"This module defines reusable groupings for TLS servers that
can be used as a basis for specific TLS server instances.
- Copyright (c) 2022 IETF Trust and the persons identified
+ Copyright (c) 2023 IETF Trust and the persons identified
as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with
(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
- revision 2022-12-12 {
+ revision 2023-04-17 {
description
"Initial version";
reference
description
"Specifies the server identity using a certificate.";
uses
- ks:local-or-keystore-end-entity-cert-with-key-grouping{
- refine "local-or-keystore/local/local-definition" {
+ "ks:inline-or-keystore-end-entity-cert-with-key-"
+ + "grouping" {
+ refine "inline-or-keystore/inline/inline-definition" {
must 'derived-from-or-self(public-key-format,'
+ ' "ct:subject-public-key-info-format")';
}
- refine "local-or-keystore/keystore/keystore-reference"
+ refine "inline-or-keystore/keystore/keystore-reference"
+ "/asymmetric-key" {
must 'derived-from-or-self(deref(.)/../ks:public-'
+ 'key-format, "ct:subject-public-key-info-'
description
"Specifies the server identity using a raw
private key.";
- uses ks:local-or-keystore-asymmetric-key-grouping {
- refine "local-or-keystore/local/local-definition" {
+ uses ks:inline-or-keystore-asymmetric-key-grouping {
+ refine "inline-or-keystore/inline/inline-definition" {
must 'derived-from-or-self(public-key-format,'
+ ' "ct:subject-public-key-info-format")';
}
- refine "local-or-keystore/keystore/keystore-reference"{
+ refine
+ "inline-or-keystore/keystore/keystore-reference" {
must 'derived-from-or-self(deref(.)/../ks:public-'
+ 'key-format, "ct:subject-public-key-info-'
+ 'format")';
description
"Specifies the server identity using a PSK (pre-shared
or pairwise-symmetric key).";
- uses ks:local-or-keystore-symmetric-key-grouping;
+ uses ks:inline-or-keystore-symmetric-key-grouping;
leaf id_hint {
type string;
description
and the EPSK input fields detailed in
I-D draft-ietf-tls-external-psk-importer
Section 3.1. The base-key is based upon
- ks:local-or-keystore-symmetric-key-grouping
+ ks:inline-or-keystore-symmetric-key-grouping
in order to provide users with flexible and
secure storage options.";
reference
External PSKs for TLS
I-D.ietf-tls-external-psk-guidance: Guidance
for External PSK Usage in TLS";
- uses ks:local-or-keystore-symmetric-key-grouping;
+ uses ks:inline-or-keystore-symmetric-key-grouping;
leaf external-identity {
type string;
mandatory true;
chain of trust to a configured CA certificate.";
reference
"RFC BBBB: A YANG Data Model for a Truststore";
- uses ts:local-or-truststore-certs-grouping;
+ uses ts:inline-or-truststore-certs-grouping;
}
container ee-certs {
if-feature "client-auth-x509-cert";
match to a configured client certificate.";
reference
"RFC BBBB: A YANG Data Model for a Truststore";
- uses ts:local-or-truststore-certs-grouping;
+ uses ts:inline-or-truststore-certs-grouping;
}
container raw-public-keys {
if-feature "client-auth-raw-public-key";
is an exact match to a configured raw public key.";
reference
"RFC BBBB: A YANG Data Model for a Truststore";
- uses ts:local-or-truststore-public-keys-grouping {
- refine "local-or-truststore/local/local-definition/"
+ uses ts:inline-or-truststore-public-keys-grouping {
+ refine "inline-or-truststore/inline/inline-definition/"
+ "public-key" {
must 'derived-from-or-self(public-key-format,'
+ ' "ct:subject-public-key-info-format")';
}
- refine "local-or-truststore/truststore/truststore-"
+ refine "inline-or-truststore/truststore/truststore-"
+ "reference" {
must 'not(deref(.)/../ts:public-key/ts:public-key-'
+ 'format[not(derived-from-or-self(., "ct:subject-'