This YANG module defines a model for the Babel routing protocol. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL ...
Version: 2024-10-10
module ietf-babel { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-babel"; prefix babel; import ietf-yang-types { prefix yang; reference "RFC 6991: Common YANG Data Types"; } import ietf-inet-types { prefix inet; reference "RFC 6991: Common YANG Data Types"; } import ietf-interfaces { prefix if; reference "RFC 8343: A YANG Data Model for Interface Management"; } import ietf-routing { prefix rt; reference "RFC 8349: A YANG Data Model for Routing Management (NMDA Version)"; } import ietf-crypto-types { prefix ct; reference "RFC 9640: YANG Data Types and Groupings for Cryptography"; } import ietf-netconf-acm { prefix nacm; reference "RFC 8341: Network Configuration Access Control Model"; } organization "IETF Babel routing protocol Working Group"; contact "WG Web: https://datatracker.ietf.org/wg/babel/ WG List: babel@ietf.org Editor: Mahesh Jethanandani mjethanandani@gmail.com Editor: Barbara Stark bs7652@att.com"; description "This YANG module defines a model for the Babel routing protocol. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, they appear in all capitals, as shown here. Copyright (c) 2024 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Revised BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). This version of this YANG module is part of RFC 9647 (https://www.rfc-editor.org/info/rfc9647); see the RFC itself for full legal notices."; revision "2024-10-10" { description "Initial version."; reference "RFC 9647: A YANG Data Model for Babel"; } feature two-out-of-three-supported { description "This implementation supports the '2-out-of-3' computation algorithm."; } feature etx-supported { description "This implementation supports the Expected Transmission Count (ETX) metric computation algorithm."; } feature mac-supported { description "This implementation supports MAC-based security."; reference "RFC 8967: MAC Authentication for the Babel Routing Protocol"; } feature dtls-supported { description "This implementation supports DTLS-based security."; reference "RFC 8968: Babel Routing Protocol over Datagram Transport Layer Security"; } feature hmac-sha256-supported { description "This implementation supports the HMAC-SHA256 MAC algorithm."; reference "RFC 8967: MAC Authentication for the Babel Routing Protocol"; } feature blake2s-supported { description "This implementation supports BLAKE2s MAC algorithms."; reference "RFC 8967: MAC Authentication for the Babel Routing Protocol"; } feature x-509-supported { description "This implementation supports the X.509 certificate type."; reference "RFC 8968: Babel Routing Protocol over Datagram Transport Layer Security"; } feature raw-public-key-supported { description "This implementation supports the raw public key certificate type."; reference "RFC 8968: Babel Routing Protocol over Datagram Transport Layer Security"; } identity metric-comp-algorithms { description "Base identity from which all Babel metric computation algorithms MUST be derived."; } identity two-out-of-three { base metric-comp-algorithms; description "2-out-of-3 algorithm."; reference "RFC 8966: The Babel Routing Protocol, Section A.2.1"; } identity etx { base metric-comp-algorithms; description "Expected Transmission Count (ETX) metric computation algorithm."; reference "RFC 8966: The Babel Routing Protocol, Section A.2.2"; } identity mac-algorithms { description "Base identity for all Babel MAC algorithms."; } identity hmac-sha256 { base mac-algorithms; description "HMAC-SHA256 algorithm supported."; reference "RFC 4868: Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec"; } identity blake2s { base mac-algorithms; description "BLAKE2s algorithms supported. Specifically, BLAKE2-128 is supported."; reference "RFC 7693: The BLAKE2 Cryptographic Hash and Message Authentication Code (MAC)"; } identity dtls-cert-types { description "Base identity for Babel DTLS certificate types."; } identity x-509 { base dtls-cert-types; description "X.509 certificate type."; } identity raw-public-key { base dtls-cert-types; description "Raw public key certificate type."; } identity babel { base rt:routing-protocol; description "Babel routing protocol"; } grouping routes { description "Common grouping for routing used in RIB."; list routes { key "prefix"; config false; description "A set of babel-route-obj objects. Contains routes known to this node."; reference "RFC 9046: Babel Information Model, Section 3.6"; leaf prefix { type inet:ip-prefix; description "Prefix (expressed in ip-address/prefix-length format) for which this route is advertised."; reference "RFC 9046: Babel Information Model, Section 3.6"; } leaf router-id { type binary { length "8"; } description "router-id of the source router for which this route is advertised."; reference "RFC 9046: Babel Information Model, Section 3.6"; } leaf neighbor { type leafref { path "/rt:routing/rt:control-plane-protocols/rt:control-plane-protocol/babel/interfaces/neighbor-objects/neighbor-address"; } description "Reference to the neighbor-objects entry for the neighbor that advertised this route."; reference "RFC 9046: Babel Information Model, Section 3.6"; } leaf received-metric { type union { type enumeration { enum "null" { value 0; description "Route was not received from a neighbor."; } } type uint16; } description "The metric with which this route was advertised by the neighbor, or maximum value (infinity) to indicate the route was recently retracted and is temporarily unreachable. This metric will be NULL if the route was not received from a neighbor but instead was injected through means external to the Babel routing protocol. At least one of calculated-metric or received-metric MUST be non-NULL."; reference "RFC 9046: Babel Information Model, Section 3.6 RFC 8966: The Babel Routing Protocol, Section 2.1"; } leaf calculated-metric { type union { type enumeration { enum "null" { value 0; description "Route has not been calculated."; } } type uint16; } description "A calculated metric for this route. How the metric is calculated is implementation specific. Maximum value (infinity) indicates the route was recently retracted and is temporarily unreachable. At least one of calculated-metric or received-metric MUST be non-NULL."; reference "RFC 9046: Babel Information Model, Section 3.6 RFC 8966: The Babel Routing Protocol, Section 2.1"; } leaf seqno { type uint16; description "The sequence number with which this route was advertised."; reference "RFC 9046: Babel Information Model, Section 3.6"; } leaf next-hop { type union { type enumeration { enum "null" { value 0; description "Route has no next-hop address."; } } type inet:ip-address; } description "The next-hop address of this route. This will be NULL if this route has no next-hop address."; reference "RFC 9046: Babel Information Model, Section 3.6"; } leaf feasible { type boolean; description "A boolean flag indicating whether this route is feasible."; reference "RFC 9046: Babel Information Model, Section 3.6 RFC 8966, The Babel Routing Protocol, Section 3.5.1"; } leaf selected { type boolean; description "A boolean flag indicating whether this route is selected, i.e., whether it is currently being used for forwarding and is being advertised."; reference "RFC 9046: Babel Information Model, Section 3.6"; } } // list routes } // grouping routes augment /rt:routing/rt:control-plane-protocols/rt:control-plane-protocol { when "derived-from-or-self(rt:type, 'babel')" { description "Augmentation is valid only when the instance of the routing type is of type 'babel'."; } description "Augments the routing module to support a common structure between routing protocols."; reference "RFC 8349: A YANG Data Model for Routing Management (NMDA Version)"; container babel { presence "A Babel container."; description "Babel information objects."; reference "RFC 9046: Babel Information Model, Section 3"; leaf version { type string; config false; description "The name and version of this implementation of the Babel protocol."; reference "RFC 9046: Babel Information Model, Section 3.1"; } leaf enable { type boolean; mandatory true; description "When written, it configures whether the protocol should be enabled. A read from the <running> or <intended> datastore therefore indicates the configured administrative value of whether the protocol is enabled or not. A read from the <operational> datastore indicates whether the protocol is actually running or not, i.e., it indicates the operational state of the protocol."; reference "RFC 9046: Babel Information Model, Section 3.1"; } leaf router-id { type binary; must '../enable = "true"'; config false; description "Every Babel speaker is assigned a router-id, which is an arbitrary string of 8 octets that is assumed to be unique across the routing domain. The router-id is valid only if the protocol is enabled, at which time a non-zero value is assigned."; reference "RFC 9046: Babel Information Model, Section 3.1 RFC 8966: The Babel Routing Protocol, Section 3"; } leaf seqno { type uint16; config false; description "Sequence number included in route updates for routes originated by this node."; reference "RFC 9046: Babel Information Model, Section 3.1"; } leaf statistics-enabled { type boolean; description "Indicates whether statistics collection is enabled ('true') or disabled ('false') on all interfaces. On transition to enabled, existing statistics values are not cleared and will be incremented as new packets are counted."; } container constants { description "Babel constants object."; reference "RFC 9046: Babel Information Model, Section 3.1"; leaf udp-port { type inet:port-number; default "6696"; description "UDP port for sending and receiving Babel messages. The default port is 6696."; reference "RFC 9046: Babel Information Model, Section 3.2"; } leaf mcast-group { type