draft-ietf-netconf-tls-client-server-00.txt   draft-ietf-netconf-tls-client-server-01.txt 
NETCONF Working Group K. Watsen NETCONF Working Group K. Watsen
Internet-Draft Juniper Networks Internet-Draft Juniper Networks
Intended status: Standards Track July 8, 2016 Intended status: Standards Track November 3, 2016
Expires: January 9, 2017 Expires: May 7, 2017
TLS Client and Server Models TLS Client and Server Models
draft-ietf-netconf-tls-client-server-00 draft-ietf-netconf-tls-client-server-01
Abstract Abstract
This document defines two YANG modules, one defines groupings for a This document defines two YANG modules, one defines groupings for a
generic TLS client and the other defines groupings for a generic TLS generic TLS client and the other defines groupings for a generic TLS
server. It is intended that these groupings will be used by server. It is intended that these groupings will be used by
applications using the TLS protocol. applications using the TLS protocol.
Editorial Note (To be removed by RFC Editor) Editorial Note (To be removed by RFC Editor)
This draft contains many placeholder values that need to be replaced This draft contains many placeholder values that need to be replaced
with finalized values at the time of publication. This note with finalized values at the time of publication. This note
summarizes all of the substitutions that are needed. No other RFC summarizes all of the substitutions that are needed. No other RFC
Editor instructions are specified elsewhere in this document. Editor instructions are specified elsewhere in this document.
This document contains references to other drafts in progress, both This document contains references to other drafts in progress, both
in the Normative References section, as well as in body text in the Normative References section, as well as in body text
throughout. Please update the following references to reflect their throughout. Please update the following references to reflect their
final RFC assignments: final RFC assignments:
o draft-ietf-netconf-system-keychain o draft-ietf-netconf-keystore
Artwork in this document contains shorthand references to drafts in Artwork in this document contains shorthand references to drafts in
progress. Please apply the following replacements: progress. Please apply the following replacements:
o "XXXX" --> the assigned RFC value for this draft o "XXXX" --> the assigned RFC value for this draft
o "YYYY" --> the assigned RFC value for draft-ietf-netconf-system- o "YYYY" --> the assigned RFC value for draft-ietf-netconf-keystore
keychain
Artwork in this document contains placeholder values for the date of Artwork in this document contains placeholder values for the date of
publication of this draft. Please apply the following replacement: publication of this draft. Please apply the following replacement:
o "2016-07-08" --> the publication date of this draft o "2016-11-02" --> the publication date of this draft
The following two Appendix sections are to be removed prior to The following two Appendix sections are to be removed prior to
publication: publication:
o Appendix A. Change Log o Appendix A. Change Log
o Appendix B. Open Issues o Appendix B. Open Issues
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
skipping to change at page 2, line 21 skipping to change at page 2, line 20
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 9, 2017. This Internet-Draft will expire on May 7, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 45 skipping to change at page 2, line 44
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
1.2. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3
2. The TLS Client Model . . . . . . . . . . . . . . . . . . . . 4 2. The TLS Client Model . . . . . . . . . . . . . . . . . . . . 4
2.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 4 2.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 4
2.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 5 2.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 4
2.3. YANG Model . . . . . . . . . . . . . . . . . . . . . . . 5 2.3. YANG Model . . . . . . . . . . . . . . . . . . . . . . . 5
3. The TLS Server Model . . . . . . . . . . . . . . . . . . . . 7 3. The TLS Server Model . . . . . . . . . . . . . . . . . . . . 7
3.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 7 3.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 7
3.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 8 3.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 8
3.3. YANG Model . . . . . . . . . . . . . . . . . . . . . . . 9 3.3. YANG Model . . . . . . . . . . . . . . . . . . . . . . . 8
4. Security Considerations . . . . . . . . . . . . . . . . . . . 12 4. Security Considerations . . . . . . . . . . . . . . . . . . . 11
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
5.1. The IETF XML Registry . . . . . . . . . . . . . . . . . . 12 5.1. The IETF XML Registry . . . . . . . . . . . . . . . . . . 11
