<?xmlversion="1.0" encoding="US-ASCII"?>version='1.0' encoding='UTF-8'?> <!DOCTYPE rfcSYSTEM "rfc2629.dtd"> <?rfc toc="yes"?> <?rfc tocompact="yes"?> <?rfc tocdepth="3"?> <?rfc tocindent="yes"?> <?rfc symrefs="yes"?> <?rfc sortrefs="yes"?> <?rfc comments="yes"?> <?rfc inline="yes"?> <?rfc compact="yes"?> <?rfc subcompact="no"?>[ <!ENTITY nbsp " "> <!ENTITY zwsp "​"> <!ENTITY nbhy "‑"> <!ENTITY wj "⁠"> ]> <rfc xmlns:xi="http://www.w3.org/2001/XInclude" category="std" docName="draft-ietf-opsawg-mud-tls-18"ipr="trust200902">number="9761" ipr="trust200902" obsoletes="" updates="" submissionType="IETF" xml:lang="en" tocInclude="true" tocDepth="3" consensus="true" symRefs="true" sortRefs="true" version="3"> <front> <!-- [rfced] For clarity, we have updated the title and the first sentence of the Abstract from the combined abbreviation "(D)TLS" to "TLS and DTLS". Afterwards, "D(TLS)" will be used in the document. Original: This memo extends the Manufacturer Usage Description (MUD) specification to allow manufacturers to define (D)TLS profile parameters. Current: This memo extends the Manufacturer Usage Description (MUD) specification to allow manufacturers to define TLS and DTLS profile parameters --> <title abbrev="MUD (D)TLS Profile for IoT devices">Manufacturer Usage Description (MUD)(D)TLSfor TLS and DTLS Profiles forIoTInternet of Things (IoT) Devices</title> <seriesInfo name="RFC" value="9761"/> <author fullname="TirumaleswarReddy"Reddy.K" initials="T."surname="Reddy">surname="Reddy.K"> <organization>Nokia</organization> <address> <postal><street></street><country>India</country> </postal> <email>kondtir@gmail.com</email> </address> </author> <author fullname="Dan Wing" initials="D." surname="Wing"> <organization abbrev="Citrix">Citrix Systems, Inc.</organization> <address> <postal> <street>4988 Great America Pkwy</street> <city>Santa Clara</city> <region>CA</region> <code>95054</code><country>USA</country><country>United States of America</country> </postal> <email>danwing@gmail.com</email> </address> </author> <author fullname="Blake Anderson" initials="B." surname="Anderson"> <organization abbrev="Cisco">Cisco Systems, Inc.</organization> <address> <postal> <street>170 West Tasman Dr</street> <city>San Jose</city> <region>CA</region> <code>95134</code><country>USA</country><country>United States of America</country> </postal> <email>blake.anderson@cisco.com</email> </address> </author> <date/> <workgroup>OPSAWG WG</workgroup>month="March" year="2025"/> <area>OPS</area> <workgroup>opsawg</workgroup> <!-- [rfced] Please insert any keywords (beyond those that appear in the title) for use on https://www.rfc-editor.org/search. --> <keyword>example</keyword> <abstract> <t>This memo extends the Manufacturer Usage Description (MUD) specification to allow manufacturers to define(D)TLSTLS and DTLS profile parameters. This allows a network security service to identify unexpected (D)TLS usage, which can indicate the presence of unauthorized software, malware, or security policy-violating traffic on an endpoint.</t> </abstract> </front> <middle> <section anchor="intro"title="Introduction">numbered="true" toc="default"> <name>Introduction</name> <t>Encryption is necessary to enhance the privacy of end users usingIoTInternet of Things (IoT) devices. TLS <xreftarget="RFC8446"></xref>target="RFC8446" format="default"/> and DTLS <xreftarget="RFC9147"></xref>target="RFC9147" format="default"/> are the dominant protocols (counting all (D)TLS versions)providingthat provide encryption for IoT device traffic. Unfortunately, in conjunction with IoT applications' rise of encryption, malware authors are also using encryptionwhichthat thwarts network-basedanalysisanalysis, such as deep packet inspection (DPI).OtherThus, other mechanisms arethusneeded to help detect malware running on an IoT device.</t><t>Malware<!-- [rfced] We have rephrased "non-malware" in the text below. Please let us know if you refer otherwise. Original: Malware often reuses certain libraries, and there are notable differences in how malware uses encryption compared to non-malware. Current: Malware often reuses certain libraries, and there are notable differences in how malware uses encryption compared to software that is not malware. --> <t>Malware often reuses certain libraries, and there are notable differences in how malware uses encryption compared to software that is not malware. Several common patterns in the use of (D)TLS by malware include:<list style="symbols"></t> <ul spacing="normal"> <li> <t>Use of older and weaker cryptographic parameters.</t> </li> <li> <t>TLS server name indication (SNI) extension <xreftarget="RFC6066"></xref>target="RFC6066" format="default"/> and server certificates are composed of subjects with characteristics of a domain generation algorithm (DGA) (e.g.,'www.33mhwt2j.net').</t>"www.33mhwt2j.net").</t> </li> <li> <t>Higher use of self-signed certificates compared with typical legitimate software using certificates from aCAcertificate authority (CA) trusted by the device.</t> </li> <li> <t>Discrepancies in the SNI TLS extension and the DNS names in the SubjectAltName (SAN) X.509 extension in the server certificate message.</t> </li> <li> <t>Discrepancies in the key exchange algorithm and the client public key length in comparison with legitimate flows. As a reminder, the Client Key Exchange message has been removed from TLS 1.3.</t> </li> <li> <t>Lower diversity inTLS client advertisedextensions advertised by TLS clients compared to legitimate clients.</t> </li> <li> <t>Using privacy enhancing technologies like Tor, Psiphon, Ultrasurf (see <xreftarget="malware-tls"></xref>),target="MALWARE-TLS" format="default"/>), and evasion techniques such as ClientHello randomization.</t> </li> <li> <!-- [rfced] Please clarify the following sentence. We note that DDR is defined in RFC 9462, and DNR is defined in RFC 9463. We also note that RFC 9463 is cited for DNR later in this document. May we update the text as shown below? Original: * Using an alternative DNS server (via encrypted transport) to avoid detection by malware DNS filtering services [malware-doh]. Specifically, malware may not use the Do53 or encrypted DNS server provided by the local network (DHCP, DNR [RFC9462] or DDR [RFC9462]). Perhaps: * Using an alternative DNS server (via encrypted transport) to avoid detection by malware DNS filtering services [malware-doh]. Specifically, malware may not use the Do53 or encrypted DNS server provided by the local network (DHCP, Discovery of Network-designated Resolvers (DNR) [RFC9463], or Discovery of Designated Resolvers (DDR) [RFC9462]). --> <t>Using an alternative DNS server (via encrypted transport) to avoid detection by malware DNS filtering services <xreftarget="malware-doh"></xref>.target="MALWARE-DOH" format="default"/>. Specifically, malware may not use the Do53 or encrypted DNS server provided by the local network (DHCP,DNRDiscovery of Network-designated Resolvers (DNR) <xreftarget="RFC9462"></xref>target="RFC9462" format="default"/>, orDDRDiscovery of Designated Resolvers (DDR) <xreftarget="RFC9462"></xref>).</t> </list></t>target="RFC9462" format="default"/>).</t> </li> </ul> <t>If (D)TLS profile parameters are defined, the following functionsare possible whichthat have a positive impact on the local networksecurity:</t> <t><list style="symbols">security are possible:</t> <ul spacing="normal"> <li> <t>Permit intended DTLS or TLSuseuse, and block malicious DTLS or TLS use. <!-- [rfced] We find that the phrase "layers 3 and 4 Access Control Lists" may be difficult for readers to interpret. May we rephrase it as below for readability? Original: This is superior to the layers 3 and 4 Access Control Lists (ACLs) of Manufacturer Usage Description Specification (MUD) [RFC8520] which are not suitable for broad communication patterns. Perhaps: This is superior to the Access Control Lists (ACLs) of Layers 3 and 4 in "Manufacturer Usage Description Specification" [RFC8520], which are not suitable for broad communication patterns. --> This is superior to the layers 3 and 4 Access Control Lists (ACLs) of Manufacturer Usage Description Specification (MUD) <xreftarget="RFC8520"></xref>target="RFC8520" format="default"/>, which are not suitable for broad communication patterns. The goal of this document is to enhance and complement the existing MUDspecifications,specifications rather thantoundermine them.</t> </li> <li> <t>Ensure TLS certificates are valid. Several TLS deployments have been vulnerable to active Man-In-The-Middle (MITM) attacks because of the lack of certificate validation or vulnerability in the certificate validation function (see <xreftarget="cryto-vulnerability"></xref>).target="CRYPTO-VULNERABILITY" format="default"/>). By observing (D)TLS profile parameters, a network element can detect when the TLS SNI mismatches the SubjectAltName and when the server's certificate is invalid. In (D)TLS 1.2 <xreftarget="RFC5246"></xref><xref target="RFC6347"></xref>,target="RFC5246" format="default"/> <xref target="RFC6347" format="default"/>, the ClientHello,ServerHelloServerHello, and Certificate messages are all sent inclear-text.cleartext. This check is not possible with (D)TLS 1.3, which encrypts the Certificate messagethereby hidingand therefore hides the server identity from any intermediary. In (D)TLS 1.3, the server certificate validation functions should be executed within an on-path (D)TLSproxy,proxy if such a proxy exists.</t> </li> <li> <t>Support new communication patterns. An IoT device can learn a new capability, and the new capability can change the way the IoT device communicates with other devices located in the local network and the Internet. There would be an inaccurate policy if an IoT device rapidly changes the IP addresses and domain names it communicates with while the MUD ACLs were slower to update (see <xreftarget="clear-as-mud"></xref>).target="CLEAR-AS-MUD" format="default"/>). In such a case, observable (D)TLS profile parameters can be used to permit intended use andtoblock malicious behavior from the IoT device.</t></list></t></li> </ul> <t>The YANG module specified in <xreftarget="YANG2"></xref>target="YANG2" format="default"/> of this document is an extension ofYANG"YANG Data Model for Network Access Control Lists(ACLs)(ACLs)" <xreftarget="RFC8519"></xref>target="RFC8519" format="default"/> to enhance MUD <xreftarget="RFC8520"></xref>target="RFC8520" format="default"/> to model observable (D)TLS profile parameters. Using these (D)TLS profile parameters, an active MUD-enforcing network security service (e.g., firewall) can identify MUD non-compliant (D)TLS behavior indicating outdated cryptography or malware. This detection can prevent malware downloads, block access to malicious domains, enforce use of strong ciphers, stop data exfiltration, etc. In addition, organizations may have policies around acceptable ciphers and certificates for the websites the IoT devices connect to. Examples include no use of old and less secure versions of TLS, no use of self-signed certificates, deny-list or accept-list of Certificate Authorities, valid certificate expiration time, etc. These policies can be enforced by observing the (D)TLS profile parameters. Network security services can use the IoT device's (D)TLS profile parameters to identify legitimate flows by observing (D)TLS sessions, and can make inferences to permit legitimate flows andtoblock malicious or insecure flows. Additionally, it supports network communications adherence to security policies by ensuring that TLS certificates are valid and deprecated cipher suites are avoided. The proposed technique is also suitable in deployments where decryption techniques are not ideal due to privacy concerns, non-cooperatingend-points,endpoints, and expense.</t> </section> <section anchor="notation"title="Terminology"> <t>Thenumbered="true" toc="default"> <name>Terminology</name> <t> The key words"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY","<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and"OPTIONAL""<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described inBCP 14BCP 14 <xref target="RFC2119"/> <xreftarget="RFC2119"></xref><xref target="RFC8174"></xref>target="RFC8174"/> when, and only when, they appear in all capitals, as shownhere.