Internet Draft                                                   I. Chen
<draft-chen-rtg-key-table-yang-00.txt>                          Ericsson
Intended Status: Standards Track
Expires in 6 months                                        March 9, 2015

                 YANG Data Model for RFC 7210 Key Table
                 <draft-chen-rtg-key-table-yang-00.txt>

Status of this Memo

   Distribution of this memo is unlimited.

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on date.

Copyright Notice

   Copyright (c) 2015 IETF Trust and the persons identified as
   the document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.




Chen                       Expires in 6 months                  [Page 1]


Internet Draft               Key Table YANG                March 9, 2015


Abstract

   This document defines a YANG data model to describe the key table
   defined in RFC 7210.  The data model defined in this document
   augments the existing key-chain model with additional key attributes
   specified in RFC 7210.













































Chen                       Expires in 6 months                  [Page 2]


Internet Draft               Key Table YANG                March 9, 2015


Table of Contents

   1. Introduction ....................................................3
      1.1 Tree Diagram ................................................3
   2. Design of the Data Model ........................................3
   3. YANG Module .....................................................4
   4. Security Considerations .........................................8
   5. IANA Considerations .............................................8
   6. References ......................................................8

1.  Introduction

   This document defines a YANG data model that supports the key table
   described in [RFC7210].  It reuses the [key-chain] data model by
   augmenting [key-chain] data model and adding into the [key-chain]
   data model the attributes that are defined in [RFC7210] but not
   currently defined in the [key-chain] data model.

1.1.  Tree diagram

   A simplified graphical representation of the data model is presented
   in Section 2.

   The meaning of the symbols in these diagrams is as follows:

   o  Brackets "[" and "]" enclose list keys.

   o  Curly braces "{" and "}" contain names of optional features that
      make the corresponding node conditional.

   o  Abbreviations before data node names: "rw" means configuration
      (read-write), and "ro" state data (read-only).

   o  Symbols after data node names: "?" means an optional node and "*"
      denotes a "list" or "leaf-list".

   o  Parentheses enclose choice and case nodes, and case nodes are also
      marked with a colon (":").

   o  Ellipsis ("...") stands for contents of subtrees that are not
      shown.

2.  Design of the Data Model

   This data model is based on the [key-chain] data model which intends
   to manage keys by grouping a set of keys into a key-chain.  A routing
   protocol that requires authentication keys for authentication
   purposes subsequently references a key-chain containing the keys that



Chen                       Expires in 6 months                  [Page 3]


Internet Draft               Key Table YANG                March 9, 2015


   the routing protocol intends to used for authentication.

   To incorporate all the key attributes defined in [RFC7210] into the
   [key-chain] data model, this data model augments the [key-chain] data
   model by adding additional leafs into each key defined in [key-
   chain].


   module: ietf-rfc7210

   augment /kc:key-chains/kc:key:
      +--rw admin-key-name?           string {rfc7210-admin-key-name}?
      +--rw local-key-name?           string {rfc7210-local-key-name}?
      +--rw peer-key-name?            string {rfc7210-peer-key-name}?
      +--rw peers*                    string {rfc-7210-peers}?
      +--rw interfaces*               string {rfc-7210-interfaces}?
      +--rw protocol?                 identityref {rfc-7210-protocol}?
      +--rw protocol-specific-info?   string {rfc-7210-protocol-
   specific-info}?
      +--rw (kdf)? {rfc-7210-KDF}?
      |  +--:(no-kdf)
      |  |  +--rw no-kdf?                   empty
      |  +--:(aes-128-cmac-kdf)
      |  |  +--rw aes-128-cmac-kdf?         empty
      |  +--:(hmac-sha-1-kdf)
      |     +--rw hmac-sha-1-kdf?           empty
      +--rw direction?                enumeration {rfc-7210-direction}?

3.  YANG Module

   <CODE BEGINS> file "ietf-rfc7210.yang"

   module ietf-rfc7210 {
     /* replace with IANA namespace when assigned */
     namespace "urn:ietf:params:xml:ns:yang:ietf-rfc7210";
     prefix "ietf-rfc7210";

     import ietf-routing {
       prefix "rt";
     }

     import ietf-key-chain {
       prefix "kc";
     }

     organization
       "Ericsson";




Chen                       Expires in 6 months                  [Page 4]


