| rfc9684v4.txt | rfc9684.txt | |||
|---|---|---|---|---|
| skipping to change at line 16 ¶ | skipping to change at line 16 ¶ | |||
| ThoughtSpot | ThoughtSpot | |||
| E. Voit | E. Voit | |||
| B. Sulzen | B. Sulzen | |||
| Cisco | Cisco | |||
| L. Xia | L. Xia | |||
| Huawei | Huawei | |||
| T. Laffey | T. Laffey | |||
| HPE | HPE | |||
| G. C. Fedorkow | G. C. Fedorkow | |||
| Juniper | Juniper | |||
| November 2024 | December 2024 | |||
| A YANG Data Model for Challenge-Response-Based Remote Attestation | A YANG Data Model for Challenge-Response-Based Remote Attestation | |||
| (CHARRA) Procedures Using Trusted Platform Modules (TPMs) | (CHARRA) Procedures Using Trusted Platform Modules (TPMs) | |||
| Abstract | Abstract | |||
| This document defines the YANG Remote Procedure Calls (RPCs) and | This document defines the YANG Remote Procedure Calls (RPCs) and | |||
| configuration nodes that are required to retrieve attestation | configuration nodes that are required to retrieve attestation | |||
| evidence about integrity measurements from a device, following the | evidence about integrity measurements from a device, following the | |||
| operational context defined in RFC 9683 "TPM-based Network Device | operational context defined in RFC 9683 "TPM-based Network Device | |||
| skipping to change at line 2369 ¶ | skipping to change at line 2369 ¶ | |||
| ietf-tpm-remote-attestation.yang. However, the full definition of | ietf-tpm-remote-attestation.yang. However, the full definition of | |||
| Table 3 of [TCG-Algos] will allow use by additional YANG | Table 3 of [TCG-Algos] will allow use by additional YANG | |||
| specifications. | specifications. | |||
| 3. IANA Considerations | 3. IANA Considerations | |||
| This document registers the following namespace URIs in the | This document registers the following namespace URIs in the | |||
| [XML-Registry] per [RFC3688]: | [XML-Registry] per [RFC3688]: | |||
| URI: urn:ietf:params:xml:ns:yang:ietf-tpm-remote-attestation | URI: urn:ietf:params:xml:ns:yang:ietf-tpm-remote-attestation | |||
| Registrant Contact: The IESG. | ||||
| Registrant Contact: The IESG. | XML: N/A; the requested URI is an XML namespace. | |||
| XML: N/A; the requested URI is an XML namespace. | ||||
| URI: urn:ietf:params:xml:ns:yang:ietf-tcg-algs | URI: urn:ietf:params:xml:ns:yang:ietf-tcg-algs | |||
| Registrant Contact: The IESG. | ||||
| Registrant Contact: The IESG. | XML: N/A; the requested URI is an XML namespace. | |||
| XML: N/A; the requested URI is an XML namespace. | ||||
| This document registers the following YANG modules in the registry | This document registers the following YANG modules in the registry | |||
| [YANG-Parameters] per Section 14 of [RFC6020]: | [YANG-Parameters] per Section 14 of [RFC6020]: | |||
| Name: ietf-tpm-remote-attestation | Name: ietf-tpm-remote-attestation | |||
| Namespace: urn:ietf:params:xml:ns:yang:ietf-tpm-remote-attestation | ||||
| Namespace: urn:ietf:params:xml:ns:yang:ietf-tpm-remote- | Prefix: tpm | |||
| attestation | Reference: draft-ietf-rats-yang-tpm-charra (RFC form) | |||
| Prefix: tpm | ||||
| Reference: draft-ietf-rats-yang-tpm-charra (RFC form) | ||||
| Name: ietf-tcg-algs | Name: ietf-tcg-algs | |||
| Namespace: urn:ietf:params:xml:ns:yang:ietf-tcg-algs | ||||
| Namespace: urn:ietf:params:xml:ns:yang:ietf-tcg-algs | Prefix: taa | |||
| Reference: draft-ietf-rats-yang-tpm-charra (RFC form) | ||||
| Prefix: taa | ||||
| Reference: draft-ietf-rats-yang-tpm-charra (RFC form) | ||||
| 4. Security Considerations | 4. Security Considerations | |||
| The YANG module ietf-tpm-remote-attestation.yang specified in this | The YANG module ietf-tpm-remote-attestation.yang specified in this | |||
| document defines a schema for data that is designed to be accessed | document defines a schema for data that is designed to be accessed | |||
| via network management protocols such as NETCONF [RFC6241] or | via network management protocols such as NETCONF [RFC6241] or | |||
| RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transport | RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transport | |||
| layer, and the mandatory-to-implement secure transport is Secure | layer, and the mandatory-to-implement secure transport is Secure | |||
| Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and the | Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, and the | |||
| mandatory-to-implement secure transport is TLS [RFC8446]. | mandatory-to-implement secure transport is TLS [RFC8446]. | |||
| skipping to change at line 2497 ¶ | skipping to change at line 2486 ¶ | |||
| Some of the readable data nodes in this YANG module may be considered | Some of the readable data nodes in this YANG module may be considered | |||