</t> <t>"(D)TLS" is usedhere. </t> <dl newline="false" spacing="normal"> <dt>(D)TLS:</dt><dd>Used for statements that apply to both Transport Layer Security <xreftarget="RFC8446"></xref>target="RFC8446" format="default"/> and Datagram Transport Layer Security <xreftarget="RFC6347"></xref>.target="RFC6347" format="default"/>. Specific terms "TLS" and "DTLS" are used for any statement that applies to either protocolalone.</t> <t>'DoH/DoT' refersalone.</dd> <dt>DoH/DoT:</dt><dd>Refers to DNS-over-HTTPS and/or DNS-over-TLS <xreftarget="RFC7858"></xref>.</t> <t>Middlebox: Atarget="RFC7858" format="default"/>.</dd> <dt>Middlebox:</dt><dd>A middlebox that interacts with TLS traffic can either act as a TLS proxy, intercepting and decrypting the traffic for inspection, or inspect the traffic between TLS peers without terminating the TLSsession.</t> <t>Endpointsession.</dd> <dt>Endpoint SecurityAgent: AnAgent:</dt><dd>An Endpoint Security Agent is a software installed on endpoint devices that protects them from security threats. It provides features such as malware protection, firewall, and intrusion prevention to ensure the device's security andintegrity.</t> <t>Networkintegrity.</dd> <dt>Network SecurityService: AService:</dt><dd>A Network Security Service refers to a set of mechanisms designed to protect network communications and resources fromattacks.</t>attacks.</dd> </dl> </section> <sectiontitle="Overviewnumbered="true" toc="default"> <name>Overview of MUD (D)TLSprofilesProfiles for IoTdevices">devices</name> <t>In Enterprise networks, protection and detection are typically done both on end hosts and in the network. Endpoint security agents have deep visibility on the devices where they are installed, whereas the network has broader visibility. Installing endpoint security agents may not be a viable option on IoT devices, and network security service is an efficient means to protect such IoT devices. If the IoT device supports a MUD (D)TLS profile, the (D)TLS profile parameters of the IoT device can be used by a middlebox to detect and block malware communication, while at the same time preserving the privacy of legitimate uses of encryption. In addition, it enforces organizational security policies, ensuring that devices comply. By monitoring (D)TLS parameters, network administrators can identify and mitigate the use of outdated TLS versions, cryptographicalgorithmsalgorithms, and non-compliant certificates. The middlebox need not proxy(D)TLS(D)TLS, but can passively observe the parameters of (D)TLS handshakes from IoT devices and gain visibility into TLS 1.2 parameters and partial visibility into TLS 1.3 parameters.</t> <t>Malicious agents can try to use the (D)TLS profile parameters of legitimate agents to evade detection, but it becomes a challenge to mimic the behavior of various IoT device types and IoT device models from several manufacturers. In other words, malware developers will have to develop malicious agents per IoT device type, manufacturer and model, infect the device with the tailored malwareagentagent, and will have keep up with updates to the device's (D)TLS profile parameters over time. Furthermore, the malware's command and control server certificates need to be signed by the same certifying authorities trusted by the IoT devices. Typically, IoT devices have an infrastructure that supports a rapid deployment of updates, and malware agents will have a near-impossible task of similarly deploying updates and continuing to mimic the TLS behavior of the IoT device it has infected.</t><t>However,<!-- [rfced] How may this sentence be rephrased for readability? Specifically: Does "to identify the IoT manufacturer no longer supports the device" mean (A) "to indicate that the IoT manufacturer no longer supports the device" or (B) "to identify which IoT manufacturer no longer supports the device" or otherwise? Original: However, if the IoT device has reached end-of-life and the IoT manufacturer will not issue a firmware or software update to the IoT device or will not update the MUD file, the "is-supported" attribute defined in Section 3.6 of<xref target="RFC8520"></xref>[RFC8520] can be used by the MUD manager to identify the IoT manufacturer no longer supports the device.ThePerhaps (if option (A)): However, if the IoT device has reached end-of-life (EOL) and the IoT manufacturer will not issue a firmware or software update to the IoT device or will not update the MUD file, the "is-supported" attribute defined in Section 3.6 of [RFC8520] can be used by the MUD manager to indicate that the IoT manufacturer no longer supports the device. --> <t>However, if the IoT device has reached end-of-life (EOL) and the IoT manufacturer will not issue a firmware or software update to the IoT device or will not update the MUD file, the "is-supported" attribute defined in <xref target="RFC8520" sectionFormat="of" section="3.6"/> can be used by the MUD manager to identify the IoT manufacturer no longer supports the device. The EOL of a device, where the IoT manufacturer no longer supports it, does not necessarily mean the device is defective. Instead, it signifies that the device is no longer receiving updates, support, or security patches, which necessitates replacement and upgrading to next-generation devices to ensure continued functionality, security, and compatibility with modern networks. The network security service will have to rely on other techniques discussed in <xreftarget="Security"></xref>target="Security" format="default"/> to identify malicious connections until the device is replaced.</t> <t>Compromised IoT devices are typically used for launching DDoS attacks(Section 3 of <xref target="RFC8576"></xref>).(<xref target="RFC8576" sectionFormat="of" section="3"/>). For example, DDoS attacks like Slowloris <xreftarget="slowloris"></xref>target="SLOWLORIS" format="default"/> and Transport Layer Security (TLS) re-negotiation can be blocked if the victim's server certificate is not be signed by the same certifying authorities trusted by the IoT device.</t> </section> <sectiontitle="(D)TLSnumbered="true" toc="default"> <name>(D)TLS 1.3Handshake">Handshake</name> <t>In (D)TLS 1.3, full (D)TLS handshake inspection is not possible since all (D)TLS handshake messages excluding the ClientHello message are encrypted. (D)TLS 1.3 has introduced new extensions in the handshake record layers called Encrypted Extensions.UsingWhen using theseextensionsextensions, handshake messages will be encrypted and network security services (such as a firewall) are incapable of deciphering the handshake, and thus cannot view the server certificate. However, the ClientHello and ServerHello still have some fields visible, such as the list of supported versions, named groups, cipher suites, signaturealgorithms andalgorithms, extensions in ClientHello, and the chosen cipher in the ServerHello. For instance, if the malware uses evasion techniques like ClientHello randomization, the observable list of cipher suites and extensions offered by the malware agent in the ClientHello message will not match the list of cipher suites and extensions offered by the legitimate client in the ClientHello message, and the middlebox can block malicious flows without acting as a (D)TLS 1.3 proxy.</t> <section anchor="full"title="Fullnumbered="true" toc="default"> <name>Full (D)TLS 1.3 HandshakeInspection">Inspection</name> <t>To obtain more visibility into negotiated TLS 1.3 parameters, a middlebox can act as a (D)TLS 1.3 proxy. A middlebox can act as a (D)TLS proxy for the IoT devices owned and managed by the IT team in the Enterprise network and the (D)TLS proxy must meet the security and privacy requirements of the organization. In other words, the scope of a middlebox acting as a (D)TLS proxy is restricted to the Enterprise network owning and managing the IoT devices. The middlebox would have to follow thebehaviourbehavior detailed inSection 9.3 of<xreftarget="RFC8446"></xref>target="RFC8446" sectionFormat="of" section="9.3"/> to act as a compliant (D)TLS 1.3 proxy.</t> <t>To further increase privacy, the Encrypted Client Hello (ECH) extension <xreftarget="I-D.ietf-tls-esni"></xref>target="I-D.ietf-tls-esni" format="default"/> prevents passive observation of the TLS Server Name Indication extension and other potentially sensitive fields, such as theALPNApplication-Layer Protocol Negotiation (ALPN) <xreftarget="RFC7301"></xref>.target="RFC7301" format="default"/>. To effectively provide that privacy protection, the ECH extension needs to be used in conjunction with DNS encryption (e.g., DoH). A middlebox (e.g., firewall) passively inspecting the ECH extension cannot observe the encrypted SNI nor observe the encrypted DNS traffic. The middlebox acting as a (D)TLS 1.3 proxy that does not support the ECH extension will act as if it is connecting to the public name anditfollows thebehaviourbehavior discussed inSection 6.1.6 of<xreftarget="I-D.ietf-tls-esni"></xref>target="I-D.ietf-tls-esni" sectionFormat="of" section="6.1.6"/> to securely signal the client to disable ECH.</t> </section> <sectiontitle="Encrypted DNS">numbered="true" toc="default"> <name>Encrypted DNS</name> <t>A common usage pattern for certaintypetypes of IoT devices (e.g., light bulb) is for it to "call home" to a service that resides on the public Internet, where that service is referenced through a domain name (A or AAAA record). As discussed inManufacturer"Manufacturer Usage DescriptionSpecificationSpecification" <xreftarget="RFC8520"></xref>, becausetarget="RFC8520" format="default"/>, these devices tend to require access to very fewsites,sites. Thus, all other access should be considered suspect. This technique complements MUD policy enforcement at the TLS level by ensuring that DNS queries are monitored and filtered, thereby enhancing overall security. If an IoT device is pre-configured to use a DNS resolver not signaled by the network, the MUD policy enforcement point is moved to that resolver, which cannot enforce the MUD policy based on domain names(Section 8 of <xref target="RFC8520"></xref>).(<xref target="RFC8520" sectionFormat="of" section="8"/>). If the DNS query is not accessible for inspection, it becomes quite difficult for the infrastructure to detect any issues. Therefore, the use of a DNS resolver that is not signaled by the network is generally incompatible with MUD. A network-designated DoH/DoT server is necessary to allow MUD policy enforcement on the local network, for example, using the techniques specified inDNR<xref target="RFC9463">DNR <xref target="RFC9463" format="default"> </xref> and DDR <xreftarget="RFC9462"></xref>.</t>target="RFC9462" format="default"/>.</t> </section> </section> <section anchor="YANG"title="(D)TLSnumbered="true" toc="default"> <name>(D)TLS Profile ofaan IoTdevice">device</name> <t>This document specifies a YANG modulefor representingthat represents the (D)TLS profile. This YANG module provides a means to characterize the (D)TLS traffic profile of a device. Network security services can use these profiles to permit conformant traffic or to deny traffic from devices that deviates from it. This module uses the cryptographic types defined in <xreftarget="I-D.ietf-netconf-crypto-types"></xref>.target="RFC9640" format="default"/>. See <xreftarget="RFC7925"></xref>target="RFC7925" format="default"/> for (D)TLS 1.2 and <xreftarget="I-D.ietf-uta-tls13-iot-profile"></xref>target="I-D.ietf-uta-tls13-iot-profile" format="default"/> for DTLS 1.3 recommendations related to IoT devices, and <xreftarget="RFC9325"></xref>target="RFC9325" format="default"/> for additional (D)TLS 1.2 recommendations.</t> <t>A companion YANG module is defined to include a collection of (D)TLS parameters and (D)TLS versions maintained by IANA: "iana-tls-profile" (<xreftarget="yang-iana"></xref>).</t>target="yang-iana" format="default"/>).</t> <t>The (D)TLS parameters in each (D)TLS profile include thefollowing:<list style="symbols">following:</t> <ul spacing="normal"> <li> <t>Profile name</t> </li> <li> <t>(D)TLS versions supported by the IoT device.</t> </li> <li> <t>List of supported cipher suites(Section 11 of <xref target="RFC8446"></xref>).(<xref target="RFC8446" sectionFormat="of" section="11"/>). For(D)TLS1.2,(D)TLS 1.2, <xreftarget="RFC7925"></xref>target="RFC7925" format="default"/> recommendsAEADAuthenticated Encryption with Associated Data (AEAD) ciphers for IoT devices.</t> </li> <li> <t>List of supported extensiontypes</t>types.