draft-ietf-rats-yang-tpm-charra-15.txt		draft-ietf-rats-yang-tpm-charra-16.txt
	RATS Working Group H. Birkholz		RATS Working Group H. Birkholz
	Internet-Draft M. Eckel		Internet-Draft M. Eckel
	Intended status: Standards Track Fraunhofer SIT		Intended status: Standards Track Fraunhofer SIT
	Expires: 1 September 2022 S. Bhandari		Expires: 3 September 2022 S. Bhandari
	ThoughtSpot		ThoughtSpot
	E. Voit		E. Voit
	B. Sulzen		B. Sulzen
	Cisco		Cisco
	L. Xia		L. Xia
	Huawei		Huawei
	T. Laffey		T. Laffey
	HPE		HPE
	G. Fedorkow		G. Fedorkow
	Juniper		Juniper
	28 February 2022		2 March 2022
	A YANG Data Model for Challenge-Response-based Remote Attestation		A YANG Data Model for Challenge-Response-based Remote Attestation
	Procedures using TPMs		Procedures using TPMs
	draft-ietf-rats-yang-tpm-charra-15		draft-ietf-rats-yang-tpm-charra-16
	Abstract		Abstract
	This document defines YANG RPCs and a small number of configuration		This document defines YANG RPCs and a small number of configuration
	nodes required to retrieve attestation evidence about integrity		nodes required to retrieve attestation evidence about integrity
	measurements from a device, following the operational context defined		measurements from a device, following the operational context defined
	in TPM-based Network Device Remote Integrity Verification.		in TPM-based Network Device Remote Integrity Verification.
	Complementary measurement logs are also provided by the YANG RPCs,		Complementary measurement logs are also provided by the YANG RPCs,
	originating from one or more roots of trust for measurement (RTMs).		originating from one or more roots of trust for measurement (RTMs).
	The module defined requires at least one TPM 1.2 or TPM 2.0 as well		The module defined requires at least one TPM 1.2 or TPM 2.0 as well
	skipping to change at page 2, line 10 ¶		skipping to change at page 2, line 10 ¶
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute		Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-		working documents as Internet-Drafts. The list of current Internet-
	Drafts is at https://datatracker.ietf.org/drafts/current/.		Drafts is at https://datatracker.ietf.org/drafts/current/.
	Internet-Drafts are draft documents valid for a maximum of six months		Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any		and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference		time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."		material or to cite them other than as "work in progress."
	This Internet-Draft will expire on 1 September 2022.		This Internet-Draft will expire on 3 September 2022.
	Copyright Notice		Copyright Notice
	Copyright (c) 2022 IETF Trust and the persons identified as the		Copyright (c) 2022 IETF Trust and the persons identified as the
	document authors. All rights reserved.		document authors. All rights reserved.
	This document is subject to BCP 78 and the IETF Trust's Legal		This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents (https://trustee.ietf.org/		Provisions Relating to IETF Documents (https://trustee.ietf.org/
	license-info) in effect on the date of publication of this document.		license-info) in effect on the date of publication of this document.
	Please review these documents carefully, as they describe your rights		Please review these documents carefully, as they describe your rights
	skipping to change at page 2, line 33 ¶		skipping to change at page 2, line 33 ¶
	described in Section 4.e of the Trust Legal Provisions and are		described in Section 4.e of the Trust Legal Provisions and are
	provided without warranty as described in the Revised BSD License.		provided without warranty as described in the Revised BSD License.
