Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Yang issues #65

Merged
merged 2 commits into from
Dec 14, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 28 additions & 23 deletions ietf-voucher-request.yang
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,8 @@ module ietf-voucher-request {
(https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
for full legal notices.

RFCEDITOR: please replace XXXX with the RFC number assigned.

The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
'MAY', and 'OPTIONAL' in this document are to be interpreted as
Expand Down Expand Up @@ -147,25 +149,27 @@ module ietf-voucher-request {
the final voucher size.";
}

leaf proximity-registrar-cert {
type binary;
description
"An X.509 v3 certificate structure as specified by
RFC 5280, Section 4 encoded using the ASN.1
distinguished encoding rules (DER), as specified
in [ITU.X690.1994].

The first certificate in the Registrar TLS server
certificate_list sequence (the end-entity TLS
certificate, see [RFC8446]) presented by the Registrar
to the Pledge.
This MUST be populated in a Pledge's voucher request
when a proximity assertion is requested.";
}

leaf proximity-registrar-pubk {
type binary;
description
choice registrar-identity {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change makes only one of the three leaf nodes to be configured, which i think might be the real intention after reading the description. but maybe add a description for the choice statement.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have made updates to include a description.

description "One of these three attributes will be used to pin the registrar identity";
leaf proximity-registrar-cert {
type binary;
description
"An X.509 v3 certificate structure as specified by
RFC 5280, Section 4 encoded using the ASN.1
distinguished encoding rules (DER), as specified
in [ITU.X690.1994].

The first certificate in the Registrar TLS server
certificate_list sequence (the end-entity TLS
certificate, see [RFC8446]) presented by the Registrar
to the Pledge.
This MUST be populated in a Pledge's voucher request
when a proximity assertion is requested.";
}

leaf proximity-registrar-pubk {
type binary;
description
"The proximity-registrar-pubk replaces
the proximity-registrar-cert in constrained uses of
the voucher-request.
Expand All @@ -178,11 +182,11 @@ module ietf-voucher-request {
Support for the DSA algorithm is not recommended.
Support for the RSA algorithm is a MAY, but due to
size is discouraged.";
}
}

leaf proximity-registrar-pubk-sha256 {
type binary;
description
leaf proximity-registrar-pubk-sha256 {
type binary;
description
"The proximity-registrar-pubk-sha256
is an alternative to both
proximity-registrar-pubk and pinned-domain-cert.
Expand All @@ -197,6 +201,7 @@ module ietf-voucher-request {
Algorithm agility is provided by extensions to this
specification which may define a new leaf for another
hash type.";
}
}

leaf agent-signed-data {
Expand Down
6 changes: 6 additions & 0 deletions ietf-voucher.yang
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,8 @@ module ietf-voucher {
(https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
for full legal notices.

RFCEDITOR: please replace XXXX with the RFC number assigned.

The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
'MAY', and 'OPTIONAL' in this document are to be interpreted as
Expand Down Expand Up @@ -163,6 +165,9 @@ module ietf-voucher {
otherwise unique within the scope of the MASA.";
}
choice pinning {
description "One of these attributes is used by the pledge to
specify the registrar, and how the pledge would like
the registrar's identity to be pinned";
leaf pinned-domain-cert {
type binary;
description
Expand Down Expand Up @@ -231,6 +236,7 @@ module ietf-voucher {
certificate.";
}
choice nonceless {
description "Either a nonce must be present, or an expires-on header";
leaf expires-on {
type yang:date-and-time;
description
Expand Down