</t> </li> <li> <t>List of trust anchor certificates used by the IoT device. If the server certificate is signed by one of the trust anchors, the middlebox continues with the connection as normal. Otherwise, the middlebox will react as if the server certificate validation has failed and takes appropriate action (e.g,blockblocks the (D)TLS session). An IoT device can use a private trust anchor to validate a server's certificate (e.g., the private trust anchor can be preloaded at manufacturing time on the IoT device and the IoT device fetches the firmware image from theFirmwarefirmware server whose certificate is signed by the private CA). This empowers the middlebox to reject TLS sessions to servers that the IoT device does not trust.</t> </li> <li> <t>List of pre-shared key exchangemodes</t>modes.</t> </li> <li> <t>List of named groups (DHE or ECDHE) supported by theclient</t>client.</t> </li> <li> <t>List of signature algorithms the client can validate in X.509 servercertificates</t>certificates.</t> </li> <li> <t>List of signature algorithms the client is willing to accept for the CertificateVerify message(Section 4.2.3(<xref target="RFC8446" sectionFormat="of" section="4.2.3"/>). <!-- [rfced] May we update this sentence as follows? The "and in TLS to signal" part is unclear. Original: For example, a TLS client implementation can support different sets of<xref target="RFC8446"></xref>).algorithms for certificates and in TLS to signal the capabilities in "signature_algorithms_cert" and "signature_algorithms" extensions. Perhaps: For example, a TLS client implementation can support different sets of algorithms for certificates, and it can signal the capabilities in the "signature_algorithms_cert" and "signature_algorithms" extensions. --> For example, a TLS client implementation can support different sets of algorithms for certificates and in TLS to signal the capabilities in "signature_algorithms_cert" and "signature_algorithms" extensions.</t> </li> <li> <t>List of supported application protocols (e.g., h3, h2, http/1.1etc.)</t>etc.).</t> </li> <li> <t>List of certificate compression algorithms (defined in <xreftarget="RFC8879"></xref>)</t>target="RFC8879" format="default"/>).</t> </li> <li> <t>List of the distinguished names <xreftarget="X501"></xref>target="X501" format="default"/> of acceptable certificate authorities, represented in DER-encoded format <xreftarget="X690">target="X690" format="default"> </xref> (defined inSection 4.2.4 of<xreftarget="RFC8446"></xref>)</t> </list></t>target="RFC8446" sectionFormat="of" section="4.2.4"/>).</t> </li> </ul> <t><xreftarget="RFC8701">GREASE</xref>target="RFC8701" format="default">GREASE</xref> defines a mechanism for TLS peers to send random values on TLS parameters to ensure future extensibility of TLS extensions. Similar random values might be extended to other TLS parameters. Thus, the (D)TLS profile parameters defined in the YANG module by this documentMUST NOT<bcp14>MUST NOT</bcp14> include the GREASE values for extension types, named groups, signature algorithms, (D)TLS versions, pre-shared key exchange modes, ciphersuitessuites, andforany other TLS parameters defined in future RFCs.</t> <t>The (D)TLS profile does not include parameters like compression methods for datacompression,compression. <xreftarget="RFC9325"></xref>target="RFC9325" format="default"/> recommends disabling TLS-level compression to prevent compression-related attacks. In TLS 1.3, only the "null" compression method is allowed(Section 4.1.2 of <xref target="RFC8446"></xref>).</t>(<xref target="RFC8446" sectionFormat="of" section="4.1.2"/>).</t> <sectiontitle="Treenumbered="true" toc="default"> <name>Tree Structure of the (D)TLSprofileProfile Extension to the ACL YANGModel">Module</name> <t>This document augments the "ietf-acl" ACL YANG module defined in <xreftarget="RFC8519"></xref>target="RFC8519" format="default"/> for signaling the IoT device (D)TLS profile. This document defines the YANG module "ietf-acl-tls". The meaning of the symbols in the YANG tree diagram are defined in <xreftarget="RFC8340"></xref>target="RFC8340" format="default"/> and it has the following tree structure:</t><t><figure> <artwork><![CDATA[module:<sourcecode name="" type="yangtree"><![CDATA[ module: ietf-acl-tls augment /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches: +--rw client-profiles {match-on-tls-dtls}? +--rw tls-dtls-profile* [name] +--rw name string +--rw supported-tls-version* ianatp:tls-version +--rw supported-dtls-version* ianatp:dtls-version +--rw cipher-suite* ianatp:cipher-algorithm +--rw extension-type* | ianatp:extension-type +--rw accept-list-ta-cert* | ct:trust-anchor-cert-cms +--rw psk-key-exchange-mode* | ianatp:psk-key-exchange-mode | {tls13 or dtls13}? +--rw supported-groups* | ianatp:supported-group +--rw signature-algorithm-cert* | ianatp:signature-algorithm | {tls13 or dtls13}? +--rw signature-algorithm* | ianatp:signature-algorithm +--rw application-protocol* | ianatp:application-protocol +--rw cert-compression-algorithm* | ianatp:cert-compression-algorithm | {tls13 or dtls13}? +--rw certificate-authorities* certificate-authority {tls13 or dtls13}?]]></artwork> </figure></t>]]></sourcecode> </section> <section anchor="YANG2"title="Thenumbered="true" toc="default"> <name>The (D)TLSprofileProfile Extension to the ACL YANGModel"> <t><figure> <artwork><![CDATA[<CODE BEGINS> file "ietf-acl-tls@2024-01-23.yang"Module</name> <!--[rfced] Note that the YANG modules have been updated per the formatting option of pyang. Please let us know any concerns. --> <!--[rfced] Regarding the contact statement in the ietf-acl-tls and ietf-mud-tls YANG modules, would you like to add Dan Wing and Blake Anderson, i.e., to list all authors of this document? (FYI, Tiru, your name has been updated to match your preference in past RFCs. Just let us know if updates are needed.) Current: Author: Tirumaleswar Reddy.K kondtir@gmail.com --> <sourcecode name="ietf-acl-tls@2025-03-10.yang" type="yang" markers="true"><![CDATA[ module ietf-acl-tls { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-acl-tls"; prefix acl-tls; import iana-tls-profile { prefix ianatp; reference "RFCXXXX:9761: Manufacturer Usage Description (MUD)(D)TLSfor TLS and DTLS Profiles forIoTInternet of Things (IoT) Devices"; } import ietf-crypto-types { prefix ct; reference"draft-ietf-netconf-crypto-types:"RFC 9640: YANG Data Types and Groupings for Cryptography"; } import ietf-access-control-list { prefix acl; reference "RFC 8519: YANG Data Model for Network Access Control Lists (ACLs)"; } organization "IETF OPSAWG (Operations and Management Area Working Group)"; contact "WG Web: <https://datatracker.ietf.org/wg/opsawg/> WG List: opsawg@ietf.org Author:Konda,TirumaleswarReddyReddy.K kondtir@gmail.com "; description "This YANG module defines a component that augments the IETF description of an access list to allow (D)TLSprofileprofiles as matching criteria. Copyright (c)20242025 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Revised BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). This version of this YANG module is part of RFCXXXX;9761; see the RFC itself for full legal notices."; revision2022-10-102025-03-10 { description "Initialrevision";revision."; reference "RFCXXXX:9761: Manufacturer Usage Description (MUD)(D)TLSfor TLS and DTLS Profiles forIoTInternet of Things (IoT) Devices"; } feature tls12 { description "TLS Protocol Version 1.2 is supported."; reference "RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2"; } feature tls13 { description "TLS Protocol Version 1.3 is supported."; reference "RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3"; } feature dtls12 { description "DTLS Protocol Version 1.2 is supported."; reference "RFC 6347: Datagram Transport Layer Security Version 1.2"; } feature dtls13 { description "DTLS Protocol Version 1.3 is supported."; reference "RFC 9147: Datagram Transport Layer Security 1.3"; } feature match-on-tls-dtls { description "The networking device can support matching on (D)TLS parameters."; } typedef spki-pin-set { type binary; description "Subject Public Key Info pin set as discussed in Section 2.4 ofRFC7469.";RFC 7469."; } typedef certificate-authority { type string; description "Distinguished Name of Certificate authority as discussed in Section 4.2.4 ofRFC8446.";RFC 8446."; } augment "/acl:acls/acl:acl/acl:aces/acl:ace/acl:matches" { if-feature "match-on-tls-dtls"; description "(D)TLS specific matches."; container client-profiles { description "A grouping for (D)TLS profiles."; list tls-dtls-profile { key "name"; description "A list of (D)TLS version profiles supported by the client."; leaf name { type string { length "1..64"; } description "The name of (D)TLS profile; space and special characters are not allowed."; } leaf-list supported-tls-version { type ianatp:tls-version; description "TLS versions supported by the client."; } leaf-list supported-dtls-version { type ianatp:dtls-version; description "DTLS versions supported by the client."; } leaf-list cipher-suite { type ianatp:cipher-algorithm; description "A list of Cipher Suites supported by the client."; } leaf-list extension-type { type ianatp:extension-type; description "A list of Extension Types supported by the client."; } leaf-list accept-list-ta-cert { type ct:trust-anchor-cert-cms; description "A list of trust anchor certificates used by the client."; } leaf-list psk-key-exchange-mode { if-feature "tls13 or dtls13"; type ianatp:psk-key-exchange-mode; description "pre-shared key exchange modes."; } leaf-list supported-group { type ianatp:supported-group; description "A list of named groups supported by the client."; } leaf-list signature-algorithm-cert { if-feature "tls13 or dtls13"; type ianatp:signature-algorithm; description "A list signature algorithms the client can validate in X.509 certificates."; } leaf-list signature-algorithm { type ianatp:signature-algorithm; description "A list signature algorithms the client can validate in the CertificateVerify message."; } leaf-list application-protocol { type ianatp:application-protocol; description "A list application protocols supported by the client."; } leaf-list cert-compression-algorithm { if-feature "tls13 or dtls13"; type ianatp:cert-compression-algorithm; description "A list certificate compression algorithms supported by the client."; } leaf-list certificate-authorities { if-feature "tls13 or dtls13"; type certificate-authority; description "A list of the distinguished names of certificate authorities acceptable to the client."; } } } } }<CODE ENDS> ]]></artwork> </figure></t>]]></sourcecode> </section> <section anchor="yang-iana"title="IANAnumbered="true" toc="default"> <name>IANA (D)TLSprofileProfile YANGModule">Module</name> <!-- (Note the URL provided also lead to .txt versions of the registries). "Transport Layer Security (TLS) Parameters" registry group (https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml) "Transport Layer Security (TLS) Extensions" registry group (https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml) I've included XML for references to these registry groups below: XML for "Transport Layer Security (TLS) Parameters" registry group (Note: needs cite tag/reference anchor) <reference anchor="" target="https://www.iana.org/assignments/tls-parameters"> <front> <title>Transport Layer Security (TLS) Parameters</title> <author> <organization>IANA</organization> </author> </front> </reference> XML for "Transport Layer Security (TLS) Extensions" registry group (Note: needs cite tag/reference anchor) <reference anchor="" target="https://www.iana.org/assignments/tls-extensiontype-values"> <front> <title>Transport Layer Security (TLS) Extensions</title> <author> <organization>IANA</organization> </author> </front> </reference> --> <t>The TLS and DTLS IANA registries are available from <ereftarget="https://www.iana.org/assignments/tls-parameters/tls-parameters.txt"></eref>target="https://www.iana.org/assignments/tls-parameters" brackets="angle" /> and <ereftarget="https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.txt"></eref>.target="https://www.iana.org/assignments/tls-extensiontype-values" brackets="angle" />. Changes toTLSTLS- andDTLS relatedDTLS-related IANA registries are discussed in <xreftarget="RFC8447"></xref>.</t>target="RFC8447" format="default"/>.