5.2. The YANG Module Names Registry . . . . . . . . . . . . . 13 5.2. The YANG Module Names Registry . . . . . . . . . . . . . 12
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 13 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 12
7.1. Normative References . . . . . . . . . . . . . . . . . . 13 7.1. Normative References . . . . . . . . . . . . . . . . . . 12
7.2. Informative References . . . . . . . . . . . . . . . . . 14 7.2. Informative References . . . . . . . . . . . . . . . . . 13
Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 15 Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 14
A.1. server-model-09 to 00 . . . . . . . . . . . . . . . . . . 15 A.1. server-model-09 to 00 . . . . . . . . . . . . . . . . . . 14
Appendix B. Open Issues . . . . . . . . . . . . . . . . . . . . 15 Appendix B. Open Issues . . . . . . . . . . . . . . . . . . . . 14
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 15 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 14
1. Introduction 1. Introduction
This document defines two YANG [RFC6020] modules, one defines This document defines two YANG [RFC6020] modules, one defines
groupings for a generic TLS client and the other defines groupings groupings for a generic TLS client and the other defines groupings
for a generic TLS server (TLS is defined in [RFC5246]). It is for a generic TLS server (TLS is defined in [RFC5246]). It is
intended that these groupings will be used by applications using the intended that these groupings will be used by applications using the
TLS protocol. For instance, these groupings could be used to help TLS protocol. For instance, these groupings could be used to help
define the data model for an HTTPS [RFC2818] server or a NETCONF over define the data model for an HTTPS [RFC2818] server or a NETCONF over
TLS [RFC7589] based server. TLS [RFC7589] based server.
skipping to change at page 4, line 29 skipping to change at page 4, line 26
2. The TLS Client Model 2. The TLS Client Model
EDITOR NOTE: Please ignore this section, it is incomplete. EDITOR NOTE: Please ignore this section, it is incomplete.
The TLS client model presented in this section contains two YANG The TLS client model presented in this section contains two YANG
groupings, one for a client that initiates the underlying TCP groupings, one for a client that initiates the underlying TCP
connection and another for a client that has had the TCP connection connection and another for a client that has had the TCP connection
opened for it already (e.g., call home). opened for it already (e.g., call home).
Both of these groupings reference data nodes defined by the System Both of these groupings reference data nodes defined by the Keystore
Keychain model [draft-ietf-netconf-system-keychain]. For instance, a model [draft-ietf-netconf-keystore]. For instance, a reference to
reference to the keychain model is made to indicate which trusted CA the keystore model is made to indicate which trusted CA certificate a
certificate a client should use to authenticate the server's client should use to authenticate the server's certificate.
certificate.
2.1. Tree Diagram 2.1. Tree Diagram
The following tree diagram presents the data model for the two The following tree diagram presents the data model for the two
groupings defined in the ietf-tls-client module. groupings defined in the ietf-tls-client module.
module: ietf-tls-client module: ietf-tls-client
groupings: groupings:
initiating-tls-client-grouping initiating-tls-client-grouping
+---- some-TBD-tcp-client-stuff? string +---- some-TBD-tcp-client-stuff? string
+---- some-TBD-tls-client-stuff? string +---- some-TBD-tls-client-stuff? string
non-initiating-tls-client-grouping non-initiating-tls-client-grouping
+---- some-TBD-tls-client-stuff? string +---- some-TBD-tls-client-stuff? string
2.2. Example Usage 2.2. Example Usage
This section shows how it would appear if the initiating-tls-client- This section shows how it would appear if the initiating-tls-client-
grouping were populated with some data. This example is consistent grouping were populated with some data. This example is consistent
with the examples presented in Section 2.2 of with the examples presented in Section 2.2 of
[draft-ietf-netconf-system-keychain]. [draft-ietf-netconf-keystore].
FIXME FIXME
2.3. YANG Model 2.3. YANG Model
This YANG module has a normative references to [RFC6991] and This YANG module has a normative references to [RFC6991] and
[draft-ietf-netconf-system-keychain]. [draft-ietf-netconf-keystore].
<CODE BEGINS> file "ietf-tls-client@2016-07-08.yang" <CODE BEGINS> file "ietf-tls-client@2016-11-02.yang"
// Editor's Note: // Editor's Note:
// This module is incomplete at this time. Below is // This module is incomplete at this time. Below is
// just a skeleton so there's something in the draft. // just a skeleton so there's something in the draft.
