Internet Draft I. Chen Ericsson Intended Status: Standards Track Expires in 6 months March 9, 2015 YANG Data Model for RFC 7210 Key Table Status of this Memo Distribution of this memo is unlimited. This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on date. Copyright Notice Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Chen Expires in 6 months [Page 1] Internet Draft Key Table YANG March 9, 2015 Abstract This document defines a YANG data model to describe the key table defined in RFC 7210. The data model defined in this document augments the existing key-chain model with additional key attributes specified in RFC 7210. Chen Expires in 6 months [Page 2] Internet Draft Key Table YANG March 9, 2015 Table of Contents 1. Introduction ....................................................3 1.1 Tree Diagram ................................................3 2. Design of the Data Model ........................................3 3. YANG Module .....................................................4 4. Security Considerations .........................................8 5. IANA Considerations .............................................8 6. References ......................................................8 1. Introduction This document defines a YANG data model that supports the key table described in [RFC7210]. It reuses the [key-chain] data model by augmenting [key-chain] data model and adding into the [key-chain] data model the attributes that are defined in [RFC7210] but not currently defined in the [key-chain] data model. 1.1. Tree diagram A simplified graphical representation of the data model is presented in Section 2. The meaning of the symbols in these diagrams is as follows: o Brackets "[" and "]" enclose list keys. o Curly braces "{" and "}" contain names of optional features that make the corresponding node conditional. o Abbreviations before data node names: "rw" means configuration (read-write), and "ro" state data (read-only). o Symbols after data node names: "?" means an optional node and "*" denotes a "list" or "leaf-list". o Parentheses enclose choice and case nodes, and case nodes are also marked with a colon (":"). o Ellipsis ("...") stands for contents of subtrees that are not shown. 2. Design of the Data Model This data model is based on the [key-chain] data model which intends to manage keys by grouping a set of keys into a key-chain. A routing protocol that requires authentication keys for authentication purposes subsequently references a key-chain containing the keys that Chen Expires in 6 months [Page 3] Internet Draft Key Table YANG March 9, 2015 the routing protocol intends to used for authentication. To incorporate all the key attributes defined in [RFC7210] into the [key-chain] data model, this data model augments the [key-chain] data model by adding additional leafs into each key defined in [key- chain]. module: ietf-rfc7210 augment /kc:key-chains/kc:key: +--rw admin-key-name? string {rfc7210-admin-key-name}? +--rw local-key-name? string {rfc7210-local-key-name}? +--rw peer-key-name? string {rfc7210-peer-key-name}? +--rw peers* string {rfc-7210-peers}? +--rw interfaces* string {rfc-7210-interfaces}? +--rw protocol? identityref {rfc-7210-protocol}? +--rw protocol-specific-info? string {rfc-7210-protocol- specific-info}? +--rw (kdf)? {rfc-7210-KDF}? | +--:(no-kdf) | | +--rw no-kdf? empty | +--:(aes-128-cmac-kdf) | | +--rw aes-128-cmac-kdf? empty | +--:(hmac-sha-1-kdf) | +--rw hmac-sha-1-kdf? empty +--rw direction? enumeration {rfc-7210-direction}? 3. YANG Module file "ietf-rfc7210.yang" module ietf-rfc7210 { /* replace with IANA namespace when assigned */ namespace "urn:ietf:params:xml:ns:yang:ietf-rfc7210"; prefix "ietf-rfc7210"; import ietf-routing { prefix "rt"; } import ietf-key-chain { prefix "kc"; } organization "Ericsson"; Chen Expires in 6 months [Page 4] Internet Draft Key Table YANG March 9, 2015 contact "I. Chen - ing-wher.chen@ericsson.com"; description "This YANG module augments the ietf-key-chain module by " + "adding attributes defined in RFC 7210"; revision 2015-03-09 { description "Initial revision."; reference "RFC XXXX: A YANG Data Model to augment ietf-key-chain " + "to support RFC 7210"; } identity all-routing-protocols { base "rt:routing-protocol"; description "All routing protocols"; } feature rfc7210-admin-key-name { description "Support for RFC 7210 AdminKeyName field"; } feature rfc7210-local-key-name { description "Support for RFC 7210 LocalKeyName field"; } feature rfc7210-peer-key-name { description "Support for RFC 7210 PeerKeyName field"; } feature rfc-7210-peers { description "Support for RFC 7210 Peers field"; } feature rfc-7210-protocol-specific-info { description "Support for RFC 7210 ProtocolSpecificInfo field"; } feature rfc-7210-interfaces { description "Support for RFC 7210 Interfaces field"; Chen Expires in 6 months [Page 5] Internet Draft Key Table YANG March 9, 2015 } feature rfc-7210-protocol { description "Support for RFC 7210 Protocol field"; } feature rfc-7210-KDF { description "Support for RFC 7210 KDF field"; } feature rfc-7210-direction { description "Support for RFC 7210 Direction field"; } augment "/kc:key-chains/kc:key" { description "Additional attributes of a key required by RFC 7210"; leaf admin-key-name { if-feature rfc7210-admin-key-name; type string; description "RFC 7210 AdminKeyName field."; } leaf local-key-name { if-feature rfc7210-local-key-name; type string; description "RFC 7210 LocalKeyName field."; } leaf peer-key-name { if-feature rfc7210-peer-key-name; type string; description "RFC 7210 PeerKeyName field."; } leaf-list peers { if-feature rfc-7210-peers; type string; description "RFC 7210 Peers field."; } leaf-list interfaces { if-feature rfc-7210-interfaces; type string; Chen Expires in 6 months [Page 6] Internet Draft Key Table YANG March 9, 2015 description "RFC 7210 Interfaces field."; } leaf protocol { if-feature rfc-7210-protocol; type identityref { base "rt:routing-protocol"; } default "all-routing-protocols"; description "RFC 7210 Protocol field."; } leaf protocol-specific-info { if-feature rfc-7210-protocol-specific-info; type string; description "RFC 7210 ProtocolSpecificInfo field"; } choice kdf { if-feature rfc-7210-KDF; default no-kdf; description "Key derivation functions."; case no-kdf { leaf no-kdf { type empty; description "No KDF used with the key."; } } case aes-128-cmac-kdf { leaf aes-128-cmac-kdf { type empty; description "AES-CMAC using 128-bit keys."; } } case hmac-sha-1-kdf { leaf hmac-sha-1-kdf { type empty; description "HMAC using SHA-1-hash."; } } } leaf direction { if-feature rfc-7210-direction; type enumeration { Chen Expires in 6 months [Page 7] Internet Draft Key Table YANG March 9, 2015 enum in { description "This key is for authenticating incoming messages."; } enum out { description "This key is for authenticating outgoing messages."; } enum both { description "This key is for authenticating both incoming and " + "outgoing messages."; } } default "both"; description "Indicate whether the key is to authenticate incoming " + "or outgoing messages."; } } } 4. Security Consideration. TBD. 5. IANA Considerations TBD. 6. References 6.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC7210] Housley, R., Polk, T., Hartman, S., and D. Zhang, "Database of Long-Lived Symmetric Cryptographic Keys", RFC 7210, April 2014, . [I-D.acee-rtg-yang-key-chain] Lindem, A., Qu, Y., Yeung, D., Chen, I., Zhang, J., and Y. Yang, "Key Chain YANG Data Model", draft-acee-rtg-yang-key-chain-03 (work in progress), March Chen Expires in 6 months [Page 8] Internet Draft Key Table YANG March 9, 2015 2015. Author's Address I. Chen Ericsson Email: ing-wher.chen@ericsson.com Chen Expires in 6 months [Page 9]