</t> <t>The values for all the parameters in the "iana-tls-profile" YANG module are defined in the TLS and DTLS IANA registries excluding the tls-version, dtls-version, spki-pin-set, and certificate-authority parameters. The values of spki-pin-set and certificate-authority parameters will be specific to the IoT device.</t> <t>The TLS and DTLS IANA registries do not maintain (D)TLS version numbers. In (D)TLS 1.2 and below, the "legacy_version" field in the ClientHello message is used for version negotiation. However, in (D)TLS 1.3, the "supported_versions" extension is used by the client to indicate which versions of (D)TLS it supports. TLS 1.3 ClientHello messages are identified as having a "legacy_version" of 0x0303 and a "supported_versions" extension present with 0x0304 as the highest version. DTLS 1.3 ClientHello messages are identified as having a "legacy_version" of 0xfefd and a "supported_versions" extension present with 0x0304 as the highest version.</t> <t>In order to ease updating the "iana-tls-profile" YANG module with future (D)TLS versions, new (D)TLS version registries are defined in <xreftarget="tls-registry"></xref>target="tls-registry" format="default"/> and <xreftarget="dtls-registry"></xref>.target="dtls-registry" format="default"/>. Whenever a new (D)TLS protocol version is defined, the registry will be updated using expert review; the "iana-tls-profile" YANG module will be automatically updated by IANA.</t> <t>Implementers or users of this specification must refer to the IANA-maintained "iana-tls-profile" YANG module available atXXXX [Note to RFC Editor to replace "XXXX" with the URL link of the IANA-maintained "iana-tls-profile" YANG module].</t><eref target="https://www.iana.org/assignments/yang-parameters" brackets="angle"/>.</t> <t>The initial version of the "iana-tls-profile" YANG module is defined as follows:</t><t><figure> <artwork><![CDATA[<CODE BEGINS> file "iana-tls-profile@2024-01-23.yang"<sourcecode name="iana-tls-profile@2025-03-10.yang" type="yang" markers="true"><![CDATA[ module iana-tls-profile { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:iana-tls-profile"; prefix ianatp; organization "IANA"; contact " Internet Assigned Numbers Authority Postal: ICANN 12025 Waterfront Drive, Suite 300 Los Angeles, CA 90094-2536 United States Tel: +1 310 301 5800E-Mail:Email: iana@iana.org>"; description "This module contains the YANG definition for the (D)TLS profile. Copyright (c)20242025 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Revised BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). All revisions of IETF and IANA published modules can be found at the YANG Parameters registry (https://www.iana.org/assignments/yang-parameters). The initial version of this YANG module is part of RFCXXXX;9761; see the RFC itself for full legal notices.// RFC Ed.: replace the IANA_TLS-PROFILE_URL and remove this noteThe latest version of this YANG module is available at<IANA_TLS-PROFILE_URL>.";https://www.iana.org/assignments/yang-parameters."; revision2024-01-232025-03-10 { description "Initialrevision";revision."; reference "RFCXXXX:9761: Manufacturer Usage Description (MUD)(D)TLSfor TLS and DTLS Profiles forIoTInternet of Things (IoT) Devices"; } typedef extension-type { type uint16; description "Extension type in the TLS ExtensionType Values registry as defined in Section 7 ofRFC8447.";RFC 8447."; } typedef supported-group { type uint16; description "Supported Group in the TLS Supported Groups registry as defined in Section 9 ofRFC8447.";RFC 8447."; } typedef signature-algorithm { type uint16; description "Signature algorithm in the TLS SignatureScheme registry as defined in Section 11 ofRFC8446.";RFC 8446."; } typedef psk-key-exchange-mode { type uint8; description "Pre-shared key exchange mode in the TLS PskKeyExchangeMode registry as defined in Section 11 ofRFC8446.";RFC 8446."; } typedef application-protocol { type string; description "Application-Layer Protocol Negotiation (ALPN) Protocol ID registry as defined in Section 6 ofRFC7301.";RFC 7301."; } typedef cert-compression-algorithm { type uint16; description "Certificate compression algorithm in TLS Certificate Compression Algorithm IDs registry as defined in Section 7.3 ofRFC8879.";RFC 8879."; } typedef cipher-algorithm { type uint16; description "Cipher suite in TLS Cipher Suites registry as discussed in Section 11 ofRFC8446.";RFC 8446."; } typedef tls-version { type enumeration { enum tls12 { value 1; description "TLS Protocol Version 1.2. TLS 1.2 ClientHello contains 0x0303 in 'legacy_version'."; reference "RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2"; } enum tls13 { value 2; description "TLS Protocol Version 1.3. TLS 1.3 ClientHello contains a supported_versions extension with 0x0304 contained in its body and the ClientHello contains 0x0303 in 'legacy_version'."; reference "RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3"; } } description "Indicates the TLS version."; } typedef dtls-version { type enumeration { enum dtls12 { value 1; description "DTLS Protocol Version 1.2. DTLS 1.2 ClientHello contains 0xfefd in 'legacy_version'."; reference "RFC 6347: Datagram Transport Layer Security 1.2"; } enum dtls13 { value 2; description "DTLS Protocol Version 1.3. DTLS 1.3 ClientHello contains a supported_versions extension with 0x0304 contained in its body and the ClientHello contains 0xfefd in 'legacy_version'."; reference "RFC 9147: Datagram Transport Layer Security 1.3"; } } description "Indicates the DTLS version."; } }<CODE ENDS> ]]></artwork> </figure></t>]]></sourcecode> </section> <section anchor="mud-dtls-extension"title="MUDnumbered="true" toc="default"> <name>MUD (D)TLS ProfileExtension">Extension</name> <t>This document augments the "ietf-mud" MUD YANG module to indicate whether the device supports (D)TLS profile. If the "ietf-mud-tls" extension is supported by the device, MUD file is assumed to implement the "match-on-tls-dtls" ACL model feature defined in this specification. Furthermore, only "accept" or "drop" actionsSHOULD<bcp14>SHOULD</bcp14> be included with the (D)TLS profile similar to the actions allowed inSection 2 of<xreftarget="RFC8520"></xref>.</t>target="RFC8520" sectionFormat="of" section="2"/>.</t> <t>This document defines the YANG module "ietf-mud-tls", which has the following tree structure:</t><t><figure> <artwork><![CDATA[module:<sourcecode name="" type="yangtree"><![CDATA[ module: ietf-mud-tls augment /ietf-mud:mud: +--rw is-tls-dtls-profile-supported? boolean]]></artwork> </figure></t>]]></sourcecode> <t>The model is defined as follows:</t><t><figure> <artwork><![CDATA[<CODE BEGINS> file "ietf-mud-tls@2020-10-20.yang"<sourcecode name="ietf-mud-tls@2025-03-10.yang" type="yang" markers="true"><![CDATA[ module ietf-mud-tls { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-mud-tls"; prefix ietf-mud-tls; import ietf-mud { prefix ietf-mud; reference "RFC 8520: Manufacturer Usage Description Specification"; } organization "IETF OPSAWG (Operations and Management Area Working Group)"; contact "WG Web: <https://datatracker.ietf.org/wg/opsawg/> WG List: opsawg@ietf.org Author:Konda,TirumaleswarReddyReddy.K kondtir@gmail.com "; description "Extension to a MUD module to indicate (D)TLS profile support. Copyright (c)20242025 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Revised BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). This version of this YANG module is part of RFCXXXX;9761; see the RFC itself for full legal notices."; revision2022-10-102025-03-10 { description "Initial revision."; reference "RFCXXXX:9761: Manufacturer Usage Description (MUD)(D)TLSfor TLS and DTLS Profiles forIoTInternet of Things (IoT) Devices"; } augment "/ietf-mud:mud" { description "This adds an extension for a manufacturer to indicate whether the (D)TLS profile is supported by a device."; leaf is-tls-dtls-profile-supported { type boolean; defaultfalse;"false"; description "This value will equal 'true' if a device supports (D)TLS profile."; } } }<CODE ENDS> ]]></artwork> </figure></t>]]></sourcecode> </section> </section> <section anchor="processing"title="Processingnumbered="true" toc="default"> <name>Processing of the MUD (D)TLSProfile">Profile</name> <t>The following text outlines the rules for a network security service (e.g., firewall) to follow to process the MUD (D)TLS Profile so as to avoid ossification:</t><t><list style="symbols"><ul spacing="normal"> <li> <t>If the (D)TLS parameter observed in a (D)TLS session is not specified in the MUD (D)TLS profile and the parameter is recognized by the firewall, it can identify unexpected (D)TLS usage, which can indicate the presence of unauthorized software or malware on an endpoint. The firewall can take severalactions like blockactions, such as blocking the (D)TLS session orraiseraising an alert to quarantine and remediate the compromised device. For example, if the cipher suite TLS_RSA_WITH_AES_128_CBC_SHA in the ClientHello message is not specified in the MUD (D)TLS profile and the cipher suite is recognized by the firewall, it can identify unexpected TLS usage.</t> </li> <li> <t>If the (D)TLS parameter observed in a (D)TLS session is not specified in the MUD (D)TLS profile and the (D)TLS parameter is not recognized by the firewall, it can ignore the unrecognized parameter and the correct behavior is not to block the (D)TLS session. Thebehaviourbehavior is functionally equivalent to the compliant TLS middlebox description inSection 9.3 of<xreftarget="RFC8446"></xref>target="RFC8446" sectionFormat="of" section="9.3"/> to ignore all unrecognized cipher suites, extensions, and other parameters. For example, if the cipher suite TLS_CHACHA20_POLY1305_SHA256 in the ClientHello message is not specified in the MUD (D)TLS profile and the cipher suite is not recognized by the firewall, it can ignore the unrecognized cipher suite. This rule also ensures that the network security service will ignore the GREASE values advertised by TLS peers and interoperate with the implementations advertising GREASE values.</t> </li> <li> <t>Deployments update at different rates, so an updated MUD (D)TLS profile may support newer parameters. If the firewall does not recognize the newer parameters, an alert should be triggered to the firewall vendor and the IoT device owner or administrator. A firewall must be readilyupdatable,updatable so that when new parameters in the MUD (D)TLS profile are discovered that are not recognized by the firewall, it can be updated quickly. Most importantly, if the firewall is not readily updatable, its protection efficacy to identify emerging malware will decrease with time. For example, if the cipher suite TLS_AES_128_CCM_8_SHA256 specified in the MUD (D)TLS profile is not recognized by the firewall, an alert will be triggered. Similarly, if the (D)TLS version specified in the MUD file is not recognized by the firewall, an alert will be triggered.</t> </li> <li> <t>If the MUD (D)TLS profile includes any parameters that are susceptible to attacks (e.g., weaker cryptographic parameters), an alertMUST<bcp14>MUST</bcp14> be triggered to the firewall vendor and the IoT device owner or administrator.</t></list></t></li> </ul> </section> <section anchor="Example"title="MUDnumbered="true" toc="default"> <name>MUD FileExample">Example</name> <t>The example below contains (D)TLS profile parameters foraan IoT device used to reach servers listening on port 443 using TCP transport. JSON encoding ofYANG modelledYANG-modeled data <xreftarget="RFC7951"></xref>target="RFC7951" format="default"/> is used to illustrate the example.</t><t><figure> <artwork><![CDATA[{<!