idnits 2.17.1 draft-ietf-isms-dtls-tm-14.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** You're using the IETF Trust Provisions' Section 6.b License Notice from 12 Sep 2009 rather than the newer Notice from 28 Dec 2009. (See https://trustee.ietf.org/license-info/) Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The document has examples using IPv4 documentation addresses according to RFC6890, but does not use any IPv6 documentation addresses. Maybe there should be IPv6 examples, too? Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 368 has weird spacing: '...patcher v ...' == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (May 7, 2010) is 5102 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC-isms-dtls-tm' is mentioned on line 2687, but not defined == Unused Reference: 'RFC1033' is defined on line 2735, but no explicit reference was found in the text == Unused Reference: 'RFC3490' is defined on line 2775, but no explicit reference was found in the text == Unused Reference: 'I-D.draft-ietf-6man-text-addr-representation' is defined on line 2807, but no explicit reference was found in the text ** Downref: Normative reference to an Unknown state RFC: RFC 1033 ** Obsolete normative reference: RFC 3490 (Obsoleted by RFC 5890, RFC 5891) ** Obsolete normative reference: RFC 4347 (Obsoleted by RFC 6347) ** Obsolete normative reference: RFC 4366 (Obsoleted by RFC 5246, RFC 6066) ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) Summary: 6 errors (**), 0 flaws (~~), 8 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 ISMS W. Hardaker 3 Internet-Draft Sparta, Inc. 4 Intended status: Standards Track May 7, 2010 5 Expires: November 8, 2010 7 Transport Layer Security (TLS) Transport Model for the Simple Network 8 Management Protocol (SNMP) 9 draft-ietf-isms-dtls-tm-14.txt 11 Abstract 13 This document describes a Transport Model for the Simple Network 14 Management Protocol (SNMP), that uses either the Transport Layer 15 Security protocol or the Datagram Transport Layer Security (DTLS) 16 protocol. The TLS and DTLS protocols provide authentication and 17 privacy services for SNMP applications. This document describes how 18 the TLS Transport Model (TLSTM) implements the needed features of a 19 SNMP Transport Subsystem to make this protection possible in an 20 interoperable way. 22 This transport model is designed to meet the security and operational 23 needs of network administrators. It supports sending of SNMP 24 messages over TLS/TCP and DTLS/UDP. The TLS mode can make use of 25 TCP's improved support for larger packet sizes and the DTLS mode 26 provides potentially superior operation in environments where a 27 connectionless (e.g. UDP) transport is preferred. Both TLS and DTLS 28 integrate well into existing public keying infrastructures. 30 This document also defines a portion of the Management Information 31 Base (MIB) for use with network management protocols. In particular 32 it defines objects for managing the TLS Transport Model for SNMP. 34 Status of this Memo 36 This Internet-Draft is submitted to IETF in full conformance with the 37 provisions of BCP 78 and BCP 79. 39 Internet-Drafts are working documents of the Internet Engineering 40 Task Force (IETF), its areas, and its working groups. Note that 41 other groups may also distribute working documents as Internet- 42 Drafts. 44 Internet-Drafts are draft documents valid for a maximum of six months 45 and may be updated, replaced, or obsoleted by other documents at any 46 time. It is inappropriate to use Internet-Drafts as reference 47 material or to cite them other than as "work in progress." 48 The list of current Internet-Drafts can be accessed at 49 http://www.ietf.org/ietf/1id-abstracts.txt. 51 The list of Internet-Draft Shadow Directories can be accessed at 52 http://www.ietf.org/shadow.html. 54 This Internet-Draft will expire on November 8, 2010. 56 Copyright Notice 58 Copyright (c) 2010 IETF Trust and the persons identified as the 59 document authors. All rights reserved. 61 This document is subject to BCP 78 and the IETF Trust's Legal 62 Provisions Relating to IETF Documents 63 (http://trustee.ietf.org/license-info) in effect on the date of 64 publication of this document. Please review these documents 65 carefully, as they describe your rights and restrictions with respect 66 to this document. Code Components extracted from this document must 67 include Simplified BSD License text as described in Section 4.e of 68 the Trust Legal Provisions and are provided without warranty as 69 described in the BSD License. 71 This document may contain material from IETF Documents or IETF 72 Contributions published or made publicly available before November 73 10, 2008. The person(s) controlling the copyright in some of this 74 material may not have granted the IETF Trust the right to allow 75 modifications of such material outside the IETF Standards Process. 76 Without obtaining an adequate license from the person(s) controlling 77 the copyright in such materials, this document may not be modified 78 outside the IETF Standards Process, and derivative works of it may 79 not be created outside the IETF Standards Process, except to format 80 it for publication as an RFC or to translate it into languages other 81 than English. 83 Table of Contents 85 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 86 1.1. Conventions . . . . . . . . . . . . . . . . . . . . . . . 8 87 2. The Transport Layer Security Protocol . . . . . . . . . . . . 9 88 3. How the TLSTM fits into the Transport Subsystem . . . . . . . 9 89 3.1. Security Capabilities of this Model . . . . . . . . . . . 11 90 3.1.1. Threats . . . . . . . . . . . . . . . . . . . . . . . 11 91 3.1.2. Message Protection . . . . . . . . . . . . . . . . . . 12 92 3.1.3. (D)TLS Connections . . . . . . . . . . . . . . . . . . 13 93 3.2. Security Parameter Passing . . . . . . . . . . . . . . . . 14 94 3.3. Notifications and Proxy . . . . . . . . . . . . . . . . . 14 95 4. Elements of the Model . . . . . . . . . . . . . . . . . . . . 15 96 4.1. X.509 Certificates . . . . . . . . . . . . . . . . . . . . 15 97 4.1.1. Provisioning for the Certificate . . . . . . . . . . . 15 98 4.2. (D)TLS Usage . . . . . . . . . . . . . . . . . . . . . . . 17 99 4.3. SNMP Services . . . . . . . . . . . . . . . . . . . . . . 17 100 4.3.1. SNMP Services for an Outgoing Message . . . . . . . . 18 101 4.3.2. SNMP Services for an Incoming Message . . . . . . . . 19 102 4.4. Cached Information and References . . . . . . . . . . . . 19 103 4.4.1. TLS Transport Model Cached Information . . . . . . . . 20 104 4.4.1.1. tmSecurityName . . . . . . . . . . . . . . . . . . 20 105 4.4.1.2. tmSessionID . . . . . . . . . . . . . . . . . . . 20 106 4.4.1.3. Session State . . . . . . . . . . . . . . . . . . 21 107 5. Elements of Procedure . . . . . . . . . . . . . . . . . . . . 21 108 5.1. Procedures for an Incoming Message . . . . . . . . . . . . 21 109 5.1.1. DTLS over UDP Processing for Incoming Messages . . . . 22 110 5.1.2. Transport Processing for Incoming SNMP Messages . . . 23 111 5.2. Procedures for an Outgoing SNMP Message . . . . . . . . . 24 112 5.3. Establishing or Accepting a Session . . . . . . . . . . . 26 113 5.3.1. Establishing a Session as a Client . . . . . . . . . . 26 114 5.3.2. Accepting a Session as a Server . . . . . . . . . . . 28 115 5.4. Closing a Session . . . . . . . . . . . . . . . . . . . . 29 116 6. MIB Module Overview . . . . . . . . . . . . . . . . . . . . . 