netconfcentral logo

ietf-zerotouch-device

HTML

ietf-zerotouch-device@2017-10-19



  module ietf-zerotouch-device {

    yang-version 1.1;

    namespace
      "urn:ietf:params:xml:ns:yang:ietf-zerotouch-device";

    prefix ztd;

    import ietf-inet-types {
      prefix inet;
      reference
        "RFC 6991: Common YANG Data Types";


    }
    import ietf-keystore {
      prefix ks;
      reference
        "RFC YYYY: YANG Data Model for a "Keystore" Mechanism";


    }

    organization
      "IETF NETCONF (Network Configuration) Working Group";

    contact
      "WG Web:   <http://tools.ietf.org/wg/netconf/>
     WG List:  <mailto:netconf@ietf.org>
     Author:   Kent Watsen <mailto:kwatsen@juniper.net>";

    description
      "This module defines a data model to enable zerotouch
     bootstrapping and discover what parameters are used.

     The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
     'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY',
     and 'OPTIONAL' in the module text are to be interpreted as
     described in RFC 2119.

     Copyright (c) 2017 IETF Trust and the persons identified as
     authors of the code. All rights reserved.

     Redistribution and use in source and binary forms, with or
     without modification, is permitted pursuant to, and subject
     to the license terms contained in, the Simplified BSD License
     set forth in Section 4.c of the IETF Trust's Legal Provisions
     Relating to IETF Documents (http://trustee.ietf.org/license-info)

     This version of this YANG module is part of RFC XXXX; see the
     RFC itself for full legal notices.";

    revision "2017-10-19" {
      description "Initial version";
      reference
        "RFC XXXX: Zero Touch Provisioning for NETCONF or RESTCONF based
        Management";

    }


    feature bootstrap-servers {
      description
        "The device supports bootstrapping off bootstrap servers.";
    }

    feature signed-data {
      description
        "The device supports bootstrapping off signed data.";
    }

    typedef pkcs7 {
      type binary;
      description
        "A PKCS #7 SignedData structure, as specified by Section 9.1
       in RFC 2315, encoded using ASN.1 distinguished encoding rules
       (DER), as specified in ITU-T X.690.";
      reference
        "RFC 2315:
          PKCS #7: Cryptographic Message Syntax Version 1.5.
        ITU-T X.690:
          Information technology - ASN.1 encoding rules:
          Specification of Basic Encoding Rules (BER),
          Canonical Encoding Rules (CER) and Distinguished
          Encoding Rules (DER).";

    }

    container zerotouch {
      description
        "Top-level container for zerotouch data model.";
      leaf enabled {
        type boolean;
        default 'false';
        description
          "The 'enabled' leaf controls if zerotouch bootstrapping is
         enabled or disabled.  The default is 'false' so that, when
         not enabled, which is most of the time, no configuration
         needs to be returned.";
      }

      leaf devid-certificate {
        if-feature bootstrap-servers;
        type pkcs7;
        config false;
        description
          "An unsigned PKCS #7 SignedData structure, as specified by
         Section 9.1 in RFC 2315, encoded using ASN.1 distinguished
         encoding rules (DER), as specified in ITU-T X.690.

         This structure contains the IDevID certificate and all
         intermediate certificates leading up to the manufacturer's
         well-known trust anchor certificate.  IDevID certificates
         are described in IEEE 802.1AR-2009.";
        reference
          "RFC 2315:
            PKCS #7: Cryptographic Message Syntax Version 1.5.
          ITU-T X.690:
            Information technology - ASN.1 encoding rules:
            Specification of Basic Encoding Rules (BER),
            Canonical Encoding Rules (CER) and Distinguished
            Encoding Rules (DER).
          IEEE 802.1AR-2009:
            IEEE Standard for Local and metropolitan area
            networks - Secure Device Identity.";