-- [rfced] Please review the "type" attribute of each sourcecode element in the XML file to ensure correctness. If the current list of preferred values for "type" (https://www.rfc-editor.org/rpc/wiki/doku.php?id=sourcecode-types) does not contain an applicable type, then feel free to let us know. Also, it is acceptable to leave the "type" attribute not set. --> <sourcecode name="" type=""><![CDATA[{ "ietf-mud:mud": { "mud-version": 1, "mud-url": "https://example.com/IoTDevice", "last-update": "2024-08-05T03:56:40.105+10:00", "cache-validity": 100, "extensions": [ "ietf-mud-tls" ], "ietf-mud-tls:is-tls-dtls-profile-supported": "true", "is-supported": true, "systeminfo": "IoT device name", "from-device-policy": { "access-lists": { "access-list": [ { "name": "mud-7500-profile" } ] } }, "ietf-access-control-list:acls": { "acl": [ { "name": "mud-7500-profile", "type": "ipv6-acl-type", "aces": { "ace": [ { "name": "cl0-frdev", "matches": { "ipv6": { "protocol": 6 }, "tcp": { "ietf-mud:direction-initiated": "from-device", "destination-port": { "operator": "eq", "port": 443 } }, "ietf-acl-tls:client-profile" : { "tls-dtls-profiles" : [ { "name" : "profile1", "supported-tls-versions" : ["tls13"], "cipher-suite" : [4865, 4866], "extension-types" : [10,11,13,16,24], "supported-groups" : [29] } ] }, "actions": { "forwarding": "accept" } } } ] } } ] } } }]]></artwork> </figure></t>]]></sourcecode> <t>The following illustrates the example scenarios for processing the aboveprofile:<list style="symbols">profile:</t> <ul spacing="normal"> <li> <t>If the extension type "encrypt_then_mac" (code point 22) <xreftarget="RFC7366"></xref>target="RFC7366" format="default"/> in the ClientHello message is recognized by the firewall, it can identify unexpected TLS usage.</t> </li> <li> <t>If the extension type "token_binding" (code point 24) <xreftarget="RFC8472"></xref>target="RFC8472" format="default"/> in the MUD (D)TLS profile is not recognized by the firewall, it can ignore the unrecognized extension. Because the extension type "token_binding" is specified in the profile, an alert will be triggered to the firewall vendor and the IoT device owner or administrator to notify the firewall is not up-to-date.</t> </li> <li> <t>The two-byte values assigned by IANA for the cipher suites TLS_AES_128_GCM_SHA256 and TLS_AES_256_GCM_SHA384 are represented in decimal format.</t></list></t></li> </ul> </section> <section anchor="ACL"title="Software-Basednumbered="true" toc="default"> <name>Software-Based ACLs and ACLswithinWithin a (D)TLS 1.3Proxy"> <t>WhileProxy</name> <!--[rfced] Is the expansion of TCAM accurate here? (It was plural in the original; it is not plural currently.) Original: While ACL technology is traditionally associated with fixed-length bit matching in hardware implementations, such as those found in TCAMs, the use of ACLs in software, ... Current: While ACL technology is traditionally associated with fixed-length bit matching in hardware implementations, such as those found in Ternary Content-Addressable Memory (TCAM), the use of ACLs in software, ... --> <t>While ACL technology is traditionally associated with fixed-length bit matching in hardware implementations, such as those found in Ternary Content-Addressable Memory (TCAM), the use of ACLs in software, like with iptables, allows for more flexible matching criteria, including string matching. In the context of MUD (D)TLS profiles, the ability to match binary data and strings is a deliberatechoice,choice made to leverage the capabilities of software-based ACLs. This enables more dynamic and context-sensitive access control, which is essential for the intended application of MUD. The DNS extension added to ACL in the MUD specification <xreftarget="RFC8520"></xref>target="RFC8520" format="default"/> alsorequirerequires software-based ACLs.</t> <t>Regarding the use of MUD (D)TLS ACL in a (D)TLS 1.3 proxy, the goal is for the proxy to intercept the (D)TLS handshake before applying any ACL rules. This implies that MUD (D)TLS ACL matching would need to occur after decrypting the encrypted TLS handshake messages within the proxy. The proxy would inspect the handshake fields according to the MUD profile. <!-- [rfced] May this sentence be updated as follows? Should the "messages" be singular to match the first stage? Original: ACL matching would be performed in two stages: first, by filtering clear-text TLS handshake message and second, by filtering after decrypting the TLS handshake messages. Perhaps (if singular): ACL matching would be performed in two stages: first, by filtering the clear-text TLS handshake message; second, by filtering after decrypting the TLS handshake message. Or (if singular, and putting the steps of the second stage in order): ACL matching would be performed in two stages: first, by filtering the clear-text TLS handshake message; second, by decrypting the TLS handshake message then filtering it once more. --> ACL matching would be performed in two stages: first, by filtering clear-text TLS handshake message and second, by filtering after decrypting the TLS handshake messages.</t> </section> <section anchor="Security"title="Security Considerations">numbered="true" toc="default"> <name>Security Considerations</name> <t>Security considerations in <xreftarget="RFC8520"></xref>target="RFC8520" format="default"/> need to be taken into consideration. The middleboxMUST<bcp14>MUST</bcp14> adhere to the invariants discussed inSection 9.3 of<xreftarget="RFC8446"></xref>target="RFC8446" sectionFormat="of" section="9.3"/> to act as a compliant proxy.</t> <t>Although it is challenging for malware to mimic the TLS behavior of various IoT device types and models from different manufacturers, there is still a potential for malicious agents to use similar (D)TLS profile parameters as legitimate devices to evade detection. This difficulty arises because IoT devices often have distinct (D)TLS profiles between models and especially between manufacturers. While malware may find it hard to perfectly replicate the TLS behavior across such diverse devices, it is not impossible. Malicious agents might manage to use (D)TLS profile parameters that resemble those of legitimate devices. The feasibility of this depends on the nature of the profile parameters; for instance, parameters like certificate authorities are complex to mimic, while others, such as signature algorithms, may be easier to replicate. The difficulty in mimicking these profiles correlates with the specificity of the profiles and the variability in parameters used by different devices.</t> <t>Network security services should also rely on contextual network data (e.g., domain name, IPaddress etc)address, etc.) to detect false negatives. For example, network security services filtermalciousmalicious domain names and destination IP addresses with a bad reputation score.Further, InFurthermore, in order to detect such malicious flows, anomaly detection (deep learning techniques on network data) can be used to detect malicious agents using the same (D)TLS profile parameters as the legitimate agent on the IoT device. In anomaly detection, the main idea is to maintain rigorous learning of "normal" behavior and where an "anomaly" (or an attack) is identified and categorized based on the knowledge about the normal behavior and a deviation from this normal behavior. Network security vendors leverage TLS parameters and contextual network data to identify malware (for example, see <xreftarget="eve"></xref>).</t>target="EVE" format="default"/>).</t> <t>The efficacy of identifying malware in (D)TLS 1.3 flows will be significantly reduced without leveraging contextual network data or acting as a proxy, as the encryption in (D)TLS 1.3 obscures many of the handshake details that could otherwise be used for detection.</t> <sectiontitle="Challengesnumbered="true" toc="default"> <name>Challenges in Mimicking (D)TLS 1.2 Handshakes for IoTDevices">Devices</name> <t>(D)TLS 1.2 generally does not require a proxy, as all fields in the (D)TLS profile are transmitted inclear textcleartext during the handshake. While it is technically possible for an attacker to observe and mimic the handshake, an attacker would need to use a domain name and destination IP address with a good reputation, obtain certificates from the same CAs used by the IoT devices, and evade traffic analysistecniquestechniques (e.g., <xreftarget="eve"></xref>,target="EVE" format="default"/>, which detects malicious patterns in encrypted traffic without decryption). This task is particularly challenging because IoT devices often have distinct (D)TLSprofiles, varyingprofiles that vary between models and manufacturers. Unlike the developers of legitimate applications, malware authors are under additionalconstraintsconstraints, such as avoiding any noticeable differences on the infected devices and the potential for take-down requests impacting their server infrastructure (e.g., certificate revocation by a CA upon reporting).</t> </section> <sectiontitle="Considerationsnumbered="true" toc="default"> <name>Considerations for the"iana-tls-profile" Module">"iana-tls-profile" Module</name> <t>This section follows the template defined in <xref target="I-D.ietf-netmod-rfc8407bis" sectionFormat="of" section="3.7.1"/>.</t> <!-- [rfced] Because of your note that the template in rfc8407bis has been used, we will update this paragraph (which appears in Sections 9.2, 9.3, and 9.4) to match Section 3.7.1 of rfc8407bis as follows. Please let us know if that is not what you intended. Original: This section follows the template defined in Section 3.7.1 of<xref target="I-D.ietf-netmod-rfc8407bis"></xref>.</t>[I-D.ietf-netmod-rfc8407bis]. The YANG module specified in this document defines a schema for data can possibly be accessed via network management protocols such as NETCONF [RFC6241] or RESTCONF [RFC8040]. These network management protocols are required to use a secure transport layer and mutual authentication, e.g., SSH [RFC6242] without the "none" authentication option, Transport Layer Security (TLS) [RFC8446] with mutual X.509 authentication, and HTTPS with HTTP authentication (Section 11 of [RFC9110]). The Network Access Control Model (NACM) [RFC8341] provides the means to restrict access for particular users to a pre-configured subset of all available protocol operations and content. Perhaps (following draft-ietf-netmod-rfc8407bis-22): This section follows the template defined in Section 3.7.1 of [YANG-GUIDELINES]. The "iana-tls-profile" YANG module defines a data model that is designed to be accessed via YANG-based management protocols, such as NETCONF [RFC6241] and RESTCONF [RFC8040]. These protocols have to use a secure transport layer (e.g., SSH [RFC4252], TLS [RFC8446], and QUIC [RFC9000]) and have to use mutual authentication. The Network Configuration Access Control Model (NACM) [RFC8341] provides the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content. --> <!-- DNE --> <t>The "iana-tls-profile" YANG module specified in this document defines a schema for data can possibly be accessed via network management protocols such as NETCONF <xreftarget="RFC6241"></xref>target="RFC6241" format="default"/> or RESTCONF <xreftarget="RFC8040"></xref>.target="RFC8040" format="default"/>. These network management protocols are required to use a secure transport layer and mutual authentication, e.g., SSH <xreftarget="RFC6242"></xref>target="RFC6242" format="default"/> without the "none" authentication option, Transport Layer Security (TLS) <xreftarget="RFC8446"></xref>target="RFC8446" format="default"/> with mutual X.509 authentication, and HTTPS with HTTP authentication(Section 11 of <xref target="RFC9110"></xref>).</t>(<xref target="RFC9110" sectionFormat="of" section="11"/>).</t> <t>The Network Access Control Model (NACM) <xreftarget="RFC8341"></xref>target="RFC8341" format="default"/> provides the means to restrict access for particular users to a pre-configured subset of all available protocol operations and content.</t> <!-- DNE --> <t>This YANG module defines YANGenumerations,enumerations for a public IANA- maintained registry.</t> <t>YANG enumerations are not security-sensitive, as they are statically defined in the publicly-accessible YANG module. IANAMAY<bcp14>MAY</bcp14> deprecate and/or obsolete enumerations over time as needed to address security issues.</t> <t>This module does not define any writable-nodes, RPCs, actions, or notifications, and thus the security consideration for such is not provided here.</t> </section> <sectiontitle="Considerationsnumbered="true" toc="default"> <name>Considerations for the"ietf-acl-tls" Module">"ietf-acl-tls" Module</name> <t>This section follows the template defined inSection 3.7.1 of<xreftarget="I-D.ietf-netmod-rfc8407bis"></xref>.</t>target="I-D.ietf-netmod-rfc8407bis" sectionFormat="of" section="3.7.1"/>.</t> <!