// Please ignore this module for now! // Please ignore this module for now!
module ietf-tls-client { module ietf-tls-client {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-tls-client"; namespace "urn:ietf:params:xml:ns:yang:ietf-tls-client";
prefix "tlsc"; prefix "tlsc";
/* /*
import ietf-inet-types { import ietf-inet-types {
prefix inet; prefix inet;
reference reference
"RFC 6991: Common YANG Data Types"; "RFC 6991: Common YANG Data Types";
} }
import ietf-system-keychain { import ietf-keystore {
prefix kc; prefix ks;
reference reference
"RFC YYYY: System Keychain Model"; "RFC YYYY: Keystore Model";
} }
*/ */
organization organization
"IETF NETCONF (Network Configuration) Working Group"; "IETF NETCONF (Network Configuration) Working Group";
contact contact
"WG Web: <http://tools.ietf.org/wg/netconf/> "WG Web: <http://tools.ietf.org/wg/netconf/>
WG List: <mailto:netconf@ietf.org> WG List: <mailto:netconf@ietf.org>
WG Chair: Mehmet Ersue WG Chair: Mehmet Ersue
skipping to change at page 6, line 29 skipping to change at page 6, line 22
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD to the license terms contained in, the Simplified BSD
License set forth in Section 4.c of the IETF Trust's License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
revision "2016-07-08" { revision "2016-11-02" {
description description
"Initial version"; "Initial version";
reference reference
"RFC XXXX: TLS Client and Server Models"; "RFC XXXX: TLS Client and Server Models";
} }
grouping initiating-tls-client-grouping { grouping initiating-tls-client-grouping {
description description
"A reusable grouping for a TLS client that initiates the "A reusable grouping for a TLS client that initiates the
underlying TCP transport connection."; underlying TCP transport connection.";
skipping to change at page 7, line 4 skipping to change at page 6, line 44
type string; type string;
description ""; description "";
} }
uses non-initiating-tls-client-grouping; uses non-initiating-tls-client-grouping;
} }
grouping non-initiating-tls-client-grouping { grouping non-initiating-tls-client-grouping {
description description
"A reusable grouping for a TLS client that does not initiate "A reusable grouping for a TLS client that does not initiate
the underlying TCP transport connection."; the underlying TCP transport connection.";
leaf some-TBD-tls-client-stuff { leaf some-TBD-tls-client-stuff {
type string; type string;
description ""; description "";
} }
} }
} }
<CODE ENDS> <CODE ENDS>
3. The TLS Server Model 3. The TLS Server Model
The TLS server model presented in this section contains two YANG The TLS server model presented in this section contains two YANG
groupings, one for a server that opens a socket to accept TCP groupings, one for a server that opens a socket to accept TCP
connections and another for a server that has had the TCP connection connections and another for a server that has had the TCP connection
opened for it already (e.g., inetd). opened for it already (e.g., inetd).
Both of these groupings reference data nodes defined by the System Both of these groupings reference data nodes defined by the Keystore
Keychain model [draft-ietf-netconf-system-keychain]. For instance, a model [draft-ietf-netconf-keystore]. For instance, a reference to
reference to the keychain model is made to indicate the certificate a the keystore model is made to indicate the certificate a server
server should present. should present.
3.1. Tree Diagram 3.1. Tree Diagram
The following tree diagram presents the data model for the two The following tree diagram presents the data model for the two
groupings defined in the ietf-tls-server module. groupings defined in the ietf-tls-server module.