29 117 6.1. Structure of the MIB Module . . . . . . . . . . . . . . . 30 118 6.2. Textual Conventions . . . . . . . . . . . . . . . . . . . 30 119 6.3. Statistical Counters . . . . . . . . . . . . . . . . . . . 30 120 6.4. Configuration Tables . . . . . . . . . . . . . . . . . . . 30 121 6.4.1. Notifications . . . . . . . . . . . . . . . . . . . . 30 122 6.5. Relationship to Other MIB Modules . . . . . . . . . . . . 30 123 6.5.1. MIB Modules Required for IMPORTS . . . . . . . . . . . 31 124 7. MIB Module Definition . . . . . . . . . . . . . . . . . . . . 31 125 8. Operational Considerations . . . . . . . . . . . . . . . . . . 54 126 8.1. Sessions . . . . . . . . . . . . . . . . . . . . . . . . . 54 127 8.2. Notification Receiver Credential Selection . . . . . . . . 54 128 8.3. contextEngineID Discovery . . . . . . . . . . . . . . . . 55 129 8.4. Transport Considerations . . . . . . . . . . . . . . . . . 55 130 9. Security Considerations . . . . . . . . . . . . . . . . . . . 55 131 9.1. Certificates, Authentication, and Authorization . . . . . 55 132 9.2. (D)TLS Security Considerations . . . . . . . . . . . . . . 56 133 9.2.1. TLS Version Requirements . . . . . . . . . . . . . . . 56 134 9.2.2. Perfect Forward Secrecy . . . . . . . . . . . . . . . 57 135 9.3. Use with SNMPv1/SNMPv2c Messages . . . . . . . . . . . . . 57 136 9.4. MIB Module Security . . . . . . . . . . . . . . . . . . . 57 137 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 59 138 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 59 139 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 60 140 12.1. Normative References . . . . . . . . . . . . . . . . . . . 60 141 12.2. Informative References . . . . . . . . . . . . . . . . . . 62 142 Appendix A. Target and Notification Configuration Example . . . . 62 143 A.1. Configuring a Notification Originator . . . . . . . . . . 62 144 A.2. Configuring TLSTM to Utilize a Simple Derivation of 145 tmSecurityName . . . . . . . . . . . . . . . . . . . . . . 63 146 A.3. Configuring TLSTM to Utilize Table-Driven Certificate 147 Mapping . . . . . . . . . . . . . . . . . . . . . . . . . 64 148 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 64 150 1. Introduction 152 It is important to understand the modular SNMPv3 architecture as 153 defined by [RFC3411] and enhanced by the Transport Subsystem 154 [RFC5590]. It is also important to understand the terminology of the 155 SNMPv3 architecture in order to understand where the Transport Model 156 described in this document fits into the architecture and how it 157 interacts with the other architecture subsystems. For a detailed 158 overview of the documents that describe the current Internet-Standard 159 Management Framework, please refer to Section 7 of [RFC3410]. 161 This document describes a Transport Model that makes use of the 162 Transport Layer Security (TLS) [RFC5246] and the Datagram Transport 163 Layer Security (DTLS) Protocol [RFC4347], within a transport 164 subsystem [RFC5590]. DTLS is the datagram variant of the Transport 165 Layer Security (TLS) protocol [RFC5246]. The Transport Model in this 166 document is referred to as the Transport Layer Security Transport 167 Model (TLSTM). TLS and DTLS take advantage of the X.509 public 168 keying infrastructure [RFC5280]. While (D)TLS supports multiple 169 authentication mechanisms, this document only discusses X.509 170 certificate based authentication. Although other forms of 171 authentication are possible they are outside the scope of this 172 specification. This transport model is designed to meet the security 173 and operational needs of network administrators, operating in both 174 environments where a connectionless (e.g. UDP) transport is 175 preferred and in environments where large quantities of data need to 176 be sent (e.g. over a TCP based stream). Both TLS and DTLS integrate 177 well into existing public keying infrastructures. This document 178 supports sending of SNMP messages over TLS/TCP and DTLS/UDP. 180 This document also defines a portion of the Management Information 181 Base (MIB) for use with network management protocols. In particular 182 it defines objects for managing the TLS Transport Model for SNMP. 184 Managed objects are accessed via a virtual information store, termed 185 the Management Information Base or MIB. MIB objects are generally 186 accessed through the Simple Network Management Protocol (SNMP). 187 Objects in the MIB are defined using the mechanisms defined in the 188 Structure of Management Information (SMI). This memo specifies a MIB 189 module that is compliant to the SMIv2, which is described in STD 58: 190 [RFC2578], [RFC2579] and [RFC2580]. 192 The diagram shown below gives a conceptual overview of two SNMP 193 entities communicating using the TLS Transport Model (shown as "TLS 194 TM"). One entity contains a command responder and notification 195 originator application, and the other a command generator and 196 notification receiver application. It should be understood that this 197 particular mix of application types is an example only and other 198 combinations are equally valid. Note: this diagram shows the 199 Transport Security Model (TSM) being used as the security model which 200 is defined in [RFC5591]. 202 +---------------------------------------------------------------------+ 203 | Network | 204 +---------------------------------------------------------------------+ 205 ^ | ^ | 206 |Notifications |Commands |Commands |Notifications 207 +---|---------------------|-------+ +--|---------------|--------------+ 208 | | V | | | V | 209 | +------------+ +------------+ | | +-----------+ +----------+ | 210 | | (D)TLS | | (D)TLS | | | | (D)TLS | | (D)TLS | | 211 | | (Client) | | (Server) | | | | (Client) | | (Server) | | 212 | +------------+ +------------+ | | +-----------+ +----------+ | 213 | ^ ^ | | ^ ^ | 214 | | | | | | | | 215 | +-------------+ | | +--------------+ | 216 | +-----|------------+ | | +-----|------------+ | 217 | | V | | | | V | | 218 | | +--------+ | +-----+ | | | +--------+ | +-----+ | 219 | | | TLS TM |<--------->|Cache| | | | | TLS TM |<--------->|Cache| | 220 | | +--------+ | +-----+ | | | +--------+ | +-----+ | 221 | |Transport Subsys. | ^ | | |Transport Subsys. | ^ | 222 | +------------------+ | | | +------------------+ | | 223 | ^ | | | ^ | | 224 | | +--+ | | | +--+ | 225 | v | | | V | | 226 | +-----+ +--------+ +-------+ | | | +-----+ +--------+ +-------+ | | 227 | | | |Message | |Securi.| | | | | | |Message | |Securi.| | | 228 | |Disp.| |Proc. | |Subsys.| | | | |Disp.| |Proc. | |Subsys.| | | 229 | | | |Subsys. | | | | | | | | |Subsys. | | | | | 230 | | | | | | | | | | | | | | | | | | 231 | | | | +----+ | | +---+ | | | | | | | +----+ | | +---+ | | | 232 | | <--->|v3MP|<--> |TSM|<--+ | | | <--->|v3MP|<--->|TSM|<--+ | 233 | | | | +----+ | | +---+ | | | | | | +----+ | | +---+ | | 234 | | | | | | | | | | | | | | | | 235 | +-----+ +--------+ +-------+ | | +-----+ +--------+ +-------+ | 236 | ^ | | ^ | 237 | | | | | | 238 | +-+------------+ | | +-+----------+ | 239 | | | | | | | | 240 | v v | | v V | 241 | +-------------+ +-------------+ | | +-------------+ +-------------+ | 242 | | COMMAND | | NOTIFICAT. | | | | COMMAND | | NOTIFICAT. | | 243 | | RESPONDER | | ORIGINATOR | | | | GENERATOR | | RECEIVER | | 244 | | application | | application | | | | application | | application | | 245 | +-------------+ +-------------+ | | +-------------+ +-------------+ | 246 | SNMP entity | | SNMP entity | 247 +---------------------------------+ +---------------------------------+ 249 1.1. Conventions 251 For consistency with SNMP-related specifications, this document 252 favors terminology as defined in STD 62, rather than favoring 253 terminology that is consistent with non-SNMP specifications. This is 254 consistent with the IESG decision to not require the SNMPv3 255 terminology be modified to match the usage of other non-SNMP 256 specifications when SNMPv3 was advanced to Full Standard. 