	Table of Contents		Table of Contents
	1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2		1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
	1.1. Requirements notation . . . . . . . . . . . . . . . . . . 3		1.1. Requirements notation . . . . . . . . . . . . . . . . . . 3
	2. The YANG Module for Basic Remote Attestation Procedures . . . 3		2. The YANG Module for Basic Remote Attestation Procedures . . . 3
	2.1. YANG Modules . . . . . . . . . . . . . . . . . . . . . . 3		2.1. YANG Modules . . . . . . . . . . . . . . . . . . . . . . 3
	2.1.1. 'ietf-tpm-remote-attestation' . . . . . . . . . . . . 4		2.1.1. 'ietf-tpm-remote-attestation' . . . . . . . . . . . . 4
	2.1.2. 'ietf-tcg-algs' . . . . . . . . . . . . . . . . . . . 33		2.1.2. 'ietf-tcg-algs' . . . . . . . . . . . . . . . . . . . 32
	3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 48		3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 48
	4. Security Considerations . . . . . . . . . . . . . . . . . . . 49		4. Security Considerations . . . . . . . . . . . . . . . . . . . 49
	5. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 51		5. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 50
	6. References . . . . . . . . . . . . . . . . . . . . . . . . . 52		6. References . . . . . . . . . . . . . . . . . . . . . . . . . 51
	6.1. Normative References . . . . . . . . . . . . . . . . . . 52		6.1. Normative References . . . . . . . . . . . . . . . . . . 51
	6.2. Informative References . . . . . . . . . . . . . . . . . 57		6.2. Informative References . . . . . . . . . . . . . . . . . 57
	Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 57		Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 57
	1. Introduction		1. Introduction
	This document is based on the general terminology defined in the		This document is based on the general terminology defined in the
	[I-D.ietf-rats-architecture] and uses the operational context defined		[I-D.ietf-rats-architecture] and uses the operational context defined
	in [I-D.ietf-rats-tpm-based-network-device-attest] as well as the		in [I-D.ietf-rats-tpm-based-network-device-attest] as well as the
	interaction model and information elements defined in		interaction model and information elements defined in
	[I-D.ietf-rats-reference-interaction-models]. The currently		[I-D.ietf-rats-reference-interaction-models]. The currently
	skipping to change at page 4, line 7 ¶		skipping to change at page 4, line 7 ¶
	attacks. The method for communicating the relationship of each		attacks. The method for communicating the relationship of each
	individual TPM to specific measured component within the Composite		individual TPM to specific measured component within the Composite
	Device is out of the scope of this document.		Device is out of the scope of this document.
	2.1. YANG Modules		2.1. YANG Modules
	In this section the several YANG modules are defined.		In this section the several YANG modules are defined.
	2.1.1. 'ietf-tpm-remote-attestation'		2.1.1. 'ietf-tpm-remote-attestation'
	This YANG module imports modules from [RFC6991], [RFC8348],		This YANG module imports modules from [RFC6991] with prefix 'yang',
	[I-D.ietf-netconf-keystore], and ietf-tcg-algs.yang Section 2.1.2.3.		[RFC8348] with prefix 'hw', [I-D.ietf-netconf-keystore] with prefix
			'ks', and 'ietf-tcg-algs.yang' Section 2.1.2.3 with prefix 'taa'.
	Additionally references are made to [RFC8032], [RFC8017], [RFC6933],		Additionally references are made to [RFC8032], [RFC8017], [RFC6933],
	[TPM1.2-Commands], [TPM2.0-Arch], [TPM2.0-Structures], [TPM2.0-Key],		[TPM1.2-Commands], [TPM2.0-Arch], [TPM2.0-Structures], [TPM2.0-Key],
	[TPM1.2-Structures], [bios-log], [ima-log], [BIOS-Log-Event-Type] and		[TPM1.2-Structures], [bios-log], [ima-log], [BIOS-Log-Event-Type] and
	[netequip-boot-log].		[netequip-boot-log].
	2.1.1.1. Features		2.1.1.1. Features
	This module supports the following features:		This module supports the following features:
	* 'TPMs': Indicates that multiple TPMs on the device can support		* 'TPMs': Indicates that multiple TPMs on the device can support
	skipping to change at page 10, line 11 ¶		skipping to change at page 10, line 11 ¶
	+--ro node-location? string		+--ro node-location? string
	2.1.1.6. YANG Module		2.1.1.6. YANG Module
	<CODE BEGINS> file "ietf-tpm-remote-attestation@2022-02-16.yang"		<CODE BEGINS> file "ietf-tpm-remote-attestation@2022-02-16.yang"
	module ietf-tpm-remote-attestation {		module ietf-tpm-remote-attestation {
	namespace "urn:ietf:params:xml:ns:yang:ietf-tpm-remote-attestation";		namespace "urn:ietf:params:xml:ns:yang:ietf-tpm-remote-attestation";
	prefix tpm;		prefix tpm;
	import ietf-yang-types {		import ietf-yang-types {
	prefix yang;		prefix yang;
	reference
	"RFC 6991: Common YANG Data Types.";
	}		}
	import ietf-hardware {		import ietf-hardware {
	prefix hw;		prefix hw;
	reference
	"RFC 8348: A YANG Data Model for Hardware Management.";
	}		}
	import ietf-keystore {		import ietf-keystore {
	prefix ks;		prefix ks;
	reference
	"draft-ietf-netconf-keystore:
	A YANG Data Model for a Keystore.";
	}		}
	import ietf-tcg-algs {		import ietf-tcg-algs {
	prefix taa;		prefix taa;
	reference
	"RFC XXXX: A YANG Data Model for Challenge-Response-based
	Remote Attestation Procedures using TPMs.";
	}		}
	organization		organization
	"IETF RATS (Remote ATtestation procedureS) Working Group";		"IETF RATS (Remote ATtestation procedureS) Working Group";
	contact		contact
	"WG Web : <https://datatracker.ietf.org/wg/rats/>		"WG Web : <https://datatracker.ietf.org/wg/rats/>
	WG List : <mailto:rats@ietf.org>		WG List : <mailto:rats@ietf.org>
	Author : Eric Voit <evoit@cisco.com>		Author : Eric Voit <evoit@cisco.com>
	Author : Henk Birkholz <henk.birkholz@sit.fraunhofer.de>		Author : Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
	Author : Michael Eckel <michael.eckel@sit.fraunhofer.de>		Author : Michael Eckel <michael.eckel@sit.fraunhofer.de>
	skipping to change at page 11, line 22 ¶		skipping to change at page 11, line 12 ¶
	This version of this YANG module is part of RFC XXXX		This version of this YANG module is part of RFC XXXX
	(https://www.rfc-editor.org/info/rfcXXXX); see the RFC		(https://www.rfc-editor.org/info/rfcXXXX); see the RFC
	itself for full legal notices.		itself for full legal notices.
