[babel] info-model: dtls
"STARK, BARBARA H" <bs7652@att.com> Mon, 18 February 2019 15:42 UTC
Return-Path: <bs7652@att.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 766A9130DEA for <babel@ietfa.amsl.com>; Mon, 18 Feb 2019 07:42:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Aeit9I7Cmj2V for <babel@ietfa.amsl.com>; Mon, 18 Feb 2019 07:42:22 -0800 (PST)
Received: from mx0a-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57807130F18 for <babel@ietf.org>; Mon, 18 Feb 2019 07:42:22 -0800 (PST)
Received: from pps.filterd (m0049458.ppops.net [127.0.0.1]) by m0049458.ppops.net-00191d01. (8.16.0.27/8.16.0.27) with SMTP id x1IFdwNO043441 for <babel@ietf.org>; Mon, 18 Feb 2019 10:42:20 -0500
Received: from alpi154.enaf.aldc.att.com (sbcsmtp6.sbc.com [144.160.229.23]) by m0049458.ppops.net-00191d01. with ESMTP id 2qqwj1bfq3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <babel@ietf.org>; Mon, 18 Feb 2019 10:42:11 -0500
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id x1IFfsSS000700 for <babel@ietf.org>; Mon, 18 Feb 2019 10:41:54 -0500
Received: from zlp30485.vci.att.com (zlp30485.vci.att.com [135.47.91.178]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id x1IFfpa1000636 for <babel@ietf.org>; Mon, 18 Feb 2019 10:41:51 -0500
Received: from zlp30485.vci.att.com (zlp30485.vci.att.com [127.0.0.1]) by zlp30485.vci.att.com (Service) with ESMTP id 26BB8402FFC1 for <babel@ietf.org>; Mon, 18 Feb 2019 15:41:51 +0000 (GMT)
Received: from GAALPA1MSGHUBAB.ITServices.sbc.com (unknown [130.8.218.151]) by zlp30485.vci.att.com (Service) with ESMTPS id 113B3402FFC0 for <babel@ietf.org>; Mon, 18 Feb 2019 15:41:51 +0000 (GMT)
Received: from GAALPA1MSGUSRBF.ITServices.sbc.com ([169.254.5.91]) by GAALPA1MSGHUBAB.ITServices.sbc.com ([130.8.218.151]) with mapi id 14.03.0435.000; Mon, 18 Feb 2019 10:41:50 -0500
From: "STARK, BARBARA H" <bs7652@att.com>
To: "babel@ietf.org" <babel@ietf.org>
Thread-Topic: info-model: dtls
Thread-Index: AdTHnyz40sD3iaHPQ+2CdZN42BeMpA==
Date: Mon, 18 Feb 2019 15:41:49 +0000
Message-ID: <2D09D61DDFA73D4C884805CC7865E6114E0A6B22@GAALPA1MSGUSRBF.ITServices.sbc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.70.203.109]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-02-18_12:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1902180116
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/zchMSUbkTuOBgt-0Sre8MV14pGM>
Subject: [babel] info-model: dtls
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Feb 2019 15:42:26 -0000
I've spent some time figuring out info model elements for DTLS. Here is what I ended up with. Thoughts?
Barbara
-------------------------
Under top level babel-information-obj
babel-dtls-enable (like with HMAC, enable/disable globally)
babel-dtls-cert-types: : List of supported DTLS certificate types. Possible values include "X.509" and "RawPublicKey".
babel-dtls: : A babel-dtls-obj object. If this object is implemented, it provides access to parameters related to the DTLS security mechanism. An implementation MAY choose to expose this object as read-only.
--------------------------
Definition of babel-dtls-obj
object {
string rw babel-dtls-interfaces<0..*>;
[boolean rw babel-dtls-cached-info;]
[string rw babel-dtls-cert-prefer<0..*>;]
babel-dtls-certs-obj rw babel-dtls-certs<0..*>;
} babel-hmac-obj;
babel-dtls-interfaces: : List of references to the babel-interfaces entries this babel-dtls entry applies to. If this list is empty, then it applies to all interfaces. An implementation MAY choose to expose this parameter as read-only ("ro").
babel-dtls-cached-info: : Indicates whether the cached_info extension is included in ClientHello and ServerHello messages. The extension is included if the value is "true". An implementation MAY choose to expose this parameter as read-only ("ro").
babel-dtls-cert-prefer: : List of supported certificate types, in order of preference. The values MUST be among those listed in the babel-dtls-cert-types parameter. This list is used to populate the server_certificate_type extension in a Client Hello. Values that are present in at least one instance in the babel-dtls-certs object with a non-empty babel-cert-private-key will be used to populate the client_certificate_type extension in a Client Hello.
babel-dtls-certs: : A set of babel-dtls-keys-obj objects. This contains both certificates for this implementation to present for authentication, and to accept from others. Certificates with a non-empty babel-cert-private-key can be presented by this implementation for authentication.
------------------------------------
Definition of babel-dtls-certs-obj
object {
string ro babel-cert-value;
string ro babel-cert-type;
binary -- babel-cert-private-key;
[operation babel-cert-test;]
} babel-hmac-obj;
babel-cert-value: : The DTLS certificate in PEM format {{RFC7468}}. This value can only be provided when this instance is created, and is not subsequently writable.
babel-cert-type: : The name of the certificate type of this object instance. The value MUST be the same as one of the enumerations listed in the babel-dtls-cert-types parameter. This value can only be provided when this instance is created, and is not subsequently writable.
babel-cert-private-key: : The value of the private key. If this is non-empty, this certificate can be used by this implementation to provide a certificate during DTLS handshaking. An implementation MUST NOT allow this parameter to be read. This can be done by always providing an empty string, or through permissions, or other means. This value can only be provided when this instance is created, and is not subsequently writable.
babel-cert-test: : An operation that allows a hash of the provided input string to be created using the certificate public key and the SHA-256 hash algorithm. Input to this operation is a binary string. The output of this operation is the resulting hash, as a binary string.
- [babel] info-model: dtls STARK, BARBARA H
- Re: [babel] info-model: dtls Antonin Décimo
- Re: [babel] info-model: dtls STARK, BARBARA H