rfc9761.original   rfc9761.txt 
OPSAWG WG T. Reddy Internet Engineering Task Force (IETF) T. Reddy.K
Internet-Draft Nokia Request for Comments: 9761 Nokia
Intended status: Standards Track D. Wing Category: Standards Track D. Wing
Expires: 24 February 2025 Citrix ISSN: 2070-1721 Citrix
B. Anderson B. Anderson
Cisco Cisco
23 August 2024 April 2025
Manufacturer Usage Description (MUD) (D)TLS Profiles for IoT Devices Manufacturer Usage Description (MUD) for TLS and DTLS Profiles for
draft-ietf-opsawg-mud-tls-18 Internet of Things (IoT) Devices
Abstract Abstract
This memo extends the Manufacturer Usage Description (MUD) This memo extends the Manufacturer Usage Description (MUD)
specification to allow manufacturers to define (D)TLS profile specification to allow manufacturers to define TLS and DTLS profile
parameters. This allows a network security service to identify parameters. This allows a network security service to identify
unexpected (D)TLS usage, which can indicate the presence of unexpected (D)TLS usage, which can indicate the presence of
unauthorized software, malware, or security policy-violating traffic unauthorized software, malware, or security policy-violating traffic
on an endpoint. on an endpoint.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
This Internet-Draft will expire on 24 February 2025. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc9761.
Copyright Notice Copyright Notice
Copyright (c) 2024 IETF Trust and the persons identified as the Copyright (c) 2025 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents
license-info) in effect on the date of publication of this document. (https://trustee.ietf.org/license-info) in effect on the date of
Please review these documents carefully, as they describe your rights publication of this document. Please review these documents
and restrictions with respect to this document. Code Components carefully, as they describe your rights and restrictions with respect
extracted from this document must include Revised BSD License text as to this document. Code Components extracted from this document must
described in Section 4.e of the Trust Legal Provisions and are include Revised BSD License text as described in Section 4.e of the
provided without warranty as described in the Revised BSD License. Trust Legal Provisions and are provided without warranty as described
in the Revised BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Terminology
3. Overview of MUD (D)TLS profiles for IoT devices . . . . . . . 5 3. Overview of MUD (D)TLS Profiles for IoT devices
4. (D)TLS 1.3 Handshake . . . . . . . . . . . . . . . . . . . . 7 4. (D)TLS 1.3 Handshake
4.1. Full (D)TLS 1.3 Handshake Inspection . . . . . . . . . . 7 4.1. Full (D)TLS 1.3 Handshake Inspection
4.2. Encrypted DNS . . . . . . . . . . . . . . . . . . . . . . 8 4.2. Encrypted DNS
5. (D)TLS Profile of a IoT device . . . . . . . . . . . . . . . 8 5. (D)TLS Profile of an IoT device
5.1. Tree Structure of the (D)TLS profile Extension to the ACL 5.1. Tree Structure of the (D)TLS Profile Extension to the ACL
YANG Model . . . . . . . . . . . . . . . . . . . . . . . 10 YANG Module
5.2. The (D)TLS profile Extension to the ACL YANG Model . . . 10 5.2. The (D)TLS Profile Extension to the ACL YANG Module
5.3. IANA (D)TLS profile YANG Module . . . . . . . . . . . . . 15 5.3. IANA (D)TLS Profile YANG Module
5.4. MUD (D)TLS Profile Extension . . . . . . . . . . . . . . 19 5.4. MUD (D)TLS Profile Extension
6. Processing of the MUD (D)TLS Profile . . . . . . . . . . . . 21 6. Processing of the MUD (D)TLS Profile
7. MUD File Example . . . . . . . . . . . . . . . . . . . . . . 22 7. MUD File Example
8. Software-Based ACLs and ACLs within a (D)TLS 1.3 Proxy . . . 24 8. Software-Based ACLs and ACLs Within a (D)TLS 1.3 Proxy
9. Security Considerations . . . . . . . . . . . . . . . . . . . 24 9. Security Considerations
9.1. Challenges in Mimicking (D)TLS 1.2 Handshakes for IoT 9.1. Challenges in Mimicking (D)TLS 1.2 Handshakes for IoT
Devices . . . . . . . . . . . . . . . . . . . . . . . . . 25 Devices
9.2. Considerations for the "iana-tls-profile" Module . . . . 25 9.2. Considerations for the "iana-tls-profile" Module
9.3. Considerations for the "ietf-acl-tls" Module . . . . . . 26 9.3. Considerations for the "ietf-acl-tls" Module
9.4. Considerations for the "ietf-mud-tls" Module . . . . . . 27 9.4. Considerations for the "ietf-mud-tls" Module
10. Privacy Considerations . . . . . . . . . . . . . . . . . . . 28 10. Privacy Considerations
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 29 11. IANA Considerations
11.1. (D)TLS Profile YANG Modules . . . . . . . . . . . . . . 29 11.1. (D)TLS Profile YANG Modules
11.2. Considerations for the iana-tls-profile Module . . . . . 30 11.2. Considerations for the iana-tls-profile Module
11.3. ACL TLS Version registry . . . . . . . . . . . . . . . . 31 11.3. ACL TLS Version Registry
11.4. ACL DTLS version registry . . . . . . . . . . . . . . . 31 11.4. ACL DTLS Version Registry
11.5. ACL (D)TLS Parameters registry . . . . . . . . . . . . . 32 11.5. ACL (D)TLS Parameters Registry
11.6. MUD Extensions registry . . . . . . . . . . . . . . . . 33 11.6. MUD Extensions Registry
12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 33 12. References
13. References . . . . . . . . . . . . . . . . . . . . . . . . . 33 12.1. Normative References
13.1. Normative References . . . . . . . . . . . . . . . . . . 34 12.2. Informative References
13.2. Informative References . . . . . . . . . . . . . . . . . 35 Acknowledgments
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 39 Authors' Addresses
1. Introduction 1. Introduction
Encryption is necessary to enhance the privacy of end users using IoT Encryption is necessary to enhance the privacy of end users using
devices. TLS [RFC8446] and DTLS [RFC9147] are the dominant protocols Internet of Things (IoT) devices. TLS [RFC8446] and DTLS [RFC9147]
(counting all (D)TLS versions) providing encryption for IoT device are the dominant protocols (counting all (D)TLS versions) that
traffic. Unfortunately, in conjunction with IoT applications' rise provide encryption for IoT device traffic. Unfortunately, in
of encryption, malware authors are also using encryption which conjunction with IoT applications' rise of encryption, malware
thwarts network-based analysis such as deep packet inspection (DPI). authors are also using encryption that thwarts network-based
Other mechanisms are thus needed to help detect malware running on an analysis, such as deep packet inspection (DPI). Thus, other
IoT device. mechanisms are needed to help detect malware running on an IoT
device.
Malware often reuses certain libraries, and there are notable Malware often reuses certain libraries, and there are notable
differences in how malware uses encryption compared to non-malware. differences in how malware uses encryption compared to software that
Several common patterns in the use of (D)TLS by malware include: is not malware. Several common patterns in the use of (D)TLS by
malware include:
* Use of older and weaker cryptographic parameters. * Use of older and weaker cryptographic parameters.
* TLS server name indication (SNI) extension [RFC6066] and server * TLS server name indication (SNI) extension [RFC6066] and server
certificates are composed of subjects with characteristics of a certificates are composed of subjects with characteristics of a
domain generation algorithm (DGA) (e.g., 'www.33mhwt2j.net'). domain generation algorithm (DGA) (e.g., "www.33mhwt2j.net").
* Higher use of self-signed certificates compared with typical * Higher use of self-signed certificates compared with typical
legitimate software using certificates from a CA trusted by the legitimate software using certificates from a certificate
device. authority (CA) trusted by the device.
* Discrepancies in the SNI TLS extension and the DNS names in the * Discrepancies in the SNI TLS extension and the DNS names in the
SubjectAltName (SAN) X.509 extension in the server certificate SubjectAltName (SAN) X.509 extension in the server Certificate
message. message.
* Discrepancies in the key exchange algorithm and the client public * Discrepancies in the key exchange algorithm and the client public
key length in comparison with legitimate flows. As a reminder, key length in comparison with legitimate flows. As a reminder,
the Client Key Exchange message has been removed from TLS 1.3. the Client Key Exchange message has been removed from TLS 1.3.
* Lower diversity in TLS client advertised extensions compared to * Lower diversity in extensions advertised by TLS clients compared
legitimate clients. to legitimate clients.
* Using privacy enhancing technologies like Tor, Psiphon, Ultrasurf * Using privacy enhancing technologies like Tor, Psiphon, Ultrasurf
(see [malware-tls]), and evasion techniques such as ClientHello (see [MALWARE-TLS]), and evasion techniques such as ClientHello
randomization. randomization.
* Using an alternative DNS server (via encrypted transport) to avoid * Using an alternative DNS server (via encrypted transport) to avoid
detection by malware DNS filtering services [malware-doh]. detection by malware DNS filtering services [MALWARE-DOH].
Specifically, malware may not use the Do53 or encrypted DNS server Specifically, malware may not use the Do53 or encrypted DNS server
provided by the local network (DHCP, DNR [RFC9462] or DDR provided by the local network (DHCP, Discovery of Network-
[RFC9462]). designated Resolvers (DNR) [RFC9463], or Discovery of Designated
Resolvers (DDR) [RFC9462]).
If (D)TLS profile parameters are defined, the following functions are If (D)TLS profile parameters are defined, the following functions
possible which have a positive impact on the local network security: that have a positive impact on the local network security are
possible:
* Permit intended DTLS or TLS use and block malicious DTLS or TLS * Permit intended DTLS or TLS use, and block malicious DTLS or TLS
use. This is superior to the layers 3 and 4 Access Control Lists use. This is superior to the Access Control Lists (ACLs) of
(ACLs) of Manufacturer Usage Description Specification (MUD) Layers 3 and 4 in "Manufacturer Usage Description Specification"
[RFC8520] which are not suitable for broad communication patterns. [RFC8520], which are not suitable for broad communication
The goal of this document is to enhance and complement the patterns. The goal of this document is to enhance and complement
existing MUD specifications, rather than to undermine them. the existing MUD specifications rather than undermine them.
* Ensure TLS certificates are valid. Several TLS deployments have * Ensure TLS certificates are valid. Several TLS deployments have
been vulnerable to active Man-In-The-Middle (MITM) attacks because been vulnerable to active Man-In-The-Middle (MITM) attacks because
of the lack of certificate validation or vulnerability in the of the lack of certificate validation or vulnerability in the
certificate validation function (see [cryto-vulnerability]). By certificate validation function (see [CRYPTO-VULNERABILITY]). By
observing (D)TLS profile parameters, a network element can detect observing (D)TLS profile parameters, a network element can detect
when the TLS SNI mismatches the SubjectAltName and when the when the TLS SNI mismatches the SubjectAltName and when the
server's certificate is invalid. In (D)TLS 1.2 server's certificate is invalid. In (D)TLS 1.2 [RFC5246]
[RFC5246][RFC6347], the ClientHello, ServerHello and Certificate [RFC6347], the ClientHello, ServerHello, and Certificate messages
messages are all sent in clear-text. This check is not possible are all sent in cleartext. This check is not possible with (D)TLS
with (D)TLS 1.3, which encrypts the Certificate message thereby 1.3, which encrypts the Certificate message and therefore hides
hiding the server identity from any intermediary. In (D)TLS 1.3, the server identity from any intermediary. In (D)TLS 1.3, the
the server certificate validation functions should be executed server certificate validation functions should be executed within
within an on-path (D)TLS proxy, if such a proxy exists. an on-path (D)TLS proxy if such a proxy exists.
* Support new communication patterns. An IoT device can learn a new * Support new communication patterns. An IoT device can learn a new
capability, and the new capability can change the way the IoT capability, and the new capability can change the way the IoT
device communicates with other devices located in the local device communicates with other devices located in the local
network and Internet. There would be an inaccurate policy if an network and the Internet. There would be an inaccurate policy if
IoT device rapidly changes the IP addresses and domain names it an IoT device rapidly changes the IP addresses and domain names it
communicates with while the MUD ACLs were slower to update (see communicates with while the MUD ACLs were slower to update (see
[clear-as-mud]). In such a case, observable (D)TLS profile [CLEAR-AS-MUD]). In such a case, observable (D)TLS profile
parameters can be used to permit intended use and to block parameters can be used to permit intended use and block malicious
malicious behavior from the IoT device. behavior from the IoT device.
The YANG module specified in Section 5.2 of this document is an The YANG module specified in Section 5.2 of this document is an
extension of YANG Data Model for Network Access Control Lists (ACLs) extension of "YANG Data Model for Network Access Control Lists
[RFC8519] to enhance MUD [RFC8520] to model observable (D)TLS profile (ACLs)" [RFC8519] to enhance MUD [RFC8520] to model observable (D)TLS
parameters. Using these (D)TLS profile parameters, an active MUD- profile parameters. Using these (D)TLS profile parameters, an active
enforcing network security service (e.g., firewall) can identify MUD MUD-enforcing network security service (e.g., firewall) can identify
non-compliant (D)TLS behavior indicating outdated cryptography or MUD non-compliant (D)TLS behavior indicating outdated cryptography or
malware. This detection can prevent malware downloads, block access malware. This detection can prevent malware downloads, block access
to malicious domains, enforce use of strong ciphers, stop data to malicious domains, enforce use of strong ciphers, stop data
exfiltration, etc. In addition, organizations may have policies exfiltration, etc. In addition, organizations may have policies
around acceptable ciphers and certificates for the websites the IoT around acceptable ciphers and certificates for the websites the IoT
devices connect to. Examples include no use of old and less secure devices connect to. Examples include no use of old and less secure
versions of TLS, no use of self-signed certificates, deny-list or versions of TLS, no use of self-signed certificates, deny-list or
accept-list of Certificate Authorities, valid certificate expiration accept-list of Certificate Authorities, valid certificate expiration
time, etc. These policies can be enforced by observing the (D)TLS time, etc. These policies can be enforced by observing the (D)TLS
profile parameters. Network security services can use the IoT profile parameters. Network security services can use the IoT
device's (D)TLS profile parameters to identify legitimate flows by device's (D)TLS profile parameters to identify legitimate flows by
observing (D)TLS sessions, and can make inferences to permit observing (D)TLS sessions, and can make inferences to permit
legitimate flows and to block malicious or insecure flows. legitimate flows and block malicious or insecure flows.
