ietf-acl-tls

This YANG module defines a component that augments the IETF description of an access list to allow (D)TLS profiles as matching c...

  • Version: 2025-04-18

    ietf-acl-tls@2025-04-18


    
  module ietf-acl-tls {

    yang-version 1.1;

    namespace
      "urn:ietf:params:xml:ns:yang:ietf-acl-tls";

    prefix acl-tls;

    import iana-tls-profile {
      prefix ianatp;
      reference
        "RFC 9761: Manufacturer Usage Description (MUD) for TLS and
        	  DTLS Profiles for Internet of Things (IoT) Devices";


    }
    import ietf-crypto-types {
      prefix ct;
      reference
        "RFC 9640: YANG Data Types and Groupings for Cryptography";


    }
    import ietf-access-control-list {
      prefix acl;
      reference
        "RFC 8519: YANG Data Model for Network Access
        	  Control Lists (ACLs)";


    }

    organization
      "IETF OPSAWG (Operations and Management Area Working Group)";

    contact
      "WG Web: <https://datatracker.ietf.org/wg/opsawg/>
     WG List: opsawg@ietf.org

     Author: Tirumaleswar Reddy.K
             kondtir@gmail.com

     Author: Dan Wing
             danwing@gmail.com

     Author: Blake Anderson
             blake.anderson@cisco.com

    ";

    description
      "This YANG module defines a component that augments the
     IETF description of an access list to allow (D)TLS profiles
     as matching criteria.

     Copyright (c) 2025 IETF Trust and the persons identified as
     authors of the code.  All rights reserved.

     Redistribution and use in source and binary forms, with or
     without modification, is permitted pursuant to, and subject
     to the license terms contained in, the Revised BSD License
     set forth in Section 4.c of the IETF Trust's Legal Provisions
     Relating to IETF Documents
     (http://trustee.ietf.org/license-info).

     This version of this YANG module is part of RFC 9761; see
     the RFC itself for full legal notices.";

    revision "2025-04-18" {
      description "Initial revision.";
      reference
        "RFC 9761: Manufacturer Usage Description (MUD) for TLS and
        	  DTLS Profiles for Internet of Things (IoT) Devices";

    }


    feature tls12 {
      description
        "TLS Protocol Version 1.2 is supported.";
      reference
        "RFC 5246: The Transport Layer Security (TLS) Protocol
        	  Version 1.2";

    }

    feature tls13 {
      description
        "TLS Protocol Version 1.3 is supported.";
      reference
        "RFC 8446: The Transport Layer Security (TLS) Protocol
        	  Version 1.3";

    }

    feature dtls12 {
      description
        "DTLS Protocol Version 1.2 is supported.";
      reference
        "RFC 6347: Datagram Transport Layer Security
        	  Version 1.2";

    }

    feature dtls13 {
      description
        "DTLS Protocol Version 1.3 is supported.";
      reference
        "RFC 9147: Datagram Transport Layer Security 1.3";

    }

    feature match-on-tls-dtls {
      description
        "The networking device can support matching on
       (D)TLS parameters.";
    }

    typedef spki-pin-set {
      type binary;
      description
        "Subject Public Key Info pin set as discussed in
       Section 2.4 of RFC 7469.";
    }

    typedef certificate-authority {
      type string;
      description
        "Distinguished Name of Certificate authority as discussed
       in Section 4.2.4 of RFC 8446.";
    }
  }  // module ietf-acl-tls

© 2024 YumaWorks, Inc. All rights reserved.