Diff: rfc9918.original

	rfc9918.original	rfc9918.txt


	Network Configuration S. Turner	Internet Engineering Task Force (IETF) S. Turner
	Internet-Draft sn3rd	Request for Comments: 9918 sn3rd
	Updates: 7589 (if approved) R. Housley	Updates: 7589 R. Housley
	Intended status: Standards Track Vigil Security	Category: Standards Track Vigil Security
	Expires: 21 July 2024 18 January 2024	ISSN: 2070-1721 January 2026

	Updates to Using the NETCONF Protocol over Transport Layer Security	Updates to Using the NETCONF Protocol over Transport Layer Security
	(TLS) with Mutual X.509 Authentication	(TLS) with Mutual X.509 Authentication

	draft-ietf-netconf-over-tls13-04

	Abstract	Abstract


	RFC 7589 defines how to protect NETCONF messages with TLS 1.2. This	RFC 7589 defines how to protect Network Configuration Protocol
	document updates RFC 7589 to update support requirements for TLS 1.2	(NETCONF) messages with TLS 1.2. This document updates RFC 7589 to
	and add TLS 1.3 support requirements, including restrictions on the	update support requirements for TLS 1.2 and add TLS 1.3 support
	use of TLS 1.3's early data.	requirements, including restrictions on the use of TLS 1.3's early
		data.
	About This Document

	This note is to be removed before publishing as an RFC.

	The latest revision of this draft can be found at https://netconf-
	wg.github.io/netconf-over-tls13/draft-ietf-netconf-over-tls13.html.
	Status information for this document may be found at
	https://datatracker.ietf.org/doc/draft-ietf-netconf-over-tls13/.

	Discussion of this document takes place on the Network Configuration
	Working Group mailing list (mailto:netconf@ietf.org), which is
	archived at https://mailarchive.ietf.org/arch/browse/netconf/.
	Subscribe at https://www.ietf.org/mailman/listinfo/netconf/.

	Source for this draft and an issue tracker can be found at
	https://github.com/netconf-wg/netconf-over-tls13.

	Status of This Memo	Status of This Memo


	This Internet-Draft is submitted in full conformance with the	This is an Internet Standards Track document.
	provisions of BCP 78 and BCP 79.

	Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-
	Drafts is at https://datatracker.ietf.org/drafts/current/.


	Internet-Drafts are draft documents valid for a maximum of six months	This document is a product of the Internet Engineering Task Force
	and may be updated, replaced, or obsoleted by other documents at any	(IETF). It represents the consensus of the IETF community. It has
	time. It is inappropriate to use Internet-Drafts as reference	received public review and has been approved for publication by the
	material or to cite them other than as "work in progress."	Internet Engineering Steering Group (IESG). Further information on
		Internet Standards is available in Section 2 of RFC 7841.


	This Internet-Draft will expire on 21 July 2024.	Information about the current status of this document, any errata,
		and how to provide feedback on it may be obtained at
		https://www.rfc-editor.org/info/rfc9918.

	Copyright Notice	Copyright Notice


	Copyright (c) 2024 IETF Trust and the persons identified as the	Copyright (c) 2026 IETF Trust and the persons identified as the
	document authors. All rights reserved.	document authors. All rights reserved.

	This document is subject to BCP 78 and the IETF Trust's Legal	This document is subject to BCP 78 and the IETF Trust's Legal

	Provisions Relating to IETF Documents (https://trustee.ietf.org/	Provisions Relating to IETF Documents
	license-info) in effect on the date of publication of this document.	(https://trustee.ietf.org/license-info) in effect on the date of
	Please review these documents carefully, as they describe your rights	publication of this document. Please review these documents
	and restrictions with respect to this document. Code Components	carefully, as they describe your rights and restrictions with respect
	extracted from this document must include Revised BSD License text as	to this document. Code Components extracted from this document must
	described in Section 4.e of the Trust Legal Provisions and are	include Revised BSD License text as described in Section 4.e of the
	provided without warranty as described in the Revised BSD License.	Trust Legal Provisions and are provided without warranty as described
		in the Revised BSD License.

