These comments are separate from my previous comments on references in
the YANG modules. That said,
'import' in YANG module must have a YANG reference clause which must be
a Normative Reference in the I-D Reference.
ietf-hardware must has a prefix of 'hw' as per RFC8348 throughout the I-D
/http:datatracker/https:/datatracker/
in both modules
reference
"draft-ietf-rats-yang-tpm-charra";
perhaps
reference
"RFC XXXX: A YANG Data Model for Challenge-Response-based
Remote Attestation Procedures using TPMs";
identity attested_event_log_type {
description
"Base identity allowing categorization of the reasons why and
/and/an/ ?
leaf TPMS_QUOTE_INFO {
most YANG identifiers have been changed to lower case; should this one
be?
grouping boot-event-log {
could do with more explanation and/or references for this. e.g. are
there semantics for the uint32 event-type?
Security Considerations mention the use of NACM; should the RPC have a
default deny-all?
leaf physical-index {
should this reference the YANG RFC8348 rather than the SMI equivalent?
leaf manufacturer {
these are often modelled as Privat Enterprise Numbers as registered with
IANA - see e.g. draft-ietf-dots-telemetry
reference
"RFC XXXX: tbd";
as above
identity tpm20 {
if-feature "tpm12";
looks odd - if correct then worth an explanatory note
Tom Petch
On 14/01/2022 16:16, The IESG wrote:
The IESG has received a request from the Remote ATtestation ProcedureS WG
(rats) to consider the following document: - 'A YANG Data Model for
Challenge-Response-based Remote Attestation
Procedures using TPMs'
<draft-ietf-rats-yang-tpm-charra-12.txt> as Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@xxxxxxxx mailing lists by 2022-01-28. Exceptionally, comments may
be sent to iesg@xxxxxxxx instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.
Abstract
This document defines YANG RPCs and a small number of configuration
nodes required to retrieve attestation evidence about integrity
measurements from a device, following the operational context defined
in TPM-based Network Device Remote Integrity Verification.
Complementary measurement logs are also provided by the YANG RPCs,
originating from one or more roots of trust for measurement (RTMs).
The module defined requires at least one TPM 1.2 or TPM 2.0 as well
as a corresponding TPM Software Stack (TSS), included in the device
components of the composite device the YANG server is running on.
The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-rats-yang-tpm-charra/
No IPR declarations have been submitted directly on this I-D.
The document contains these normative downward references.
See RFC 3967 for additional information:
draft-ietf-rats-tpm-based-network-device-attest: TPM-based Network Device Remote Integrity Verification (None - Internet Engineering Task Force (IETF))
draft-ietf-rats-architecture: Remote Attestation Procedures Architecture (None - Internet Engineering Task Force (IETF))
_______________________________________________
IETF-Announce mailing list
IETF-Announce@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf-announce
.
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