258 "Authentication" in this document typically refers to the English 259 meaning of "serving to prove the authenticity of" the message, not 260 data source authentication or peer identity authentication. 262 The terms "manager" and "agent" are not used in this document 263 because, in the [RFC3411] architecture, all SNMP entities have the 264 capability of acting as manager, agent, or both depending on the SNMP 265 application types supported in the implementation. Where distinction 266 is required, the application names of command generator, command 267 responder, notification originator, notification receiver, and proxy 268 forwarder are used. See "SNMP Applications" [RFC3413] for further 269 information. 271 Large portions of this document simultaneously refer to both TLS and 272 DTLS when discussing TLSTM components that function equally with 273 either protocol. "(D)TLS" is used in these places to indicate that 274 the statement applies to either or both protocols as appropriate. 275 When a distinction between the protocols is needed they are referred 276 to independently through the use of "TLS" or "DTLS". The Transport 277 Model, however, is named "TLS Transport Model" and refers not to the 278 TLS or DTLS protocol but to the specification in this document, which 279 includes support for both TLS and DTLS. 281 Throughout this document, the terms "client" and "server" are used to 282 refer to the two ends of the (D)TLS transport connection. The client 283 actively opens the (D)TLS connection, and the server passively 284 listens for the incoming (D)TLS connection. An SNMP entity may act 285 as a (D)TLS client or server or both, depending on the SNMP 286 applications supported. 288 The User-Based Security Model (USM) [RFC3414] is a mandatory-to- 289 implement Security Model in STD 62. While (D)TLS and USM frequently 290 refer to a user, the terminology preferred in RFC3411 and in this 291 memo is "principal". A principal is the "who" on whose behalf 292 services are provided or processing takes place. A principal can be, 293 among other things, an individual acting in a particular role; a set 294 of individuals, with each acting in a particular role; an application 295 or a set of applications, or a combination of these within an 296 administrative domain. 298 Throughout this document, the term "session" is used to refer to a 299 secure association between two TLS Transport Models that permits the 300 transmission of one or more SNMP messages within the lifetime of the 301 session. The (D)TLS protocols also have an internal notion of a 302 session and although these two concepts of a session are related, 303 when the term "session" is used this document is referring to the 304 TLSTM's specific session and not directly to the (D)TLS protocol's 305 session. 307 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 308 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 309 document are to be interpreted as described in [RFC2119]. 311 2. The Transport Layer Security Protocol 313 (D)TLS provides authentication, data message integrity, and privacy 314 at the transport layer. (See [RFC4347]) 316 The primary goals of the TLS Transport Model are to provide privacy, 317 peer identity authentication and data integrity between two 318 communicating SNMP entities. The TLS and DTLS protocols provide a 319 secure transport upon which the TLSTM is based. Please refer to 320 [RFC5246] and [RFC4347] for complete descriptions of the protocols. 322 3. How the TLSTM fits into the Transport Subsystem 324 A transport model is a component of the Transport Subsystem. The TLS 325 Transport Model thus fits between the underlying (D)TLS transport 326 layer and the Message Dispatcher [RFC3411] component of the SNMP 327 engine. 329 The TLS Transport Model will establish a session between itself and 330 the TLS Transport Model of another SNMP engine. The sending 331 transport model passes unencrypted and unauthenticated messages from 332 the Dispatcher to (D)TLS to be encrypted and authenticated, and the 333 receiving transport model accepts decrypted and authenticated/ 334 integrity-checked incoming messages from (D)TLS and passes them to 335 the Dispatcher. 337 After a TLS Transport Model session is established, SNMP messages can 338 conceptually be sent through the session from one SNMP message 339 Dispatcher to another SNMP Message Dispatcher. If multiple SNMP 340 messages are needed to be passed between two SNMP applications they 341 MAY be passed through the same session. A TLSTM implementation 342 engine MAY choose to close the session to conserve resources. 344 The TLS Transport Model of an SNMP engine will perform the 345 translation between (D)TLS-specific security parameters and SNMP- 346 specific, model-independent parameters. 348 The diagram below depicts where the TLS Transport Model (shown as 349 "(D)TLS TM") fits into the architecture described in RFC3411 and the 350 Transport Subsystem: 352 +------------------------------+ 353 | Network | 354 +------------------------------+ 355 ^ ^ ^ 356 | | | 357 v v v 358 +-------------------------------------------------------------------+ 359 | +--------------------------------------------------+ | 360 | | Transport Subsystem | +--------+ | 361 | | +-----+ +-----+ +-------+ +-------+ | | | | 362 | | | UDP | | SSH | |(D)TLS | . . . | other |<--->| Cache | | 363 | | | | | TM | | TM | | | | | | | 364 | | +-----+ +-----+ +-------+ +-------+ | +--------+ | 365 | +--------------------------------------------------+ ^ | 366 | ^ | | 367 | | | | 368 | Dispatcher v | | 369 | +--------------+ +---------------------+ +----------------+ | | 370 | | Transport | | Message Processing | | Security | | | 371 | | Dispatch | | Subsystem | | Subsystem | | | 372 | | | | +------------+ | | +------------+ | | | 373 | | | | +->| v1MP |<--->| | USM | | | | 374 | | | | | +------------+ | | +------------+ | | | 375 | | | | | +------------+ | | +------------+ | | | 376 | | | | +->| v2cMP |<--->| | Transport | | | | 377 | | Message | | | +------------+ | | | Security |<--+ | 378 | | Dispatch <---->| +------------+ | | | Model | | | 379 | | | | +->| v3MP |<--->| +------------+ | | 380 | | | | | +------------+ | | +------------+ | | 381 | | PDU Dispatch | | | +------------+ | | | Other | | | 382 | +--------------+ | +->| otherMP |<--->| | Model(s) | | | 383 | ^ | +------------+ | | +------------+ | | 384 | | +---------------------+ +----------------+ | 385 | v | 386 | +-------+-------------------------+---------------+ | 387 | ^ ^ ^ | 388 | | | | | 389 | v v v | 390 | +-------------+ +---------+ +--------------+ +-------------+ | 391 | | COMMAND | | ACCESS | | NOTIFICATION | | PROXY | | 392 | | RESPONDER |<->| CONTROL |<->| ORIGINATOR | | FORWARDER | | 393 | | application | | | | applications | | application | | 394 | +-------------+ +---------+ +--------------+ +-------------+ | 395 | ^ ^ | 396 | | | | 397 | v v | 398 | +----------------------------------------------+ | 399 | | MIB instrumentation | SNMP entity | 400 +-------------------------------------------------------------------+ 402 3.1. Security Capabilities of this Model 404 3.1.1. Threats 406 The TLS Transport Model provides protection against the threats 407 identified by the RFC 3411 architecture [RFC3411]: 409 1. Modification of Information - The modification threat is the 410 danger that an unauthorized entity may alter in-transit SNMP 411 messages generated on behalf of an authorized principal in such a 412 way as to effect unauthorized management operations, including 413 falsifying the value of an object. 