module: ietf-tls-server module: ietf-tls-server
groupings: groupings:
listening-tls-server-grouping listening-tls-server-grouping
+---- address? inet:ip-address +---- address? inet:ip-address
+---- port? inet:port-number +---- port? inet:port-number
+---- certificates +---- certificates
| +---- certificate* [name] | +---- certificate* [name]
| +---- name? -> /kc:keychain/private-keys/private-key/certi | +---- name? -> /ks:keystore/private-keys/private-key/cert
ficate-chains/certificate-chain/name ificate-chains/certificate-chain/name
+---- client-auth +---- client-auth
+---- trusted-ca-certs? -> /kc:keychain/trusted-certifica +---- trusted-ca-certs? -> /ks:keystore/trusted-certific
tes/name ates/name
+---- trusted-client-certs? -> /kc:keychain/trusted-certifica +---- trusted-client-certs? -> /ks:keystore/trusted-certific
tes/name ates/name
non-listening-tls-server-grouping non-listening-tls-server-grouping
+---- certificates +---- certificates
| +---- certificate* [name] | +---- certificate* [name]
| +---- name? -> /kc:keychain/private-keys/private-key/certi | +---- name? -> /ks:keystore/private-keys/private-key/cert
ficate-chains/certificate-chain/name ificate-chains/certificate-chain/name
+---- client-auth +---- client-auth
+---- trusted-ca-certs? -> /kc:keychain/trusted-certifica +---- trusted-ca-certs? -> /ks:keystore/trusted-certific
tes/name ates/name
+---- trusted-client-certs? -> /kc:keychain/trusted-certifica +---- trusted-client-certs? -> /ks:keystore/trusted-certific
tes/name ates/name
3.2. Example Usage 3.2. Example Usage
This section shows how it would appear if the listening-tls-server- This section shows how it would appear if the listening-tls-server-
grouping were populated with some data. This example is consistent grouping were populated with some data. This example is consistent
with the examples presented in Section 2.2 of with the examples presented in Section 2.2 of
[draft-ietf-netconf-system-keychain]. [draft-ietf-netconf-keystore].
<listening-tls-server <listening-tls-server
xmlns="urn:ietf:params:xml:ns:yang:ietf-tls-server"> xmlns="urn:ietf:params:xml:ns:yang:ietf-tls-server">
<port>6513</port> <port>6513</port>
<certificates> <certificates>
<certificate> <certificate>
<name>ex-key-sect571r1-cert</name> <name>ex-key-sect571r1-cert</name>
</certificate> </certificate>
</certificates> </certificates>
<client-auth> <client-auth>
skipping to change at page 9, line 26 skipping to change at page 8, line 33
</trusted-ca-certs> </trusted-ca-certs>
<trusted-client-certs> <trusted-client-certs>
explicitly-trusted-client-certs explicitly-trusted-client-certs
</trusted-client-certs> </trusted-client-certs>
</client-auth> </client-auth>
</listening-tls-server> </listening-tls-server>
3.3. YANG Model 3.3. YANG Model
This YANG module has a normative references to [RFC6991], and This YANG module has a normative references to [RFC6991], and
[draft-ietf-netconf-system-keychain]. [draft-ietf-netconf-keystore].
<CODE BEGINS> file "ietf-tls-server@2016-07-08.yang" <CODE BEGINS> file "ietf-tls-server@2016-11-02.yang"
module ietf-tls-server { module ietf-tls-server {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-tls-server"; namespace "urn:ietf:params:xml:ns:yang:ietf-tls-server";
prefix "tlss"; prefix "tlss";
import ietf-inet-types { import ietf-inet-types {
prefix inet; prefix inet;
reference reference
"RFC 6991: Common YANG Data Types"; "RFC 6991: Common YANG Data Types";
} }
import ietf-system-keychain { import ietf-keystore {
prefix kc; prefix ks;
reference reference
"RFC YYYY: System Keychain Model"; "RFC YYYY: Keystore Model";
} }
organization organization
"IETF NETCONF (Network Configuration) Working Group"; "IETF NETCONF (Network Configuration) Working Group";
contact contact
"WG Web: <http://tools.ietf.org/wg/netconf/> "WG Web: <http://tools.ietf.org/wg/netconf/>
WG List: <mailto:netconf@ietf.org> WG List: <mailto:netconf@ietf.org>
WG Chair: Mehmet Ersue WG Chair: Mehmet Ersue
skipping to change at page 10, line 33 skipping to change at page 9, line 40
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD to the license terms contained in, the Simplified BSD
License set forth in Section 4.c of the IETF Trust's License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
revision "2016-07-08" { revision "2016-11-02" {
description description
"Initial version"; "Initial version";
reference reference
"RFC XXXX: TLS Client and Server Models"; "RFC XXXX: TLS Client and Server Models";
} }
// grouping // grouping
grouping non-listening-tls-server-grouping { grouping non-listening-tls-server-grouping {
description description
