ietf-ztp-types

This module defines three groupings that enable bootstrapping devices to 1) indicate if and how they support generating CSRs, 2)...

  • Version: 2024-10-10

    ietf-ztp-types@2024-10-10


    
  module ietf-ztp-types {

    yang-version 1.1;

    namespace
      "urn:ietf:params:xml:ns:yang:ietf-ztp-types";

    prefix zt;

    import ietf-crypto-types {
      prefix ct;
      reference
        "RFC 9640: YANG Data Types and Groupings for Cryptography";


    }

    organization
      "IETF NETCONF (Network Configuration) Working Group";

    contact
      "WG Web:   https://datatracker.ietf.org/wg/netconf
WG List:  NETCONF WG list <mailto:netconf@ietf.org>
Authors:  Kent Watsen <mailto:kent+ietf@watsen.net>
	  Russ Housley <mailto:housley@vigilsec.com>
	  Sean Turner <mailto:sean@sn3rd.com>";

    description
      "This module defines three groupings that enable
bootstrapping devices to 1) indicate if and how they
support generating CSRs, 2) obtain a request to
generate a CSR, and 3) communicate the requested CSR.

The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this
document are to be interpreted as described in BCP 14
(RFC 2119) (RFC 8174) when, and only when, they appear
in all capitals, as shown here.

Copyright (c) 2024 IETF Trust and the persons identified as
authors of the code.  All rights reserved.

Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject to
the license terms contained in, the Revised BSD License set
forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(https://trustee.ietf.org/license-info).

This version of this YANG module is part of RFC 9646
(https://www.rfc-editor.org/info/rfc9646); see the
RFC itself for full legal notices.";

    revision "2024-10-10" {
      description "Initial version.";
      reference
        "RFC 9646: Conveying a Certificate Signing Request (CSR)
        	  in a Secure Zero-Touch Provisioning (SZTP)
        	  Bootstrapping Request";

    }


    identity certificate-request-format {
      description
        "A base identity for the request formats supported
by the ZTP-client.

Additional derived identities MAY be defined by
future efforts.";
    }

    identity p10-csr {
      base certificate-request-format;
      description
        "Indicates that the ZTP-client supports generating
requests using the 'CertificationRequest' structure
defined in RFC 2986.";
      reference
        "RFC 2986: PKCS #10: Certification Request Syntax
        	  Specification Version 1.7";

    }

    identity cmp-csr {
      base certificate-request-format;
      description
        "Indicates that the ZTP-client supports generating
requests using a profiled version of the PKIMessage
that MUST contain a PKIHeader followed by a PKIBody
containing only the ir, cr, kur, or p10cr structures
defined in RFC 4210.";
      reference
        "RFC 4210: Internet X.509 Public Key Infrastructure
        	  Certificate Management Protocol (CMP)";

    }

    identity cmc-csr {
      base certificate-request-format;
      description
        "Indicates that the ZTP-client supports generating
requests using a profiled version of the 'Full
PKI Request' structure defined in RFC 5272.";
      reference
        "RFC 5272: Certificate Management over CMS (CMC)";

    }
  }  // module ietf-ztp-types

© 2024 YumaWorks, Inc. All rights reserved.