	Table of Contents	Table of Contents


	1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2	1. Introduction
	2. Conventions and Definitions . . . . . . . . . . . . . . . . . 3	2. Conventions
	3. Early Data . . . . . . . . . . . . . . . . . . . . . . . . . 3	3. Early Data
	4. Cipher Suites . . . . . . . . . . . . . . . . . . . . . . . . 3	4. Cipher Suites
	5. Security Considerations . . . . . . . . . . . . . . . . . . . 4	5. Security Considerations
	6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4	6. IANA Considerations
	7. Normative References . . . . . . . . . . . . . . . . . . . . 5	7. Normative References
	Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 6	Acknowledgments
	Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6	Authors' Addresses

	1. Introduction	1. Introduction

	[RFC7589] defines how to protect NETCONF messages [RFC6241] with TLS	[RFC7589] defines how to protect NETCONF messages [RFC6241] with TLS
	1.2 [RFC5246]. This document updates [RFC7589] to update support	1.2 [RFC5246]. This document updates [RFC7589] to update support

	requirements for TLS 1.2 [RFC5246] and to add TLS 1.3	requirements for TLS 1.2 [RFC5246] and add TLS 1.3 [RFC9846] support
	[I-D.ietf-tls-rfc8446bis] support requirements, including	requirements, including restrictions on the use of TLS 1.3's early
	restrictions on the use of TLS 1.3's early data which is also known	data, which is also known as 0-RTT data. It also updates "netconf-
	as 0-RTT data. It also updates the "netconf-tls" IANA Registered	tls", the IANA-registered port number entry, to refer to this
	Port Number entry to refer to this document. All other provisions	document. All other provisions set forth in [RFC7589] are unchanged,
	set forth in [RFC7589] are unchanged, including connection	including connection initiation, message framing, connection closure,
	initiation, message framing, connection closure, certificate	certificate validation, server identity, and client identity.
	validation, server identity, and client identity.


	\| NOTE: Implementations that support TLS 1.3	\| NOTE: Implementations that support TLS 1.3 [RFC9846] should
	\| [I-D.ietf-tls-rfc8446bis] should refer to TLS 1.3	\| refer to TLS 1.3 in Sections 4 and 5 of [RFC7589].
	\| [I-D.ietf-tls-rfc8446bis] in Sections 4 and 5 of [RFC7589].


	2. Conventions and Definitions	2. Conventions

	The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",	The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
	"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and	"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
	"OPTIONAL" in this document are to be interpreted as described in	"OPTIONAL" in this document are to be interpreted as described in
	BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all	BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
	capitals, as shown here.	capitals, as shown here.

	3. Early Data	3. Early Data

	Early data (aka 0-RTT data) is a mechanism defined in TLS 1.3	Early data (aka 0-RTT data) is a mechanism defined in TLS 1.3

	[I-D.ietf-tls-rfc8446bis] that allows a client to send data ("early	[RFC9846] that allows a client to send data ("early data") as part of
	data") as part of the first flight of messages to a server. Note	the first flight of messages to a server. Note that TLS 1.3 can be
	that TLS 1.3 can be used without early data as per Appendix F.5 of	used without early data as per Appendix F.5 of [RFC9846]. In fact,
	[I-D.ietf-tls-rfc8446bis]. In fact, early data is permitted by TLS	early data is permitted by TLS 1.3 only when the client and server
	1.3 only when the client and server share a Pre-Shared Key (PSK),	share a Pre-Shared Key (PSK), either obtained externally or via a
	either obtained externally or via a previous handshake. The client	previous handshake. The client uses the PSK to authenticate the
	uses the PSK to authenticate the server and to encrypt the early	server and to encrypt the early data.
	data.


	As noted in Section 2.3 of [I-D.ietf-tls-rfc8446bis], the security	As noted in Section 2.3 of [RFC9846], the security properties for
	properties for early data are weaker than those for subsequent TLS-	early data are weaker than those for subsequent TLS-protected data.
	protected data. In particular, early data is not forward secret, and	In particular, early data is not forward secret, and there is no
	there is no protection against the replay of early data between	protection against the replay of early data between connections.
	connections. Appendix E.5 of [I-D.ietf-tls-rfc8446bis] requires	Appendix F.5 of [RFC9846] requires applications not use early data
	applications not use early data without a profile that defines its	without a profile that defines its use. This document specifies that
	use. This document specifies that NETCONF implementations that	NETCONF implementations that support TLS 1.3 MUST NOT use early data.
	support TLS 1.3 MUST NOT use early data.

	4. Cipher Suites	4. Cipher Suites


	Implementations MUST support mutually authenticated TLS 1.2 [RFC5246]	Implementations MUST support mutually authenticated TLS 1.2
	and they are, as specified in [RFC9325], recommended to support the	[RFC5246], and they are, as specified in [RFC9325], recommended to
	cipher suites found in Section 4.2 of [RFC9325].	support the cipher suites found in Section 4.2 of [RFC9325].

	Implementations MAY implement additional TLS 1.2 cipher suites that	Implementations MAY implement additional TLS 1.2 cipher suites that

	provide mutual authentication [RFC5246] and confidentiality as	provide mutual authentication [RFC5246] and confidentiality, as
	required by NETCONF [RFC6241].	required by NETCONF [RFC6241].