-- DNE --> <t>The "ietf-acl-tls" YANG module specified in this document defines a schema for data that is designed to be accessed via network management protocols such as NETCONF <xreftarget="RFC6241">target="RFC6241" format="default"> </xref> or RESTCONF <xreftarget="RFC8040"></xref>.target="RFC8040" format="default"/>. These network management protocols are required to use a secure transport layer and mutual authentication, e.g., SSH <xreftarget="RFC6242"></xref>target="RFC6242" format="default"/> without the "none" authentication option, Transport Layer Security (TLS) <xreftarget="RFC8446"></xref>target="RFC8446" format="default"/> with mutual X.509 authentication, and HTTPS with HTTP authentication(Section 11 of <xref target="RFC9110"></xref>).</t>(<xref target="RFC9110" sectionFormat="of" section="11"/>).</t> <t>The Network Access Control Model (NACM) <xreftarget="RFC8341"></xref>target="RFC8341" format="default"/> provides the means to restrict access for particular users to a pre-configured subset of all available protocol operations and content.</t> <!-- DNE --> <t>Please be aware that this YANG module uses groupings from other YANG modules that define nodes that may be considered sensitive or vulnerable in network environments. Please review the Security Considerations for dependent YANG modules for information as to which nodes may be considered sensitive or vulnerable in network environments.</t> <t>All the writable data nodes defined by this module may be considered sensitive or vulnerable in some network environments. For instance, the addition or removal of references to trusted anchors, (D)TLS versions, ciphersuitessuites, etc., can dramatically alter the implemented security policy. For this reason, the NACM extension "default-deny-write" has been set for all data nodes defined in this module.</t> <t>Some of the readable data nodes defined in this YANG module may be considered sensitive or vulnerable in some network environments. It is thus important to control read access (e.g., via get, get-config, or notification) to these data nodes. The YANG module will provide insights into (D)TLS profiles of the IoT devices, and the privacy considerations discussed in <xreftarget="Privacy"></xref> needstarget="Privacy" format="default"/> need to be taken into account.</t> <t>This module does not define any RPCs, actions, or notifications, and thus the security consideration for such is not provided here.</t> </section> <sectiontitle="Considerationsnumbered="true" toc="default"> <name>Considerations for the"ietf-mud-tls" Module">"ietf-mud-tls" Module</name> <t>This section follows the template defined inSection 3.7.1 of<xreftarget="I-D.ietf-netmod-rfc8407bis"></xref>.</t>target="I-D.ietf-netmod-rfc8407bis" sectionFormat="of" section="3.7.1"/>.</t> <!-- DNE --> <t>The "ietf-mud-tls" YANG module specified in this document defines a schema for data can possibly be accessed via network management protocols such as NETCONF <xreftarget="RFC6241"></xref>target="RFC6241" format="default"/> or RESTCONF <xreftarget="RFC8040"></xref>.target="RFC8040" format="default"/>. These network management protocols are required to use a secure transport layer and mutual authentication, e.g., SSH <xreftarget="RFC6242"></xref>target="RFC6242" format="default"/> without the "none" authentication option, Transport Layer Security (TLS) <xreftarget="RFC8446"></xref>target="RFC8446" format="default"/> with mutual X.509 authentication, and HTTPS with HTTP authentication(Section 11 of <xref target="RFC9110"></xref>).(<xref target="RFC9110" sectionFormat="of" section="11"/>). Note that the YANG module is not intended to be accessed via NETCONF and RESTCONF. This has already been discussed in <xreftarget="RFC8520"></xref>,target="RFC8520" format="default"/>, and we are reiterating it here for the sake of completeness.</t> <t>The Network Access Control Model (NACM) <xreftarget="RFC8341"></xref>target="RFC8341" format="default"/> provides the means to restrict access for particular users to a pre-configured subset of all available protocol operations and content.</t> <!-- DNE --> <t>Please be aware that this YANG module uses groupings from other YANG modules that define nodes that may be considered sensitive or vulnerable in network environments. Please review the Security Considerations for dependent YANG modules for information as to which nodes may be considered sensitive or vulnerable in network environments.</t> <t>All the writable data nodes defined by this module may be considered sensitive or vulnerable in some network environments. For instance, update that the device does not support (D)TLS profile can dramatically alter the implemented security policy. For this reason, the NACM extension "default-deny-write" has been set for all data nodes defined in this module.</t> <t>This module does not define any RPCs, actions, or notifications, and thus the security consideration for such is not provided here.</t> </section> </section> <section anchor="Privacy"title="Privacy Considerations">numbered="true" toc="default"> <name>Privacy Considerations</name> <t>Privacy considerations discussed inSection 16 of<xreftarget="RFC8520"></xref>target="RFC8520" sectionFormat="of" section="16"/> to not reveal the MUD URL to an attacker need to be taken into consideration. The MUD URL can be stored in a Trusted Execution Environment (TEE) for secure operation, enhanced data security, andpreventprevention of exposure to unauthorized software. The MUD URLMUST<bcp14>MUST</bcp14> be encrypted and shared only with the authorized components in the network (seeSection 1.5Sections <xref target="RFC8520" sectionFormat="bare" section="1.5"/> andSection 1.8<xref target="RFC8520" sectionFormat="bare" section="1.8"/> of[RFC8520])<xref target="RFC8520"/>) so that an on-path attacker cannot read the MUD URL and identify the IoT device. Otherwise, it provides the attacker with guidance on what vulnerabilities may be present on the IoT device. Note that while protecting the MUD URL is valuable as described above, a compromised IoT device may be susceptible to malware performing vulnerability analysis (and version mapping) of the legitimate software located in memory or on non-volatile storage (e.g., disk, NVRAM). However, the malware on the IoT device is intended to be blocked from establishing a (D)TLS connection with the C&C server to reveal this information because the connection would be blocked by the network security service supporting this specification.</t> <t>Full handshake inspection (<xreftarget="full"></xref>)target="full" format="default"/>) requires a (D)TLS proxy devicewhichthat needs to decrypt traffic between the IoT device and its server(s). There is a tradeoff between privacy of the data carried inside (D)TLS(especially e.g.,(for example, personally identifiable information and protected healthinformation)information especially) and efficacy of endpoint security. The use of (D)TLS proxies isNOT RECOMMENDED<bcp14>NOT RECOMMENDED</bcp14> whenever possible. For example, an enterprise firewall administrator can configure the middlebox to bypass (D)TLS proxy functionality or payload inspection for connections destined to specific well-known services. Alternatively,aan IoT device could be configured to reject all sessions that involve proxy servers to specific well-known services. In addition, mechanisms based on object security can be used by IoT devices to enable end-to-end security and the middlebox will not have any access to the packet data. For example, Object Security for Constrained RESTful Environments (OSCORE) <xreftarget="RFC8613"></xref>target="RFC8613" format="default"/> is a proposal that protectsCoAPConstrained Application Protocol (CoAP) messages by wrapping them in theCOSECBOR Object Signing and Encryption (COSE) format <xreftarget="RFC9052"></xref>.</t>target="RFC9052" format="default"/>.</t> </section> <section anchor="IANA"title="IANA Considerations">numbered="true" toc="default"> <name>IANA Considerations</name> <sectiontitle="(D)TLSnumbered="true" toc="default"> <name>(D)TLS Profile YANGModules"> <t>This document requests IANA to registerModules</name> <t>IANA has registered the following URIs in the "ns" subregistry within the "IETF XML Registry" <xreftarget="RFC3688"></xref>: <figure> <artwork><![CDATA[ URI: urn:ietf:params:xml:ns:yang:iana-tls-profile Registrant Contact: IANA. XML: N/A;target="RFC3688" format="default"/>: </t> <dl spacing="compact" newline="false"> <dt>URI:</dt><dd>urn:ietf:params:xml:ns:yang:iana-tls-profile</dd> <dt>Registrant Contact:</dt><dd>IANA.</dd> <dt>XML:</dt><dd>N/A; the requested URI is an XMLnamespace. ]]></artwork> </figure><figure> <artwork><![CDATA[ URI: urn:ietf:params:xml:ns:yang:ietf-acl-tls Registrant Contact: IESG. XML: N/A;namespace.</dd> </dl> <dl spacing="compact" newline="false"> <dt>URI:</dt><dd>urn:ietf:params:xml:ns:yang:ietf-acl-tls</dd> <dt>Registrant Contact:</dt><dd>IESG.</dd> <dt>XML:</dt><dd>N/A; the requested URI is an XMLnamespace. ]]></artwork> </figure><figure> <artwork><![CDATA[ URI: urn:ietf:params:xml:ns:yang:ietf-mud-tls Registrant Contact: IESG. XML: N/A;namespace.</dd> </dl> <dl spacing="compact" newline="false"> <dt>URI:</dt><dd>urn:ietf:params:xml:ns:yang:ietf-mud-tls</dd> <dt>Registrant Contact:</dt><dd>IESG.</dd> <dt>XML:</dt><dd>N/A; the requested URI is an XMLnamespace. ]]></artwork> </figure></t>namespace.</dd> </dl> <t>IANAis requested to createhas created an IANA-maintained YANGModulemodule called"iana-tls-profile","iana-tls-profile" based on the contents of <xreftarget="yang-iana"></xref>,target="yang-iana" format="default"/>, whichwill allowallows for new (D)TLS parameters and (D)TLS versions to be added to "client-profile".</t><t>This document requests IANA to register<t>IANA has registered the following YANG modules in the "YANG Module Names"subregistryregistry <xreftarget="RFC6020"></xref> withintarget="RFC6020" format="default"/> of the "YANG Parameters"registry.</t> <t><figure> <artwork><![CDATA[ name: iana-tls-profile namespace: urn:ietf:params:xml:ns:yang:iana-tls-profile maintained by IANA: Y prefix: ianatp reference: RFC XXXX ]]></artwork> </figure><figure> <artwork><![CDATA[ name: ietf-acl-tls namespace: urn:ietf:params:xml:ns:yang:ietf-acl-tls maintained by IANA: N prefix: ietf-acl-tls reference: RFC XXXX]]></artwork> </figure><figure> <artwork><![CDATA[ name: ietf-mud-tls namespace: urn:ietf:params:xml:ns:yang:ietf-mud-tls maintained by IANA: N prefix: ietf-mud-tls reference: RFC XXXX]]></artwork> </figure></t>registry group.</t> <dl spacing="compact" newline="false"> <dt>Name:</dt><dd>iana-tls-profile</dd> <dt>Namespace:</dt><dd>urn:ietf:params:xml:ns:yang:iana-tls-profile</dd> <dt>Maintained by IANA:</dt><dd>Y</dd> <dt>Prefix:</dt><dd>ianatp</dd> <dt>Reference:</dt><dd>RFC 9761</dd> </dl> <dl spacing="compact" newline="false"> <dt>Name:</dt><dd>ietf-acl-tls</dd> <dt>Namespace:</dt><dd>urn:ietf:params:xml:ns:yang:ietf-acl-tls</dd> <dt>Maintained by IANA:</dt><dd>N</dd> <dt>Prefix:</dt><dd>ietf-acl-tls</dd> <dt>Reference:</dt><dd>RFC 9761</dd> </dl> <dl spacing="compact" newline="false"> <dt>Name:</dt><dd>ietf-mud-tls</dd> <dt>Namespace:</dt><dd>urn:ietf:params:xml:ns:yang:ietf-mud-tls</dd> <dt>Maintained by IANA:</dt><dd>N</dd> <dt>Prefix:</dt><dd>ietf-mud-tls</dd> <dt>Reference:</dt><dd>RFC 9761</dd> </dl> </section> <section anchor="iana-tls"title="Considerationsnumbered="true" toc="default"> <name>Considerations for the iana-tls-profileModule">Module</name> <t>IANAis requested to createhas created the initial version of the IANA-maintained YANGModulemodule called"iana-tls-profile","iana-tls-profile" based on the contents of <xreftarget="yang-iana"></xref>,target="yang-iana" format="default"/>, which will allow for new (D)TLS parameters and (D)TLS versions to be added. IANA is requested to add this note:</t><t><list style="symbols"><ul spacing="normal"> <li> <t>tls-version and dtls-version values must not be directly added to the iana-tls-profile YANG module.TheyInstead, they mustinsteadberespectivelyadded to the "ACL TLS VersionCodes",Codes" and "ACL DTLS Version Codes" registries (respectively), provided the new (D)TLS version has been standardized by the IETF. It allows a new (D)TLS version to be added to the "iana-tls-profile" YANGModule.</t>module.</t> </li> <li> <t>(D)TLS parameters must not be directly added to the iana-tls-profile YANG module. They must instead be added to the "ACL (D)TLS Parameters" registry if the new (D)TLS parameters can be used by a middlebox to identify a MUD non-compliant (D)TLS behavior. It allows new (D)TLS parameters to be added to the "iana-tls-profile" YANGModule,</t> </list></t>module.