months [Page 2]
Internet Draft Key Table YANG March 9, 2015
Table of Contents
1. Introduction ....................................................3
1.1 Tree Diagram ................................................3
2. Design of the Data Model ........................................3
3. YANG Module .....................................................4
4. Security Considerations .........................................8
5. IANA Considerations .............................................8
6. References ......................................................8
1. Introduction
This document defines a YANG data model that supports the key table
described in [RFC7210]. It reuses the [key-chain] data model by
augmenting [key-chain] data model and adding into the [key-chain]
data model the attributes that are defined in [RFC7210] but not
currently defined in the [key-chain] data model.
1.1. Tree diagram
A simplified graphical representation of the data model is presented
in Section 2.
The meaning of the symbols in these diagrams is as follows:
o Brackets "[" and "]" enclose list keys.
o Curly braces "{" and "}" contain names of optional features that
make the corresponding node conditional.
o Abbreviations before data node names: "rw" means configuration
(read-write), and "ro" state data (read-only).
o Symbols after data node names: "?" means an optional node and "*"
denotes a "list" or "leaf-list".
o Parentheses enclose choice and case nodes, and case nodes are also
marked with a colon (":").
o Ellipsis ("...") stands for contents of subtrees that are not
shown.
2. Design of the Data Model
This data model is based on the [key-chain] data model which intends
to manage keys by grouping a set of keys into a key-chain. A routing
protocol that requires authentication keys for authentication
purposes subsequently references a key-chain containing the keys that
Chen Expires in 6 months [Page 3]
Internet Draft Key Table YANG March 9, 2015
the routing protocol intends to used for authentication.
To incorporate all the key attributes defined in [RFC7210] into the
[key-chain] data model, this data model augments the [key-chain] data
model by adding additional leafs into each key defined in [key-
chain].
module: ietf-rfc7210
augment /kc:key-chains/kc:key:
+--rw admin-key-name? string {rfc7210-admin-key-name}?
+--rw local-key-name? string {rfc7210-local-key-name}?
+--rw peer-key-name? string {rfc7210-peer-key-name}?
+--rw peers* string {rfc-7210-peers}?
+--rw interfaces* string {rfc-7210-interfaces}?
+--rw protocol? identityref {rfc-7210-protocol}?
+--rw protocol-specific-info? string {rfc-7210-protocol-
specific-info}?
+--rw (kdf)? {rfc-7210-KDF}?
| +--:(no-kdf)
| | +--rw no-kdf? empty
| +--:(aes-128-cmac-kdf)
| | +--rw aes-128-cmac-kdf? empty
| +--:(hmac-sha-1-kdf)
| +--rw hmac-sha-1-kdf? empty
+--rw direction? enumeration {rfc-7210-direction}?
