From 5a1ffad7eaae5c59e8b090fb223dbd09ca460af7 Mon Sep 17 00:00:00 2001
From: Michael Richardson <mcr+ietf@sandelman.ca>
Date: Sun, 8 Sep 2024 18:31:28 -0400
Subject: [PATCH] use choice for nonce vs expires-on

---
 ietf-voucher.yang | 60 +++++++++++++++++++++++------------------------
 1 file changed, 30 insertions(+), 30 deletions(-)

diff --git a/ietf-voucher.yang b/ietf-voucher.yang
index 1babc1d..e1359f2 100644
--- a/ietf-voucher.yang
+++ b/ietf-voucher.yang
@@ -89,21 +89,6 @@ module ietf-voucher {
            Future work MAY create verification requirements based on
            this node.";
       }
-      leaf expires-on {
-        type yang:date-and-time;
-        must 'not(../nonce)';
-        description
-          "A value indicating when this voucher expires.  The node is
-           optional as not all pledges support expirations, such as
-           pledges lacking a reliable clock.
-
-           If this field exists, then the pledges MUST ensure that
-           the expires-on time has not yet passed. A pledge without
-           an accurate clock cannot meet this requirement.
-
-           The expires-on value MUST NOT exceed the expiration date
-           of any of the listed 'pinned-domain-cert' certificates.";
-      }
       leaf assertion {
         type enumeration {
           enum verified {
@@ -245,23 +230,38 @@ module ietf-voucher {
            normal PKIX behavior applies to validation of the domain
            certificate.";
       }
-      leaf nonce {
-        type binary {
-          length "8..32";
+      choice nonceless {
+        leaf expires-on {
+          type yang:date-and-time;
+          description
+            "A value indicating when this voucher expires.  The node is
+             optional as not all pledges support expirations, such as
+             pledges lacking a reliable clock.
+
+             If this field exists, then the pledges MUST ensure that
+             the expires-on time has not yet passed. A pledge without
+             an accurate clock cannot meet this requirement.
+
+             The expires-on value MUST NOT exceed the expiration date
+             of any of the listed 'pinned-domain-cert' certificates.";
         }
-        must 'not(../expires-on)';
-        description
-          "A value that can be used by a pledge in some bootstrapping
-           protocols to enable anti-replay protection.  This node is
-           optional because it is not used by all bootstrapping
-           protocols.
+        leaf nonce {
+          type binary {
+            length "8..32";
+          }
+          description
+            "A value that can be used by a pledge in some bootstrapping
+             protocols to enable anti-replay protection.  This node is
+             optional because it is not used by all bootstrapping
+             protocols.
 
-           When present, the pledge MUST compare the provided nonce
-           value with another value that the pledge randomly
-           generated and sent to a bootstrap server in an earlier
-           bootstrapping message.  If the value is present, but
-           the values do not match, then the pledge MUST NOT process
-           this voucher.";
+             When present, the pledge MUST compare the provided nonce
+             value with another value that the pledge randomly
+             generated and sent to a bootstrap server in an earlier
+             bootstrapping message.  If the value is present, but
+             the values do not match, then the pledge MUST NOT process
+             this voucher.";
+        }
       }
       leaf last-renewal-date {
         type yang:date-and-time;