	Implementations SHOULD support mutually authenticated TLS 1.3	Implementations SHOULD support mutually authenticated TLS 1.3

	[I-D.ietf-tls-rfc8446bis] and, if implemented, MUST prefer to	[RFC9846] and, if implemented, MUST prefer to negotiate TLS 1.3 over
	negotiate TLS 1.3 over earlier versions of TLS.	earlier versions of TLS.


	Implementations that support TLS 1.3 [I-D.ietf-tls-rfc8446bis] are	Implementations that support TLS 1.3 [RFC9846] are REQUIRED to
	REQUIRED to support the mandatory-to-implement cipher suites listed	support the mandatory-to-implement cipher suites listed in
	in Section 9.1 of [I-D.ietf-tls-rfc8446bis].	Section 9.1 of [RFC9846].

	Implementations that support TLS 1.3 MAY implement additional TLS	Implementations that support TLS 1.3 MAY implement additional TLS
	cipher suites that provide mutual authentication and confidentiality,	cipher suites that provide mutual authentication and confidentiality,
	which are required for NETCONF [RFC6241].	which are required for NETCONF [RFC6241].

	5. Security Considerations	5. Security Considerations


	The Security Considerations of [RFC6241], [RFC7589], and [RFC9325]	The security considerations of [RFC6241], [RFC7589], and [RFC9325]
	apply here as well.	apply here as well.

	NETCONF implementations SHOULD follow the TLS recommendations given	NETCONF implementations SHOULD follow the TLS recommendations given
	in [RFC9325].	in [RFC9325].


	For implementations that support TLS 1.3, the Security Considerations	For implementations that support TLS 1.3, the security considerations
	of TLS 1.3 [I-D.ietf-tls-rfc8446bis] apply.	of TLS 1.3 [RFC9846] apply.

	As specified in [RFC7589], NETCONF over TLS requires mutual	As specified in [RFC7589], NETCONF over TLS requires mutual
	authentication.	authentication.


	For implementations that support TLS 1.3 [I-D.ietf-tls-rfc8446bis]:	For implementations that support TLS 1.3 [RFC9846]:

	TLS 1.3 mutual authentication is used to ensure that only	TLS 1.3 mutual authentication is used to ensure that only
	authorized users and systems are able to view the NETCONF server's	authorized users and systems are able to view the NETCONF server's
	configuration and state or to modify the NETCONF server's	configuration and state or to modify the NETCONF server's
	configuration. To this end, neither the client nor the server	configuration. To this end, neither the client nor the server
	should establish a NETCONF over TLS 1.3 connection with an	should establish a NETCONF over TLS 1.3 connection with an
	unknown, unexpected, or incorrectly identified peer; see Section 7	unknown, unexpected, or incorrectly identified peer; see Section 7
	of [RFC7589]. If deployments make use of a trusted list of	of [RFC7589]. If deployments make use of a trusted list of
	Certification Authority (CA) certificates [RFC5280], then the	Certification Authority (CA) certificates [RFC5280], then the
	listed CAs should only issue certificates to parties that are	listed CAs should only issue certificates to parties that are
	authorized to access the NETCONF servers. Doing otherwise will	authorized to access the NETCONF servers. Doing otherwise will
	allow certificates that were issued for other purposes to be	allow certificates that were issued for other purposes to be
	inappropriately accepted by a NETCONF server.	inappropriately accepted by a NETCONF server.


	The Security Considerations of [RFC9525] apply to all implementations	The security considerations of [RFC9525] apply to all implementations
	when the client checks the identity of the server, as is required in	when the client checks the identity of the server, as is required in
	Section 6 of [RFC7589].	Section 6 of [RFC7589].

	6. IANA Considerations	6. IANA Considerations


	IANA is requested to add a reference to this document in the	IANA has added a reference to this document in the "netconf-tls"
	"netconf-tls" entry in the "Service Name and Transport Protocol Port	entry in the "Service Name and Transport Protocol Port Number
	Number Registry". The updated registry entry would appear as	Registry". The updated registry entry appears as follows:
	follows:


	Service Name: netconf-tls	Service Name: netconf-tls
	Transport Protocol(s): TCP	Port Number: 6513
	Assignee: IESG <iesg@ietf.org>	Transport Protocol: tcp
	Contact: IETF Chair <chair@ietf.org>	Description: NETCONF over TLS
	Description: NETCONF over TLS	Assignee: IESG <iesg@ietf.org>
	Reference: RFC 7589, [THIS RFC]	Contact: IETF Chair <chair@ietf.org>
	Port Number: 6513	Reference: RFC 7589, RFC 9918

	7. Normative References	7. Normative References


	[I-D.ietf-tls-rfc8446bis]
	Rescorla, E., "The Transport Layer Security (TLS) Protocol
	Version 1.3", Work in Progress, Internet-Draft, draft-
	ietf-tls-rfc8446bis-09, 7 July 2023,
	<https://datatracker.ietf.org/doc/html/draft-ietf-tls-
	rfc8446bis-09>.