415 (D)TLS provides verification that the content of each received 416 message has not been modified during its transmission through the 417 network, data has not been altered or destroyed in an 418 unauthorized manner, and data sequences have not been altered to 419 an extent greater than can occur non-maliciously. 421 2. Masquerade - The masquerade threat is the danger that management 422 operations unauthorized for a given principal may be attempted by 423 assuming the identity of another principal that has the 424 appropriate authorizations. 426 The TLSTM verifies of the identity of the (D)TLS server through 427 the use of the (D)TLS protocol and X.509 certificates. A TLS 428 Transport Model implementation MUST support authentication of 429 both the server and the client. 431 3. Message stream modification - The re-ordering, delay or replay of 432 messages can and does occur through the natural operation of many 433 connectionless transport services. The message stream 434 modification threat is the danger that messages may be 435 maliciously re-ordered, delayed or replayed to an extent which is 436 greater than can occur through the natural operation of 437 connectionless transport services, in order to effect 438 unauthorized management operations. 440 (D)TLS provides replay protection with a MAC that includes a 441 sequence number. Since UDP provides no sequencing ability, DTLS 442 uses a sliding window protocol with the sequence number used for 443 replay protection (see [RFC4347]). 445 4. Disclosure - The disclosure threat is the danger of eavesdropping 446 on the exchanges between SNMP engines. 448 (D)TLS provides protection against the disclosure of information 449 to unauthorized recipients or eavesdroppers by allowing for 450 encryption of all traffic between SNMP engines. A TLS Transport 451 Model implementation MUST support message encryption to protect 452 sensitive data from eavesdropping attacks. 454 5. Denial of Service - the RFC 3411 architecture [RFC3411] states 455 that denial of service (DoS) attacks need not be addressed by an 456 SNMP security protocol. However, connectionless transports (like 457 DTLS over UDP) are susceptible to a variety of denial of service 458 attacks because they are more vulnerable to spoofed IP addresses. 459 See Section 4.2 for details how the cookie mechanism is used. 460 Note, however, that this mechanism does not provide any defense 461 against denial of service attacks mounted from valid IP 462 addresses. 464 See Section 9 for more detail on the security considerations 465 associated with the TLSTM and these security threats. 467 3.1.2. Message Protection 469 The RFC 3411 architecture recognizes three levels of security: 471 o without authentication and without privacy (noAuthNoPriv) 473 o with authentication but without privacy (authNoPriv) 475 o with authentication and with privacy (authPriv) 477 The TLS Transport Model determines from (D)TLS the identity of the 478 authenticated principal, the transport type and the transport address 479 associated with an incoming message. The TLS Transport Model 480 provides the identity and destination type and address to (D)TLS for 481 outgoing messages. 483 When an application requests a session for a message it also requests 484 a security level for that session. The TLS Transport Model MUST 485 ensure that the (D)TLS connection provides security at least as high 486 as the requested level of security. How the security level is 487 translated into the algorithms used to provide data integrity and 488 privacy is implementation-dependent. However, the NULL integrity and 489 encryption algorithms MUST NOT be used to fulfill security level 490 requests for authentication or privacy. Implementations MAY choose 491 to force (D)TLS to only allow cipher_suites that provide both 492 authentication and privacy to guarantee this assertion. 494 If a suitable interface between the TLS Transport Model and the 495 (D)TLS Handshake Protocol is implemented to allow the selection of 496 security level dependent algorithms (for example a security level to 497 cipher_suites mapping table) then different security levels may be 498 utilized by the application. 500 The authentication, integrity and privacy algorithms used by the 501 (D)TLS Protocols may vary over time as the science of cryptography 502 continues to evolve and the development of (D)TLS continues over 503 time. Implementers are encouraged to plan for changes in operator 504 trust of particular algorithms. Implementations SHOULD offer 505 configuration settings for mapping algorithms to SNMPv3 security 506 levels. 508 3.1.3. (D)TLS Connections 510 (D)TLS connections are opened by the TLS Transport Model during the 511 elements of procedure for an outgoing SNMP message. Since the sender 512 of a message initiates the creation of a (D)TLS connection if needed, 513 the (D)TLS connection will already exist for an incoming message. 515 Implementations MAY choose to instantiate (D)TLS connections in 516 anticipation of outgoing messages. This approach might be useful to 517 ensure that a (D)TLS connection to a given target can be established 518 before it becomes important to send a message over the (D)TLS 519 connection. Of course, there is no guarantee that a pre-established 520 session will still be valid when needed. 522 DTLS connections, when used over UDP, are uniquely identified within 523 the TLS Transport Model by the combination of transportDomain, 524 transportAddress, tmSecurityName, and requestedSecurityLevel 525 associated with each session. Each unique combination of these 526 parameters MUST have a locally-chosen unique tlstmSessionID for each 527 active session. For further information see Section 5. TLS over TCP 528 sessions, on the other hand, do not require a unique pairing of 529 address and port attributes since their lower layer protocols (TCP) 530 already provide adequate session framing. But they must still 531 provide a unique tlstmSessionID for referencing the session. 533 The tlstmSessionID identifier MUST NOT change during the entire 534 duration of the session from the TLSTM's perspective, and MUST 535 uniquely identify a single session. As an implementation hint: note 536 that the (D)TLS internal SessionID does not meet these requirements, 537 since it can change over the life of the connection as seen by the 538 TLSTM (for example, during renegotiation), and does not necessarily 539 uniquely identify a TLSTM session (there can be multiple TLSTM 540 sessions sharing the same D(TLS) internal SessionID). 542 3.2. Security Parameter Passing 544 For the (D)TLS server-side, (D)TLS-specific security parameters 545 (i.e., cipher_suites, X.509 certificate fields, IP address and port) 546 are translated by the TLS Transport Model into security parameters 547 for the TLS Transport Model and security model (e.g., 548 tmSecurityLevel, tmSecurityName, transportDomain, transportAddress). 