YANG Data Model for a "Keystore" Mechanism

The information below is for an old version of the document
Document Type Expired Internet-Draft (netconf WG)
Author Kent Watsen 
Last updated 2018-05-03 (latest revision 2017-10-30)
Replaces draft-ietf-netconf-system-keychain
Stream IETF
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Additional Resources
- Mailing list discussion
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document defines a YANG module called a "keystore", containing pinned certificates and pinned SSH host-keys. The module also defines a grouping for configuring public key pairs and a grouping for configuring certificates. The module also defines a notification that a system can use when one of its configured certificates is about to expire.


Kent Watsen (kwatsen@juniper.net)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)