      }

      container bootstrap-servers {
        if-feature bootstrap-servers;
        config false;
        description
          "Default list of bootstrap servers this device is
         configured to reach out to when bootstrapping.";
        list bootstrap-server {
          key "address";
          description
            "A bootstrap server entry.";
          leaf address {
            type inet:host;
            mandatory true;
            description
              "The IP address or hostname of the bootstrap server the
             device should redirect to.";
          }

          leaf port {
            type inet:port-number;
            default "443";
            description
              "The port number the bootstrap server listens on.  If no
             port is specified, the IANA-assigned port for 'https'
             (443) is used.";
          }
        }  // list bootstrap-server
      }  // container bootstrap-servers

      leaf bootstrap-server-ta-certificates {
        if-feature bootstrap-servers;
        type leafref {
          path "/ks:keystore/ks:pinned-certificates/ks:name";
        }
        config false;
        description
          "A reference to a list of pinned certificate authority (CA)
         certificates that the device uses to validate bootstrap
         servers with.";
      }

      leaf voucher-ta-certificates {
        if-feature signed-data;
        type leafref {
          path "/ks:keystore/ks:pinned-certificates/ks:name";
        }
        config false;
        description
          "A reference to a list of pinned certificate authority (CA)
         certificates that the device uses to validate ownership
         vouchers with.";
      }
    }  // container zerotouch
  }  // module ietf-zerotouch-device

Summary

  
  
Organization IETF NETCONF (Network Configuration) Working Group
  
Module ietf-zerotouch-device
Version 2017-10-19
File ietf-zerotouch-device@2017-10-19.yang
  
Prefix ztd
Namespace urn:ietf:params:xml:ns:yang:ietf-zerotouch-device
  
Cooked /cookedmodules/ietf-zerotouch-device/2017-10-19
YANG /src/ietf-zerotouch-device@2017-10-19.yang
XSD /xsd/ietf-zerotouch-device@2017-10-19.xsd
  
Abstract This module defines a data model to enable zerotouch bootstrapping and discover what parameters are used. The key words 'MUST',...
  
Contact
WG Web:   <http://tools.ietf.org/wg/netconf/>
WG List:  <mailto:netconf@ietf.org>
Author:   Kent Watsen <mailto:kwatsen@juniper.net>

Description

 
This module defines a data model to enable zerotouch
bootstrapping and discover what parameters are used.

The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY',
and 'OPTIONAL' in the module text are to be interpreted as
described in RFC 2119.

Copyright (c) 2017 IETF Trust and the persons identified as
authors of the code. All rights reserved.

Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents (http://trustee.ietf.org/license-info)

This version of this YANG module is part of RFC XXXX; see the
RFC itself for full legal notices.

Typedefs

Typedef Base type Abstract
pkcs7 binary A PKCS #7 SignedData structure, as specified by Section 9.1 in RFC 2315, encoded using ASN.1 distinguished encoding rules (DER), as specified in ITU-T X.690.

Objects

Type Key
Mandatory config
Optional config
Not config
Object Type Abstract
zerotouch container Top-level container for zerotouch data model.
   bootstrap-server-ta-certificates leaf A reference to a list of pinned certificate authority (CA) certificates that the device uses to validate bootstrap servers with.
   bootstrap-servers container Default list of bootstrap servers this device is configured to reach out to when bootstrapping.
      bootstrap-server list A bootstrap server entry.
         address leaf The IP address or hostname of the bootstrap server the device should redirect to.
         port leaf The port number the bootstrap server listens on. If no port is specified, the IANA-assigned port for 'https' (443) is used.
   devid-certificate leaf An unsigned PKCS #7 SignedData structure, as specified by Section 9.1 in RFC 2315, encoded using ASN.1 distinguished encoding rules (DER), as specified in ITU-T X.690. This structure contains the IDevID certificate and all intermediate certificates leadi...
   enabled leaf The 'enabled' leaf controls if zerotouch bootstrapping is enabled or disabled. The default is 'false' so that, when not enabled, which is most of the time, no configuration needs to be returned.
   voucher-ta-certificates leaf A reference to a list of pinned certificate authority (CA) certificates that the device uses to validate ownership vouchers with.