| rfc9645v2.txt | rfc9645.txt | |||
|---|---|---|---|---|
| skipping to change at line 1537 ¶ | skipping to change at line 1537 ¶ | |||
| No configuration is required since the PSK value is the | No configuration is required since the PSK value is the | |||
| same as the PSK value configured in the 'client-identity' | same as the PSK value configured in the 'client-identity' | |||
| node."; | node."; | |||
| } | } | |||
| leaf tls13-epsks { | leaf tls13-epsks { | |||
| if-feature "server-auth-tls13-epsk"; | if-feature "server-auth-tls13-epsk"; | |||
| type empty; | type empty; | |||
| description | description | |||
| "Indicates that the TLS client can authenticate TLS servers | "Indicates that the TLS client can authenticate TLS servers | |||
| using configured external PSKs (pre-shared keys). | using configured External PSKs (pre-shared keys). | |||
| No configuration is required since the PSK value is the | No configuration is required since the PSK value is the | |||
| same as the PSK value configured in the 'client-identity' | same as the PSK value configured in the 'client-identity' | |||
| node."; | node."; | |||
| } | } | |||
| } // container server-authentication | } // container server-authentication | |||
| container hello-params { | container hello-params { | |||
| nacm:default-deny-write; | nacm:default-deny-write; | |||
| if-feature "tlscmn:hello-params"; | if-feature "tlscmn:hello-params"; | |||
| uses tlscmn:hello-params-grouping; | uses tlscmn:hello-params-grouping; | |||
| skipping to change at line 2335 ¶ | skipping to change at line 2335 ¶ | |||
| No configuration is required since the PSK value is the | No configuration is required since the PSK value is the | |||
| same as PSK value configured in the 'server-identity' | same as PSK value configured in the 'server-identity' | |||
| node."; | node."; | |||
| } | } | |||
| leaf tls13-epsks { | leaf tls13-epsks { | |||
| if-feature "client-auth-tls13-epsk"; | if-feature "client-auth-tls13-epsk"; | |||
| type empty; | type empty; | |||
| description | description | |||
| "Indicates that the TLS 1.3 server can authenticate TLS | "Indicates that the TLS 1.3 server can authenticate TLS | |||
| clients using configured external PSKs (pre-shared keys). | clients using configured External PSKs (pre-shared keys). | |||
| No configuration is required since the PSK value is the | No configuration is required since the PSK value is the | |||
| same as PSK value configured in the 'server-identity' | same as PSK value configured in the 'server-identity' | |||
| node."; | node."; | |||
| } | } | |||
| } // container client-authentication | } // container client-authentication | |||
| container hello-params { | container hello-params { | |||
| nacm:default-deny-write; | nacm:default-deny-write; | |||
| if-feature "tlscmn:hello-params"; | if-feature "tlscmn:hello-params"; | |||
| uses tlscmn:hello-params-grouping; | uses tlscmn:hello-params-grouping; | |||
| skipping to change at line 2413 ¶ | skipping to change at line 2413 ¶ | |||
| will not be deployed as standalone modules. Their security | will not be deployed as standalone modules. Their security | |||
| implications may be context dependent based on their use in other | implications may be context dependent based on their use in other | |||
| modules. The designers of modules that import these grouping must | modules. The designers of modules that import these grouping must | |||
| conduct their own analysis of the security considerations. | conduct their own analysis of the security considerations. | |||
| 5.1. Considerations for the "iana-tls-cipher-suite-algs" YANG Module | 5.1. Considerations for the "iana-tls-cipher-suite-algs" YANG Module | |||
| This section follows the template defined in Section 3.7.1 of | This section follows the template defined in Section 3.7.1 of | |||
| [RFC8407]. | [RFC8407]. | |||
| The "iana-tls-cipher-suite-algs" YANG module defines defines a data | The "iana-tls-cipher-suite-algs" YANG module defines a data model | |||
| model that is designed to be accessed via YANG-based network | that is designed to be accessed via YANG-based network management | |||
| management protocols such as NETCONF [RFC6241] and RESTCONF | protocols such as NETCONF [RFC6241] and RESTCONF [RFC8040]. Both of | |||
| [RFC8040]. Both of these protocols have mandatory-to-implement | these protocols have mandatory-to-implement secure transport layers | |||
| secure transport layers (e.g., SSH, TLS) with mutual authentication. | (e.g., SSH, TLS) with mutual authentication. | |||
| The Network Configuration Access Control Model (NACM) [RFC8341] | The Network Configuration Access Control Model (NACM) [RFC8341] | |||
| provides the means to restrict access for particular users to a | provides the means to restrict access for particular users to a | |||
| preconfigured subset of all available protocol operations and | preconfigured subset of all available protocol operations and | |||
| content. | content. | |||
| This YANG module defines YANG enumerations, for a public IANA- | This YANG module defines YANG enumerations, for a public IANA- | |||
| maintained registry. | maintained registry. | |||
| YANG enumerations are not security-sensitive, as they are statically | YANG enumerations are not security-sensitive, as they are statically | |||
| End of changes. 3 change blocks. | ||||
| 7 lines changed or deleted | 7 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||