Additionally, it supports network communications adherence to Additionally, it supports network communications adherence to
security policies by ensuring that TLS certificates are valid and security policies by ensuring that TLS certificates are valid and
deprecated cipher suites are avoided. The proposed technique is also deprecated cipher suites are avoided. The proposed technique is also
suitable in deployments where decryption techniques are not ideal due suitable in deployments where decryption techniques are not ideal due
to privacy concerns, non-cooperating end-points, and expense. to privacy concerns, non-cooperating endpoints, and expense.
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in
14 [RFC2119][RFC8174] when, and only when, they appear in all BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
"(D)TLS" is used for statements that apply to both Transport Layer (D)TLS: Used for statements that apply to both Transport Layer
Security [RFC8446] and Datagram Transport Layer Security [RFC6347]. Security [RFC8446] and Datagram Transport Layer Security
Specific terms "TLS" and "DTLS" are used for any statement that [RFC6347]. Specific terms "TLS" and "DTLS" are used for any
applies to either protocol alone. statement that applies to either protocol alone.
'DoH/DoT' refers to DNS-over-HTTPS and/or DNS-over-TLS [RFC7858]. DoH/DoT: Refers to DNS-over-HTTPS [RFC8484] and/or DNS-over-TLS
[RFC7858].
Middlebox: A middlebox that interacts with TLS traffic can either act Middlebox: A middlebox that interacts with TLS traffic can either
as a TLS proxy, intercepting and decrypting the traffic for act as a TLS proxy, intercepting and decrypting the traffic for
inspection, or inspect the traffic between TLS peers without inspection, or inspect the traffic between TLS peers without
terminating the TLS session. terminating the TLS session.
Endpoint Security Agent: An Endpoint Security Agent is a software Endpoint Security Agent: An Endpoint Security Agent is a software
installed on endpoint devices that protects them from security installed on endpoint devices that protects them from security
threats. It provides features such as malware protection, firewall, threats. It provides features such as malware protection,
and intrusion prevention to ensure the device's security and firewall, and intrusion prevention to ensure the device's security
integrity. and integrity.
Network Security Service: A Network Security Service refers to a set Network Security Service: A Network Security Service refers to a set
of mechanisms designed to protect network communications and of mechanisms designed to protect network communications and
resources from attacks. resources from attacks.
3. Overview of MUD (D)TLS profiles for IoT devices 3. Overview of MUD (D)TLS Profiles for IoT devices
In Enterprise networks, protection and detection are typically done In Enterprise networks, protection and detection are typically done
both on end hosts and in the network. Endpoint security agents have both on end hosts and in the network. Endpoint security agents have
deep visibility on the devices where they are installed, whereas the deep visibility on the devices where they are installed, whereas the
network has broader visibility. Installing endpoint security agents network has broader visibility. Installing endpoint security agents
may not be a viable option on IoT devices, and network security may not be a viable option on IoT devices, and network security
service is an efficient means to protect such IoT devices. If the service is an efficient means to protect such IoT devices. If the
IoT device supports a MUD (D)TLS profile, the (D)TLS profile IoT device supports a MUD (D)TLS profile, the (D)TLS profile
parameters of the IoT device can be used by a middlebox to detect and parameters of the IoT device can be used by a middlebox to detect and
block malware communication, while at the same time preserving the block malware communication, while at the same time preserving the
privacy of legitimate uses of encryption. In addition, it enforces privacy of legitimate uses of encryption. In addition, it enforces
organizational security policies, ensuring that devices comply. By organizational security policies, ensuring that devices comply. By
monitoring (D)TLS parameters, network administrators can identify and monitoring (D)TLS parameters, network administrators can identify and
mitigate the use of outdated TLS versions, cryptographic algorithms mitigate the use of outdated TLS versions, cryptographic algorithms,
and non-compliant certificates. The middlebox need not proxy (D)TLS and non-compliant certificates. The middlebox need not proxy (D)TLS,
but can passively observe the parameters of (D)TLS handshakes from but can passively observe the parameters of (D)TLS handshakes from
IoT devices and gain visibility into TLS 1.2 parameters and partial IoT devices and gain visibility into TLS 1.2 parameters and partial
visibility into TLS 1.3 parameters. visibility into TLS 1.3 parameters.
Malicious agents can try to use the (D)TLS profile parameters of Malicious agents can try to use the (D)TLS profile parameters of
legitimate agents to evade detection, but it becomes a challenge to legitimate agents to evade detection, but it becomes a challenge to
mimic the behavior of various IoT device types and IoT device models mimic the behavior of various IoT device types and IoT device models
from several manufacturers. In other words, malware developers will from several manufacturers. In other words, malware developers will
have to develop malicious agents per IoT device type, manufacturer have to develop malicious agents per IoT device type, manufacturer
and model, infect the device with the tailored malware agent and will and model, infect the device with the tailored malware agent, and
have keep up with updates to the device's (D)TLS profile parameters will have keep up with updates to the device's (D)TLS profile
over time. Furthermore, the malware's command and control server parameters over time. Furthermore, the malware's command and control
certificates need to be signed by the same certifying authorities server certificates need to be signed by the same certifying
trusted by the IoT devices. Typically, IoT devices have an authorities trusted by the IoT devices. Typically, IoT devices have
infrastructure that supports a rapid deployment of updates, and an infrastructure that supports a rapid deployment of updates, and
malware agents will have a near-impossible task of similarly malware agents will have a near-impossible task of similarly
deploying updates and continuing to mimic the TLS behavior of the IoT deploying updates and continuing to mimic the TLS behavior of the IoT
device it has infected. device it has infected.
However, if the IoT device has reached end-of-life and the IoT However, if the IoT device has reached end-of-life (EOL) and the IoT
manufacturer will not issue a firmware or software update to the IoT manufacturer will not issue a firmware or software update to the IoT
device or will not update the MUD file, the "is-supported" attribute device or will not update the MUD file, the "is-supported" attribute
defined in Section 3.6 of [RFC8520] can be used by the MUD manager to defined in Section 3.6 of [RFC8520] can be used by the MUD manager to
identify the IoT manufacturer no longer supports the device. The indicate that the IoT manufacturer no longer supports the device.
end-of-life (EOL) of a device, where the IoT manufacturer no longer The EOL of a device, where the IoT manufacturer no longer supports
supports it, does not necessarily mean the device is defective. it, does not necessarily mean the device is defective. Instead, it
Instead, it signifies that the device is no longer receiving updates, signifies that the device is no longer receiving updates, support, or
support, or security patches, which necessitates replacement and security patches, which necessitates replacement and upgrading to
upgrading to next-generation devices to ensure continued next-generation devices to ensure continued functionality, security,
functionality, security, and compatibility with modern networks. The and compatibility with modern networks. The network security service
network security service will have to rely on other techniques will have to rely on other techniques discussed in Section 9 to
discussed in Section 9 to identify malicious connections until the identify malicious connections until the device is replaced.
device is replaced.
Compromised IoT devices are typically used for launching DDoS attacks Compromised IoT devices are typically used for launching DDoS attacks
(Section 3 of [RFC8576]). For example, DDoS attacks like Slowloris (Section 3 of [RFC8576]). For example, DDoS attacks like Slowloris
[slowloris] and Transport Layer Security (TLS) re-negotiation can be [SLOWLORIS] and Transport Layer Security (TLS) re-negotiation can be
blocked if the victim's server certificate is not be signed by the blocked if the victim's server certificate is not be signed by the
same certifying authorities trusted by the IoT device. same certifying authorities trusted by the IoT device.
4. (D)TLS 1.3 Handshake 4. (D)TLS 1.3 Handshake
In (D)TLS 1.3, full (D)TLS handshake inspection is not possible since In (D)TLS 1.3, full (D)TLS handshake inspection is not possible since
all (D)TLS handshake messages excluding the ClientHello message are all (D)TLS handshake messages excluding the ClientHello message are
encrypted. (D)TLS 1.3 has introduced new extensions in the handshake encrypted. (D)TLS 1.3 has introduced new extensions in the handshake
record layers called Encrypted Extensions. Using these extensions record layers called Encrypted Extensions. When using these
handshake messages will be encrypted and network security services extensions, handshake messages will be encrypted and network security
(such as a firewall) are incapable of deciphering the handshake, and services (such as a firewall) are incapable of deciphering the
thus cannot view the server certificate. However, the ClientHello handshake, and thus cannot view the server certificate. However, the
and ServerHello still have some fields visible, such as the list of ClientHello and ServerHello still have some fields visible, such as
supported versions, named groups, cipher suites, signature algorithms the list of supported versions, named groups, cipher suites,
and extensions in ClientHello, and chosen cipher in the ServerHello. signature algorithms, extensions in ClientHello, and the chosen
For instance, if the malware uses evasion techniques like ClientHello cipher in the ServerHello. For instance, if the malware uses evasion
randomization, the observable list of cipher suites and extensions techniques like ClientHello randomization, the observable list of
offered by the malware agent in the ClientHello message will not cipher suites and extensions offered by the malware agent in the
match the list of cipher suites and extensions offered by the ClientHello message will not match the list of cipher suites and
legitimate client in the ClientHello message, and the middlebox can extensions offered by the legitimate client in the ClientHello
block malicious flows without acting as a (D)TLS 1.3 proxy. message, and the middlebox can block malicious flows without acting
as a (D)TLS 1.3 proxy.
4.1. Full (D)TLS 1.3 Handshake Inspection 4.1. Full (D)TLS 1.3 Handshake Inspection
To obtain more visibility into negotiated TLS 1.3 parameters, a To obtain more visibility into negotiated TLS 1.3 parameters, a
middlebox can act as a (D)TLS 1.3 proxy. A middlebox can act as a middlebox can act as a (D)TLS 1.3 proxy. A middlebox can act as a
(D)TLS proxy for the IoT devices owned and managed by the IT team in (D)TLS proxy for the IoT devices owned and managed by the IT team in
the Enterprise network and the (D)TLS proxy must meet the security the Enterprise network and the (D)TLS proxy must meet the security
and privacy requirements of the organization. In other words, the and privacy requirements of the organization. In other words, the
scope of middlebox acting as a (D)TLS proxy is restricted to scope of a middlebox acting as a (D)TLS proxy is restricted to the
Enterprise network owning and managing the IoT devices. The Enterprise network owning and managing the IoT devices. The
middlebox would have to follow the behaviour detailed in Section 9.3 middlebox would have to follow the behavior detailed in Section 9.3
of [RFC8446] to act as a compliant (D)TLS 1.3 proxy. of [RFC8446] to act as a compliant (D)TLS 1.3 proxy.
To further increase privacy, Encrypted Client Hello (ECH) extension To further increase privacy, the Encrypted Client Hello (ECH)
[I-D.ietf-tls-esni] prevents passive observation of the TLS Server extension [TLS-ESNI] prevents passive observation of the TLS Server
Name Indication extension and other potentially sensitive fields, Name Indication extension and other potentially sensitive fields,
such as the ALPN [RFC7301]. To effectively provide that privacy such as the Application-Layer Protocol Negotiation (ALPN) [RFC7301].
protection, ECH extension needs to be used in conjunction with DNS To effectively provide that privacy protection, the ECH extension
encryption (e.g., DoH). A middlebox (e.g., firewall) passively needs to be used in conjunction with DNS encryption (e.g., DoH). A
inspecting ECH extension cannot observe the encrypted SNI nor observe middlebox (e.g., firewall) passively inspecting the ECH extension
the encrypted DNS traffic. The middlebox acting as a (D)TLS 1.3 cannot observe the encrypted SNI nor observe the encrypted DNS
proxy that does not support ECH extension will act as if connecting traffic. The middlebox acting as a (D)TLS 1.3 proxy that does not
to the public name and it follows the behaviour discussed in support the ECH extension will act as if it is connecting to the
Section 6.1.6 of [I-D.ietf-tls-esni] to securely signal the client to public name and follows the behavior discussed in Section 6.1.6 of
disable ECH. [TLS-ESNI] to securely signal the client to disable ECH.
4.2. Encrypted DNS 4.2. Encrypted DNS
A common usage pattern for certain type of IoT devices (e.g., light A common usage pattern for certain types of IoT devices (e.g., light
bulb) is for it to "call home" to a service that resides on the bulb) is for it to "call home" to a service that resides on the
public Internet, where that service is referenced through a domain public Internet, where that service is referenced through a domain
name (A or AAAA record). As discussed in Manufacturer Usage name (A or AAAA record). As discussed in "Manufacturer Usage
Description Specification [RFC8520], because these devices tend to Description Specification" [RFC8520], these devices tend to require
require access to very few sites, all other access should be access to very few sites. Thus, all other access should be
considered suspect. This technique complements MUD policy considered suspect. This technique complements MUD policy
enforcement at the TLS level by ensuring that DNS queries are enforcement at the TLS level by ensuring that DNS queries are
monitored and filtered, thereby enhancing overall security. If an monitored and filtered, thereby enhancing overall security. If an
IoT device is pre-configured to use a DNS resolver not signaled by IoT device is pre-configured to use a DNS resolver not signaled by
the network, the MUD policy enforcement point is moved to that the network, the MUD policy enforcement point is moved to that
resolver, which cannot enforce the MUD policy based on domain names resolver, which cannot enforce the MUD policy based on domain names
(Section 8 of [RFC8520]). If the DNS query is not accessible for (Section 8 of [RFC8520]). If the DNS query is not accessible for
inspection, it becomes quite difficult for the infrastructure to inspection, it becomes quite difficult for the infrastructure to
detect any issues. Therefore, the use of a DNS resolver that is not detect any issues. Therefore, the use of a DNS resolver that is not
signaled by the network is generally incompatible with MUD. A signaled by the network is generally incompatible with MUD. A
network-designated DoH/DoT server is necessary to allow MUD policy network-designated DoH/DoT server is necessary to allow MUD policy
enforcement on the local network, for example, using the techniques enforcement on the local network, for example, using the techniques
specified in DNR[RFC9463] and DDR [RFC9462]. specified in DNR [RFC9463] and DDR [RFC9462].