inet:ip-address; default "ff02::1:6"; description "Multicast group for sending and receiving multicast announcements on IPv6."; reference "RFC 9046: Babel Information Model, Section 3.2"; } } // container constants list interfaces { key "reference"; description "A set of Babel interface objects."; reference "RFC 9046: Babel Information Model, Section 3.3"; leaf reference { type if:interface-ref; description "References the name of the interface over which Babel packets are sent and received."; reference "RFC 9046: Babel Information Model, Section 3.3"; } leaf enable { type boolean; default "true"; description "If 'true', Babel sends and receives messages on this interface. If 'false', Babel messages received on this interface are ignored and none are sent."; reference "RFC 9046: Babel Information Model, Section 3.3"; } leaf metric-algorithm { type identityref { base metric-comp-algorithms; } mandatory true; description "Indicates the metric computation algorithm used on this interface. The value MUST be one of those identities based on 'metric-comp-algorithms'."; reference "RFC 9046: Babel Information Model, Section 3.3"; } leaf split-horizon { type boolean; description "Indicates whether or not the split-horizon optimization is used when calculating metrics on this interface. A value of 'true' indicates the split-horizon optimization is used."; reference "RFC 9046: Babel Information Model, Section 3.3"; } leaf mcast-hello-seqno { type uint16; config false; description "The current sequence number in use for multicast Hellos sent on this interface."; reference "RFC 9046: Babel Information Model, Section 3.3"; } leaf mcast-hello-interval { type uint16; units "centiseconds"; description "The current multicast Hello interval in use for Hellos sent on this interface."; reference "RFC 9046: Babel Information Model, Section 3.3"; } leaf update-interval { type uint16; units "centiseconds"; description "The current update interval in use for this interface. Units are centiseconds."; reference "RFC 9046: Babel Information Model, Section 3.3"; } leaf mac-enable { type boolean; description "Indicates whether the MAC security mechanism is enabled ('true') or disabled ('false')."; reference "RFC 9046: Babel Information Model, Section 3.3"; } leaf-list mac-key-sets { type leafref { path "../../mac-key-set/name"; } description "List of references to the MAC entries that apply to this interface. When an interface instance is created, all MAC instances with default-apply 'true' will be included in this list."; reference "RFC 9046: Babel Information Model, Section 3.3"; } leaf mac-verify { type boolean; description "A boolean flag indicating whether MACs in incoming Babel packets are required to be present and are verified. If this parameter is 'true', incoming packets are required to have a valid MAC."; reference "RFC 9046: Babel Information Model, Section 3.3"; } leaf dtls-enable { type boolean; description "Indicates whether the DTLS security mechanism is enabled ('true') or disabled ('false')."; reference "RFC 9046: Babel Information Model, Section 3.3"; } leaf-list dtls-certs { type leafref { path "../../dtls/name"; } description "List of references to the dtls entries that apply to this interface. When an interface instance is created, all dtls instances with default-apply 'true' will be included in this list."; reference "RFC 9046: Babel Information Model, Section 3.3"; } leaf dtls-cached-info { type boolean; description "Indicates whether the cached_info extension is enabled. The extension is enabled for inclusion in ClientHello and ServerHello messages if the value is 'true'."; reference "RFC 9046: Babel Information Model, Section 3.3 RFC 8968: Babel Routing Protocol over Datagram Transport Layer Security, Appendix A"; } leaf-list dtls-cert-prefer { type leafref { path "../../dtls/certs/type"; } ordered-by user; description "List of supported certificate types, in order of preference. The values MUST be the 'type' attribute in the list 'certs' of the list 'dtls' (../../dtls/certs/type). This list is used to populate the server_certificate_type extension in a ClientHello. Values that are present in at least one instance in the certs object under dtls of a referenced dtls instance and that have a non-empty private key will be used to populate the client_certificate_type extension in a ClientHello."; reference "RFC 9046: Babel Information Model, Section 3.3 RFC 8968: Babel Routing Protocol over Datagram Transport Layer Security, Appendix A"; } leaf packet-log-enable { type boolean; description "If 'true', logging of babel packets received on this interface is enabled; if 'false', babel packets are not logged."; reference "RFC 9046: Babel Information Model, Section 3.3"; } leaf packet-log { type inet:uri; config false; description "A reference or url link to a file that contains a timestamped log of packets received and sent on udp-port on this interface. The [libpcap] file format with .pcap