549 The transport-related and (D)TLS-security-related information, 550 including the authenticated identity, are stored in a cache 551 referenced by tmStateReference. 553 For the (D)TLS client-side, the TLS Transport Model takes input 554 provided by the Dispatcher in the sendMessage() Abstract Service 555 Interface (ASI) and input from the tmStateReference cache. The 556 (D)TLS Transport Model converts that information into suitable 557 security parameters for (D)TLS and establishes sessions as needed. 559 The elements of procedure in Section 5 discuss these concepts in much 560 greater detail. 562 3.3. Notifications and Proxy 564 (D)TLS connections may be initiated by (D)TLS clients on behalf of 565 SNMP appplications that initiate communications, such as command 566 generators, notification originators, proxy forwarders. Command 567 generators are frequently operated by a human, but notification 568 originators and proxy forwarders are usually unmanned automated 569 processes. The targets to whom notifications and proxied requests 570 should be sent is typically determined and configured by a network 571 administrator. 573 The SNMP-TARGET-MIB module [RFC3413] contains objects for defining 574 management targets, including transportDomain, transportAddress, 575 securityName, securityModel, and securityLevel parameters, for 576 notification originator, proxy forwarder, and SNMP-controllable 577 command generator applications. Transport domains and transport 578 addresses are configured in the snmpTargetAddrTable, and the 579 securityModel, securityName, and securityLevel parameters are 580 configured in the snmpTargetParamsTable. This document defines a MIB 581 module that extends the SNMP-TARGET-MIB's snmpTargetParamsTable to 582 specify a (D)TLS client-side certificate to use for the connection. 584 When configuring a (D)TLS target, the snmpTargetAddrTDomain and 585 snmpTargetAddrTAddress parameters in snmpTargetAddrTable SHOULD be 586 set to the snmpTLSTCPDomain or snmpDTLSUDPDomain object and an 587 appropriate snmpTLSAddress value. When used with the SNMPv3 message 588 processing model, the snmpTargetParamsMPModel column of the 589 snmpTargetParamsTable SHOULD be set to a value of 3. The 590 snmpTargetParamsSecurityName SHOULD be set to an appropriate 591 securityName value and the snmpTlstmParamsClientFingerprint parameter 592 of the snmpTlstmParamsTable SHOULD be set a value that refers to a 593 locally held certificate (and the corresponding private key) to be 594 used. Other parameters, for example cryptographic configuration such 595 as which cipher suites to use, must come from configuration 596 mechanisms not defined in this document. 598 The securityName defined in the snmpTargetParamsSecurityName column 599 will be used by the access control model to authorize any 600 notifications that need to be sent. 602 4. Elements of the Model 604 This section contains definitions required to realize the (D)TLS 605 Transport Model defined by this document. 607 4.1. X.509 Certificates 609 (D)TLS can make use of X.509 certificates for authentication of both 610 sides of the transport. This section discusses the use of X.509 611 certificates in the TLSTM. 613 While (D)TLS supports multiple authentication mechanisms, this 614 document only discusses X.509 certificate based authentication; other 615 forms of authentication are outside the scope of this specification. 616 TLSTM implementations are REQUIRED to support X.509 certificates. 618 4.1.1. Provisioning for the Certificate 620 Authentication using (D)TLS will require that SNMP entities have 621 certificates, either signed by trusted certification authorities, or 622 self-signed. Furthermore, SNMP entities will most commonly need to 623 be provisioned with root certificates which represent the list of 624 trusted certificate authorities that an SNMP entity can use for 625 certificate verification. SNMP entities SHOULD also be provisioned 626 with a X.509 certificate revocation mechanism which can be used to 627 verify that a certificate has not been revoked. Trusted public keys 628 from either CA certificates and/or self-signed certificates MUST be 629 installed into the server through a trusted out of band mechanism and 630 their authenticity MUST be verified before access is granted. 632 Having received a certificate from a connecting TLSTM client, the 633 authenticated tmSecurityName of the principal is derived using the 634 snmpTlstmCertToTSNTable. This table allows mapping of incoming 635 connections to tmSecurityNames through defined transformations. The 636 transformations defined in the SNMP-TLS-TM-MIB include: 638 o Mapping a certificate's subjectAltName or CommonName components to 639 a tmSecurityName, or 641 o Mapping a certificate's fingerprint value to a directly specified 642 tmSecurityName 644 As an implementation hint: implementations may choose to discard any 645 connections for which no potential snmpTlstmCertToTSNTable mapping 646 exists before performing certificate verification to avoid expending 647 computational resources associated with certificate verification. 649 Deployments SHOULD map the "subjectAltName" component of X.509 650 certificates to the TLSTM specific tmSecurityNames. The 651 authenticated identity can be obtained by the TLS Transport Model by 652 extracting the subjectAltName(s) from the peer's certificate. The 653 receiving application will then have an appropriate tmSecurityName 654 for use by other SNMPv3 components like an access control model. 656 An example of this type of mapping setup can be found in Appendix A. 658 This tmSecurityName may be later translated from a TLSTM specific 659 tmSecurityName to a SNMP engine securityName by the security model. 660 A security model, like the TSM security model [RFC5591], may perform 661 an identity mapping or a more complex mapping to derive the 662 securityName from the tmSecurityName offered by the TLS Transport 663 Model. 665 The standard VACM access control model constrains securityNames to be 666 32 octets or less in length. A TLSTM generated tmSecurityName, 667 possibly in combination with a messaging or security model that 668 increases the length of the securityName, might cause the 669 securityName length to exceed 32 octets. For example, a 32 octet 670 tmSecurityName derived from an IPv6 address, paired with a TSM 671 prefix, will generate a 36 octet securityName. Such a securityName 672 will not be able to be used with standard VACM or TARGET MIB modules. 673 Operators should be careful to select algorithms and subjectAltNames 674 to avoid this situation. 676 A pictorial view of the complete transformation process (using the 677 TSM security model for the example) is shown below: 679 +-------------+ +-------+ +-----+ 680 | Certificate | | | | | 681 | Path | | TLSTM | tmSecurityName | TSM | 682 | Validation | --> | | ----------------->| | 683 +-------------+ +-------+ +-----+ 684 | 685 | securityName 686 V 687 +-------------+ 688 | application | 689 +-------------+ 691 4.2. (D)TLS Usage 693 (D)TLS MUST negotiate a cipher suite that uses X.509 certificates for 694 authentication, and MUST authenticate both the client and the server. 695 The mandatory-to-implement cipher suite is specified in the TLS 696 specification [RFC5246]. 