5. (D)TLS Profile of a IoT device 5. (D)TLS Profile of an IoT device
This document specifies a YANG module for representing (D)TLS This document specifies a YANG module that represents the (D)TLS
profile. This YANG module provides a means to characterize the profile. This YANG module provides a means to characterize the
(D)TLS traffic profile of a device. Network security services can (D)TLS traffic profile of a device. Network security services can
use these profiles to permit conformant traffic or to deny traffic use these profiles to permit conformant traffic or to deny traffic
from devices that deviates from it. This module uses the from devices that deviates from it. This module uses the
cryptographic types defined in [I-D.ietf-netconf-crypto-types]. See cryptographic types defined in [RFC9640]. See [RFC7925] for (D)TLS
[RFC7925] for (D)TLS 1.2 and [I-D.ietf-uta-tls13-iot-profile] for 1.2 and [IoT-PROFILE] for DTLS 1.3 recommendations related to IoT
DTLS 1.3 recommendations related to IoT devices, and [RFC9325] for devices, and [RFC9325] for additional (D)TLS 1.2 recommendations.
additional (D)TLS 1.2 recommendations.
A companion YANG module is defined to include a collection of (D)TLS A companion YANG module is defined to include a collection of (D)TLS
parameters and (D)TLS versions maintained by IANA: "iana-tls-profile" parameters and (D)TLS versions maintained by IANA: "iana-tls-profile"
(Section 5.3). (Section 5.3).
The (D)TLS parameters in each (D)TLS profile include the following: The (D)TLS parameters in each (D)TLS profile include the following:
* Profile name * Profile name
* (D)TLS versions supported by the IoT device. * (D)TLS versions supported by the IoT device.
* List of supported cipher suites (Section 11 of [RFC8446]). For * List of supported cipher suites (Section 11 of [RFC8446]). For
(D)TLS1.2, [RFC7925] recommends AEAD ciphers for IoT devices. (D)TLS 1.2, [RFC7925] recommends Authenticated Encryption with
Associated Data (AEAD) ciphers for IoT devices.
* List of supported extension types.
* List of supported extension types
* List of trust anchor certificates used by the IoT device. If the * List of trust anchor certificates used by the IoT device. If the
server certificate is signed by one of the trust anchors, the server certificate is signed by one of the trust anchors, the
middlebox continues with the connection as normal. Otherwise, the middlebox continues with the connection as normal. Otherwise, the
middlebox will react as if the server certificate validation has middlebox will react as if the server certificate validation has
failed and takes appropriate action (e.g, block the (D)TLS failed and takes appropriate action (e.g, blocks the (D)TLS
session). An IoT device can use a private trust anchor to session). An IoT device can use a private trust anchor to
validate a server's certificate (e.g., the private trust anchor validate a server's certificate (e.g., the private trust anchor
can be preloaded at manufacturing time on the IoT device and the can be preloaded at manufacturing time on the IoT device and the
IoT device fetches the firmware image from the Firmware server IoT device fetches the firmware image from the firmware server
whose certificate is signed by the private CA). This empowers the whose certificate is signed by the private CA). This empowers the
middlebox to reject TLS sessions to servers that the IoT device middlebox to reject TLS sessions to servers that the IoT device
does not trust. does not trust.
* List of pre-shared key exchange modes * List of pre-shared key exchange modes.
* List of named groups (DHE or ECDHE) supported by the client * List of named groups (DHE or ECDHE) supported by the client.
* List of signature algorithms the client can validate in X.509 * List of signature algorithms the client can validate in X.509
server certificates server certificates.
* List of signature algorithms the client is willing to accept for * List of signature algorithms the client is willing to accept for
CertificateVerify message (Section 4.2.3 of [RFC8446]). For the CertificateVerify message (Section 4.2.3 of [RFC8446]). For
example, a TLS client implementation can support different sets of example, a TLS client implementation can support different sets of
algorithms for certificates and in TLS to signal the capabilities algorithms for certificates, and it can signal the capabilities in
in "signature_algorithms_cert" and "signature_algorithms" the "signature_algorithms_cert" and "signature_algorithms"
extensions. extensions.
* List of supported application protocols (e.g., h3, h2, http/1.1 * List of supported application protocols (e.g., h3, h2, http/1.1
etc.) etc.).
* List of certificate compression algorithms (defined in [RFC8879]) * List of certificate compression algorithms (defined in [RFC8879]).
* List of the distinguished names [X501] of acceptable certificate * List of the distinguished names [X501] of acceptable certificate
authorities, represented in DER-encoded format [X690] (defined in authorities, represented in DER-encoded format [X690] (defined in
Section 4.2.4 of [RFC8446]) Section 4.2.4 of [RFC8446]).
GREASE [RFC8701] defines a mechanism for TLS peers to send random GREASE [RFC8701] defines a mechanism for TLS peers to send random
values on TLS parameters to ensure future extensibility of TLS values on TLS parameters to ensure future extensibility of TLS
extensions. Similar random values might be extended to other TLS extensions. Similar random values might be extended to other TLS
parameters. Thus, the (D)TLS profile parameters defined in the YANG parameters. Thus, the (D)TLS profile parameters defined in the YANG
module by this document MUST NOT include the GREASE values for module by this document MUST NOT include the GREASE values for
extension types, named groups, signature algorithms, (D)TLS versions, extension types, named groups, signature algorithms, (D)TLS versions,
pre-shared key exchange modes, cipher suites and for any other TLS pre-shared key exchange modes, cipher suites, and any other TLS
parameters defined in future RFCs. parameters defined in future RFCs.
The (D)TLS profile does not include parameters like compression The (D)TLS profile does not include parameters like compression
methods for data compression, [RFC9325] recommends disabling TLS- methods for data compression. [RFC9325] recommends disabling TLS-
level compression to prevent compression-related attacks. In TLS level compression to prevent compression-related attacks. In TLS
1.3, only the "null" compression method is allowed (Section 4.1.2 of 1.3, only the "null" compression method is allowed (Section 4.1.2 of
[RFC8446]). [RFC8446]).
5.1. Tree Structure of the (D)TLS profile Extension to the ACL YANG 5.1. Tree Structure of the (D)TLS Profile Extension to the ACL YANG
Model Module
This document augments the "ietf-acl" ACL YANG module defined in This document augments the "ietf-acl" ACL YANG module defined in
[RFC8519] for signaling the IoT device (D)TLS profile. This document [RFC8519] for signaling the IoT device (D)TLS profile. This document
defines the YANG module "ietf-acl-tls". The meaning of the symbols defines the YANG module "ietf-acl-tls". The meaning of the symbols
in the YANG tree diagram are defined in [RFC8340] and it has the in the YANG tree diagram are defined in [RFC8340] and it has the
following tree structure: following tree structure:
module: ietf-acl-tls module: ietf-acl-tls
augment /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches: augment /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches:
+--rw client-profiles {match-on-tls-dtls}? +--rw client-profiles {match-on-tls-dtls}?
skipping to change at page 10, line 51 skipping to change at line 467
| ianatp:signature-algorithm | ianatp:signature-algorithm
+--rw application-protocol* +--rw application-protocol*
| ianatp:application-protocol | ianatp:application-protocol
+--rw cert-compression-algorithm* +--rw cert-compression-algorithm*
| ianatp:cert-compression-algorithm | ianatp:cert-compression-algorithm
| {tls13 or dtls13}? | {tls13 or dtls13}?
+--rw certificate-authorities* +--rw certificate-authorities*
certificate-authority certificate-authority
{tls13 or dtls13}? {tls13 or dtls13}?
5.2. The (D)TLS profile Extension to the ACL YANG Model 5.2. The (D)TLS Profile Extension to the ACL YANG Module
<CODE BEGINS> file "ietf-acl-tls@2024-01-23.yang"
<CODE BEGINS> file "ietf-acl-tls@2025-03-10.yang"
module ietf-acl-tls { module ietf-acl-tls {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-acl-tls"; namespace "urn:ietf:params:xml:ns:yang:ietf-acl-tls";
prefix acl-tls; prefix acl-tls;
import iana-tls-profile { import iana-tls-profile {
prefix ianatp; prefix ianatp;
reference reference
"RFC XXXX: Manufacturer Usage Description (MUD) (D)TLS "RFC 9761: Manufacturer Usage Description (MUD) for TLS and
Profiles for IoT Devices"; DTLS Profiles for Internet of Things (IoT) Devices";
} }
import ietf-crypto-types { import ietf-crypto-types {
prefix ct; prefix ct;
reference reference
"draft-ietf-netconf-crypto-types: YANG Data Types and Groupings "RFC 9640: YANG Data Types and Groupings for Cryptography";
for Cryptography";
} }
import ietf-access-control-list { import ietf-access-control-list {
prefix acl; prefix acl;
reference reference
"RFC 8519: YANG Data Model for Network Access "RFC 8519: YANG Data Model for Network Access
Control Lists (ACLs)"; Control Lists (ACLs)";
} }
organization organization
"IETF OPSAWG (Operations and Management Area Working Group)"; "IETF OPSAWG (Operations and Management Area Working Group)";
contact contact
"WG Web: <https://datatracker.ietf.org/wg/opsawg/> "WG Web: <https://datatracker.ietf.org/wg/opsawg/>
WG List: opsawg@ietf.org WG List: opsawg@ietf.org
Author: Konda, Tirumaleswar Reddy Author: Tirumaleswar Reddy.K
kondtir@gmail.com kondtir@gmail.com
Author: Dan Wing
danwing@gmail.com
Author: Blake Anderson
blake.anderson@cisco.com
"; ";
description description
"This YANG module defines a component that augments the "This YANG module defines a component that augments the
IETF description of an access list to allow (D)TLS profile IETF description of an access list to allow (D)TLS profiles
as matching criteria. as matching criteria.