"A reusable grouping for a TLS server that can be used as a "A reusable grouping for a TLS server that can be used as a
skipping to change at page 11, line 18 skipping to change at page 10, line 24
list certificate { list certificate {
key name; key name;
min-elements 1; min-elements 1;
description description
"An unordered list of certificates the TLS server can pick "An unordered list of certificates the TLS server can pick
from when sending its Server Certificate message."; from when sending its Server Certificate message.";
reference reference
"RFC 5246: The TLS Protocol, Section 7.4.2"; "RFC 5246: The TLS Protocol, Section 7.4.2";
leaf name { leaf name {
type leafref { type leafref {
path "/kc:keychain/kc:private-keys/kc:private-key/" path "/ks:keystore/ks:private-keys/ks:private-key/"
+ "kc:certificate-chains/kc:certificate-chain/" + "ks:certificate-chains/ks:certificate-chain/"
+ "kc:name"; + "ks:name";
} }
description description
"The name of the certificate in the keychain."; "The name of the certificate in the keystore.";
} }
} }
} }
container client-auth { container client-auth {
description description
"A reference to a list of trusted certificate authority (CA) "A reference to a list of trusted certificate authority (CA)
certificates and a reference to a list of trusted client certificates and a reference to a list of trusted client
certificates."; certificates.";
leaf trusted-ca-certs { leaf trusted-ca-certs {
type leafref { type leafref {
path "/kc:keychain/kc:trusted-certificates/kc:name"; path "/ks:keystore/ks:trusted-certificates/ks:name";
} }
description description
"A reference to a list of certificate authority (CA) "A reference to a list of certificate authority (CA)
certificates used by the TLS server to authenticate certificates used by the TLS server to authenticate
TLS client certificates."; TLS client certificates.";
} }
leaf trusted-client-certs { leaf trusted-client-certs {
type leafref { type leafref {
path "/kc:keychain/kc:trusted-certificates/kc:name"; path "/ks:keystore/ks:trusted-certificates/ks:name";
} }
description description
"A reference to a list of client certificates used by "A reference to a list of client certificates used by
the TLS server to authenticate TLS client certificates. the TLS server to authenticate TLS client certificates.
A clients certificate is authenticated if it is an A clients certificate is authenticated if it is an
exact match to a configured trusted client certificate."; exact match to a configured trusted client certificate.";
} }
} }
} }
grouping listening-tls-server-grouping { grouping listening-tls-server-grouping {
description description
"A reusable grouping for a TLS server that can be used as a "A reusable grouping for a TLS server that can be used as a
basis for specific TLS server instances."; basis for specific TLS server instances.";
leaf address { leaf address {
type inet:ip-address; type inet:ip-address;
description description
skipping to change at page 13, line 41 skipping to change at page 12, line 41
The authors would like to thank for following for lively discussions The authors would like to thank for following for lively discussions
on list and in the halls (ordered by last name): Andy Bierman, Martin on list and in the halls (ordered by last name): Andy Bierman, Martin
Bjorklund, Benoit Claise, Mehmet Ersue, David Lamparter, Alan Luchuk, Bjorklund, Benoit Claise, Mehmet Ersue, David Lamparter, Alan Luchuk,
Ladislav Lhotka, Radek Krejci, Tom Petch, Juergen Schoenwaelder, Phil Ladislav Lhotka, Radek Krejci, Tom Petch, Juergen Schoenwaelder, Phil
Shafer, Sean Turner, and Bert Wijnen. Shafer, Sean Turner, and Bert Wijnen.
7. References 7. References
7.1. Normative References 7.1. Normative References
[draft-ietf-netconf-system-keychain] [draft-ietf-netconf-keystore]
Watsen, K., "System Keychain Model", draft-ieft-netconf- Watsen, K., "Keystore Model", draft-ieft-netconf-
system-keychain-00 (work in progress), 2016, keystore-00 (work in progress), 2016,
<https://datatracker.ietf.org/html/draft-ieft-netconf- <https://datatracker.ietf.org/html/draft-ieft-netconf-
system-keychain>. keystore>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>. <http://www.rfc-editor.org/info/rfc2119>.
[RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for
the Network Configuration Protocol (NETCONF)", RFC 6020, the Network Configuration Protocol (NETCONF)", RFC 6020,
DOI 10.17487/RFC6020, October 2010, DOI 10.17487/RFC6020, October 2010,
<http://www.rfc-editor.org/info/rfc6020>. <http://www.rfc-editor.org/info/rfc6020>.
 End of changes. 38 change blocks. 
83 lines changed or deleted 80 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/