| sensitive or vulnerable in some network environments. It is thus | sensitive or vulnerable in some network environments. It is thus | |||
| important to control read access (e.g., via get, get-config, or | important to control read access (e.g., via get, get-config, or | |||
| notification) to these data nodes. These are the subtrees and data | notification) to these data nodes. These are the subtrees and data | |||
| nodes and their sensitivity/vulnerability: | nodes and their sensitivity/vulnerability: | |||
| Event logs (bios-log, ima-log, netequip-boot-log) typically contain | Event logs (bios-log, ima-log, netequip-boot-log) typically contain | |||
| hash values (digests) of running boot and OS software. Passive | hash values (digests) of running boot and OS software. Passive | |||
| attackers can use these hash values to identify software versions and | attackers can use these hash values to identify software versions and | |||
| thus launch targeted attacks on known vulnerabilities. Hence, bios- | thus launch targeted attacks on known vulnerabilities. Hence, bios- | |||
| log, ima-log, and netequip-boot-log are considerd sensitive. | log, ima-log, and netequip-boot-log are considered sensitive. | |||
| Some of the RPC operations in this YANG module may be considered | Some of the RPC operations in this YANG module may be considered | |||
| sensitive or vulnerable in some network environments. It is thus | sensitive or vulnerable in some network environments. It is thus | |||
| important to control access to these operations. These are the | important to control access to these operations. These are the | |||
| operations and their sensitivity/vulnerability: | operations and their sensitivity/vulnerability: | |||
| The 'log-retrieval' RPC operation is considered sensitive since it | The 'log-retrieval' RPC operation is considered sensitive since it | |||
| enables retrieval of logs (bios-log, ima-log, netequip-boot-log) that | enables retrieval of logs (bios-log, ima-log, netequip-boot-log) that | |||
| typically contain hash values (digests) of running boot and OS | typically contain hash values (digests) of running boot and OS | |||
| software. This allows specifics of loaded software including BIOS | software. This allows specifics of loaded software including BIOS | |||
| skipping to change at line 2708 ¶ | skipping to change at line 2697 ¶ | |||
| [RFC9334] Birkholz, H., Thaler, D., Richardson, M., Smith, N., and | [RFC9334] Birkholz, H., Thaler, D., Richardson, M., Smith, N., and | |||
| W. Pan, "Remote ATtestation procedureS (RATS) | W. Pan, "Remote ATtestation procedureS (RATS) | |||
| Architecture", RFC 9334, DOI 10.17487/RFC9334, January | Architecture", RFC 9334, DOI 10.17487/RFC9334, January | |||
| 2023, <https://www.rfc-editor.org/info/rfc9334>. | 2023, <https://www.rfc-editor.org/info/rfc9334>. | |||
| [RFC9642] Watsen, K., "A YANG Data Model for a Keystore", RFC 9642, | [RFC9642] Watsen, K., "A YANG Data Model for a Keystore", RFC 9642, | |||
| DOI 10.17487/RFC9642, October 2024, | DOI 10.17487/RFC9642, October 2024, | |||
| <https://www.rfc-editor.org/info/rfc9642>. | <https://www.rfc-editor.org/info/rfc9642>. | |||
| [RFC9683] Fedorkow, G. C., Voit, E., and J. Fitzgerald-McKay, | [RFC9683] Fedorkow, G. C., Ed., Voit, E., and J. Fitzgerald-McKay, | |||
| "Remote Integrity Verification of Network Devices | "Remote Integrity Verification of Network Devices | |||
| Containing Trusted Platform Modules", RFC 9683, | Containing Trusted Platform Modules", RFC 9683, | |||
| DOI 10.17487/RFC9683, November 2024, | DOI 10.17487/RFC9683, December 2024, | |||
| <https://www.rfc-editor.org/info/rfc9683>. | <https://www.rfc-editor.org/info/rfc9683>. | |||
| [TCG-Algos] | [TCG-Algos] | |||
| Trusted Computing Group, "TCG Algorithm Registry", Family | Trusted Computing Group, "TCG Algorithm Registry", Family | |||
| "2.0" Level 00 Revision 01.34, 24 August 2023, | "2.0" Level 00 Revision 01.34, 24 August 2023, | |||
| <https://trustedcomputinggroup.org/wp-content/uploads/TCG- | <https://trustedcomputinggroup.org/wp-content/uploads/TCG- | |||
| Algorithm-Registry-Revision-1.34_pub-1.pdf>. | Algorithm-Registry-Revision-1.34_pub-1.pdf>. | |||
| [TPM1.2] Trusted Computing Group, "TPM 1.2 Main Specification", TPM | [TPM1.2] Trusted Computing Group, "TPM 1.2 Main Specification", TPM | |||
| Main Specification Level 2 Version 1.2, Revision 116, 1 | Main Specification Level 2 Version 1.2, Revision 116, 1 | |||
| End of changes. 8 change blocks. | ||||
| 25 lines changed or deleted | 14 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||