Copyright (c) 2024 IETF Trust and the persons identified as Copyright (c) 2025 IETF Trust and the persons identified as
authors of the code. All rights reserved. authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject without modification, is permitted pursuant to, and subject
to the license terms contained in, the Revised BSD License to the license terms contained in, the Revised BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see
This version of this YANG module is part of RFC 9761; see
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
revision 2022-10-10 { revision 2025-03-10 {
description description
"Initial revision"; "Initial revision.";
reference reference
"RFC XXXX: Manufacturer Usage Description (MUD) (D)TLS "RFC 9761: Manufacturer Usage Description (MUD) for TLS and
Profiles for IoT Devices"; DTLS Profiles for Internet of Things (IoT) Devices";
} }
feature tls12 { feature tls12 {
description description
"TLS Protocol Version 1.2 is supported."; "TLS Protocol Version 1.2 is supported.";
reference reference
"RFC 5246: The Transport Layer Security (TLS) Protocol "RFC 5246: The Transport Layer Security (TLS) Protocol
Version 1.2"; Version 1.2";
} }
skipping to change at page 12, line 43 skipping to change at line 563
"DTLS Protocol Version 1.2 is supported."; "DTLS Protocol Version 1.2 is supported.";
reference reference
"RFC 6347: Datagram Transport Layer Security "RFC 6347: Datagram Transport Layer Security
Version 1.2"; Version 1.2";
} }
feature dtls13 { feature dtls13 {
description description
"DTLS Protocol Version 1.3 is supported."; "DTLS Protocol Version 1.3 is supported.";
reference reference
"RFC 9147: Datagram Transport Layer "RFC 9147: Datagram Transport Layer Security 1.3";
Security 1.3";
} }
feature match-on-tls-dtls { feature match-on-tls-dtls {
description description
"The networking device can support matching on "The networking device can support matching on
(D)TLS parameters."; (D)TLS parameters.";
} }
typedef spki-pin-set { typedef spki-pin-set {
type binary; type binary;
description description
"Subject Public Key Info pin set as discussed in "Subject Public Key Info pin set as discussed in
Section 2.4 of RFC7469."; Section 2.4 of RFC 7469.";
} }
typedef certificate-authority { typedef certificate-authority {
type string; type string;
description description
"Distinguished Name of Certificate authority as discussed "Distinguished Name of Certificate authority as discussed
in Section 4.2.4 of RFC8446."; in Section 4.2.4 of RFC 8446.";
} }
augment "/acl:acls/acl:acl/acl:aces/acl:ace/acl:matches" { augment "/acl:acls/acl:acl/acl:aces/acl:ace/acl:matches" {
if-feature "match-on-tls-dtls"; if-feature "match-on-tls-dtls";
description description
"(D)TLS specific matches."; "(D)TLS specific matches.";
container client-profiles { container client-profiles {
description description
"A grouping for (D)TLS profiles."; "A grouping for (D)TLS profiles.";
list tls-dtls-profile { list tls-dtls-profile {
key "name"; key "name";
description description
"A list of (D)TLS version profiles supported by "A list of (D)TLS version profiles supported by
the client."; the client.";
leaf name { leaf name {
type string { type string {
length "1..64"; length "1..64";
}
description
"The name of (D)TLS profile; space and special
characters are not allowed.";
} }
description leaf-list supported-tls-version {
"The name of (D)TLS profile; space and special type ianatp:tls-version;
characters are not allowed."; description
"TLS versions supported by the client.";
} }
leaf-list supported-tls-version { leaf-list supported-dtls-version {
type ianatp:tls-version;
description
"TLS versions supported by the client.";
}
leaf-list supported-dtls-version {
type ianatp:dtls-version; type ianatp:dtls-version;
description description
"DTLS versions supported by the client."; "DTLS versions supported by the client.";
} }
leaf-list cipher-suite { leaf-list cipher-suite {
type ianatp:cipher-algorithm; type ianatp:cipher-algorithm;
description description
"A list of Cipher Suites supported by the client."; "A list of cipher suites supported by the client.";
}
} leaf-list extension-type {
leaf-list extension-type {
type ianatp:extension-type; type ianatp:extension-type;
description description
"A list of Extension Types supported by the client."; "A list of Extension Types supported by the client.";
} }
leaf-list accept-list-ta-cert { leaf-list accept-list-ta-cert {
type ct:trust-anchor-cert-cms; type ct:trust-anchor-cert-cms;
description description
"A list of trust anchor certificates used by the client."; "A list of trust anchor certificates used by the
} client.";
leaf-list psk-key-exchange-mode { }
if-feature "tls13 or dtls13"; leaf-list psk-key-exchange-mode {
type ianatp:psk-key-exchange-mode; if-feature "tls13 or dtls13";
description type ianatp:psk-key-exchange-mode;
description
"pre-shared key exchange modes."; "pre-shared key exchange modes.";
} }
leaf-list supported-group { leaf-list supported-group {
type ianatp:supported-group; type ianatp:supported-group;
description description
"A list of named groups supported by the client."; "A list of named groups supported by the client.";
} }
leaf-list signature-algorithm-cert { leaf-list signature-algorithm-cert {
if-feature "tls13 or dtls13"; if-feature "tls13 or dtls13";
type ianatp:signature-algorithm; type ianatp:signature-algorithm;
description description
"A list signature algorithms the client can validate "A list signature algorithms the client can validate
in X.509 certificates."; in X.509 certificates.";
} }
leaf-list signature-algorithm { leaf-list signature-algorithm {
type ianatp:signature-algorithm; type ianatp:signature-algorithm;
description description
"A list signature algorithms the client can validate "A list signature algorithms the client can validate
in the CertificateVerify message."; in the CertificateVerify message.";
} }
leaf-list application-protocol { leaf-list application-protocol {
type ianatp:application-protocol; type ianatp:application-protocol;
description description
"A list application protocols supported by the client."; "A list application protocols supported by the client.";
} }
leaf-list cert-compression-algorithm { leaf-list cert-compression-algorithm {
if-feature "tls13 or dtls13"; if-feature "tls13 or dtls13";
type ianatp:cert-compression-algorithm; type ianatp:cert-compression-algorithm;
description description
"A list certificate compression algorithms "A list certificate compression algorithms
supported by the client."; supported by the client.";
} }
leaf-list certificate-authorities { leaf-list certificate-authorities {
if-feature "tls13 or dtls13"; if-feature "tls13 or dtls13";
type certificate-authority; type certificate-authority;
description description
"A list of the distinguished names of certificate authorities "A list of the distinguished names of certificate
acceptable to the client."; authorities acceptable to the client.";
} }
} }
} }
} }
} }
<CODE ENDS> <CODE ENDS>
5.3. IANA (D)TLS profile YANG Module 5.3. IANA (D)TLS Profile YANG Module
The TLS and DTLS IANA registries are available from The TLS and DTLS IANA registries are available from
https://www.iana.org/assignments/tls-parameters/tls-parameters.txt <https://www.iana.org/assignments/tls-parameters> and
and https://www.iana.org/assignments/tls-extensiontype-values/tls- <https://www.iana.org/assignments/tls-extensiontype-values>. Changes
extensiontype-values.txt. Changes to TLS and DTLS related IANA to TLS- and DTLS-related IANA registries are discussed in [RFC8447].
registries are discussed in [RFC8447].
The values for all the parameters in the "iana-tls-profile" YANG The values for all the parameters in the "iana-tls-profile" YANG
module are defined in the TLS and DTLS IANA registries excluding the module are defined in the TLS and DTLS IANA registries excluding the
tls-version, dtls-version, spki-pin-set, and certificate-authority tls-version, dtls-version, spki-pin-set, and certificate-authority
parameters. The values of spki-pin-set and certificate-authority parameters. The values of spki-pin-set and certificate-authority
parameters will be specific to the IoT device. parameters will be specific to the IoT device.
The TLS and DTLS IANA registries do not maintain (D)TLS version The TLS and DTLS IANA registries do not maintain (D)TLS version
numbers. In (D)TLS 1.2 and below, "legacy_version" field in the numbers. In (D)TLS 1.2 and below, the "legacy_version" field in the
ClientHello message is used for version negotiation. However, in ClientHello message is used for version negotiation. However, in
(D)TLS 1.3, the "supported_versions" extension is used by the client (D)TLS 1.3, the "supported_versions" extension is used by the client
to indicate which versions of (D)TLS it supports. TLS 1.3 to indicate which versions of (D)TLS it supports. TLS 1.3
ClientHello messages are identified as having a "legacy_version" of ClientHello messages are identified as having a "legacy_version" of
0x0303 and a "supported_versions" extension present with 0x0304 as 0x0303 and a "supported_versions" extension present with 0x0304 as
the highest version. DTLS 1.3 ClientHello messages are identified as the highest version. DTLS 1.3 ClientHello messages are identified as
having a "legacy_version" of 0xfefd and a "supported_versions" having a "legacy_version" of 0xfefd and a "supported_versions"
extension present with 0x0304 as the highest version. extension present with 0x0304 as the highest version.
In order to ease updating the "iana-tls-profile" YANG module with In order to ease updating the "iana-tls-profile" YANG module with
future (D)TLS versions, new (D)TLS version registries are defined in future (D)TLS versions, new (D)TLS version registries are defined in
Section 11.3 and Section 11.4. Whenever a new (D)TLS protocol Section 11.3 and Section 11.4. Whenever a new (D)TLS protocol
version is defined, the registry will be updated using expert review; version is defined, the registry will be updated using expert review;
the "iana-tls-profile" YANG module will be automatically updated by the "iana-tls-profile" YANG module will be automatically updated by
IANA. IANA.
Implementers or users of this specification must refer to the IANA- Implementers or users of this specification must refer to the IANA-
maintained "iana-tls-profile" YANG module available at XXXX [Note to maintained "iana-tls-profile" YANG module available at
RFC Editor to replace "XXXX" with the URL link of the IANA-maintained <https://www.iana.org/assignments/yang-parameters>.
"iana-tls-profile" YANG module].
The initial version of the "iana-tls-profile" YANG module is defined The initial version of the "iana-tls-profile" YANG module is defined
as follows: as follows:
<CODE BEGINS> file "iana-tls-profile@2024-01-23.yang" <CODE BEGINS> file "iana-tls-profile@2025-03-10.yang"
module iana-tls-profile { module iana-tls-profile {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:iana-tls-profile"; namespace "urn:ietf:params:xml:ns:yang:iana-tls-profile";
prefix ianatp; prefix ianatp;
organization organization
"IANA"; "IANA";
contact contact
" Internet Assigned Numbers Authority " Internet Assigned Numbers Authority
Postal: ICANN Postal: ICANN
12025 Waterfront Drive, Suite 300 12025 Waterfront Drive, Suite 300
Los Angeles, CA 90094-2536 Los Angeles, CA 90094-2536
United States United States
Tel: +1 310 301 5800 Tel: +1 310 301 5800
E-Mail: iana@iana.org>"; Email: iana@iana.org>";
description description
"This module contains YANG definition for the (D)TLS profile. "This module contains the YANG definition for the (D)TLS profile.
Copyright (c) 2024 IETF Trust and the persons identified as Copyright (c) 2025 IETF Trust and the persons identified as
authors of the code. All rights reserved. authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject without modification, is permitted pursuant to, and subject
to the license terms contained in, the Revised BSD License to the license terms contained in, the Revised BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
All revisions of IETF and IANA published modules can be found All revisions of IETF and IANA published modules can be found
at the YANG Parameters registry at the YANG Parameters registry
(https://www.iana.org/assignments/yang-parameters). (https://www.iana.org/assignments/yang-parameters).
The initial version of this YANG module is part of RFC XXXX; The initial version of this YANG module is part of RFC 9761;
see the RFC itself for full legal notices. see the RFC itself for full legal notices.
// RFC Ed.: replace the IANA_TLS-PROFILE_URL and remove this note
The latest version of this YANG module is available at The latest version of this YANG module is available at
<IANA_TLS-PROFILE_URL>."; https://www.iana.org/assignments/yang-parameters.";
revision 2024-01-23 { revision 2025-03-10 {
description description
"Initial revision"; "Initial revision.";
reference reference
"RFC XXXX: Manufacturer Usage Description (MUD) (D)TLS Profiles "RFC 9761: Manufacturer Usage Description (MUD) for TLS and
for IoT Devices"; DTLS Profiles for Internet of Things (IoT) Devices";
} }
typedef extension-type { typedef extension-type {
type uint16; type uint16;
description description
"Extension type in the TLS ExtensionType Values registry as "Extension type in the TLS ExtensionType Values registry as
defined in Section 7 of RFC8447."; defined in Section 7 of RFC 8447.";
} }
typedef supported-group { typedef supported-group {
type uint16; type uint16;
description description
"Supported Group in the TLS Supported Groups registry as "Supported Group in the TLS Supported Groups registry as
defined in Section 9 of RFC8447."; defined in Section 9 of RFC 8447.";
} }
typedef signature-algorithm { typedef signature-algorithm {
type uint16; type uint16;
description description
"Signature algorithm in the TLS SignatureScheme registry as "Signature algorithm in the TLS SignatureScheme registry as
defined in Section 11 of RFC8446."; defined in Section 11 of RFC 8446.";
} }
typedef psk-key-exchange-mode { typedef psk-key-exchange-mode {
type uint8; type uint8;
description description
"Pre-shared key exchange mode in the TLS PskKeyExchangeMode "Pre-shared key exchange mode in the TLS PskKeyExchangeMode
registry as defined in Section 11 of RFC8446."; registry as defined in Section 11 of RFC 8446.";
} }
typedef application-protocol { typedef application-protocol {
type string; type string;
description description
"Application-Layer Protocol Negotiation (ALPN) Protocol ID "Application-Layer Protocol Negotiation (ALPN) Protocol ID
registry as defined in Section 6 of RFC7301."; registry as defined in Section 6 of RFC 7301.";
} }
typedef cert-compression-algorithm { typedef cert-compression-algorithm {
type uint16; type uint16;
description description
"Certificate compression algorithm in TLS Certificate "Certificate compression algorithm in TLS Certificate
Compression Algorithm IDs registry as defined in Compression Algorithm IDs registry as defined in
Section 7.3 of RFC8879."; Section 7.3 of RFC 8879.";
} }
typedef cipher-algorithm { typedef cipher-algorithm {
type uint16; type uint16;
description description
"Cipher suite in TLS Cipher Suites registry "Cipher suite in TLS Cipher Suites registry
as discussed in Section 11 of RFC8446."; as discussed in Section 11 of RFC 8446.";
} }
typedef tls-version { typedef tls-version {
type enumeration { type enumeration {
enum tls12 { enum tls12 {
value 1; value 1;
description description
"TLS Protocol Version 1.2. "TLS Protocol Version 1.2.
TLS 1.2 ClientHello contains TLS 1.2 ClientHello contains
skipping to change at page 19, line 44 skipping to change at line 899
This document defines the YANG module "ietf-mud-tls", which has the This document defines the YANG module "ietf-mud-tls", which has the
following tree structure: following tree structure:
module: ietf-mud-tls module: ietf-mud-tls
augment /ietf-mud:mud: augment /ietf-mud:mud:
+--rw is-tls-dtls-profile-supported? boolean +--rw is-tls-dtls-profile-supported? boolean
The model is defined as follows: The model is defined as follows:
<CODE BEGINS> file "ietf-mud-tls@2020-10-20.yang" <CODE BEGINS> file "ietf-mud-tls@2025-03-10.yang"
module ietf-mud-tls { module ietf-mud-tls {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-mud-tls"; namespace "urn:ietf:params:xml:ns:yang:ietf-mud-tls";
prefix ietf-mud-tls; prefix ietf-mud-tls;
import ietf-mud { import ietf-mud {
prefix ietf-mud; prefix ietf-mud;
reference reference
"RFC 8520: Manufacturer Usage Description Specification"; "RFC 8520: Manufacturer Usage Description Specification";
} }
organization organization
"IETF OPSAWG (Operations and Management Area Working Group)"; "IETF OPSAWG (Operations and Management Area Working Group)";
contact contact
"WG Web: <https://datatracker.ietf.org/wg/opsawg/> "WG Web: <https://datatracker.ietf.org/wg/opsawg/>
WG List: opsawg@ietf.org WG List: opsawg@ietf.org
Author: Konda, Tirumaleswar Reddy Author: Tirumaleswar Reddy.K
kondtir@gmail.com kondtir@gmail.com
Author: Dan Wing
danwing@gmail.com
Author: Blake Anderson
blake.anderson@cisco.com
"; ";
description description
"Extension to a MUD module to indicate (D)TLS "Extension to a MUD module to indicate (D)TLS
profile support. profile support.
