Skip to content

Commit

Permalink
Merge pull request #65 from anima-wg/yang-issues
Browse files Browse the repository at this point in the history 
Yang issues
  • Loading branch information
@mcr
mcr authored Dec 14, 2024
2 parents 07719ba + 0710ba5 commit ee8145f
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 23 deletions.
51 changes: 28 additions & 23 deletions ietf-voucher-request.yang
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,8 @@ module ietf-voucher-request {
(https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
for full legal notices.
RFCEDITOR: please replace XXXX with the RFC number assigned.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
'MAY', and 'OPTIONAL' in this document are to be interpreted as
Expand Down Expand Up @@ -147,25 +149,27 @@ module ietf-voucher-request {
the final voucher size.";
}

leaf proximity-registrar-cert {
type binary;
description
"An X.509 v3 certificate structure as specified by
RFC 5280, Section 4 encoded using the ASN.1
distinguished encoding rules (DER), as specified
in [ITU.X690.1994].
The first certificate in the Registrar TLS server
certificate_list sequence (the end-entity TLS
certificate, see [RFC8446]) presented by the Registrar
to the Pledge.
This MUST be populated in a Pledge's voucher request
when a proximity assertion is requested.";
}

leaf proximity-registrar-pubk {
type binary;
description
choice registrar-identity {
description "One of these three attributes will be used to pin the registrar identity";
leaf proximity-registrar-cert {
type binary;
description
"An X.509 v3 certificate structure as specified by
RFC 5280, Section 4 encoded using the ASN.1
distinguished encoding rules (DER), as specified
in [ITU.X690.1994].
The first certificate in the Registrar TLS server
certificate_list sequence (the end-entity TLS
certificate, see [RFC8446]) presented by the Registrar
to the Pledge.
This MUST be populated in a Pledge's voucher request
when a proximity assertion is requested.";
}

leaf proximity-registrar-pubk {
type binary;
description
"The proximity-registrar-pubk replaces
the proximity-registrar-cert in constrained uses of
the voucher-request.
Expand All @@ -178,11 +182,11 @@ module ietf-voucher-request {
Support for the DSA algorithm is not recommended.
Support for the RSA algorithm is a MAY, but due to
size is discouraged.";
}
}

leaf proximity-registrar-pubk-sha256 {
type binary;
description
leaf proximity-registrar-pubk-sha256 {
type binary;
description
"The proximity-registrar-pubk-sha256
is an alternative to both
proximity-registrar-pubk and pinned-domain-cert.
Expand All @@ -197,6 +201,7 @@ module ietf-voucher-request {
Algorithm agility is provided by extensions to this
specification which may define a new leaf for another
hash type.";
}
}

leaf agent-signed-data {
Expand Down
6 changes: 6 additions & 0 deletions ietf-voucher.yang
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,8 @@ module ietf-voucher {
(https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
for full legal notices.
RFCEDITOR: please replace XXXX with the RFC number assigned.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
'MAY', and 'OPTIONAL' in this document are to be interpreted as
Expand Down Expand Up @@ -163,6 +165,9 @@ module ietf-voucher {
otherwise unique within the scope of the MASA.";
}
choice pinning {
description "One of these attributes is used by the pledge to
specify the registrar, and how the pledge would like
the registrar's identity to be pinned";
leaf pinned-domain-cert {
type binary;
description
Expand Down Expand Up @@ -231,6 +236,7 @@ module ietf-voucher {
certificate.";
}
choice nonceless {
description "Either a nonce must be present, or an expires-on header";
leaf expires-on {
type yang:date-and-time;
description
Expand Down

0 comments on commit ee8145f

Please sign in to comment.