698 TLSTM verifies the certificates when the connection is opened (see 699 Section 5.3). For this reason, TLS renegotiation with different 700 certificates MUST NOT be done. That is, implementations MUST either 701 disable renegotiation completely (RECOMMENDED), or MUST present the 702 same certificate during renegotiation (and MUST verify that the other 703 end presented the same certificate). 705 For DTLS over UDP, each SNMP message MUST be placed in a single UDP 706 datagram; it MAY be split to multiple DTLS records. In other words, 707 if a single datagram contains multiple DTLS application_data records, 708 they are concatenated when received. The TLSTM implementation SHOULD 709 return an error if the SNMP message does not fit in the UDP datagram, 710 and thus cannot be sent. 712 For DTLS over UDP, the DTLS server implementation MUST support DTLS 713 cookies ([RFC4347] already requires that clients support DTLS 714 cookies). Implementations are not required to perform the cookie 715 exchange for every DTLS handshake; however, enabling it by default is 716 RECOMMENDED. 718 For DTLS, replay protection MUST be used. 720 4.3. SNMP Services 722 This section describes the services provided by the TLS Transport 723 Model with their inputs and outputs. The services are between the 724 Transport Model and the Dispatcher. 726 The services are described as primitives of an abstract service 727 interface (ASI) and the inputs and outputs are described as abstract 728 data elements as they are passed in these abstract service 729 primitives. 731 4.3.1. SNMP Services for an Outgoing Message 733 The Dispatcher passes the information to the TLS Transport Model 734 using the ASI defined in the transport subsystem: 736 statusInformation = 737 sendMessage( 738 IN destTransportDomain -- transport domain to be used 739 IN destTransportAddress -- transport address to be used 740 IN outgoingMessage -- the message to send 741 IN outgoingMessageLength -- its length 742 IN tmStateReference -- reference to transport state 743 ) 745 The abstract data elements returned from or passed as parameters into 746 the abstract service primitives are as follows: 748 statusInformation: An indication of whether the sending of the 749 message was successful. If not, it is an indication of the 750 problem. 752 destTransportDomain: The transport domain for the associated 753 destTransportAddress. The Transport Model uses this parameter to 754 determine the transport type of the associated 755 destTransportAddress. This document specifies the 756 snmpTLSTCPDomain and the snmpDTLSUDPDomain transport domains. 758 destTransportAddress: The transport address of the destination TLS 759 Transport Model in a format specified by the SnmpTLSAddress 760 TEXTUAL-CONVENTION. 762 outgoingMessage: The outgoing message to send to (D)TLS for 763 encapsulation and transmission. 765 outgoingMessageLength: The length of the outgoingMessage. 767 tmStateReference: A reference used to pass model-specific and 768 mechanism-specific parameters between the Transport Subsystem and 769 transport-aware Security Models. 771 4.3.2. SNMP Services for an Incoming Message 773 The TLS Transport Model processes the received message from the 774 network using the (D)TLS service and then passes it to the Dispatcher 775 using the following ASI: 777 statusInformation = 778 receiveMessage( 779 IN transportDomain -- origin transport domain 780 IN transportAddress -- origin transport address 781 IN incomingMessage -- the message received 782 IN incomingMessageLength -- its length 783 IN tmStateReference -- reference to transport state 784 ) 786 The abstract data elements returned from or passed as parameters into 787 the abstract service primitives are as follows: 789 statusInformation: An indication of whether the passing of the 790 message was successful. If not, it is an indication of the 791 problem. 793 transportDomain: The transport domain for the associated 794 transportAddress. This document specifies the snmpTLSTCPDomain 795 and the snmpDTLSUDPDomain transport domains. 797 transportAddress: The transport address of the source of the 798 received message in a format specified by the SnmpTLSAddress 799 TEXTUAL-CONVENTION. 801 incomingMessage: The whole SNMP message after being processed by 802 (D)TLS. 804 incomingMessageLength: The length of the incomingMessage. 806 tmStateReference: A reference used to pass model-specific and 807 mechanism-specific parameters between the Transport Subsystem and 808 transport-aware Security Models. 810 4.4. Cached Information and References 812 When performing SNMP processing, there are two levels of state 813 information that may need to be retained: the immediate state linking 814 a request-response pair, and potentially longer-term state relating 815 to transport and security. "Transport Subsystem for the Simple 816 Network Management Protocol" [RFC5590] defines general requirements 817 for caches and references. 819 4.4.1. TLS Transport Model Cached Information 821 The TLS Transport Model has specific responsibilities regarding the 822 cached information. See the Elements of Procedure in Section 5 for 823 detailed processing instructions on the use of the tmStateReference 824 fields by the TLS Transport Model. 826 4.4.1.1. tmSecurityName 828 The tmSecurityName MUST be a human-readable name (in snmpAdminString 829 format) representing the identity that has been set according to the 830 procedures in Section 5. The tmSecurityName MUST be constant for all 831 traffic passing through a single TLSTM session. Messages MUST NOT be 832 sent through an existing (D)TLS connection that was established using 833 a different tmSecurityName. 835 On the (D)TLS server side of a connection the tmSecurityName is 836 derived using the procedures described in Section 5.3.2 and the SNMP- 837 TLS-TM-MIB's snmpTlstmCertToTSNTable DESCRIPTION clause. 839 On the (D)TLS client side of a connection the tmSecurityName is 840 presented to the TLS Transport Model by the application (possibly 841 because of configuration specified in the SNMP-TARGET-MIB). The 842 Security Model likely derived the tmSecurityName from the 843 securityName presented to the Security Model by the application 844 (possibly because of configuration specified in the SNMP-TARGET-MIB). 846 Transport-model-aware security models derive tmSecurityName from a 847 securityName, possibly configured in MIB modules for notifications 848 and access controls. Transport Models SHOULD use predictable 849 tmSecurityNames so operators will know what to use when configuring 850 MIB modules that use securityNames derived from tmSecurityNames. The 851 TLSTM generates predictable tmSecurityNames based on the 852 configuration found in the SNMP-TLS-TM-MIB's snmpTlstmCertToTSNTable 853 and relies on the network operators to have configured this table 854 appropriately. 856 4.4.1.2. tmSessionID 858 The tmSessionID MUST be recorded per message at the time of receipt. 859 When tmSameSecurity is set, the recorded tmSessionID can be used to 860 determine whether the (D)TLS connection available for sending a 861 corresponding outgoing message is the same (D)TLS connection as was 862 used when receiving the incoming message (e.g., a response to a 863 request). 865 4.4.1.3. Session State 867 The per-session state that is referenced by tmStateReference may be 868 saved across multiple messages in a Local Configuration Datastore. 869 Additional session/connection state information might also be stored 870 in a Local Configuration Datastore. 