Copyright (c) 2024 IETF Trust and the persons identified as Copyright (c) 2025 IETF Trust and the persons identified as
authors of the code. All rights reserved. authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject without modification, is permitted pursuant to, and subject
to the license terms contained in, the Revised BSD License to the license terms contained in, the Revised BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC 9761; see
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
revision 2022-10-10 { revision 2025-03-10 {
description description
"Initial revision."; "Initial revision.";
reference reference
"RFC XXXX: Manufacturer Usage Description (MUD) (D)TLS "RFC 9761: Manufacturer Usage Description (MUD) for TLS and
Profiles for IoT Devices"; DTLS Profiles for Internet of Things (IoT)
} Devices";
}
augment "/ietf-mud:mud" { augment "/ietf-mud:mud" {
description description
"This adds an extension for a manufacturer "This adds an extension for a manufacturer
to indicate whether the (D)TLS profile is to indicate whether the (D)TLS profile is
supported by a device."; supported by a device.";
leaf is-tls-dtls-profile-supported { leaf is-tls-dtls-profile-supported {
type boolean; type boolean;
default false; default "false";
description description
"This value will equal 'true' if a device supports "This value will equal 'true' if a device supports
(D)TLS profile."; (D)TLS profile.";
} }
} }
} }
<CODE ENDS> <CODE ENDS>
6. Processing of the MUD (D)TLS Profile 6. Processing of the MUD (D)TLS Profile
The following text outlines the rules for a network security service The following text outlines the rules for a network security service
(e.g., firewall) to follow to process the MUD (D)TLS Profile so as to (e.g., firewall) to follow to process the MUD (D)TLS Profile so as to
avoid ossification: avoid ossification:
* If the (D)TLS parameter observed in a (D)TLS session is not * If the (D)TLS parameter observed in a (D)TLS session is not
specified in the MUD (D)TLS profile and the parameter is specified in the MUD (D)TLS profile and the parameter is
recognized by the firewall, it can identify unexpected (D)TLS recognized by the firewall, it can identify unexpected (D)TLS
usage, which can indicate the presence of unauthorized software or usage, which can indicate the presence of unauthorized software or
malware on an endpoint. The firewall can take several actions malware on an endpoint. The firewall can take several actions,
like block the (D)TLS session or raise an alert to quarantine and such as blocking the (D)TLS session or raising an alert to
remediate the compromised device. For example, if the cipher quarantine and remediate the compromised device. For example, if
suite TLS_RSA_WITH_AES_128_CBC_SHA in the ClientHello message is the cipher suite TLS_RSA_WITH_AES_128_CBC_SHA in the ClientHello
not specified in the MUD (D)TLS profile and the cipher suite is message is not specified in the MUD (D)TLS profile and the cipher
recognized by the firewall, it can identify unexpected TLS usage. suite is recognized by the firewall, it can identify unexpected
TLS usage.
* If the (D)TLS parameter observed in a (D)TLS session is not * If the (D)TLS parameter observed in a (D)TLS session is not
specified in the MUD (D)TLS profile and the (D)TLS parameter is specified in the MUD (D)TLS profile and the (D)TLS parameter is
not recognized by the firewall, it can ignore the unrecognized not recognized by the firewall, it can ignore the unrecognized
parameter and the correct behavior is not to block the (D)TLS parameter and the correct behavior is not to block the (D)TLS
session. The behaviour is functionally equivalent to the session. The behavior is functionally equivalent to the compliant
compliant TLS middlebox description in Section 9.3 of [RFC8446] to TLS middlebox description in Section 9.3 of [RFC8446] to ignore
ignore all unrecognized cipher suites, extensions, and other all unrecognized cipher suites, extensions, and other parameters.
parameters. For example, if the cipher suite For example, if the cipher suite TLS_CHACHA20_POLY1305_SHA256 in
TLS_CHACHA20_POLY1305_SHA256 in the ClientHello message is not the ClientHello message is not specified in the MUD (D)TLS profile
specified in the MUD (D)TLS profile and the cipher suite is not and the cipher suite is not recognized by the firewall, it can
recognized by the firewall, it can ignore the unrecognized cipher ignore the unrecognized cipher suite. This rule also ensures that
suite. This rule also ensures that the network security service the network security service will ignore the GREASE values
will ignore the GREASE values advertised by TLS peers and advertised by TLS peers and interoperate with the implementations
interoperate with the implementations advertising GREASE values. advertising GREASE values.
* Deployments update at different rates, so an updated MUD (D)TLS * Deployments update at different rates, so an updated MUD (D)TLS
profile may support newer parameters. If the firewall does not profile may support newer parameters. If the firewall does not
recognize the newer parameters, an alert should be triggered to recognize the newer parameters, an alert should be triggered to
the firewall vendor and the IoT device owner or administrator. A the firewall vendor and the IoT device owner or administrator. A
firewall must be readily updatable, so that when new parameters in firewall must be readily updatable so that when new parameters in
the MUD (D)TLS profile are discovered that are not recognized by the MUD (D)TLS profile are discovered that are not recognized by
the firewall, it can be updated quickly. Most importantly, if the the firewall, it can be updated quickly. Most importantly, if the
firewall is not readily updatable, its protection efficacy to firewall is not readily updatable, its protection efficacy to
identify emerging malware will decrease with time. For example, identify emerging malware will decrease with time. For example,
if the cipher suite TLS_AES_128_CCM_8_SHA256 specified in the MUD if the cipher suite TLS_AES_128_CCM_8_SHA256 specified in the MUD
(D)TLS profile is not recognized by the firewall, an alert will be (D)TLS profile is not recognized by the firewall, an alert will be
triggered. Similarly, if the (D)TLS version specified in the MUD triggered. Similarly, if the (D)TLS version specified in the MUD
file is not recognized by the firewall, an alert will be file is not recognized by the firewall, an alert will be
triggered. triggered.
* If the MUD (D)TLS profile includes any parameters that are * If the MUD (D)TLS profile includes any parameters that are
susceptible to attacks (e.g., weaker cryptographic parameters), an susceptible to attacks (e.g., weaker cryptographic parameters), an
alert MUST be triggered to the firewall vendor and the IoT device alert MUST be triggered to the firewall vendor and the IoT device
owner or administrator. owner or administrator.
7. MUD File Example 7. MUD File Example
The example below contains (D)TLS profile parameters for a IoT device The example below contains (D)TLS profile parameters for an IoT
used to reach servers listening on port 443 using TCP transport. device used to reach servers listening on port 443 using TCP
JSON encoding of YANG modelled data [RFC7951] is used to illustrate transport. JSON encoding of YANG-modeled data [RFC7951] is used to
the example. illustrate the example.
{ {
"ietf-mud:mud": { "ietf-mud:mud": {
"mud-version": 1, "mud-version": 1,
"mud-url": "https://example.com/IoTDevice", "mud-url": "https://example.com/IoTDevice",
"last-update": "2024-08-05T03:56:40.105+10:00", "last-update": "2024-08-05T03:56:40.105+10:00",
"cache-validity": 100, "cache-validity": 100,
"extensions": [ "extensions": [
"ietf-mud-tls" "ietf-mud-tls"
], ],
skipping to change at page 24, line 9 skipping to change at line 1112
the MUD (D)TLS profile is not recognized by the firewall, it can the MUD (D)TLS profile is not recognized by the firewall, it can
ignore the unrecognized extension. Because the extension type ignore the unrecognized extension. Because the extension type
"token_binding" is specified in the profile, an alert will be "token_binding" is specified in the profile, an alert will be
triggered to the firewall vendor and the IoT device owner or triggered to the firewall vendor and the IoT device owner or
administrator to notify the firewall is not up-to-date. administrator to notify the firewall is not up-to-date.
* The two-byte values assigned by IANA for the cipher suites * The two-byte values assigned by IANA for the cipher suites
TLS_AES_128_GCM_SHA256 and TLS_AES_256_GCM_SHA384 are represented TLS_AES_128_GCM_SHA256 and TLS_AES_256_GCM_SHA384 are represented
in decimal format. in decimal format.
8. Software-Based ACLs and ACLs within a (D)TLS 1.3 Proxy 8. Software-Based ACLs and ACLs Within a (D)TLS 1.3 Proxy
While ACL technology is traditionally associated with fixed-length While ACL technology is traditionally associated with fixed-length
bit matching in hardware implementations, such as those found in bit matching in hardware implementations, such as those found in
TCAMs, the use of ACLs in software, like with iptables, allows for Ternary Content-Addressable Memory (TCAM), the use of ACLs in
more flexible matching criteria, including string matching. In the software, like with iptables, allows for more flexible matching
context of MUD (D)TLS profiles, the ability to match binary data and criteria, including string matching. In the context of MUD (D)TLS
strings is a deliberate choice, made to leverage the capabilities of profiles, the ability to match binary data and strings is a
software-based ACLs. This enables more dynamic and context-sensitive deliberate choice made to leverage the capabilities of software-based
access control, which is essential for the intended application of ACLs. This enables more dynamic and context-sensitive access
MUD. The DNS extension added to ACL in MUD specification [RFC8520] control, which is essential for the intended application of MUD. The
also require software-based ACLs. DNS extension added to ACL in the MUD specification [RFC8520] also
requires software-based ACLs.
Regarding the use of MUD (D)TLS ACL in a (D)TLS 1.3 proxy, the goal Regarding the use of MUD (D)TLS ACL in a (D)TLS 1.3 proxy, the goal
is for the proxy to intercept the (D)TLS handshake before applying is for the proxy to intercept the (D)TLS handshake before applying
any ACL rules. This implies that MUD (D)TLS ACL matching would need any ACL rules. This implies that MUD (D)TLS ACL matching would need
to occur after decrypting the encrypted TLS handshake messages within to occur after decrypting the encrypted TLS handshake messages within
the proxy. The proxy would inspect the handshake fields according to the proxy. The proxy would inspect the handshake fields according to
the MUD profile. ACL matching would be performed in two stages: the MUD profile. ACL matching would be performed in two stages:
first, by filtering clear-text TLS handshake message and second, by first, by filtering clear-text TLS handshake message and second, by
filtering after decrypting the TLS handshake messages. filtering after decrypting the TLS handshake messages.
skipping to change at page 25, line 6 skipping to change at line 1158
across such diverse devices, it is not impossible. Malicious agents across such diverse devices, it is not impossible. Malicious agents
might manage to use (D)TLS profile parameters that resemble those of might manage to use (D)TLS profile parameters that resemble those of
legitimate devices. The feasibility of this depends on the nature of legitimate devices. The feasibility of this depends on the nature of
the profile parameters; for instance, parameters like certificate the profile parameters; for instance, parameters like certificate
authorities are complex to mimic, while others, such as signature authorities are complex to mimic, while others, such as signature
algorithms, may be easier to replicate. The difficulty in mimicking algorithms, may be easier to replicate. The difficulty in mimicking
these profiles correlates with the specificity of the profiles and these profiles correlates with the specificity of the profiles and
the variability in parameters used by different devices. the variability in parameters used by different devices.
Network security services should also rely on contextual network data Network security services should also rely on contextual network data
(e.g., domain name, IP address etc) to detect false negatives. For (e.g., domain name, IP address, etc.) to detect false negatives. For
example, network security services filter malcious domain names and example, network security services filter malicious domain names and
destination IP addresses with bad reputation score. Further, In destination IP addresses with a bad reputation score. Furthermore,
order to detect such malicious flows, anomaly detection (deep in order to detect such malicious flows, anomaly detection (deep
learning techniques on network data) can be used to detect malicious learning techniques on network data) can be used to detect malicious
agents using the same (D)TLS profile parameters as legitimate agent agents using the same (D)TLS profile parameters as the legitimate
on the IoT device. In anomaly detection, the main idea is to agent on the IoT device. In anomaly detection, the main idea is to
maintain rigorous learning of "normal" behavior and where an maintain rigorous learning of "normal" behavior and where an
"anomaly" (or an attack) is identified and categorized based on the "anomaly" (or an attack) is identified and categorized based on the
knowledge about the normal behavior and a deviation from this normal knowledge about the normal behavior and a deviation from this normal
behavior. Network security vendors leverage TLS parameters and behavior. Network security vendors leverage TLS parameters and
contextual network data to identify malware (for example, see [eve]). contextual network data to identify malware (for example, see [EVE]).
The efficacy of identifying malware in (D)TLS 1.3 flows will be The efficacy of identifying malware in (D)TLS 1.3 flows will be
significantly reduced without leveraging contextual network data or significantly reduced without leveraging contextual network data or
acting as a proxy, as the encryption in (D)TLS 1.3 obscures many of acting as a proxy, as the encryption in (D)TLS 1.3 obscures many of
the handshake details that could otherwise be used for detection. the handshake details that could otherwise be used for detection.
9.1. Challenges in Mimicking (D)TLS 1.2 Handshakes for IoT Devices 9.1. Challenges in Mimicking (D)TLS 1.2 Handshakes for IoT Devices
(D)TLS 1.2 generally does not require a proxy, as all fields in the (D)TLS 1.2 generally does not require a proxy, as all fields in the
(D)TLS profile are transmitted in clear text during the handshake. (D)TLS profile are transmitted in cleartext during the handshake.
While it is technically possible for an attacker to observe and mimic While it is technically possible for an attacker to observe and mimic
the handshake, an attacker would need to use a domain name and the handshake, an attacker would need to use a domain name and
destination IP address with a good reputation, obtain certificates destination IP address with a good reputation, obtain certificates
from the same CAs used by the IoT devices, and evade traffic analysis from the same CAs used by the IoT devices, and evade traffic analysis
tecniques (e.g., [eve], which detects malicious patterns in encrypted techniques (e.g., [EVE], which detects malicious patterns in
traffic without decryption). This task is particularly challenging encrypted traffic without decryption). This task is particularly
because IoT devices often have distinct (D)TLS profiles, varying challenging because IoT devices often have distinct (D)TLS profiles
between models and manufacturers. Unlike the developers of that vary between models and manufacturers. Unlike the developers of
legitimate applications, malware authors are under additional legitimate applications, malware authors are under additional
constraints such as avoiding any noticeable differences on the constraints, such as avoiding any noticeable differences on the
infected devices and the potential for take-down requests impacting infected devices and the potential for take-down requests impacting
their server infrastructure (e.g., certificate revocation by a CA their server infrastructure (e.g., certificate revocation by a CA
upon reporting). upon reporting).