file extension SHOULD be supported for packet log files. Logging is enabled / disabled by packet-log-enable."; reference "RFC 9046: Babel Information Model, Section 3.3 libpcap: Libpcap File Format, Wireshark Foundation"; } container statistics { config false; description "Statistics collection object for this interface."; reference "RFC 9046: Babel Information Model, Section 3.4"; leaf discontinuity-time { type yang:date-and-time; mandatory true; description "The time on the most recent occasion at which any one or more of counters suffered a discontinuity. If no such discontinuities have occurred since the last re-initialization of the local management subsystem, then this node contains the time the local management subsystem re-initialized itself."; } leaf sent-mcast-hello { type yang:counter32; description "A count of the number of multicast Hello packets sent on this interface."; reference "RFC 9046: Babel Information Model, Section 3.4"; } leaf sent-mcast-update { type yang:counter32; description "A count of the number of multicast update packets sent on this interface."; reference "RFC 9046: Babel Information Model, Section 3.4"; } leaf sent-ucast-hello { type yang:counter32; description "A count of the number of unicast Hello packets sent on this interface."; reference "RFC 9046: Babel Information Model, Section 3.4"; } leaf sent-ucast-update { type yang:counter32; description "A count of the number of unicast update packets sent on this interface."; reference "RFC 9046: Babel Information Model, Section 3.4"; } leaf sent-ihu { type yang:counter32; description "A count of the number of 'I Heard You' (IHU) packets sent on this interface."; reference "RFC 9046: Babel Information Model, Section 3.4"; } leaf received-packets { type yang:counter32; description "A count of the number of Babel packets received on this interface."; reference "RFC 9046: Babel Information Model, Section 3.4"; } action reset { description "The information model (RFC 9046) defines reset action as a system-wide reset of Babel statistics. In YANG, the reset action is associated with the container where the action is defined. In this case, the action is associated with the statistics container inside an interface. The action will therefore reset statistics at an interface level. Implementations that want to support a system-wide reset of Babel statistics need to call this action for every instance of the interface."; reference "RFC 9046: Babel Information Model"; input { leaf reset-at { type yang:date-and-time; description "The time when the reset was issued."; } } output { leaf reset-finished-at { type yang:date-and-time; description "The time when the reset finished."; } } } // rpc reset } // container statistics list neighbor-objects { key "neighbor-address"; config false; description "A set of babel neighbor objects."; reference "RFC 9046: Babel Information Model, Section 3.5"; leaf neighbor-address { type inet:ip-address; description "The IPv4 or IPv6 address from which the neighbor sends packets."; reference "RFC 9046: Babel Information Model, Section 3.5"; } leaf hello-mcast-history { type string; description "The multicast Hello history of whether or not the multicast Hello packets prior to exp-mcast- hello-seqno were received, with a '1' for the most recent Hello placed in the most significant bit and prior Hellos shifted right (with '0' bits placed between prior Hellos and the most recent Hello for any Hellos not received); represented as a string of hex digits encoded in utf-8. A bit that is set indicates that the corresponding Hello was received, and a bit that is cleared indicates that the corresponding Hello was not received."; reference "RFC 9046: Babel Information Model, Section 3.5"; } leaf hello-ucast-history { type string; description "The unicast Hello history of whether or not the unicast Hello packets prior to exp-ucast-hello-seqno were received, with a '1' for the most recent Hello placed in the most significant bit and prior Hellos shifted right (with '0' bits placed between prior Hellos and the most recent Hello for any Hellos not received); represented as a string using hex digits encoded in utf-8 where a '1' bit = Hello received and a '0' bit = Hello not received."; reference "RFC 9046: Babel Information Model, Section 3.5"; } leaf txcost { type int32; default "0"; description "Transmission cost value from the last IHU packet received from this neighbor, or maximum value (infinity) to indicate the IHU hold timer for this neighbor has an expired description."; reference "RFC 9046: Babel Information Model, Section 3.5"; } leaf exp-mcast-hello-seqno { type union { type enumeration { enum "null" { value 0; description "Multicast Hello packets are not expected, or processing of multicast packets is not enabled."; } } type uint16; } description "Expected multicast Hello sequence number of next Hello to be received from this neighbor; if multicast Hello packets are not expected, or