	[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate	[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
	Requirement Levels", BCP 14, RFC 2119,	Requirement Levels", BCP 14, RFC 2119,
	DOI 10.17487/RFC2119, March 1997,	DOI 10.17487/RFC2119, March 1997,

	<https://www.rfc-editor.org/rfc/rfc2119>.	<https://www.rfc-editor.org/info/rfc2119>.

	[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security	[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
	(TLS) Protocol Version 1.2", RFC 5246,	(TLS) Protocol Version 1.2", RFC 5246,
	DOI 10.17487/RFC5246, August 2008,	DOI 10.17487/RFC5246, August 2008,

	<https://www.rfc-editor.org/rfc/rfc5246>.	<https://www.rfc-editor.org/info/rfc5246>.

	[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,	[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
	Housley, R., and W. Polk, "Internet X.509 Public Key	Housley, R., and W. Polk, "Internet X.509 Public Key
	Infrastructure Certificate and Certificate Revocation List	Infrastructure Certificate and Certificate Revocation List
	(CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,	(CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,

	<https://www.rfc-editor.org/rfc/rfc5280>.	<https://www.rfc-editor.org/info/rfc5280>.

	[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,	[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
	and A. Bierman, Ed., "Network Configuration Protocol	and A. Bierman, Ed., "Network Configuration Protocol
	(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,	(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,

	<https://www.rfc-editor.org/rfc/rfc6241>.	<https://www.rfc-editor.org/info/rfc6241>.

	[RFC7589] Badra, M., Luchuk, A., and J. Schoenwaelder, "Using the	[RFC7589] Badra, M., Luchuk, A., and J. Schoenwaelder, "Using the
	NETCONF Protocol over Transport Layer Security (TLS) with	NETCONF Protocol over Transport Layer Security (TLS) with
	Mutual X.509 Authentication", RFC 7589,	Mutual X.509 Authentication", RFC 7589,
	DOI 10.17487/RFC7589, June 2015,	DOI 10.17487/RFC7589, June 2015,

	<https://www.rfc-editor.org/rfc/rfc7589>.	<https://www.rfc-editor.org/info/rfc7589>.

	[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC	[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
	2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,	2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,

	May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.	May 2017, <https://www.rfc-editor.org/info/rfc8174>.

	[RFC9325] Sheffer, Y., Saint-Andre, P., and T. Fossati,	[RFC9325] Sheffer, Y., Saint-Andre, P., and T. Fossati,
	"Recommendations for Secure Use of Transport Layer	"Recommendations for Secure Use of Transport Layer
	Security (TLS) and Datagram Transport Layer Security	Security (TLS) and Datagram Transport Layer Security
	(DTLS)", BCP 195, RFC 9325, DOI 10.17487/RFC9325, November	(DTLS)", BCP 195, RFC 9325, DOI 10.17487/RFC9325, November

	2022, <https://www.rfc-editor.org/rfc/rfc9325>.	2022, <https://www.rfc-editor.org/info/rfc9325>.

	[RFC9525] Saint-Andre, P. and R. Salz, "Service Identity in TLS",	[RFC9525] Saint-Andre, P. and R. Salz, "Service Identity in TLS",
	RFC 9525, DOI 10.17487/RFC9525, November 2023,	RFC 9525, DOI 10.17487/RFC9525, November 2023,

	<https://www.rfc-editor.org/rfc/rfc9525>.	<https://www.rfc-editor.org/info/rfc9525>.

		[RFC9846] Rescorla, E., "The Transport Layer Security (TLS) Protocol
		Version 1.3", RFC 9846, DOI 10.17487/RFC9846, January
		2026, <https://www.rfc-editor.org/info/rfc9846>.

	Acknowledgments	Acknowledgments

	We would like to thank Per Andersson, Jürgen Schönwälder, Jeff	We would like to thank Per Andersson, Jürgen Schönwälder, Jeff
	Hartley, Rob Wilton, and Qin Wu for their reviews.	Hartley, Rob Wilton, and Qin Wu for their reviews.

	Authors' Addresses	Authors' Addresses

	Sean Turner	Sean Turner
	sn3rd	sn3rd
	Email: sean@sn3rd.com	Email: sean@sn3rd.com

	Russ Housley	Russ Housley
	Vigil Security, LLC	Vigil Security, LLC
	516 Dranesville Road	516 Dranesville Road

	Herndon, VA, 20170	Herndon, VA 20170
	United States of America	United States of America
	Email: housley@vigilsec.com	Email: housley@vigilsec.com

End of changes. 34 change blocks.
	125 lines changed or deleted	98 lines changed or added
This html diff was produced by rfcdiff 1.48.