9.2. Considerations for the "iana-tls-profile" Module 9.2. Considerations for the "iana-tls-profile" Module
This section follows the template defined in Section 3.7.1 of This section follows the template defined in Section 3.7.1 of
[I-D.ietf-netmod-rfc8407bis]. [YANG-GUIDELINES].
The YANG module specified in this document defines a schema for data The "iana-tls-profile" YANG module defines a data model that is
can possibly be accessed via network management protocols such as designed to be accessed via YANG-based management protocols, such as
NETCONF [RFC6241] or RESTCONF [RFC8040]. These network management NETCONF [RFC6241] and RESTCONF [RFC8040]. These protocols have to
protocols are required to use a secure transport layer and mutual use a secure transport layer (e.g., SSH [RFC4252], TLS [RFC8446], and
authentication, e.g., SSH [RFC6242] without the "none" authentication QUIC [RFC9000]) and have to use mutual authentication.
option, Transport Layer Security (TLS) [RFC8446] with mutual X.509
authentication, and HTTPS with HTTP authentication (Section 11 of
[RFC9110]).
The Network Access Control Model (NACM) [RFC8341] provides the means The Network Configuration Access Control Model (NACM) [RFC8341]
to restrict access for particular users to a pre-configured subset of provides the means to restrict access for particular NETCONF or
all available protocol operations and content. RESTCONF users to a preconfigured subset of all available NETCONF or
RESTCONF protocol operations and content.
This YANG module defines YANG enumerations, for a public IANA- There are no particularly sensitive writable data nodes.
There are no particularly sensitive readable data nodes.
This YANG module defines YANG enumerations for a public IANA-
maintained registry. maintained registry.
YANG enumerations are not security-sensitive, as they are statically YANG enumerations are not security-sensitive, as they are statically
defined in the publicly-accessible YANG module. IANA MAY deprecate defined in the publicly accessible YANG module. IANA MAY deprecate
and/or obsolete enumerations over time as needed to address security and/or obsolete enumerations over time as needed to address security
issues. issues.
This module does not define any writable-nodes, RPCs, actions, or There are no particularly sensitive RPC or action operations.
notifications, and thus the security consideration for such is not
provided here. The YANG module defines a set of identities, types, and groupings.
These nodes are intended to be reused by other YANG modules. The
module by itself does not expose any data nodes that are writable,
data nodes that contain read-only state, or RPCs. As such, there are
no additional security issues related to the YANG module that need to
be considered.
9.3. Considerations for the "ietf-acl-tls" Module 9.3. Considerations for the "ietf-acl-tls" Module
This section follows the template defined in Section 3.7.1 of This section follows the template defined in Section 3.7.1 of
[I-D.ietf-netmod-rfc8407bis]. [YANG-GUIDELINES].
The YANG module specified in this document defines a schema for data
that is designed to be accessed via network management protocols such
as NETCONF [RFC6241] or RESTCONF [RFC8040]. These network management
protocols are required to use a secure transport layer and mutual
authentication, e.g., SSH [RFC6242] without the "none" authentication
option, Transport Layer Security (TLS) [RFC8446] with mutual X.509
authentication, and HTTPS with HTTP authentication (Section 11 of
[RFC9110]).
The Network Access Control Model (NACM) [RFC8341] provides the means The "ietf-acl-tls" YANG module defines a data model that is designed
to restrict access for particular users to a pre-configured subset of to be accessed via YANG-based management protocols, such as NETCONF
all available protocol operations and content. [RFC6241] and RESTCONF [RFC8040]. These protocols have to use a
secure transport layer (e.g., SSH [RFC4252], TLS [RFC8446], and QUIC
[RFC9000]) and have to use mutual authentication.
Please be aware that this YANG module uses groupings from other YANG The Network Configuration Access Control Model (NACM) [RFC8341]
modules that define nodes that may be considered sensitive or provides the means to restrict access for particular NETCONF or
vulnerable in network environments. Please review the Security RESTCONF users to a preconfigured subset of all available NETCONF or
Considerations for dependent YANG modules for information as to which RESTCONF protocol operations and content.
nodes may be considered sensitive or vulnerable in network
environments.
All the writable data nodes defined by this module may be considered There are a number of data nodes defined in this YANG module that are
sensitive or vulnerable in some network environments. For instance, writable/creatable/deletable (i.e., "config true", which is the
the addition or removal of references to trusted anchors, (D)TLS default). All writable data nodes are likely to be reasonably
versions, cipher suites etc., can dramatically alter the implemented sensitive or vulnerable in some network environments. Write
security policy. For this reason, the NACM extension "default-deny- operations (e.g., edit-config) and delete operations to these data
write" has been set for all data nodes defined in this module. nodes without proper protection or authentication can have a negative
effect on network operations. For instance, the addition or removal
of references to trusted anchors, (D)TLS versions, cipher suites,
etc., can dramatically alter the implemented security policy. For
this reason, the NACM extension "default-deny-write" has been set for
all data nodes defined in this module.
Some of the readable data nodes defined in this YANG module may be Some of the readable data nodes defined in this YANG module may be
considered sensitive or vulnerable in some network environments. It considered sensitive or vulnerable in some network environments. It
is thus important to control read access (e.g., via get, get-config, is thus important to control read access (e.g., via get, get-config,
or notification) to these data nodes. The YANG module will provide or notification) to these data nodes. The YANG module will provide
insights into (D)TLS profiles of the IoT devices, the privacy insights into (D)TLS profiles of the IoT devices, and the privacy
considerations discussed in Section 10 needs to be taken into considerations discussed in Section 10 need to be taken into account.
account.
This module does not define any RPCs, actions, or notifications, and There are no particularly sensitive RPC or action operations.
thus the security consideration for such is not provided here.
This YANG module uses groupings from other YANG modules that define
nodes that may be considered sensitive or vulnerable in network
environments. Refer to the Security Considerations for dependent
YANG modules for information as to which nodes may be considered
sensitive or vulnerable in network environments.
9.4. Considerations for the "ietf-mud-tls" Module 9.4. Considerations for the "ietf-mud-tls" Module
This section follows the template defined in Section 3.7.1 of This section follows the template defined in Section 3.7.1 of
[I-D.ietf-netmod-rfc8407bis]. [YANG-GUIDELINES].
The YANG module specified in this document defines a schema for data The "ietf-mud-tls" YANG module defines a data model that is designed
can possibly be accessed via network management protocols such as to be accessed via YANG-based management protocols, such as NETCONF
NETCONF [RFC6241] or RESTCONF [RFC8040]. These network management [RFC6241] and RESTCONF [RFC8040]. These protocols have to use a
protocols are required to use a secure transport layer and mutual secure transport layer (e.g., SSH [RFC4252], TLS [RFC8446], and QUIC
authentication, e.g., SSH [RFC6242] without the "none" authentication [RFC9000]) and have to use mutual authentication.
option, Transport Layer Security (TLS) [RFC8446] with mutual X.509
authentication, and HTTPS with HTTP authentication (Section 11 of
[RFC9110]). Note that the YANG module is not intended to be accessed
via NETCONF and RESTCONF. This has already been discussed in
[RFC8520], and we are reiterating it here for the sake of
completeness.
The Network Access Control Model (NACM) [RFC8341] provides the means The Network Configuration Access Control Model (NACM) [RFC8341]
to restrict access for particular users to a pre-configured subset of provides the means to restrict access for particular NETCONF or
all available protocol operations and content. RESTCONF users to a preconfigured subset of all available NETCONF or
RESTCONF protocol operations and content.
Please be aware that this YANG module uses groupings from other YANG There are a number of data nodes defined in this YANG module that are
modules that define nodes that may be considered sensitive or writable/creatable/deletable (i.e., "config true", which is the
vulnerable in network environments. Please review the Security default). All writable data nodes are likely to be reasonably
Considerations for dependent YANG modules for information as to which sensitive or vulnerable in some network environments. Write
nodes may be considered sensitive or vulnerable in network operations (e.g., edit-config) and delete operations to these data
environments. nodes without proper protection or authentication can have a negative
effect on network operations. For instance, update that the device
does not support (D)TLS profile can dramatically alter the
implemented security policy. For this reason, the NACM extension
"default-deny-write" has been set for all data nodes defined in this
module.
All the writable data nodes defined by this module may be considered There are no particularly sensitive RPC or action operations.
sensitive or vulnerable in some network environments. For instance,
update that the device does not support (D)TLS profile can
dramatically alter the implemented security policy. For this reason,
the NACM extension "default-deny-write" has been set for all data
nodes defined in this module.
This module does not define any RPCs, actions, or notifications, and This YANG module uses groupings from other YANG modules that define
thus the security consideration for such is not provided here. nodes that may be considered sensitive or vulnerable in network
environments. Refer to the Security Considerations for dependent
YANG modules for information as to which nodes may be considered
sensitive or vulnerable in network environments.
10. Privacy Considerations 10. Privacy Considerations
Privacy considerations discussed in Section 16 of [RFC8520] to not Privacy considerations discussed in Section 16 of [RFC8520] to not
reveal the MUD URL to an attacker need to be taken into reveal the MUD URL to an attacker need to be taken into
consideration. The MUD URL can be stored in Trusted Execution consideration. The MUD URL can be stored in a Trusted Execution
Environment (TEE) for secure operation, enhanced data security, and Environment (TEE) for secure operation, enhanced data security, and
prevent exposure to unauthorized software. The MUD URL MUST be prevention of exposure to unauthorized software. The MUD URL MUST be
encrypted and shared only with the authorized components in the encrypted and shared only with the authorized components in the
network (see Section 1.5 and Section 1.8 of [RFC8520]) so that an on- network (see Sections 1.5 and 1.8 of [RFC8520]) so that an on-path
path attacker cannot read the MUD URL and identify the IoT device. attacker cannot read the MUD URL and identify the IoT device.
Otherwise, it provides the attacker with guidance on what Otherwise, it provides the attacker with guidance on what
vulnerabilities may be present on the IoT device. Note that while vulnerabilities may be present on the IoT device. Note that while
protecting the MUD URL is valuable as described above, a compromised protecting the MUD URL is valuable as described above, a compromised
IoT device may be susceptible to malware performing vulnerability IoT device may be susceptible to malware performing vulnerability
analysis (and version mapping) of the legitimate software located in analysis (and version mapping) of the legitimate software located in
memory or on non-volatile storage (e.g., disk, NVRAM). However, the memory or on non-volatile storage (e.g., disk, NVRAM). However, the
malware on the IoT device is intended to be blocked from establishing malware on the IoT device is intended to be blocked from establishing
a (D)TLS connection with the C&C server to reveal this information a (D)TLS connection with the C&C server to reveal this information
because the connection would be blocked by the network security because the connection would be blocked by the network security
service supporting this specification. service supporting this specification.
Full handshake inspection (Section 4.1) requires a (D)TLS proxy Full handshake inspection (Section 4.1) requires a (D)TLS proxy
device which needs to decrypt traffic between the IoT device and its device that needs to decrypt traffic between the IoT device and its
server(s). There is a tradeoff between privacy of the data carried server(s). There is a tradeoff between privacy of the data carried
inside (D)TLS (especially e.g., personally identifiable information inside (D)TLS (for example, personally identifiable information and
and protected health information) and efficacy of endpoint security. protected health information especially) and efficacy of endpoint
The use of (D)TLS proxies is NOT RECOMMENDED whenever possible. For security. The use of (D)TLS proxies is NOT RECOMMENDED whenever
example, an enterprise firewall administrator can configure the possible. For example, an enterprise firewall administrator can
middlebox to bypass (D)TLS proxy functionality or payload inspection configure the middlebox to bypass (D)TLS proxy functionality or
for connections destined to specific well-known services. payload inspection for connections destined to specific well-known
Alternatively, a IoT device could be configured to reject all services. Alternatively, an IoT device could be configured to reject
sessions that involve proxy servers to specific well-known services. all sessions that involve proxy servers to specific well-known
In addition, mechanisms based on object security can be used by IoT services. In addition, mechanisms based on object security can be
devices to enable end-to-end security and the middlebox will not have used by IoT devices to enable end-to-end security and the middlebox
any access to the packet data. For example, Object Security for will not have any access to the packet data. For example, Object
Constrained RESTful Environments (OSCORE) [RFC8613] is a proposal Security for Constrained RESTful Environments (OSCORE) [RFC8613] is a
that protects CoAP messages by wrapping them in the COSE format proposal that protects Constrained Application Protocol (CoAP)
[RFC9052]. messages by wrapping them in the CBOR Object Signing and Encryption
(COSE) format [RFC9052].
11. IANA Considerations 11. IANA Considerations
11.1. (D)TLS Profile YANG Modules 11.1. (D)TLS Profile YANG Modules
This document requests IANA to register the following URIs in the IANA has registered the following URIs in the "ns" subregistry within
"ns" subregistry within the "IETF XML Registry" [RFC3688]: the "IETF XML Registry" [RFC3688]:
URI: urn:ietf:params:xml:ns:yang:iana-tls-profile URI: urn:ietf:params:xml:ns:yang:iana-tls-profile
Registrant Contact: IANA. Registrant Contact: IANA.
XML: N/A; the requested URI is an XML namespace. XML: N/A; the requested URI is an XML namespace.
URI: urn:ietf:params:xml:ns:yang:ietf-acl-tls URI: urn:ietf:params:xml:ns:yang:ietf-acl-tls
Registrant Contact: IESG. Registrant Contact: IESG.
XML: N/A; the requested URI is an XML namespace. XML: N/A; the requested URI is an XML namespace.
