rfc9645v2.txt | rfc9645.txt | |||
---|---|---|---|---|
skipping to change at line 1537 ¶ | skipping to change at line 1537 ¶ | |||
No configuration is required since the PSK value is the | No configuration is required since the PSK value is the | |||
same as the PSK value configured in the 'client-identity' | same as the PSK value configured in the 'client-identity' | |||
node."; | node."; | |||
} | } | |||
leaf tls13-epsks { | leaf tls13-epsks { | |||
if-feature "server-auth-tls13-epsk"; | if-feature "server-auth-tls13-epsk"; | |||
type empty; | type empty; | |||
description | description | |||
"Indicates that the TLS client can authenticate TLS servers | "Indicates that the TLS client can authenticate TLS servers | |||
using configured external PSKs (pre-shared keys). | using configured External PSKs (pre-shared keys). | |||
No configuration is required since the PSK value is the | No configuration is required since the PSK value is the | |||
same as the PSK value configured in the 'client-identity' | same as the PSK value configured in the 'client-identity' | |||
node."; | node."; | |||
} | } | |||
} // container server-authentication | } // container server-authentication | |||
container hello-params { | container hello-params { | |||
nacm:default-deny-write; | nacm:default-deny-write; | |||
if-feature "tlscmn:hello-params"; | if-feature "tlscmn:hello-params"; | |||
uses tlscmn:hello-params-grouping; | uses tlscmn:hello-params-grouping; | |||
skipping to change at line 2335 ¶ | skipping to change at line 2335 ¶ | |||
No configuration is required since the PSK value is the | No configuration is required since the PSK value is the | |||
same as PSK value configured in the 'server-identity' | same as PSK value configured in the 'server-identity' | |||
node."; | node."; | |||
} | } | |||
leaf tls13-epsks { | leaf tls13-epsks { | |||
if-feature "client-auth-tls13-epsk"; | if-feature "client-auth-tls13-epsk"; | |||
type empty; | type empty; | |||
description | description | |||
"Indicates that the TLS 1.3 server can authenticate TLS | "Indicates that the TLS 1.3 server can authenticate TLS | |||
clients using configured external PSKs (pre-shared keys). | clients using configured External PSKs (pre-shared keys). | |||
No configuration is required since the PSK value is the | No configuration is required since the PSK value is the | |||
same as PSK value configured in the 'server-identity' | same as PSK value configured in the 'server-identity' | |||
node."; | node."; | |||
} | } | |||
} // container client-authentication | } // container client-authentication | |||
container hello-params { | container hello-params { | |||
nacm:default-deny-write; | nacm:default-deny-write; | |||
if-feature "tlscmn:hello-params"; | if-feature "tlscmn:hello-params"; | |||
uses tlscmn:hello-params-grouping; | uses tlscmn:hello-params-grouping; | |||
skipping to change at line 2413 ¶ | skipping to change at line 2413 ¶ | |||
will not be deployed as standalone modules. Their security | will not be deployed as standalone modules. Their security | |||
implications may be context dependent based on their use in other | implications may be context dependent based on their use in other | |||
modules. The designers of modules that import these grouping must | modules. The designers of modules that import these grouping must | |||
conduct their own analysis of the security considerations. | conduct their own analysis of the security considerations. | |||
5.1. Considerations for the "iana-tls-cipher-suite-algs" YANG Module | 5.1. Considerations for the "iana-tls-cipher-suite-algs" YANG Module | |||
This section follows the template defined in Section 3.7.1 of | This section follows the template defined in Section 3.7.1 of | |||
[RFC8407]. | [RFC8407]. | |||
The "iana-tls-cipher-suite-algs" YANG module defines defines a data | The "iana-tls-cipher-suite-algs" YANG module defines a data model | |||
model that is designed to be accessed via YANG-based network | that is designed to be accessed via YANG-based network management | |||
management protocols such as NETCONF [RFC6241] and RESTCONF | protocols such as NETCONF [RFC6241] and RESTCONF [RFC8040]. Both of | |||
[RFC8040]. Both of these protocols have mandatory-to-implement | these protocols have mandatory-to-implement secure transport layers | |||
secure transport layers (e.g., SSH, TLS) with mutual authentication. | (e.g., SSH, TLS) with mutual authentication. | |||
The Network Configuration Access Control Model (NACM) [RFC8341] | The Network Configuration Access Control Model (NACM) [RFC8341] | |||
provides the means to restrict access for particular users to a | provides the means to restrict access for particular users to a | |||
preconfigured subset of all available protocol operations and | preconfigured subset of all available protocol operations and | |||
content. | content. | |||
This YANG module defines YANG enumerations, for a public IANA- | This YANG module defines YANG enumerations, for a public IANA- | |||
maintained registry. | maintained registry. | |||
YANG enumerations are not security-sensitive, as they are statically | YANG enumerations are not security-sensitive, as they are statically | |||
End of changes. 3 change blocks. | ||||
7 lines changed or deleted | 7 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. |