processing of multicast packets is not enabled, this MUST be NULL."; reference "RFC 9046: Babel Information Model, Section 3.5"; } leaf exp-ucast-hello-seqno { type union { type enumeration { enum "null" { value 0; description "Unicast Hello packets are not expected, or processing of unicast packets is not enabled."; } } type uint16; } default "null"; description "Expected unicast Hello sequence number of next Hello to be received from this neighbor; if unicast Hello packets are not expected, or processing of unicast packets is not enabled, this MUST be NULL."; reference "RFC 9046: Babel Information Model, Section 3.5"; } leaf ucast-hello-seqno { type union { type enumeration { enum "null" { value 0; description "Unicast Hello packets are not being sent."; } } type uint16; } default "null"; description "The current sequence number in use for unicast Hellos sent to this neighbor. If unicast Hellos are not being sent, this MUST be NULL."; reference "RFC 9046: Babel Information Model, Section 3.5"; } leaf ucast-hello-interval { type uint16; units "centiseconds"; description "The current interval in use for unicast Hellos sent to this neighbor. Units are centiseconds."; reference "RFC 9046: Babel Information Model, Section 3.5"; } leaf rxcost { type uint16; description "Reception cost calculated for this neighbor. This value is usually derived from the Hello history, which may be combined with other data, such as statistics maintained by the link layer. The rxcost is sent to a neighbor in each IHU."; reference "RFC 9046: Babel Information Model, Section 3.5"; } leaf cost { type int32; description "Link cost is computed from the values maintained in the neighbor table. The statistics are kept in the neighbor table about the reception of Hellos, and the txcost is computed from received IHU packets."; reference "RFC 9046: Babel Information Model, Section 3.5"; } } // list neighbor-objects } // list interfaces list mac-key-set { key "name"; description "A MAC key set object. If this object is implemented, it provides access to parameters related to the MAC security mechanism."; reference "RFC 9046: Babel Information Model, Section 3.7"; leaf name { type string; description "A string that uniquely identifies the MAC object."; } leaf default-apply { type boolean; description "A boolean flag indicating whether this object instance is applied to all new interfaces, by default. If 'true', this instance is applied to new babel- interfaces instances at the time they are created by including it in the mac-key-sets list under the interface. If 'false', this instance is not applied to new interface instances when they are created."; reference "RFC 9046: Babel Information Model, Section 3.7"; } list keys { key "name"; min-elements 1; description "A set of keys objects."; reference "RFC 9046: Babel Information Model, Section 3.8"; leaf name { type string; description "A unique name for this MAC key that can be used to identify the key in this object instance since the key value is not allowed to be read. This value can only be provided when this instance is created and is not subsequently writable."; reference "RFC 9046: Babel Information Model, Section 3.8"; } leaf use-send { type boolean; mandatory true; description "Indicates whether this key value is used to compute a MAC and include that MAC in the sent Babel packet. A MAC for sent packets is computed using this key if the value is 'true'. If the value is 'false', this key is not used to compute a MAC to include in sent Babel packets."; reference "RFC 9046: Babel Information Model, Section 3.8"; } leaf use-verify { type boolean; mandatory true; description "Indicates whether this key value is used to verify incoming Babel packets. This key is used to verify incoming packets if the value is 'true'. If the value is 'false', no MAC is computed from this key for comparing an incoming packet."; reference "RFC 9046: Babel Information Model, Section 3.8"; } leaf value { nacm:default-deny-all; type binary; mandatory true; description "The value of the MAC key. This value is of a length suitable for the associated babel-mac-key-algorithm. If the algorithm is based on the Hashed Message Authentication Code (HMAC) construction (RFC 2104), the length MUST be between 0 and an upper limit that is at least the size of the output length (where the 'HMAC-SHA256' output length is 32 octets as described in RFC 4868). Longer lengths MAY be supported but are not necessary if the management system has the ability to generate a suitably random value (e.g., by randomly generating a value or by using a key derivation technique as recommended in the security considerations of RFC 8967. If the algorithm is 'BLAKE2s-128', the length MUST be between 0 and 32 bytes inclusive as specified by RFC 7693."; reference "RFC 9046: Babel Information Model, Section 3.8 RFC 2104: HMAC: Keyed-Hashing for Message Authentication RFC 4868: Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec RFC 7693: The BLAKE2 Cryptographic Hash and Message Authentication Code (MAC) RFC 8967: MAC Authentication for Babel"; } leaf algorithm { type identityref { base mac-algorithms; } mandatory true; description "The MAC algorithm used with this key. The value MUST be one of the identities listed with the base of 'mac-algorithms'."; reference "RFC 9046: Babel Information Model, Section 3.8"; } action test { description "An operation that allows the MAC key and MAC algorithm to be tested to see if they produce an expected outcome. Input to this operation is a binary string and a calculated MAC (also in the format of a binary string) for the binary string. The implementation is expected to create a MAC over the binary string using the value and algorithm. The output of this operation is a binary indication that the calculated MAC matched the input MAC ('true') or the MACs did not match ('false')."; reference "RFC 9046: Babel Information Model, Section 3.8"; input { leaf test-string { type binary; mandatory true; description "Input to this operation is a binary string. The implementation is expected to create a MAC over this string using the value and the algorithm defined as part of the mac-key-set."; reference "RFC 9046: Babel Information Model, Section 3.8"; } leaf mac { type binary; mandatory true; description "Input to this operation includes a MAC. The implementation is expected to calculate a MAC over the string using the value and algorithm of this key object and compare its calculated MAC to this input MAC."; reference "RFC 9046: Babel Information Model, Section 3.8"; } } output { leaf indication { type boolean; mandatory true; description "The output of this operation is a binary indication that the calculated MAC matched the input MAC ('true') or the MACs did not match ('false')."; reference "RFC 9046: Babel Information Model, Section 3.8"; } } } // rpc test } // list keys } // list mac-key-set list dtls { key "name"; description "A dtls object. If this object is implemented, it provides access to parameters related to the DTLS security mechanism."; reference "RFC 9046: Babel Information Model, Section 3.9"; leaf name { type string; description "A string that uniquely identifies a dtls object."; } leaf default-apply { type boolean; mandatory true; description "A boolean flag indicating whether this object instance is applied to all new interfaces, by default. If 'true', this instance is applied to new interface instances at the time they are created by including it in the dtls-certs list under the interface. If 'false', this instance is not applied to new interface instances when they are created."; reference "RFC 9046: Babel Information Model, Section 3.9"; } list certs { key "name"; min-elements 1; description "A set of cert objects. This contains both certificates for this implementation to present for authentication and to accept from others. Certificates with a non-empty private key can be presented by this implementation for authentication."; reference "RFC 9046: Babel Information Model, Section 3.10"; leaf name { type string; description "A unique name for this certificate that can be used to identify the certificate in this object instance, since the value is too long to be useful for identification. This value MUST NOT be empty and can only be provided when this instance is created (i.e., it is not subsequently writable)."; reference "RFC 9046: Babel Information Model, Section 3.10"; } leaf value { nacm:default-deny-write; type string; mandatory true; description "The certificate in Privacy-Enhanced Mail (PEM) format (RFC 7468). This value can only be provided when this instance is created and is not subsequently writable."; reference "RFC 9046: Babel Information Model, Section 3.10 RFC 7468: Textual Encodings of PKIX, PKCS, and CMS Structures"; } leaf type { nacm:default-deny-write; type identityref { base dtls-cert-types; } mandatory true; description "The certificate type of this object instance. The value MUST be the same as one of the identities listed with the base 'dtls-cert-types'. This value can only be provided when this instance is created and is not subsequently writable."; reference "RFC 9046: Babel Information Model, Section 3.10"; } leaf private-key { nacm:default-deny-all; type binary; mandatory true; description "The value of the private key. If this is non-empty, this certificate can be used by this implementation to provide a certificate during DTLS handshaking."; reference "RFC 9046: Babel Information Model, Section 3.10"; } leaf algorithm { nacm:default-deny-write; type identityref { base ct:private-key-format; } mandatory true; description "Identifies the algorithm identity with which the private key has been encoded. This value can only be provided when this instance is created and is not subsequently writable."; } } // list certs } // list dtls uses routes; } // container babel } } // module ietf-babel
© 2024 YumaWorks, Inc. All rights reserved.