URI: urn:ietf:params:xml:ns:yang:ietf-mud-tls URI: urn:ietf:params:xml:ns:yang:ietf-mud-tls
Registrant Contact: IESG. Registrant Contact: IESG.
XML: N/A; the requested URI is an XML namespace. XML: N/A; the requested URI is an XML namespace.
IANA is requested to create an IANA-maintained YANG Module called IANA has created an IANA-maintained YANG module called "iana-tls-
"iana-tls-profile", based on the contents of Section 5.3, which will profile" based on the contents of Section 5.3, which allows for new
allow for new (D)TLS parameters and (D)TLS versions to be added to (D)TLS parameters and (D)TLS versions to be added to "client-
"client-profile". profile".
This document requests IANA to register the following YANG modules in IANA has registered the following YANG modules in the "YANG Module
the "YANG Module Names" subregistry [RFC6020] within the "YANG Names" registry [RFC6020] of the "YANG Parameters" registry group.
Parameters" registry.
name: iana-tls-profile Name: iana-tls-profile
namespace: urn:ietf:params:xml:ns:yang:iana-tls-profile Namespace: urn:ietf:params:xml:ns:yang:iana-tls-profile
maintained by IANA: Y Maintained by IANA: Y
prefix: ianatp Prefix: ianatp
reference: RFC XXXX Reference: RFC 9761
name: ietf-acl-tls Name: ietf-acl-tls
namespace: urn:ietf:params:xml:ns:yang:ietf-acl-tls Namespace: urn:ietf:params:xml:ns:yang:ietf-acl-tls
maintained by IANA: N Maintained by IANA: N
prefix: ietf-acl-tls Prefix: ietf-acl-tls
reference: RFC XXXX Reference: RFC 9761
name: ietf-mud-tls
namespace: urn:ietf:params:xml:ns:yang:ietf-mud-tls Name: ietf-mud-tls
maintained by IANA: N Namespace: urn:ietf:params:xml:ns:yang:ietf-mud-tls
prefix: ietf-mud-tls Maintained by IANA: N
reference: RFC XXXX Prefix: ietf-mud-tls
Reference: RFC 9761
11.2. Considerations for the iana-tls-profile Module 11.2. Considerations for the iana-tls-profile Module
IANA is requested to create the initial version of the IANA- IANA has created the initial version of the IANA-maintained YANG
maintained YANG Module called "iana-tls-profile", based on the module called "iana-tls-profile" based on the contents of
contents of Section 5.3, which will allow for new (D)TLS parameters Section 5.3, which will allow for new (D)TLS parameters and (D)TLS
and (D)TLS versions to be added. IANA is requested to add this note: versions to be added. IANA is requested to add this note:
* tls-version and dtls-version values must not be directly added to * tls-version and dtls-version values must not be directly added to
the iana-tls-profile YANG module. They must instead be the iana-tls-profile YANG module. Instead, they must be added to
respectively added to the "ACL TLS Version Codes", and "ACL DTLS the "ACL TLS Version Codes" and "ACL DTLS Version Codes"
Version Codes" registries provided the new (D)TLS version has been registries (respectively), provided the new (D)TLS version has
standardized by the IETF. It allows new (D)TLS version to be been standardized by the IETF. It allows a new (D)TLS version to
added to the "iana-tls-profile" YANG Module. be added to the "iana-tls-profile" YANG module.
* (D)TLS parameters must not be directly added to the iana-tls- * (D)TLS parameters must not be directly added to the iana-tls-
profile YANG module. They must instead be added to the "ACL profile YANG module. They must instead be added to the "ACL
(D)TLS Parameters" registry if the new (D)TLS parameters can be (D)TLS Parameters" registry if the new (D)TLS parameters can be
used by a middlebox to identify a MUD non-compliant (D)TLS used by a middlebox to identify a MUD non-compliant (D)TLS
behavior. It allows new (D)TLS parameters to be added to the behavior. It allows new (D)TLS parameters to be added to the
"iana-tls-profile" YANG Module, "iana-tls-profile" YANG module.
When a 'tls-version' or 'dtls-version' value is respectively added to When a "tls-version" or "dtls-version" value is added to the "ACL TLS
the "ACL TLS Version Codes" or "ACL DTLS Version Codes" registry, a Version Codes" or "ACL DTLS Version Codes" registry (respectively), a
new "enum" statement must be added to the iana-tls-profile YANG new "enum" statement must be added to the iana-tls-profile YANG
module. The following "enum" statement, and substatements thereof, module. The following "enum" statement, and substatements thereof,
should be defined: should be defined:
"enum": Replicates the label from the registry. "enum": Replicates the label from the registry.
"value": Contains the IANA-assigned value corresponding to the "value": Contains the IANA-assigned value corresponding to the
'tls-version' or 'dtls-version'. "tls-version" or "dtls-version".
"description": Replicates the description from the registry. "description": Replicates the description from the registry.
"reference": RFC YYYY: <Title of the RFC >, where YYYY is the RFC "reference": RFC YYYY: <Title of the RFC>, where YYYY is the RFC
that added the ’tls-version’ or ‘dtls-version’ that added the "tls-version" or "dtls-version".
When a (D)TLS parameter is added to "ACL (D)TLS Parameters" registry, When a (D)TLS parameter is added to the "ACL (D)TLS Parameters"
a new "type" statement must be added to the iana-tls-profile YANG registry, a new "type" statement must be added to the iana-tls-
module. The following "type" statement, and substatements thereof, profile YANG module. The following "type" statement, and
should be defined: substatements thereof, should be defined:
"derived type": Replicates the parameter name from the registry. "derived type": Replicates the parameter name from the registry.
"built-in type": Contains the built-in YANG type. "built-in type": Contains the built-in YANG type.
"description": Replicates the description from the registry. "description": Replicates the description from the registry.
When the iana-tls-profile YANG module is updated, a new "revision" When the iana-tls-profile YANG module is updated, a new "revision"
statement must be added in front of the existing revision statements. statement must be added in front of the existing revision statements.
IANA is requested to add this note to "ACL TLS Version Codes", "ACL IANA has added this note to "ACL TLS Version Codes", "ACL DTLS
DTLS Version Codes", and "ACL (D)TLS Parameters" registries: Version Codes", and "ACL (D)TLS Parameters" registries:
When this registry is modified, the YANG module iana-tls-profile
must be updated as defined in [RFCXXXX].
11.3. ACL TLS Version registry When this registry is modified, the YANG module "iana-tls-profile"
must be updated as defined in [RFC9761].
IANA is requested to create a new registry titled "ACL TLS Version 11.3. ACL TLS Version Registry
Codes". Codes in this registry are used as valid values of 'tls-
version' parameter. Further assignments are to be made through
Expert Review [RFC8126]. Experts must ensure that the TLS protocol
version in a new registration is one that has been standardized by
the IETF. It is expected that the registry will be updated
infrequently, primarily when a new TLS version is standardized by the
IETF.
+-------+---------+-----------------+-----------+ IANA has created a new registry titled "ACL TLS Version Codes".
| Value | Label | Description | Reference | Codes in this registry are used as valid values of "tls-version"
| | | | | parameter. Further assignments are to be made through Expert Review
| | | | | [RFC8126]. Experts must ensure that the TLS protocol version in a
+-------+---------+-----------------+-----------+ new registration is one that has been standardized by the IETF. It
| 1 | tls12 | TLS Version 1.2 | [RFC5246] | is expected that the registry will be updated infrequently, primarily
+-------+---------+-----------------+-----------+ when a new TLS version is standardized by the IETF.
| 2 | tls13 | TLS Version 1.3 | [RFC8446] |
+-------+---------+-----------------+-----------+
11.4. ACL DTLS version registry +=======+=======+=================+===========+
| Value | Label | Description | Reference |
+=======+=======+=================+===========+
| 1 | tls12 | TLS Version 1.2 | [RFC5246] |
+-------+-------+-----------------+-----------+
| 2 | tls13 | TLS Version 1.3 | [RFC8446] |
+-------+-------+-----------------+-----------+
IANA is requested to create a new registry titled "ACL DTLS Version Table 1
Codes". Codes in this registry are used as valid values of 'dtls-
version' parameter. Further assignments are to be made through
Expert Review [RFC8126]. Experts must ensure that the DTLS protocol
version in a new registration is one that has been standardized by
the IETF. It is expected that the registry will be updated
infrequently, primarily when a new DTLS version is standardized by
the IETF.
+-------+---------+----------------+-----------------------+ 11.4. ACL DTLS Version Registry
| Value | Label | Description | Reference |
| | | | |
| | | | |
+-------+---------+----------------+-----------------------+
| 1 |dtls12 |DTLS Version 1.2| [RFC6347] |
+-------+---------+----------------+-----------------------+
| 2 |dtls13 |DTLS Version 1.3| [RFC9147| |
+-------+---------+----------------+-----------------------+
11.5. ACL (D)TLS Parameters registry IANA has created a new registry titled "ACL DTLS Version Codes".
Codes in this registry are used as valid values of "dtls-version"
parameter. Further assignments are to be made through Expert Review
[RFC8126]. Experts must ensure that the DTLS protocol version in a
new registration is one that has been standardized by the IETF. It
is expected that the registry will be updated infrequently, primarily
when a new DTLS version is standardized by the IETF.
IANA is requested to create a new registry titled "ACL (D)TLS +=======+========+==================+===========+
parameters". | Value | Label | Description | Reference |
+=======+========+==================+===========+
| 1 | dtls12 | DTLS Version 1.2 | [RFC6347] |
+-------+--------+------------------+-----------+
| 2 | dtls13 | DTLS Version 1.3 | [RFC9147] |
+-------+--------+------------------+-----------+
The values for all the (D)TLS parameters in the registry are defined Table 2
in the TLS and DTLS IANA registries
(https://www.iana.org/assignments/tls-parameters/tls-parameters.txt
and https://www.iana.org/assignments/tls-extensiontype-values/tls-
extensiontype-values.txt) excluding the tls-version and dtls-version
parameters. Further assignments are to be made through Expert Review
[RFC8126]. Experts must ensure that the (D)TLS parameter in a new
registration is one that has been standardized by the IETF. The
registry is expected to be updated periodically, primarily when a new
(D)TLS parameter is standardized by the IETF. The registry is
initially populated with the following parameters:
+----------------------------+-------------+--------+---------------------------------------------+ 11.5. ACL (D)TLS Parameters Registry
| Parameter Name | YANG | JSON | |
| | Type | Type | Description |
| | | | |
+----------------------------+-------------+--------+---------------------------------------------+
| extension-type | uint16 | Number | Extension type |
+----------------------------+-------------+--------+---------------------------------------------+
| supported-group | uint16 | Number | Supported group |
+----------------------------+-------------+--------+---------------------------------------------+
| signature-algorithm | uint16 | Number | Signature algorithm |
+----------------------------+-------------+--------+---------------------------------------------+
| psk-key-exchange-mode | uint8 | Number | pre-shared key exchange mode |
+----------------------------+-------------+--------+---------------------------------------------+
| application-protocol | string | String | Application protocol |
+----------------------------+-------------+--------+---------------------------------------------+
| cert-compression-algorithm | uint16 | Number | Certificate compression algorithm |
+----------------------------+-------------+--------+---------------------------------------------+
| cipher-algorithm | uint16 | Number | Cipher Suite |
+----------------------------+-------------+--------+---------------------------------------------+
| tls-version | enumeration | String | TLS version |
+----------------------------+-------------+--------+---------------------------------------------+
| dtls-version | enumeration | String | DTLS version |
+----------------------------+-------------+--------+---------------------------------------------+
11.6. MUD Extensions registry IANA has created a new registry titled "ACL (D)TLS Parameters".
IANA is requested to create a new MUD Extension Name "ietf-mud-tls" The values for all the (D)TLS parameters in the registry are defined
in the MUD Extensions IANA registry in the TLS and DTLS IANA registries
https://www.iana.org/assignments/mud/mud.xhtml. (https://www.iana.org/assignments/tls-parameters/ and
https://www.iana.org/assignments/tls-extensiontype-values/) excluding
the tls-version and dtls-version parameters. Further assignments are
to be made through Expert Review [RFC8126]. Experts must ensure that
the (D)TLS parameter in a new registration is one that has been
standardized by the IETF. The registry is expected to be updated
periodically, primarily when a new (D)TLS parameter is standardized
by the IETF. The registry has been populated with the following
initial parameters:
12. Acknowledgments +============================+=============+========+==============+
| Parameter Name | YANG Type | JSON | Description |
| | | Type | |
+============================+=============+========+==============+
| extension-type | uint16 | Number | Extension |
| | | | type |
+----------------------------+-------------+--------+--------------+
| supported-group | uint16 | Number | Supported |
| | | | group |
+----------------------------+-------------+--------+--------------+
| signature-algorithm | uint16 | Number | Signature |
| | | | algorithm |
+----------------------------+-------------+--------+--------------+
| psk-key-exchange-mode | uint8 | Number | Pre-shared |
| | | | key exchange |
| | | | mode |
+----------------------------+-------------+--------+--------------+
| application-protocol | string | String | Application |
| | | | protocol |
+----------------------------+-------------+--------+--------------+
| cert-compression-algorithm | uint16 | Number | Certificate |
| | | | compression |
| | | | algorithm |
+----------------------------+-------------+--------+--------------+
| cipher-algorithm | uint16 | Number | Cipher suite |
+----------------------------+-------------+--------+--------------+
| tls-version | enumeration | String | TLS version |
+----------------------------+-------------+--------+--------------+
| dtls-version | enumeration | String | DTLS version |
+----------------------------+-------------+--------+--------------+
Thanks to Flemming Andreasen, Shashank Jain, Michael Richardson, Table 3
Piyush Joshi, Eliot Lear, Harsha Joshi, Qin Wu, Mohamed Boucadair,
Ben Schwartz, Eric Rescorla, Panwei William, Nick Lamb, Tom Petch,
Paul Wouters, Thomas Fossati and Nick Harper for the discussion and
comments.
