ietf-sztp-csr

This module augments the 'get-bootstrapping-data' RPC, defined in the 'ietf-sztp-bootstrap-server' module from SZTP (RFC 8572), ...

  • Version: 2024-10-10

    ietf-sztp-csr@2024-10-10


    
  module ietf-sztp-csr {

    yang-version 1.1;

    namespace
      "urn:ietf:params:xml:ns:yang:ietf-sztp-csr";

    prefix sztp-csr;

    import ietf-sztp-bootstrap-server {
      prefix sztp-svr;
      reference
        "RFC 8572: Secure Zero Touch Provisioning (SZTP)";


    }
    import ietf-yang-structure-ext {
      prefix sx;
      reference
        "RFC 8791: YANG Data Structure Extensions";


    }
    import ietf-ztp-types {
      prefix zt;
      reference
        "RFC 9646: Conveying a Certificate Signing Request (CSR)
        	  in a Secure Zero-Touch Provisioning (SZTP)
        	  Bootstrapping Request";


    }

    organization
      "IETF NETCONF (Network Configuration) Working Group";

    contact
      "WG Web:   https://datatracker.ietf.org/wg/netconf
     WG List:  NETCONF WG list <mailto:netconf@ietf.org>
     Authors:  Kent Watsen <mailto:kent+ietf@watsen.net>
               Russ Housley <mailto:housley@vigilsec.com>
               Sean Turner <mailto:sean@sn3rd.com>";

    description
      "This module augments the 'get-bootstrapping-data' RPC,
     defined in the 'ietf-sztp-bootstrap-server' module from
     SZTP (RFC 8572), enabling the SZTP-client to obtain a
     signed identity certificate (e.g., an LDevID from IEEE
     802.1AR) as part of the SZTP onboarding information
     response.

     The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
     'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
     'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this
     document are to be interpreted as described in BCP 14
     (RFC 2119) (RFC 8174) when, and only when, they appear
     in all capitals, as shown here.

     Copyright (c) 2024 IETF Trust and the persons identified as
     authors of the code.  All rights reserved.

     Redistribution and use in source and binary forms, with or
     without modification, is permitted pursuant to, and subject to
     the license terms contained in, the Revised BSD License set
     forth in Section 4.c of the IETF Trust's Legal Provisions
     Relating to IETF Documents
     (https://trustee.ietf.org/license-info).

     This version of this YANG module is part of RFC 9646
     (https://www.rfc-editor.org/info/rfc9646); see the
     RFC itself for full legal notices.";

    revision "2024-10-10" {
      description "Initial version.";
      reference
        "RFC 9646: Conveying a Certificate Signing Request (CSR)
        	  in a Secure Zero-Touch Provisioning (SZTP)
        	  Bootstrapping Request";

    }

    sx:structure "csr-request";

    augment /sztp-svr:get-bootstrapping-data/sztp-svr:input {
      description
        "This augmentation adds the 'csr-support' and 'csr' nodes to
       the SZTP (RFC 8572) 'get-bootstrapping-data' request message,
       enabling the SZTP-client to obtain an identity certificate
       (e.g., an LDevID from IEEE 802.1AR) as part of the onboarding
       information response provided by the SZTP-server.

       The 'csr-support' node enables the SZTP-client to indicate
       that it supports generating certificate signing requests
       (CSRs) and to provide details around the CSRs it is able
       to generate.

       The 'csr' node enables the SZTP-client to relay a CSR to
       the SZTP-server.";
      reference
        "IEEE 802.1AR: IEEE Standard for Local and Metropolitan
        	      Area Networks - Secure Device Identity
         RFC 8572: Secure Zero Touch Provisioning (SZTP)";

      choice msg-type {
        description
          "Messages are mutually exclusive.";
        case csr-support {
          description
            "Indicates how the SZTP-client supports generating CSRs.

           If present and a SZTP-server wishes to request the
           SZTP-client generate a CSR, the SZTP-server MUST
           respond with an HTTP 400 Bad Request error code with an
           'ietf-restconf:errors' message having the 'error-tag'
           value 'missing-attribute' and the 'error-info' node
           containing the 'csr-request' structure described
           in this module.";
          uses zt:csr-support-grouping;
        }  // case csr-support

        case csr {
          description
            "Provides the CSR generated by the SZTP-client.

           When present, the SZTP-server SHOULD respond with
           an SZTP onboarding information message containing
           a signed certificate for the conveyed CSR.  The
           SZTP-server MAY alternatively respond with another
           HTTP error containing another 'csr-request'; in
           which case, the SZTP-client MUST delete any key
           generated for the previously generated CSR.";
          uses zt:csr-grouping;
        }  // case csr
      }  // choice msg-type
    }

    container csr-request {
      description
        "A YANG data structure, per RFC 8791, that specifies
       details for the CSR that the ZTP-client is to generate.";
      reference
        "RFC 8791: YANG Data Structure Extensions";

      uses zt:csr-request-grouping;
    }  // container csr-request
  }  // module ietf-sztp-csr

© 2024 YumaWorks, Inc. All rights reserved.