872 5. Elements of Procedure 874 Abstract service interfaces have been defined by [RFC3411] and 875 further augmented by [RFC5590] to describe the conceptual data flows 876 between the various subsystems within an SNMP entity. The TLSTM uses 877 some of these conceptual data flows when communicating between 878 subsystems. 880 To simplify the elements of procedure, the release of state 881 information is not always explicitly specified. As a general rule, 882 if state information is available when a message gets discarded, the 883 message-state information should also be released. If state 884 information is available when a session is closed, the session state 885 information should also be released. Sensitive information, like 886 cryptographic keys, should be overwritten appropriately prior to 887 being released. 889 An error indication in statusInformation will typically include the 890 Object Identifier (OID) and value for an incremented error counter. 891 This may be accompanied by the requested securityLevel and the 892 tmStateReference. Per-message context information is not accessible 893 to Transport Models, so for the returned counter OID and value, 894 contextEngine would be set to the local value of snmpEngineID and 895 contextName to the default context for error counters. 897 5.1. Procedures for an Incoming Message 899 This section describes the procedures followed by the (D)TLS 900 Transport Model when it receives a (D)TLS protected packet. The 901 required functionality is broken into two different sections. 903 Section 5.1.1 describes the processing required for de-multiplexing 904 multiple DTLS connections, which is specifically needed for DTLS over 905 UDP sessions. It is assumed that TLS protocol implementations 906 already provide appropriate message demultiplexing. 908 Section 5.1.2 describes the transport processing required once the 909 (D)TLS processing has been completed. This will be needed for all 910 (D)TLS-based connections. 912 5.1.1. DTLS over UDP Processing for Incoming Messages 914 Demultiplexing of incoming packets into separate DTLS sessions MUST 915 be implemented. For connection-oriented transport protocols, such as 916 TCP, the transport protocol takes care of demultiplexing incoming 917 packets to the right connection. Depending on the DTLS 918 implementation, for DTLS over UDP, this demultiplexing will either 919 need to be done within the TLS implementation or by the TLSTM 920 implementation. 922 Like TCP, DTLS over UDP uses the four-tuple for identifying the connection 924 (and relevant DTLS connection state). This means that when 925 establishing a new session, implementations MUST use a different UDP 926 source port number for each active connection to a remote destination 927 IP-address/port-number combination to ensure the remote entity can 928 disambiguate between multiple connections. 930 If demultiplexing received UDP datagrams to DTLS connection state is 931 done by the TLSTM implementation (instead of the DTLS 932 implementation), the steps below describe one possible method to 933 accomplish this. 935 The important output results from the steps in this process are the 936 remote transport address, incomingMessage, incomingMessageLength, and 937 the tlstmSessionID. 939 1) The TLS Transport Model examines the raw UDP message, in an 940 implementation-dependent manner. 942 2) The TLS Transport Model queries the Local Configuration Datastore 943 (LCD) (see [RFC3411] Section 3.4.2) using the transport 944 parameters (source and destination IP addresses and ports) to 945 determine if a session already exists. 947 2a) If a matching entry in the LCD does not exist, then the UDP 948 packet is passed to the DTLS implementation for processing. 949 If the DTLS implementation decides to continue with the 950 connection and allocate state for it, it returns a new DTLS 951 connection handle (an implementation dependent detail). In 952 this case, TLSTM selects a new tlstmSessionId, and caches 953 this and the DTLS connection handle as a new entry in the 954 LCD (indexed by the transport parameters). If the DTLS 955 implementation returns an error or does not allocate 956 connection state (which can happen with the stateless cookie 957 exchange), processing stops. 959 2b) If a session does exist in the LCD then its DTLS connection 960 handle (an implementation dependent detail) and its 961 tlstmSessionId is extracted from the LCD. The UDP packet 962 and the connection handle is passed to the DTLS 963 implementation. If the DTLS implementation returns success 964 but does not return an incomingMessage and an 965 incomingMessageLength then processing stops (this is the 966 case when the UDP datagram contained DTLS handshake 967 messages, for example). If the DTLS implementation returns 968 an error then processing stops. 970 3) Retrieve the incomingMessage and an incomingMessageLength from 971 DTLS. These results and the tlstmSessionID are used below in 972 Section 5.1.2 to complete the processing of the incoming message. 974 5.1.2. Transport Processing for Incoming SNMP Messages 976 The procedures in this section describe how the TLS Transport Model 977 should process messages that have already been properly extracted 978 from the (D)TLS stream. Note that care must be taken when processing 979 messages originating from either TLS or DTLS to ensure they're 980 complete and single. For example, multiple SNMP messages can be 981 passed through a single DTLS message and partial SNMP messages may be 982 received from a TLS stream. These steps describe the processing of a 983 singular SNMP message after it has been delivered from the (D)TLS 984 stream. 986 1) Determine the tlstmSessionID for the incoming message. The 987 tlstmSessionID MUST be a unique session identifier for this 988 (D)TLS connection. The contents and format of this identifier 989 are implementation-dependent as long as it is unique to the 990 session. A session identifier MUST NOT be reused until all 991 references to it are no longer in use. The tmSessionID is equal 992 to the tlstmSessionID discussed in Section 5.1.1. tmSessionID 993 refers to the session identifier when stored in the 994 tmStateReference and tlstmSessionID refers to the session 995 identifier when stored in the LCD. They MUST always be equal 996 when processing a given session's traffic. 998 If this is the first message received through this session and 999 the session does not have an assigned tlstmSessionID yet then the 1000 snmpTlstmSessionAccepts counter is incremented and a 1001 tlstmSessionID for the session is created. This will only happen 1002 on the server side of a connection because a client would have 1003 already assigned a tlstmSessionID during the openSession() 1004 invocation. Implementations may have performed the procedures 1005 described in Section 5.3.2 prior to this point or they may 1006 perform them now, but the procedures described in Section 5.3.2 1007 MUST be performed before continuing beyond this point. 1009 2) Create a tmStateReference cache for the subsequent reference and 1010 assign the following values within it: 1012 tmTransportDomain = snmpTLSTCPDomain or snmpDTLSUDPDomain as 1013 appropriate. 1015 tmTransportAddress = The address the message originated from. 1017 tmSecurityLevel = The derived tmSecurityLevel for the session, 1018 as discussed in Section 3.1.2 and Section 5.3. 1020 tmSecurityName = The derived tmSecurityName for the session as 1021 discussed in Section 5.3. This value MUST be constant during 1022 the lifetime of the session. 1024 tmSessionID = The tlstmSessionID described in step 1 above. 