Thanks to Xufeng Liu for YANGDOCTOR review. Thanks to Linda Dunbar 11.6. MUD Extensions Registry
for SECDIR review. Thanks to Qin Wu for OPSDIR review. Thanks to R.
Gieben for DNSDIR review.
Thanks to Roman Danyliw, Orie Steele, Éric Vyncke, Mahesh IANA has created a new MUD Extension Name "ietf-mud-tls" in the "MUD
Jethanandani, Murray Kucherawy, Zaheduzzaman Sarker and Deb Cooley Extensions" IANA registry <https://www.iana.org/assignments/mud>.
for the IESG review.
13. References 12. References
13.1. Normative References
[I-D.ietf-netconf-crypto-types] 12.1. Normative References
Watsen, K., "YANG Data Types and Groupings for
Cryptography", Work in Progress, Internet-Draft, draft-
ietf-netconf-crypto-types-34, 16 March 2024,
<https://datatracker.ietf.org/doc/html/draft-ietf-netconf-
crypto-types-34>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
DOI 10.17487/RFC3688, January 2004, DOI 10.17487/RFC3688, January 2004,
<https://www.rfc-editor.org/info/rfc3688>. <https://www.rfc-editor.org/info/rfc3688>.
[RFC4252] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH)
Authentication Protocol", RFC 4252, DOI 10.17487/RFC4252,
January 2006, <https://www.rfc-editor.org/info/rfc4252>.
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246, (TLS) Protocol Version 1.2", RFC 5246,
DOI 10.17487/RFC5246, August 2008, DOI 10.17487/RFC5246, August 2008,
<https://www.rfc-editor.org/info/rfc5246>. <https://www.rfc-editor.org/info/rfc5246>.
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
and A. Bierman, Ed., "Network Configuration Protocol and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
<https://www.rfc-editor.org/info/rfc6241>. <https://www.rfc-editor.org/info/rfc6241>.
[RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure
Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011,
<https://www.rfc-editor.org/info/rfc6242>.
[RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer
Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347,
January 2012, <https://www.rfc-editor.org/info/rfc6347>. January 2012, <https://www.rfc-editor.org/info/rfc6347>.
[RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
<https://www.rfc-editor.org/info/rfc8040>. <https://www.rfc-editor.org/info/rfc8040>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
skipping to change at page 35, line 28 skipping to change at line 1613
[RFC8701] Benjamin, D., "Applying Generate Random Extensions And [RFC8701] Benjamin, D., "Applying Generate Random Extensions And
Sustain Extensibility (GREASE) to TLS Extensibility", Sustain Extensibility (GREASE) to TLS Extensibility",
RFC 8701, DOI 10.17487/RFC8701, January 2020, RFC 8701, DOI 10.17487/RFC8701, January 2020,
<https://www.rfc-editor.org/info/rfc8701>. <https://www.rfc-editor.org/info/rfc8701>.
[RFC8879] Ghedini, A. and V. Vasiliev, "TLS Certificate [RFC8879] Ghedini, A. and V. Vasiliev, "TLS Certificate
Compression", RFC 8879, DOI 10.17487/RFC8879, December Compression", RFC 8879, DOI 10.17487/RFC8879, December
2020, <https://www.rfc-editor.org/info/rfc8879>. 2020, <https://www.rfc-editor.org/info/rfc8879>.
[RFC9110] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, [RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based
Ed., "HTTP Semantics", STD 97, RFC 9110, Multiplexed and Secure Transport", RFC 9000,
DOI 10.17487/RFC9110, June 2022, DOI 10.17487/RFC9000, May 2021,
<https://www.rfc-editor.org/info/rfc9110>. <https://www.rfc-editor.org/info/rfc9000>.
[RFC9147] Rescorla, E., Tschofenig, H., and N. Modadugu, "The [RFC9147] Rescorla, E., Tschofenig, H., and N. Modadugu, "The
Datagram Transport Layer Security (DTLS) Protocol Version Datagram Transport Layer Security (DTLS) Protocol Version
1.3", RFC 9147, DOI 10.17487/RFC9147, April 2022, 1.3", RFC 9147, DOI 10.17487/RFC9147, April 2022,
<https://www.rfc-editor.org/info/rfc9147>. <https://www.rfc-editor.org/info/rfc9147>.
[RFC9640] Watsen, K., "YANG Data Types and Groupings for
Cryptography", RFC 9640, DOI 10.17487/RFC9640, October
2024, <https://www.rfc-editor.org/info/rfc9640>.
[X690] ITU-T, "Information technology - ASN.1 encoding Rules: [X690] ITU-T, "Information technology - ASN.1 encoding Rules:
Specification of Basic Encoding Rules (BER), Canonical Specification of Basic Encoding Rules (BER), Canonical
Encoding Rules (CER) and Distinguished Encoding Rules Encoding Rules (CER) and Distinguished Encoding Rules
(DER)", ISO/IEC 8825-1:2002, 2002. (DER)", ITU-T Recommendation X.690, 2021,
<https://www.itu.int/rec/T-REC-X.690-202102-I/en>.
13.2. Informative References 12.2. Informative References
[clear-as-mud] [CLEAR-AS-MUD]
"Clear as MUD: Generating, Validating and Applying IoT Hamza, A., Ranathunga, D., Gharakheili, H. H., Roughan,
Behaviorial Profiles", October 2019, M., and V. Sivaraman, "Clear as MUD: Generating,
Validating and Applying IoT Behaviorial Profiles
(Technical Report)", arXiv:1804.04358,
DOI 10.48550/arXiv.1804.04358, April 2018,
<https://arxiv.org/pdf/1804.04358.pdf>. <https://arxiv.org/pdf/1804.04358.pdf>.
[cryto-vulnerability] [CRYPTO-VULNERABILITY]
Perez, B., "Exploiting the Windows CryptoAPI Perez, B., "Exploiting the Windows CryptoAPI
Vulnerability", January 2020, Vulnerability", January 2020,
<https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/ <https://securityboulevard.com/2020/01/exploiting-the-
CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF>. windows-cryptoapi-vulnerability/>.
[eve] Cisco, "Encrypted Visibility Engine",
<https://secure.cisco.com/secure-firewall/docs/encrypted-
visibility-engine>.
[I-D.ietf-netmod-rfc8407bis]
Bierman, A., Boucadair, M., and Q. Wu, "Guidelines for
Authors and Reviewers of Documents Containing YANG Data
Models", Work in Progress, Internet-Draft, draft-ietf-
netmod-rfc8407bis-14, 5 July 2024,
<https://datatracker.ietf.org/doc/html/draft-ietf-netmod-
rfc8407bis-14>.
[I-D.ietf-tls-esni] [EVE] Cisco, "Encrypted Visibility Engine", Cisco Secure
Rescorla, E., Oku, K., Sullivan, N., and C. A. Wood, "TLS Firewall documentation, <https://secure.cisco.com/secure-
Encrypted Client Hello", Work in Progress, Internet-Draft, firewall/docs/encrypted-visibility-engine>.
draft-ietf-tls-esni-20, 4 August 2024,
<https://datatracker.ietf.org/doc/html/draft-ietf-tls-
esni-20>.
[I-D.ietf-uta-tls13-iot-profile] [IoT-PROFILE]
Tschofenig, H., Fossati, T., and M. Richardson, "TLS/DTLS Tschofenig, H., Fossati, T., and M. Richardson, "TLS/DTLS
1.3 Profiles for the Internet of Things", Work in 1.3 Profiles for the Internet of Things", Work in
Progress, Internet-Draft, draft-ietf-uta-tls13-iot- Progress, Internet-Draft, draft-ietf-uta-tls13-iot-
profile-09, 3 March 2024, profile-13, 3 March 2025,
<https://datatracker.ietf.org/doc/html/draft-ietf-uta- <https://datatracker.ietf.org/doc/html/draft-ietf-uta-
tls13-iot-profile-09>. tls13-iot-profile-13>.
[malware-doh] [MALWARE-DOH]
Cimpanu, C., "First-ever malware strain spotted abusing Cimpanu, C., "First-ever malware strain spotted abusing
new DoH (DNS over HTTPS) protocol", July 2019, new DoH (DNS over HTTPS) protocol", ZDNET, July 2019,
<https://www.zdnet.com/article/first-ever-malware-strain- <https://www.zdnet.com/article/first-ever-malware-strain-
spotted-abusing-new-doh-dns-over-https-protocol/>. spotted-abusing-new-doh-dns-over-https-protocol/>.
[malware-tls] [MALWARE-TLS]
Anderson, B. and D. McGrew, "TLS Beyond the Browser: Anderson, B. and D. McGrew, "TLS Beyond the Browser:
Combining End Host and Network Data to Understand Combining End Host and Network Data to Understand
Application Behavior", October 2019, Application Behavior", IMC '19: Proceedings of the
Internet Measurement Conference, pp. 379-392,
DOI 10.1145/3355369.3355601, October 2019,
<https://dl.acm.org/citation.cfm?id=3355601>. <https://dl.acm.org/citation.cfm?id=3355601>.
[RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for
the Network Configuration Protocol (NETCONF)", RFC 6020, the Network Configuration Protocol (NETCONF)", RFC 6020,
DOI 10.17487/RFC6020, October 2010, DOI 10.17487/RFC6020, October 2010,
<https://www.rfc-editor.org/info/rfc6020>. <https://www.rfc-editor.org/info/rfc6020>.
[RFC6066] Eastlake 3rd, D., "Transport Layer Security (TLS) [RFC6066] Eastlake 3rd, D., "Transport Layer Security (TLS)
Extensions: Extension Definitions", RFC 6066, Extensions: Extension Definitions", RFC 6066,
DOI 10.17487/RFC6066, January 2011, DOI 10.17487/RFC6066, January 2011,
skipping to change at page 38, line 46 skipping to change at line 1764
Jensen, "Discovery of Designated Resolvers", RFC 9462, Jensen, "Discovery of Designated Resolvers", RFC 9462,
DOI 10.17487/RFC9462, November 2023, DOI 10.17487/RFC9462, November 2023,
<https://www.rfc-editor.org/info/rfc9462>. <https://www.rfc-editor.org/info/rfc9462>.
[RFC9463] Boucadair, M., Ed., Reddy.K, T., Ed., Wing, D., Cook, N., [RFC9463] Boucadair, M., Ed., Reddy.K, T., Ed., Wing, D., Cook, N.,
and T. Jensen, "DHCP and Router Advertisement Options for and T. Jensen, "DHCP and Router Advertisement Options for
the Discovery of Network-designated Resolvers (DNR)", the Discovery of Network-designated Resolvers (DNR)",
RFC 9463, DOI 10.17487/RFC9463, November 2023, RFC 9463, DOI 10.17487/RFC9463, November 2023,
<https://www.rfc-editor.org/info/rfc9463>. <https://www.rfc-editor.org/info/rfc9463>.
[slowloris] [SLOWLORIS]
Cisco, "Slowloris HTTP DoS", Wikipedia, "Slowloris (cyber attack)", December 2024,
<https://web.archive.org/web/20150315054838/ <https://en.wikipedia.org/w/index.php?title=Slowloris_(cyb
http://ha.ckers.org/slowloris/>. er_attack)&oldid=1263305193>.
[TLS-ESNI] Rescorla, E., Oku, K., Sullivan, N., and C. A. Wood, "TLS
Encrypted Client Hello", Work in Progress, Internet-Draft,
draft-ietf-tls-esni-24, 20 March 2025,
<https://datatracker.ietf.org/doc/html/draft-ietf-tls-
esni-24>.
[X501] "Information Technology - Open Systems Interconnection - [X501] "Information Technology - Open Systems Interconnection -
The Directory: Models", ITU-T X.501, 1993. The Directory: Models", ITU-T Recommendation X.501,
October 2019,
<https://www.itu.int/rec/T-REC-X.501-201910-I/en>.
[YANG-GUIDELINES]
Bierman, A., Boucadair, M., and Q. Wu, "Guidelines for
Authors and Reviewers of Documents Containing YANG Data
Models", Work in Progress, Internet-Draft, draft-ietf-
netmod-rfc8407bis-22, 14 January 2025,
<https://datatracker.ietf.org/doc/html/draft-ietf-netmod-
rfc8407bis-22>.
Acknowledgments
Thanks to Flemming Andreasen, Shashank Jain, Michael Richardson,
Piyush Joshi, Eliot Lear, Harsha Joshi, Qin Wu, Mohamed Boucadair,
Ben Schwartz, Eric Rescorla, Panwei William, Nick Lamb, Tom Petch,
Paul Wouters, Thomas Fossati, and Nick Harper for the discussion and
comments.
Thanks to Xufeng Liu for YANGDOCTOR review. Thanks to Linda Dunbar
for SECDIR review. Thanks to Qin Wu for OPSDIR review. Thanks to
R. Gieben for DNSDIR review.
Thanks to Roman Danyliw, Orie Steele, Éric Vyncke, Mahesh
Jethanandani, Murray Kucherawy, Zaheduzzaman Sarker, and Deb Cooley
for the IESG review.
Authors' Addresses Authors' Addresses
Tirumaleswar Reddy Tirumaleswar Reddy.K
Nokia Nokia
India India
Email: kondtir@gmail.com Email: kondtir@gmail.com
Dan Wing Dan Wing
Citrix Systems, Inc. Citrix Systems, Inc.
4988 Great America Pkwy 4988 Great America Pkwy
Santa Clara, CA 95054 Santa Clara, CA 95054
United States of America United States of America
Email: danwing@gmail.com Email: danwing@gmail.com
 End of changes. 207 change blocks. 
681 lines changed or deleted 715 lines changed or added

This html diff was produced by rfcdiff 1.48.