</t> </li> </ul> <t>When a'tls-version'"tls-version" or'dtls-version'"dtls-version" value isrespectivelyadded to the "ACL TLS Version Codes" or "ACL DTLS Version Codes"registry,registry (respectively), a new "enum" statement must be added to the iana-tls-profile YANG module. The following "enum" statement, and substatements thereof, should bedefined:<list hangIndent="15" style="hanging"> <t hangText=""enum":">Replicatesdefined:</t> <dl newline="false" spacing="normal" indent="15"> <dt>"enum":</dt> <dd>Replicates the label from theregistry.</t> <t hangText=""value":">Containsregistry.</dd> <dt>"value":</dt> <dd>Contains the IANA-assigned value corresponding to the'tls-version'"tls-version" or'dtls-version'.</t> <t hangText=""description":">Replicates"dtls-version".</dd> <dt>"description":</dt> <dd>Replicates the description from theregistry.</t> <t hangText=""reference":">RFCregistry.</dd> <dt>"reference":</dt> <dd>RFC YYYY: <Title of theRFC >,RFC>, where YYYY is the RFC that added the’tls-version’"tls-version" or‘dtls-version’</t> </list></t>"dtls-version"</dd> </dl> <t>When a (D)TLS parameter is added to the "ACL (D)TLS Parameters" registry, a new "type" statement must be added to the iana-tls-profile YANG module. The following "type" statement, and substatements thereof, should bedefined:<list hangIndent="15" style="hanging"> <t hangText=""derived type":">Replicatesdefined:</t> <dl newline="false" spacing="normal" indent="15"> <dt>"derived type":</dt> <dd>Replicates the parameter name from theregistry.</t> <t hangText=""built-in type":">Containsregistry.</dd> <dt>"built-in type":</dt> <dd>Contains the built-in YANGtype.</t> <t hangText=""description":">Replicatestype.</dd> <dt>"description":</dt> <dd>Replicates the description from theregistry.</t> </list></t>registry.</dd> </dl> <t>When the iana-tls-profile YANG module is updated, a new "revision" statement must be added in front of the existing revision statements.</t> <t>IANAis requested to addhas added this note to "ACL TLS Version Codes", "ACL DTLS Version Codes", and "ACL (D)TLS Parameters" registries:</t><t><list style="empty"> <t>When<t indent="3">When this registry is modified, the YANG moduleiana-tls-profile"iana-tls-profile" must be updated as defined in[RFCXXXX].</t> </list></t>[RFC9761].</t> </section> <section anchor="tls-registry"title="ACLnumbered="true" toc="default"> <name>ACL TLS Versionregistry">Registry</name> <t>IANAis requested to createhas created a new registry titled "ACL TLS Version Codes". Codes in this registry are used as valid values of'tls-version'"tls-version" parameter. Further assignments are to be made through Expert Review <xreftarget="RFC8126"></xref>.target="RFC8126" format="default"/>. Experts must ensure that the TLS protocol version in a new registration is one that has been standardized by the IETF. It is expected that the registry will be updated infrequently, primarily when a new TLS version is standardized by the IETF.</t><t><figure> <artwork><![CDATA[ +-------+---------+-----------------+-----------+ | Value | Label | Description | Reference | | | | | | | | | | | +-------+---------+-----------------+-----------+ | 1 | tls12 | TLS<table> <name></name> <thead> <tr> <th>Value</th> <th>Label</th> <th>Description</th> <th>Reference</th> </tr> </thead> <tbody> <tr> <td>1</td> <td>tls12</td> <td>TLS Version1.2 | [RFC5246] | +-------+---------+-----------------+-----------+ | 2 | tls13 | TLS1.2</td> <td><xref target="RFC5246"/></td> </tr> <tr> <td>2</td> <td>tls13</td> <td>TLS Version1.3 | [RFC8446] | +-------+---------+-----------------+-----------+ ]]></artwork> </figure></t>1.3</td> <td><xref target="RFC8446"/></td> </tr> </tbody> </table> </section> <section anchor="dtls-registry"title="ACLnumbered="true" toc="default"> <name>ACL DTLSversion registry">Version Registry</name> <t>IANAis requested to createhas created a new registry titled "ACL DTLS Version Codes". Codes in this registry are used as valid values of'dtls-version'"dtls-version" parameter. Further assignments are to be made through Expert Review <xreftarget="RFC8126"></xref>.target="RFC8126" format="default"/>. Experts must ensure that the DTLS protocol version in a new registration is one that has been standardized by the IETF. It is expected that the registry will be updated infrequently, primarily when a new DTLS version is standardized by the IETF.</t><t><figure> <artwork><![CDATA[ +-------+---------+----------------+-----------------------+ | Value | Label | Description | Reference | | | | | | | | | | | +-------+---------+----------------+-----------------------+ | 1 |dtls12 |DTLS<table> <name></name> <thead> <tr> <th>Value</th> <th>Label</th> <th>Description</th> <th>Reference</th> </tr> </thead> <tbody> <tr> <td>1</td> <td>dtls12</td> <td>DTLS Version1.2| [RFC6347] | +-------+---------+----------------+-----------------------+ | 2 |dtls13 |DTLS1.2</td> <td><xref target="RFC6347"/></td> </tr> <tr> <td>2</td> <td>dtls13</td> <td>DTLS Version1.3| [RFC9147| | +-------+---------+----------------+-----------------------+ ]]></artwork> </figure></t>1.3</td> <td><xref target="RFC9147"/></td> </tr> </tbody> </table> </section> <sectiontitle="ACLnumbered="true" toc="default"> <name>ACL (D)TLS Parametersregistry">Registry</name> <t>IANAis requested to createhas created a new registry titled "ACL (D)TLS parameters".</t> <t>The values for all the (D)TLS parameters in the registry are defined in the TLS and DTLS IANA registries (<ereftarget="https://www.iana.org/assignments/tls-parameters/tls-parameters.txt"></eref>target="https://www.iana.org/assignments/tls-parameters/"/> and <ereftarget="https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.txt"></eref>)target="https://www.iana.org/assignments/tls-extensiontype-values/"/>) excluding the tls-version and dtls-version parameters. Further assignments are to be made through Expert Review <xreftarget="RFC8126"></xref>.target="RFC8126" format="default"/>. Experts must ensure that the (D)TLS parameter in a new registration is one that has been standardized by the IETF. The registry is expected to be updated periodically, primarily when a new (D)TLS parameter is standardized by the IETF. The registryis initiallyhas been populated with the following initial parameters:</t><t><figure> <artwork><![CDATA[ +----------------------------+-------------+--------+---------------------------------------------+ | Parameter Name | YANG | JSON | | | | Type | Type | Description | | | | | | +----------------------------+-------------+--------+---------------------------------------------+ | extension-type | uint16 | Number | Extension type | +----------------------------+-------------+--------+---------------------------------------------+ | supported-group | uint16 | Number | Supported group | +----------------------------+-------------+--------+---------------------------------------------+ | signature-algorithm | uint16 | Number | Signature algorithm | +----------------------------+-------------+--------+---------------------------------------------+ | psk-key-exchange-mode | uint8 | Number |<table> <name></name> <thead> <tr> <th>Parameter Name</th> <th>YANG Type</th> <th>JSON Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>extension-type</td> <td>uint16</td> <td>Number</td> <td>Extension type</td> </tr> <tr> <td>supported-group</td> <td>uint16</td> <td>Number</td> <td>Supported group</td> </tr> <tr> <td>signature-algorithm</td> <td>uint16</td> <td>Number</td> <td>Signature algorithm</td> </tr> <tr> <td>psk-key-exchange-mode</td> <td>uint8</td> <td>Number</td> <!--[rfced] Table 3: For psk-key-exchange-mode, would you like the description to start with a capital letter, to be consistent with the other descriptions? If so, we will ask IANA to update the registry (https://www.iana.org/assignments/acl-tls) accordingly. Current: pre-shared key exchange mode| +----------------------------+-------------+--------+---------------------------------------------+ | application-protocol | string | String | Application protocol | +----------------------------+-------------+--------+---------------------------------------------+ | cert-compression-algorithm | uint16 | Number | CertificatePerhaps: Pre-shared key exchange mode --> <td>pre-shared key exchange mode</td> </tr> <tr> <td>application-protocol</td> <td>string</td> <td>String</td> <td>Application protocol</td> </tr> <tr> <td>cert-compression-algorithm</td> <td>uint16</td> <td>Number</td> <td>Certificate compressionalgorithm | +----------------------------+-------------+--------+---------------------------------------------+ | cipher-algorithm | uint16 | Number | Cipher Suite | +----------------------------+-------------+--------+---------------------------------------------+ | tls-version | enumeration | String | TLS version | +----------------------------+-------------+--------+---------------------------------------------+ | dtls-version | enumeration | String | DTLS version | +----------------------------+-------------+--------+---------------------------------------------+ ]]></artwork> </figure></t>algorithm</td> </tr> <tr> <td>cipher-algorithm</td> <td>uint16</td> <td>Number</td> <td>Cipher Suite</td> </tr> <tr> <td>tls-version</td> <td>enumeration</td> <td>String</td> <td>TLS version</td> </tr> <tr> <td>dtls-version</td> <td>enumeration</td> <td>String</td> <td>DTLS version</td> </tr> </tbody> </table> </section> <sectiontitle="MUDnumbered="true" toc="default"> <name>MUD Extensionsregistry"> <t>IANA is requestedRegistry</name> <!-- Note to PE/RE: XML for references tocreatethe IANA registries mentionend in this section. "MUD Extensions" registry in the "Manufacturer Usage Description (MUD)" registry group <reference anchor="" target="https://www.iana.org/assignments/mud"> <front> <title>MUD Extensions</title> <author> <organization>IANA</organization> </author> </front> </reference> --> <t>IANA has created a new MUD Extension Name "ietf-mud-tls" in theMUD Extensions"MUD Extensions" IANA registry <ereftarget="https://www.iana.org/assignments/mud/mud.xhtml"></eref>.</t>target="https://www.iana.org/assignments/mud" brackets="angle"/>.</t> </section> </section><section anchor="acknowledgments" title="Acknowledgments"> <t>Thanks</middle> <back> <displayreference target="I-D.ietf-tls-esni" to="TLS-ESNI"/> <displayreference target="I-D.ietf-uta-tls13-iot-profile" to="IoT-PROFILE"/> <displayreference target="I-D.ietf-netmod-rfc8407bis" to="YANG-GUIDELINES"/> <references> <name>References</name> <references> <name>Normative References</name> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8446.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8519.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3688.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8701.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5246.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6347.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9147.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8520.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9640.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8879.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6241.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8040.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6242.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9110.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8341.xml"/> <!-- [rfced] Please review the questions below regarding references in this document. a) Re: [X690], we added the URL https://www.itu.int/rec/T-REC-X.690-200207-S/en. However, it has been superseded by this version that was released in February 2021: https://www.itu.int/rec/T-REC-X.690-202102-I/en. May we update this reference toFlemming Andreasen, Shashank Jain, Michael Richardson, Piyush Joshi, Eliot Lear, Harsha Joshi, Qin Wu, Mohamed Boucadair, Ben Schwartz, Eric Rescorla, Panwei William, Nick Lamb, Tom Petch, Paul Wouters, Thomas Fossati and Nick Harper foruse thediscussionmost current version? Current: [X690] ITU-T, "Information technology - ASN.1 encoding Rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) andcomments.