--- 1/draft-ietf-netmod-system-mgmt-14.txt 2014-04-29 01:14:22.583396586 -0700 +++ 2/draft-ietf-netmod-system-mgmt-15.txt 2014-04-29 01:14:22.647398179 -0700 @@ -1,19 +1,19 @@ Network Working Group A. Bierman Internet-Draft YumaWorks Intended status: Standards Track M. Bjorklund -Expires: October 17, 2014 Tail-f Systems - April 15, 2014 +Expires: October 31, 2014 Tail-f Systems + April 29, 2014 A YANG Data Model for System Management - draft-ietf-netmod-system-mgmt-14 + draft-ietf-netmod-system-mgmt-15 Abstract This document defines a YANG data model for the configuration and identification of some common system properties within a device containing a NETCONF server. This includes data node definitions for system identification, time-of-day management, user management, DNS resolver configuration, and some protocol operations for system management. @@ -25,21 +25,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on October 17, 2014. + This Internet-Draft will expire on October 31, 2014. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -81,20 +81,21 @@ 9.3. 02-03 . . . . . . . . . . . . . . . . . . . . . . . . . . 35 9.4. 03-04 . . . . . . . . . . . . . . . . . . . . . . . . . . 35 9.5. 04-05 . . . . . . . . . . . . . . . . . . . . . . . . . . 35 9.6. 05-06 . . . . . . . . . . . . . . . . . . . . . . . . . . 36 9.7. 06-07 . . . . . . . . . . . . . . . . . . . . . . . . . . 36 9.8. 07-08 . . . . . . . . . . . . . . . . . . . . . . . . . . 37 9.9. 08-09 . . . . . . . . . . . . . . . . . . . . . . . . . . 37 9.10. 09-10 . . . . . . . . . . . . . . . . . . . . . . . . . . 37 9.11. 11-12 . . . . . . . . . . . . . . . . . . . . . . . . . . 37 9.12. 13-14 . . . . . . . . . . . . . . . . . . . . . . . . . . 37 + 9.13. 14-15 . . . . . . . . . . . . . . . . . . . . . . . . . . 37 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 38 10.1. Normative References . . . . . . . . . . . . . . . . . . . 38 10.2. Informative References . . . . . . . . . . . . . . . . . . 39 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 40 1. Introduction This document defines a YANG [RFC6020] data model for the configuration and identification of some common properties within a device containing a NETCONF server. @@ -1452,20 +1453,25 @@ o system-restart: Reboots the device. o system-shutdown: Shuts down the device. Since this document describes the use of RADIUS for purposes of authentication, it is vulnerable to all of the threats that are present in other RADIUS applications. For a discussion of such threats, see [RFC2865] and [RFC3162]. + This document provides configuration parameters for SSH's "publickey" + and "password" authentication mechanisms. Section 9.4 of [RFC4251] + and section 11 of [RFC4252] discuss security considerations for these + mechanisms. + The "iana-crypt-hash" YANG module defines a type "crypt-hash" that can be used to store MD5 hashes. [RFC6151] discusses security considerations for MD5. The usage of MD5 is NOT RECOMMENDED. 9. Change Log -- RFC Ed.: remove this section before publication. 9.1. 00-01 @@ -1585,21 +1591,26 @@ 9.11. 11-12 o added typedef "timezone-name", and removed reference to draft-ietf-netmod-iana-timezones 9.12. 13-14 o moved the "crypt-hash" typedef to an IANA maintained module. - o updated securoty considerations to mention RADIUS threats. + o updated security considerations to mention RADIUS threats. + +9.13. 14-15 + + o updated security considerations to mention SSH authentication + method threats. 10. References 10.1. Normative References [FIPS.180-3.2008] National Institute of Standards and Technology, "Secure Hash Standard", FIPS PUB 180-3, October 2008, . @@ -1621,20 +1632,23 @@ "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000. [RFC3162] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", RFC 3162, August 2001. [RFC3418] Presuhn, R., "Management Information Base (MIB) for the Simple Network Management Protocol (SNMP)", STD 62, RFC 3418, December 2002. + [RFC4251] Ylonen, T. and C. Lonvick, "The Secure Shell (SSH) + Protocol Architecture", RFC 4251, January 2006. + [RFC4252] Ylonen, T. and C. Lonvick, "The Secure Shell (SSH) Authentication Protocol", RFC 4252, January 2006. [RFC4253] Ylonen, T. and C. Lonvick, "The Secure Shell (SSH) Transport Layer Protocol", RFC 4253, January 2006. [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008.