(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
- revision 2023-04-17 {
+ revision 2023-12-28 {
description
"Initial version";
reference
feature central-keystore-supported {
description
"The 'central-keystore-supported' feature indicates that
- the server supports the keystore (i.e., implements the
- 'ietf-keystore' module).";
+ the server supports the central keystore (i.e., fully
+ implements the 'ietf-keystore' module).";
}
feature inline-definitions-supported {
}
description
"This typedef enables modules to easily define a reference
- to a symmetric key stored in the keystore, when this
- module is implemented.";
+ to a symmetric key stored in the central keystore.";
}
typedef asymmetric-key-ref {
}
description
"This typedef enables modules to easily define a reference
- to an asymmetric key stored in the keystore, when this
- module is implemented.";
+ to an asymmetric key stored in the central keystore.";
}
/*****************/
/* Groupings */
/*****************/
- grouping encrypted-by-choice-grouping {
+ grouping encrypted-by-grouping {
description
"A grouping that defines a 'choice' statement that can be
augmented into the 'encrypted-by' node, present in the
'symmetric-key-grouping' and 'asymmetric-key-pair-grouping'
groupings defined in RFC AAAA, enabling references to keys
- in the keystore, when this module is implemented.";
- choice encrypted-by-choice {
+ in the central keystore.";
+ choice encrypted-by {
nacm:default-deny-write;
mandatory true;
description
}
}
+ // *-ref groupings
+
grouping asymmetric-key-certificate-ref-grouping {
description
- "This grouping defines a reference to a specific certificate
- associated with an asymmetric key stored in the keystore,
- when this module is implemented.";
+ "Grouping for the reference to a certificate associated
+ with an asymmetric key stored in the central keystore.";
leaf asymmetric-key {
nacm:default-deny-write;
if-feature "central-keystore-supported";
grouping inline-or-keystore-symmetric-key-grouping {
description
- "A grouping that expands to allow the symmetric key to be
- either stored locally, i.e., within the using data model,
- or a reference to a symmetric key stored in the keystore.
-
- Servers that do not 'implement' this module, and hence
- 'central-keystore-supported' is not defined, SHOULD
- augment in custom 'case' statements enabling references
- to the alternate keystore locations.";
+ "A grouping for the configuration of a symmetric key. The
+ symmetric key may be defined inline or as a reference to
+ a symmetric key stored in the central keystore.
+
+ Servers that do not define the 'central-keystore-supported'
+ feature SHOULD augment in custom 'case' statements enabling
+ references to alternate keystore locations.";
choice inline-or-keystore {
nacm:default-deny-write;
mandatory true;
uses ct:symmetric-key-grouping;
}
}
- case keystore {
+ case central-keystore {
if-feature "central-keystore-supported";
if-feature "symmetric-keys";
- leaf keystore-reference {
+ leaf central-keystore-reference {
type ks:symmetric-key-ref;
description
"A reference to an symmetric key that exists in
- the keystore, when this module is implemented.";
+ the central keystore.";
}
}
}
grouping inline-or-keystore-asymmetric-key-grouping {
description
- "A grouping that expands to allow the asymmetric key to be
- either stored locally, i.e., within the using data model,
- or a reference to an asymmetric key stored in the keystore.
-
- Servers that do not 'implement' this module, and hence
- 'central-keystore-supported' is not defined, SHOULD
- augment in custom 'case' statements enabling references
- to the alternate keystore locations.";
+ "A grouping for the configuration of an asymmetric key. The
+ asymmetric key may be defined inline or as a reference to
+ an asymmetric key stored in the central keystore.