3. YANG Module
<CODE BEGINS> file "ietf-rfc7210.yang"
module ietf-rfc7210 {
/* replace with IANA namespace when assigned */
namespace "urn:ietf:params:xml:ns:yang:ietf-rfc7210";
prefix "ietf-rfc7210";
import ietf-routing {
prefix "rt";
}
import ietf-key-chain {
prefix "kc";
}
organization
"Ericsson";
Chen Expires in 6 months [Page 4]
Internet Draft Key Table YANG March 9, 2015
contact
"I. Chen - ing-wher.chen@ericsson.com";
description
"This YANG module augments the ietf-key-chain module by " +
"adding attributes defined in RFC 7210";
revision 2015-03-09 {
description
"Initial revision.";
reference
"RFC XXXX: A YANG Data Model to augment ietf-key-chain " +
"to support RFC 7210";
}
identity all-routing-protocols {
base "rt:routing-protocol";
description
"All routing protocols";
}
feature rfc7210-admin-key-name {
description
"Support for RFC 7210 AdminKeyName field";
}
feature rfc7210-local-key-name {
description
"Support for RFC 7210 LocalKeyName field";
}
feature rfc7210-peer-key-name {
description
"Support for RFC 7210 PeerKeyName field";
}
feature rfc-7210-peers {
description
"Support for RFC 7210 Peers field";
}
feature rfc-7210-protocol-specific-info {
description
"Support for RFC 7210 ProtocolSpecificInfo field";
}
feature rfc-7210-interfaces {
description
"Support for RFC 7210 Interfaces field";
Chen Expires in 6 months [Page 5]
Internet Draft Key Table YANG March 9, 2015
}
feature rfc-7210-protocol {
description
"Support for RFC 7210 Protocol field";
}
feature rfc-7210-KDF {
description
"Support for RFC 7210 KDF field";
}
feature rfc-7210-direction {
description
"Support for RFC 7210 Direction field";
}
augment "/kc:key-chains/kc:key" {
description
"Additional attributes of a key required by RFC 7210";
leaf admin-key-name {
if-feature rfc7210-admin-key-name;
type string;
description
"RFC 7210 AdminKeyName field.";
}
leaf local-key-name {
if-feature rfc7210-local-key-name;
type string;
description
"RFC 7210 LocalKeyName field.";
}
leaf peer-key-name {
if-feature rfc7210-peer-key-name;
type string;
description
"RFC 7210 PeerKeyName field.";
}
leaf-list peers {
if-feature rfc-7210-peers;
type string;
description
"RFC 7210 Peers field.";
}
leaf-list interfaces {
if-feature rfc-7210-interfaces;
type string;
Chen Expires in 6 months [Page 6]
Internet Draft Key Table YANG March 9, 2015
description
"RFC 7210 Interfaces field.";
}
leaf protocol {
if-feature rfc-7210-protocol;
type identityref {
base "rt:routing-protocol";
}
default "all-routing-protocols";
description
"RFC 7210 Protocol field.";
}
leaf protocol-specific-info {
if-feature rfc-7210-protocol-specific-info;
type string;
description
"RFC 7210 ProtocolSpecificInfo field";
}
choice kdf {
if-feature rfc-7210-KDF;
default no-kdf;
description
"Key derivation functions.";
case no-kdf {
leaf no-kdf {
type empty;
description
"No KDF used with the key.";
}
}
case aes-128-cmac-kdf {
leaf aes-128-cmac-kdf {
type empty;
description
"AES-CMAC using 128-bit keys.";
}
}
case hmac-sha-1-kdf {
leaf hmac-sha-1-kdf {
type empty;
description
"HMAC using SHA-1-hash.";
}
}
}
leaf direction {
if-feature rfc-7210-direction;
type enumeration {
Chen Expires in 6 months [Page 7]
Internet Draft Key Table YANG March 9, 2015
enum in {
description
"This key is for authenticating incoming messages.";
}
enum out {
description
"This key is for authenticating outgoing messages.";
}
enum both {
description
"This key is for authenticating both incoming and " +
"outgoing messages.";
}
}
default "both";
description
"Indicate whether the key is to authenticate incoming " +
"or outgoing messages.";
}
}
}
<CODE ENDS>
4. Security Consideration.
TBD.
5. IANA Considerations
TBD.
6. References
6.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC7210] Housley, R., Polk, T., Hartman, S., and D. Zhang,
"Database of Long-Lived Symmetric Cryptographic Keys", RFC
7210, April 2014, <http://www.rfc-
editor.org/info/rfc7210>.
[I-D.acee-rtg-yang-key-chain] Lindem, A., Qu, Y., Yeung, D., Chen,
I., Zhang, J., and Y. Yang, "Key Chain YANG Data Model",
draft-acee-rtg-yang-key-chain-03 (work in progress), March
Chen Expires in 6 months [Page 8]
Internet Draft Key Table YANG March 9, 2015
2015.
Author's Address
I. Chen
Ericsson
Email: ing-wher.chen@ericsson.com
Chen Expires in 6 months [Page 9]