Skip to content

Commit 07a5d30

Browse files
author
ietf-corpus-bot
committed
auto-ingest: ietf-elements backfill — 230 new elements (2026-07-12)
1 parent bce8e04 commit 07a5d30

230 files changed

Lines changed: 2179 additions & 0 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
document: rfc-9644
2+
kind: design-rationale
3+
summary: The four IANA algorithm YANG modules are not published within this RFC; instead, Appendix A provides a generating script for IANA to produce and maintain these modules directly, keeping YANG enumerations synchronized with IANA registry updates without requiring RFC updates.
4+
section: "1"
5+
topics:
6+
- yang
7+
- registry
8+
- process
9+
extracted_by: claude-sonnet-4-6
10+
extracted_at: "2026-07-12"
Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
document: rfc-9644
2+
kind: design-rationale
3+
summary: The groupings intentionally avoid wrapping 'uses' statements in a named container to provide maximum flexibility to consuming models; consuming modules are expected to resolve name conflicts by wrapping the 'uses' statement in an appropriately named container (e.g., 'ssh-client-parameters').
4+
section: "3.3"
5+
topics:
6+
- yang
7+
extracted_by: claude-sonnet-4-6
8+
extracted_at: "2026-07-12"
Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
document: rfc-9644
2+
kind: design-rationale
3+
summary: The ssh-client-grouping and ssh-server-grouping explicitly exclude all transport-level configuration (ports, addresses) to allow consuming modules to define their own TCP connection strategy, enabling reuse in diverse scenarios such as NETCONF Call Home (RFC 8071) without modification.
4+
section: "1.1"
5+
topics:
6+
- yang
7+
- netconf
8+
extracted_by: claude-sonnet-4-6
9+
extracted_at: "2026-07-12"
Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
document: rfc-9644
2+
kind: interoperability-note
3+
summary: Optional support for RFC 6187 (X.509v3 Certificates for SSH Authentication) is gated by the 'ssh-x509-certs' feature in ietf-ssh-common; when enabled, clients may authenticate via certificates and servers may validate client certificates against CA or end-entity trust anchors.
4+
section: "1.1"
5+
topics:
6+
- yang
7+
- pkix
8+
- security
9+
- crypto
10+
extracted_by: claude-sonnet-4-6
11+
extracted_at: "2026-07-12"
Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
document: rfc-9644
2+
kind: interoperability-note
3+
summary: These SSH groupings are designed to be used in conjunction with transport-level groupings from RFC 9643 (YANG Groupings for TCP Clients and TCP Servers), which provides remote/local address and port configuration. The SSH modules focus exclusively on SSH-layer parameters.
4+
section: "1"
5+
topics:
6+
- yang
7+
- netconf
8+
- tcp
9+
extracted_by: claude-sonnet-4-6
10+
extracted_at: "2026-07-12"
Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
document: rfc-9644
2+
kind: normative-requirement
3+
summary: Enabling the 'client-ident-none' feature (SSH client) or 'local-user-auth-none' feature (SSH server) is NOT RECOMMENDED, as the 'none' authentication method provides no credential-based security.
4+
section: "3.3"
5+
rfc2119_level: SHOULD NOT
6+
topics:
7+
- security
8+
- yang
9+
extracted_by: claude-sonnet-4-6
10+
extracted_at: "2026-07-12"
Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
document: rfc-9644
2+
kind: normative-requirement
3+
summary: The SSH client and server SHOULD send SSH_MSG_GLOBAL_REQUEST with a purposely nonexistent 'request name' value (e.g., keepalive@example.com) and 'want reply' set to '1' to perform keepalive aliveness testing, per Section 4 of RFC 4254.
4+
section: "3.3"
5+
rfc2119_level: SHOULD
6+
topics:
7+
- yang
8+
- netconf
9+
extracted_by: claude-sonnet-4-6
10+
extracted_at: "2026-07-12"
Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
document: rfc-9644
2+
kind: normative-requirement
3+
summary: The SSH server SHOULD derive the list of authentication method names returned to the SSH client from the descendant nodes configured in the local user entry, per Sections 5.1 and 5.2 of RFC 4252.
4+
section: "4.3"
5+
rfc2119_level: SHOULD
6+
topics:
7+
- yang
8+
- security
9+
extracted_by: claude-sonnet-4-6
10+
extracted_at: "2026-07-12"
Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
document: rfc-9644
2+
kind: normative-requirement
3+
summary: Whenever a choice among authentication methods arises for either client or server, implementations SHOULD use a default ordering that prioritizes automation over human interaction.
4+
section: "3.3"
5+
rfc2119_level: SHOULD
6+
topics:
7+
- yang
8+
- security
9+
extracted_by: claude-sonnet-4-6
10+
extracted_at: "2026-07-12"
Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
document: rfc-9644
2+
kind: protocol-element
3+
summary: Algorithm typedefs (ssh-public-key-algorithm, ssh-key-exchange-algorithm, ssh-encryption-algorithm, ssh-mac-algorithm) each accept either an IANA-maintained enumeration value from the corresponding IANA module or a locally defined string of 1-64 characters that MUST contain '@', per RFC 4250 Section 4.6.1.
4+
section: "2.3"
5+
topics:
6+
- yang
7+
- crypto
8+
- registry
9+
extracted_by: claude-sonnet-4-6
10+
extracted_at: "2026-07-12"

0 commit comments

Comments
 (0)