</t> <t>Thanks to Xufeng Liu for YANGDOCTOR review. Thanks to Linda Dunbar for SECDIR review. Thanks to Qin WuDistinguished Encoding Rules (DER)", ITU-T Recommendation X.690, July 2002, <https://www.itu.int/rec/T-REC-X.690-200207-S/en>. b) We note that there are no citations forOPSDIR review. Thanks[RFC8484] in this document. Please let us know if there is a specific place in the document where we can cite this RFC. Otherwise, we will remove this from the Informative References. c) Re: [X501], this reference has been superseded by the 2019 version of X.501 - available here: https://www.itu.int/rec/T-REC-X.501-201910-I/en. May we update this reference toR. Giebenuse the most current version? FYI, the URL forDNSDIR review.</t> <t>Thanksthe 1993 version of this reference has been included in the reference. Current: [X501] "Information Technology - Open Systems Interconnection - The Directory: Models", ITU-T Recommendation X.501, November 1993, <https://www.itu.int/rec/T-REC-X.501-199311-S/en>. d) Re: [CRYPTO-VULNERABILITY], the information provided does not match the information provided at the URL (which directs toRoman Danyliw, Orie Steele, Éric Vyncke, Mahesh Jethanandani, Murray Kucherawy, Zaheduzzaman Sarkeran NSA Cybersecurity Advisory with the title "Patch Critical Cryptographic Vulnerability in Microsoft Windows Clients andDeb CooleyServers" with a date of 14 January 2020). Upon further research, we found the following URL: https://securityboulevard.com/2020/01/exploiting-the-windows-cryptoapi-vulnerability/. The title, date, and author at this URL match the original reference information provided. Is that the correct URL for this reference? Or should we update this reference to match theIESG review.</t> </section> </middle> <back> <references title="Normative References"> <?rfc include="reference.RFC.2119"?> <?rfc include='reference.RFC.8174'?> <?rfc include="reference.RFC.8446"?> <?rfc include="reference.RFC.8519"?> <?rfc include='reference.RFC.3688'?> <?rfc include='reference.RFC.8701'?> <?rfc include='reference.RFC.5246'?> <?rfc include='reference.RFC.6347'?> <?rfc include='reference.RFC.9147'?> <?rfc include='reference.RFC.8520'?> <?rfc include="reference.I-D.ietf-netconf-crypto-types" ?> <?rfc include='reference.RFC.8879'?> <?rfc include='reference.RFC.6241'?> <?rfc include='reference.RFC.8040'?> <?rfc include='reference.RFC.6242'?> <?rfc include='reference.RFC.9110'?> <?rfc include='reference.RFC.8341'?>information provided at the original URL, i.e., the NSA Cybersecurity Advisory? Original: [cryto-vulnerability] Perez, B., "Exploiting the Windows CryptoAPI Vulnerability", January 2020, <https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/ CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF>. e) FYI, we removed mention of "Cisco" from this reference, as there is no mention of "Cisco" at this archived URL. Please let us know if other changes are needed. Original: [slowloris] Cisco, "Slowloris HTTP DoS", <https://web.archive.org/web/20150315054838/ http://ha.ckers.org/slowloris/>. Current: [SLOWLORIS] "Slowloris HTTP DoS", Wayback Machine archive, <https://web.archive.org/web/20150315054838/ http://ha.ckers.org/slowloris/>. --> <!-- <referenceanchor="X690">anchor="X690" target="https://www.itu.int/rec/T-REC-X.690-202102-I/en"> <front> <title>Information technology - ASN.1 encoding Rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)</title> <author> <organization>ITU-T</organization> </author> <dateyear="2002" />year="2021"/> </front> <seriesInfoname="ISO/IEC" value="8825-1:2002" />name="ITU-T Recommendation" value="X.690"/> </reference> --> <reference anchor="X690" target="https://www.itu.int/rec/T-REC-X.690-200207-S/en"> <front> <title>Information technology - ASN.1 encoding Rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)</title> <author> <organization>ITU-T</organization> </author> <date month="July" year="2002"/> </front> <seriesInfo name="ITU-T Recommendation" value="X.690"/> </reference> </references><references title="Informative References"> <?rfc include='reference.RFC.7951'?> <?rfc include="reference.RFC.8576"?> <?rfc include="reference.RFC.8484"?> <?rfc include="reference.RFC.6020"?> <?rfc include='reference.RFC.8126'?> <?rfc include='reference.RFC.7925'?> <?rfc include='reference.RFC.7366'?> <?rfc include='reference.RFC.6066'?> <?rfc include='reference.RFC.8472'?> <?rfc include='reference.RFC.9325'?> <?rfc include='reference.RFC.7301'?> <?rfc include="reference.RFC.9052"?> <?rfc include='reference.RFC.8613'?> <?rfc include='reference.RFC.8447'?> <?rfc include='reference.RFC.8340'?> <?rfc include="reference.I-D.ietf-tls-esni" ?> <?rfc include='reference.RFC.9462'?> <?rfc include='reference.RFC.9463'?> <?rfc include='reference.RFC.7858'?> <?rfc include="reference.I-D.ietf-uta-tls13-iot-profile" ?> <?rfc include="reference.I-D.ietf-netmod-rfc8407bis"?><references> <name>Informative References</name> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7951.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8576.xml"/> <!-- <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8484.xml"/> --> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6020.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8126.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7925.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7366.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6066.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8472.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9325.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7301.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9052.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8613.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8447.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8340.xml"/> <!-- [I-D.ietf-tls-esni] IESG state: I-D Exists as of 09/05/24 --> <xi:include href="https://datatracker.ietf.org/doc/bibxml3/reference.I-D.ietf-tls-esni.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9462.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9463.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7858.xml"/> <!-- [I-D.ietf-uta-tls13-iot-profile] IESG state: Expired as of 09/05/24 --> <xi:include href="https://datatracker.ietf.org/doc/bibxml3/reference.I-D.ietf-uta-tls13-iot-profile.xml"/> <!-- [I-D.ietf-netmod-rfc8407bis] IESG state: I-D Exists as of 09/05/24 --> <xi:include href="https://datatracker.ietf.org/doc/bibxml3/reference.I-D.ietf-netmod-rfc8407bis.xml"/> <!-- Note to PE: XML for 2019 version of [X501]: <referenceanchor="X501">anchor="X501" target="https://www.itu.int/rec/T-REC-X.501-201910-I/en"> <front> <title>Information Technology - Open Systems Interconnection - The Directory: Models</title> <author><organization></organization><organization/> </author> <dateyear="1993" />month="October" year="2019"/> </front> <seriesInfoname="ITU-T" value="X.501" />name="ITU-T Recommendation" value="X.501"/> </reference> --> <referenceanchor="clear-as-mud"anchor="X501" target="https://www.itu.int/rec/T-REC-X.501-199311-S/en"> <front> <title>Information Technology - Open Systems Interconnection - The Directory: Models</title> <author> <organization/> </author> <date month="November" year="1993"/> </front> <seriesInfo name="ITU-T Recommendation" value="X.501"/> </reference> <reference anchor="CLEAR-AS-MUD" target="https://arxiv.org/pdf/1804.04358.pdf"> <front> <title>Clear as MUD: Generating, Validating and Applying IoT BehaviorialProfiles</title> <author> <organization></organization> </author>Profiles (Technical Report)</title> <author fullname="Ayyoob Hamza"/> <author fullname="Dinesha Ranathunga"/> <author fullname="H. Habibi Gharakheili"/> <author fullname="Matthew Roughan"/> <author fullname="Vijay Sivaraman"/> <datemonth="October" year="2019" />month="April" year="2018"/> </front> <refcontent>arXiv:1804.04358</refcontent> <seriesInfo name="DOI" value="10.48550/arXiv.1804.04358"/> </reference> <referenceanchor="malware-tls"anchor="MALWARE-TLS" target="https://dl.acm.org/citation.cfm?id=3355601"> <front> <title>TLS Beyond the Browser: Combining End Host and Network Data to Understand Application Behavior</title> <author fullname="Blake Anderson" initials="B." surname="Anderson"> <organization>Cisco</organization> </author> <author fullname="David McGrew" initials="D." surname="McGrew"> <organization>Cisco</organization> </author> <date month="October"year="2019" />year="2019"/> </front> <refcontent>IMC '19: Proceedings of the Internet Measurement Conference, pp. 379-392</refcontent> <seriesInfo name="DOI" value="10.1145/3355369.3355601"/> </reference> <!-- Note to PE: XML for the NSA Cybersecurity Advisory (if the authors wish to use that source) <reference anchor="cryto-vulnerability" target="https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF"> <front> <title>Patch Critical Cryptographic Vulnerability in Microsoft Windows Clients and Servers</title> <author> <organization>National Security Agency</organization> </author> <date month="January" year="2020"/> </front> <refcontent>National Security Agenct Cybersecurity Advisory</refcontent> </reference> --> <reference anchor="CRYPTO-VULNERABILITY" target="https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF"> <front> <title>Exploiting the Windows CryptoAPI Vulnerability</title> <author fullname="Ben Perez" initials="B." surname="Perez"> <organization>Cisco</organization> </author> <date month="January"year="2020" />year="2020"/> </front> </reference> <referenceanchor="malware-doh"anchor="MALWARE-DOH" target="https://www.zdnet.com/article/first-ever-malware-strain-spotted-abusing-new-doh-dns-over-https-protocol/"> <front> <title>First-ever malware strain spotted abusing new DoH (DNS over HTTPS) protocol</title> <author fullname="Catalin Cimpanu" initials="C." surname="Cimpanu"><organization>Cisco</organization></author> <date month="July"year="2019" />year="2019"/> </front> <refcontent>ZDNET</refcontent> </reference> <referenceanchor="slowloris"anchor="SLOWLORIS" target="https://web.archive.org/web/20150315054838/http://ha.ckers.org/slowloris/"> <front> <title>Slowloris HTTP DoS</title><author fullname="" initials="" surname=""> <organization>Cisco</organization> </author><author><organization>ha.ckers.org security lab</organization></author> <datemonth="" year="" />month="March" year="2015"/> </front> <refcontent>Wayback Machine archive</refcontent> </reference> <referenceanchor="eve"anchor="EVE" target="https://secure.cisco.com/secure-firewall/docs/encrypted-visibility-engine"> <front> <title>Encrypted Visibility Engine</title> <author fullname="" initials="" surname=""> <organization>Cisco</organization> </author> <date month=""year="" />year=""/> </front> <refcontent>Cisco Secure Firewall documentation</refcontent> </reference> </references> </references> <!-- [rfced] Please review the following terms and let us know how we should update. If there are no objections, we will use the form on the right for consistency. Cipher Suite vs. cipher suite [1 instance of "Cipher suite" at the start of a description will remain as is.] certificate message (1 instance) vs. Certificate message There is one instance of "certificate message" (lowercase 'c') in "server certificate message" in Section 1. Should it be changed to "Certificate message"? Elsewhere it seems this document is using the term as defined in RFC 8446. --> <section anchor="acknowledgments" numbered="false" toc="default"> <name>Acknowledgments</name> <t>Thanks to <contact fullname="Flemming Andreasen"/>, <contact fullname="Shashank Jain"/>, <contact fullname="Michael Richardson"/>, <contact fullname="Piyush Joshi"/>, <contact fullname="Eliot Lear"/>, <contact fullname="Harsha Joshi"/>, <contact fullname="Qin Wu"/>, <contact fullname="Mohamed Boucadair"/>, <contact fullname="Ben Schwartz"/>, <contact fullname="Eric Rescorla"/>, <contact fullname="Panwei William"/>, <contact fullname="Nick Lamb"/>, <contact fullname="Tom Petch"/>, <contact fullname="Paul Wouters"/>, <contact fullname="Thomas Fossati"/>, and <contact fullname="Nick Harper"/> for the discussion and comments.</t> <t>Thanks to <contact fullname="Xufeng Liu"/> for YANGDOCTOR review. Thanks to <contact fullname="Linda Dunbar"/> for SECDIR review. Thanks to <contact fullname="Qin Wu"/> for OPSDIR review. Thanks to <contact fullname="R. Gieben"/> for DNSDIR review.</t> <t>Thanks to <contact fullname="Roman Danyliw"/>, <contact fullname="Orie Steele"/>, <contact fullname="Éric Vyncke"/>, <contact fullname="Mahesh Jethanandani"/>, <contact fullname="Murray Kucherawy"/>, <contact fullname="Zaheduzzaman Sarker"/>, and <contact fullname="Deb Cooley"/> for the IESG review.</t> </section> </back> </rfc>