	The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL		The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
	NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',		NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
	'MAY', and 'OPTIONAL' in this document are to be interpreted as		'MAY', and 'OPTIONAL' in this document are to be interpreted as
	described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,		described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
	they appear in all capitals, as shown here.";		they appear in all capitals, as shown here.";
	revision 2022-02-16 {		revision 2022-03-02 {
	description		description
	"Initial version";		"Initial version";
	reference		reference
	"RFC XXXX: A YANG Data Model for Challenge-Response-based Remote		"RFC XXXX: A YANG Data Model for Challenge-Response-based Remote
	Attestation Procedures using TPMs";		Attestation Procedures using TPMs";
	}		}
	/*****************/		/*****************/
	/* Features */		/* Features */
	/*****************/		/*****************/
	skipping to change at page 53, line 9 ¶		skipping to change at page 52, line 33 ¶
	Birkholz, H., Thaler, D., Richardson, M., Smith, N., and		Birkholz, H., Thaler, D., Richardson, M., Smith, N., and
	W. Pan, "Remote Attestation Procedures Architecture", Work		W. Pan, "Remote Attestation Procedures Architecture", Work
	in Progress, Internet-Draft, draft-ietf-rats-architecture-		in Progress, Internet-Draft, draft-ietf-rats-architecture-
	15, 8 February 2022, <https://www.ietf.org/archive/id/		15, 8 February 2022, <https://www.ietf.org/archive/id/
	draft-ietf-rats-architecture-15.txt>.		draft-ietf-rats-architecture-15.txt>.
	[I-D.ietf-rats-tpm-based-network-device-attest]		[I-D.ietf-rats-tpm-based-network-device-attest]
	Fedorkow, G., Voit, E., and J. Fitzgerald-McKay, "TPM-		Fedorkow, G., Voit, E., and J. Fitzgerald-McKay, "TPM-
	based Network Device Remote Integrity Verification", Work		based Network Device Remote Integrity Verification", Work
	in Progress, Internet-Draft, draft-ietf-rats-tpm-based-		in Progress, Internet-Draft, draft-ietf-rats-tpm-based-
	network-device-attest-12, 23 February 2022,		network-device-attest-13, 1 March 2022,
	<https://www.ietf.org/archive/id/draft-ietf-rats-tpm-		<https://www.ietf.org/archive/id/draft-ietf-rats-tpm-
	based-network-device-attest-12.txt>.		based-network-device-attest-13.txt>.
	[IEEE-Std-1363-2000]		[IEEE-Std-1363-2000]
	"IEEE 1363-2000 - IEEE Standard Specifications for Public-		"IEEE 1363-2000 - IEEE Standard Specifications for Public-
	Key Cryptography", n.d.,		Key Cryptography", n.d.,
	<https://standards.ieee.org/standard/1363-2000.html>.		<https://standards.ieee.org/standard/1363-2000.html>.
	[IEEE-Std-1363a-2004]		[IEEE-Std-1363a-2004]
	"1363a-2004 - IEEE Standard Specifications for Public-Key		"1363a-2004 - IEEE Standard Specifications for Public-Key
	Cryptography - Amendment 1: Additional Techniques", n.d.,		Cryptography - Amendment 1: Additional Techniques", n.d.,
	<https://ieeexplore.ieee.org/document/1335427>.		<https://ieeexplore.ieee.org/document/1335427>.
End of changes. 14 change blocks.
	23 lines changed or deleted		14 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/