+
+ Servers that do not define the 'central-keystore-supported'
+ feature SHOULD augment in custom 'case' statements enabling
+ references to alternate keystore locations.";
choice inline-or-keystore {
nacm:default-deny-write;
mandatory true;
uses ct:asymmetric-key-pair-grouping;
}
}
- case keystore {
+ case central-keystore {
if-feature "central-keystore-supported";
if-feature "asymmetric-keys";
- leaf keystore-reference {
+ leaf central-keystore-reference {
type ks:asymmetric-key-ref;
description
"A reference to an asymmetric key that exists in
- the keystore, when this module is implemented. The
- intent is to reference just the asymmetric key
- without any regard for any certificates that may
- be associated with it.";
+ the central keystore. The intent is to reference
+ just the asymmetric key without any regard for
+ any certificates that may be associated with it.";
}
}
}
grouping inline-or-keystore-asymmetric-key-with-certs-grouping {
description
- "A grouping that expands to allow an asymmetric key and
- its associated certificates to be either stored locally,
- i.e., within the using data model, or a reference to an
- asymmetric key (and its associated certificates) stored
- in the keystore.
-
- Servers that do not 'implement' this module, and hence
- 'central-keystore-supported' is not defined, SHOULD
- augment in custom 'case' statements enabling references
- to the alternate keystore locations.";
+ "A grouping for the configuration of an asymmetric key and
+ its associated certificates. The asymmetric key and its
+ associated certificates may be defined inline or as a
+ reference to an asymmetric key (and its associated
+ certificates) in the central keystore.
+
+ Servers that do not define the 'central-keystore-supported'
+ feature SHOULD augment in custom 'case' statements enabling
+ references to alternate keystore locations.";
choice inline-or-keystore {
nacm:default-deny-write;
mandatory true;
uses ct:asymmetric-key-pair-with-certs-grouping;
}
}
- case keystore {
+ case central-keystore {
if-feature "central-keystore-supported";
if-feature "asymmetric-keys";
- leaf keystore-reference {
+ leaf central-keystore-reference {
type ks:asymmetric-key-ref;
description
"A reference to an asymmetric-key (and all of its
grouping inline-or-keystore-end-entity-cert-with-key-grouping {
description
- "A grouping that expands to allow an end-entity certificate
- (and its associated asymmetric key pair) to be either stored
- locally, i.e., within the using data model, or a reference
- to a specific certificate in the keystore.
-
- Servers that do not 'implement' this module, and hence
- 'central-keystore-supported' is not defined, SHOULD
- augment in custom 'case' statements enabling references
- to the alternate keystore locations.";
+ "A grouping for the configuration of an asymmetric key and
+ its associated end-entity certificate. The asymmetric key
+ and its associated end-entity certificate may be defined
+ inline or as a reference to an asymmetric key (and its
+ associated end-entity certificate) in the central keystore.
+
+ Servers that do not define the 'central-keystore-supported'
+ feature SHOULD augment in custom 'case' statements enabling
+ references to alternate keystore locations.";
choice inline-or-keystore {
nacm:default-deny-write;
mandatory true;
uses ct:asymmetric-key-pair-with-cert-grouping;
}
}
- case keystore {
+ case central-keystore {
if-feature "central-keystore-supported";
if-feature "asymmetric-keys";
- container keystore-reference {
+ container central-keystore-reference {
uses asymmetric-key-certificate-ref-grouping;
description
"A reference to a specific certificate associated with
- an asymmetric key stored in the keystore, when this
- module is implemented.";
+ an asymmetric key stored in the central keystore.";
}
}
}
}
+ // the keystore grouping
+
grouping keystore-grouping {
description
"Grouping definition enables use in other contexts. If ever
"Augments in a choice statement enabling the encrypting
key to be any other symmetric or asymmetric key in the
central keystore.";
- uses encrypted-by-choice-grouping;
+ uses encrypted-by-grouping;
}
augment "asymmetric-keys/asymmetric-key/private-key-type/"
+ "encrypted-private-key/encrypted-private-key/"
"Augments in a choice statement enabling the encrypting
key to be any other symmetric or asymmetric key in the
central keystore.";
- uses encrypted-by-choice-grouping;
+ uses encrypted-by-grouping;
}
}
}