You may want to align with this IETF RFC draft https://tools.ietf.org/html/draft-ietf-netconf-ssh-client-server-17
Use the IETF YANG 1.1 RFC as a reference guide: https://tools.ietf.org/html/rfc7950#section-9.10
A summary:
identity public-key-alg-base {
description
"Base identity used to identify public key algorithms.";
}
identity ecdsa-sha2-nistp256 {
base public-key-alg-base;
}
identity ecdsa-sha2-nistp384 {
base public-key-alg-base;
}
identity ecdsa-sha2-nistp521 {
base public-key-alg-base;
}
identity x509v3-ecdsa-sha2-nistp256 {
base public-key-alg-base;
}
identity x509v3-ecdsa-sha2-nistp384 {
base public-key-alg-base;
}
identity x509v3-ecdsa-sha2-nistp521 {
base public-key-alg-base;
}
container default {
container trustpoint {
leaf-list trust {
tailf:cli-drop-node-name;
type identityref {
base public-key-alg-base;
}
ordered-by user;
}
}
}