Internet Draft               Key Table YANG                March 9, 2015


     contact
       "I. Chen - ing-wher.chen@ericsson.com";

     description
       "This YANG module augments the ietf-key-chain module by " +
       "adding attributes defined in RFC 7210";
     revision 2015-03-09 {
       description
         "Initial revision.";
       reference
         "RFC XXXX: A YANG Data Model to augment ietf-key-chain " +
         "to support RFC 7210";
     }

     identity all-routing-protocols {
       base "rt:routing-protocol";
       description
         "All routing protocols";
     }

     feature rfc7210-admin-key-name {
       description
         "Support for RFC 7210 AdminKeyName field";
     }

     feature rfc7210-local-key-name {
       description
         "Support for RFC 7210 LocalKeyName field";
     }

     feature rfc7210-peer-key-name {
       description
         "Support for RFC 7210 PeerKeyName field";
     }

     feature rfc-7210-peers {
       description
         "Support for RFC 7210 Peers field";
     }

     feature rfc-7210-protocol-specific-info {
       description
         "Support for RFC 7210 ProtocolSpecificInfo field";
     }

     feature rfc-7210-interfaces {
       description
         "Support for RFC 7210 Interfaces field";



Chen                       Expires in 6 months                  [Page 5]


Internet Draft               Key Table YANG                March 9, 2015


     }

     feature rfc-7210-protocol {
       description
         "Support for RFC 7210 Protocol field";
     }

     feature rfc-7210-KDF {
       description
         "Support for RFC 7210 KDF field";
     }

     feature rfc-7210-direction {
       description
         "Support for RFC 7210 Direction field";
     }

     augment "/kc:key-chains/kc:key" {
       description
         "Additional attributes of a key required by RFC 7210";

       leaf admin-key-name {
         if-feature rfc7210-admin-key-name;
         type string;
         description
           "RFC 7210 AdminKeyName field.";
       }
       leaf local-key-name {
         if-feature rfc7210-local-key-name;
         type string;
         description
           "RFC 7210 LocalKeyName field.";
       }
       leaf peer-key-name {
         if-feature rfc7210-peer-key-name;
         type string;
         description
           "RFC 7210 PeerKeyName field.";
       }
       leaf-list peers {
         if-feature rfc-7210-peers;
         type string;
         description
           "RFC 7210 Peers field.";
       }
       leaf-list interfaces {
         if-feature rfc-7210-interfaces;
         type string;



Chen                       Expires in 6 months                  [Page 6]


Internet Draft               Key Table YANG                March 9, 2015


         description
           "RFC 7210 Interfaces field.";
       }
       leaf protocol {
         if-feature rfc-7210-protocol;
         type identityref {
           base "rt:routing-protocol";
         }
         default "all-routing-protocols";
         description
           "RFC 7210 Protocol field.";
       }
       leaf protocol-specific-info {
         if-feature rfc-7210-protocol-specific-info;
         type string;
         description
           "RFC 7210 ProtocolSpecificInfo field";
       }
       choice kdf {
         if-feature rfc-7210-KDF;
         default no-kdf;
         description
           "Key derivation functions.";
         case no-kdf {
           leaf no-kdf {
             type empty;
             description
               "No KDF used with the key.";
           }
         }
         case aes-128-cmac-kdf {
           leaf aes-128-cmac-kdf {
             type empty;
             description
               "AES-CMAC using 128-bit keys.";
           }
         }
         case hmac-sha-1-kdf {
          leaf hmac-sha-1-kdf {
             type empty;
             description
               "HMAC using SHA-1-hash.";
           }
         }
       }
       leaf direction {
         if-feature rfc-7210-direction;
         type enumeration {



Chen                       Expires in 6 months                  [Page 7]


Internet Draft               Key Table YANG                March 9, 2015


           enum in {
             description
               "This key is for authenticating incoming messages.";
           }
           enum out {
             description
               "This key is for authenticating outgoing messages.";
           }
           enum both {
             description
               "This key is for authenticating both incoming and " +
               "outgoing messages.";
           }
         }
         default "both";
         description
           "Indicate whether the key is to authenticate incoming " +
           "or outgoing messages.";
       }
     }

   }

   <CODE ENDS>

4.  Security Consideration.

   TBD.

5.  IANA Considerations

   TBD.

6.  References

6.1.   Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC7210]  Housley, R., Polk, T., Hartman, S., and D. Zhang,
              "Database of Long-Lived Symmetric Cryptographic Keys", RFC
              7210, April 2014, <http://www.rfc-
              editor.org/info/rfc7210>.

   [I-D.acee-rtg-yang-key-chain] Lindem, A., Qu, Y., Yeung, D., Chen,
              I., Zhang, J., and Y. Yang, "Key Chain YANG Data Model",
              draft-acee-rtg-yang-key-chain-03 (work in progress), March



Chen                       Expires in 6 months                  [Page 8]


Internet Draft               Key Table YANG                March 9, 2015


              2015.

Author's Address

   I. Chen
   Ericsson
   Email: ing-wher.chen@ericsson.com












































Chen                       Expires in 6 months                  [Page 9]