1026 3) The incomingMessage and incomingMessageLength are assigned values 1027 from the (D)TLS processing. 1029 4) The TLS Transport Model passes the transportDomain, 1030 transportAddress, incomingMessage, and incomingMessageLength to 1031 the Dispatcher using the receiveMessage ASI: 1033 statusInformation = 1034 receiveMessage( 1035 IN transportDomain -- snmpTLSTCPDomain or snmpDTLSUDPDomain, 1036 IN transportAddress -- address for the received message 1037 IN incomingMessage -- the whole SNMP message from (D)TLS 1038 IN incomingMessageLength -- the length of the SNMP message 1039 IN tmStateReference -- transport info 1040 ) 1042 5.2. Procedures for an Outgoing SNMP Message 1044 The Dispatcher sends a message to the TLS Transport Model using the 1045 following ASI: 1047 statusInformation = 1048 sendMessage( 1049 IN destTransportDomain -- transport domain to be used 1050 IN destTransportAddress -- transport address to be used 1051 IN outgoingMessage -- the message to send 1052 IN outgoingMessageLength -- its length 1053 IN tmStateReference -- transport info 1054 ) 1056 This section describes the procedure followed by the TLS Transport 1057 Model whenever it is requested through this ASI to send a message. 1059 1) If tmStateReference does not refer to a cache containing values 1060 for tmTransportDomain, tmTransportAddress, tmSecurityName, 1061 tmRequestedSecurityLevel, and tmSameSecurity, then increment the 1062 snmpTlstmSessionInvalidCaches counter, discard the message, and 1063 return the error indication in the statusInformation. Processing 1064 of this message stops. 1066 2) Extract the tmSessionID, tmTransportDomain, tmTransportAddress, 1067 tmSecurityName, tmRequestedSecurityLevel, and tmSameSecurity 1068 values from the tmStateReference. Note: The tmSessionID value 1069 may be undefined if no session exists yet over which the message 1070 can be sent. 1072 3) If tmSameSecurity is true and either tmSessionID is undefined or 1073 refers to a session that is no longer open then increment the 1074 snmpTlstmSessionNoSessions counter, discard the message and 1075 return the error indication in the statusInformation. Processing 1076 of this message stops. 1078 4) If tmSameSecurity is false and tmSessionID refers to a session 1079 that is no longer available then an implementation SHOULD open a 1080 new session using the openSession() ASI (described in greater 1081 detail in step 5b). Instead of opening a new session an 1082 implementation MAY return a snmpTlstmSessionNoSessions error to 1083 the calling module and stop processing of the message. 1085 5) If tmSessionID is undefined, then use tmTransportDomain, 1086 tmTransportAddress, tmSecurityName and tmRequestedSecurityLevel 1087 to see if there is a corresponding entry in the LCD suitable to 1088 send the message over. 1090 5a) If there is a corresponding LCD entry, then this session 1091 will be used to send the message. 1093 5b) If there is no corresponding LCD entry, then open a session 1094 using the openSession() ASI (discussed further in 1095 Section 5.3.1). Implementations MAY wish to offer message 1096 buffering to prevent redundant openSession() calls for the 1097 same cache entry. If an error is returned from 1098 openSession(), then discard the message, discard the 1099 tmStateReference, increment the snmpTlstmSessionOpenErrors, 1100 return an error indication to the calling module and stop 1101 processing of the message. 1103 6) Using either the session indicated by the tmSessionID if there 1104 was one or the session resulting from a previous step (4 or 5), 1105 pass the outgoingMessage to (D)TLS for encapsulation and 1106 transmission. 1108 5.3. Establishing or Accepting a Session 1110 Establishing a (D)TLS connection as either a client or a server 1111 requires slightly different processing. The following two sections 1112 describe the necessary processing steps. 1114 5.3.1. Establishing a Session as a Client 1116 The TLS Transport Model provides the following primitive for use by a 1117 client to establish a new (D)TLS connection: 1119 statusInformation = -- errorIndication or success 1120 openSession( 1121 IN tmStateReference -- transport information to be used 1122 OUT tmStateReference -- transport information to be used 1123 IN maxMessageSize -- of the sending SNMP entity 1124 ) 1126 The following describes the procedure to follow when establishing a 1127 SNMP over (D)TLS connection between SNMP engines for exchanging SNMP 1128 messages. This process is followed by any SNMP client's engine when 1129 establishing a session for subsequent use. 1131 This procedure MAY be done automatically for an SNMP application that 1132 initiates a transaction, such as a command generator, a notification 1133 originator, or a proxy forwarder. 1135 1) The snmpTlstmSessionOpens counter is incremented. 1137 2) The client selects the appropriate certificate and cipher_suites 1138 for the key agreement based on the tmSecurityName and the 1139 tmRequestedSecurityLevel for the session. For sessions being 1140 established as a result of a SNMP-TARGET-MIB based operation, the 1141 certificate will potentially have been identified via the 1142 snmpTlstmParamsTable mapping and the cipher_suites will have to 1143 be taken from system-wide or implementation-specific 1144 configuration. If no row in the snmpTlstmParamsTable exists then 1145 implementations MAY choose to establish the connection using a 1146 default client certificate available to the application. 1147 Otherwise, the certificate and appropriate cipher_suites will 1148 need to be passed to the openSession() ASI as supplemental 1149 information or configured through an implementation-dependent 1150 mechanism. It is also implementation-dependent and possibly 1151 policy-dependent how tmRequestedSecurityLevel will be used to 1152 influence the security capabilities provided by the (D)TLS 1153 connection. However this is done, the security capabilities 1154 provided by (D)TLS MUST be at least as high as the level of 1155 security indicated by the tmRequestedSecurityLevel parameter. 1156 The actual security level of the session is reported in the 1157 tmStateReference cache as tmSecurityLevel. For (D)TLS to provide 1158 strong authentication, each principal acting as a command 1159 generator SHOULD have its own certificate. 1161 3) Using the destTransportDomain and destTransportAddress values, 1162 the client will initiate the (D)TLS handshake protocol to 1163 establish session keys for message integrity and encryption. 1165 If the attempt to establish a session is unsuccessful, then 1166 snmpTlstmSessionOpenErrors is incremented, an error indication is 1167 returned, and processing stops. If the session failed to open 1168 because the presented server certificate was unknown or invalid 1169 then the snmpTlstmSessionUnknownServerCertificate or 1170 snmpTlstmSessionInvalidServerCertificates MUST be incremented and 1171 a snmpTlstmServerCertificateUnknown or 1172 snmpTlstmServerInvalidCertificate notification SHOULD be sent as 1173 appropriate. Reasons for server certificate invalidation 1174 includes, but is not limited to, cryptographic validation 1175 failures and an unexpected presented certificate identity. 1177 4) The (D)TLS client MUST then verify that the (D)TLS server's 1178 presented certificate is the expected certificate. The (D)TLS 1179 client MUST NOT transmit SNMP messages until the server 1180 certificate has been authenticated, the client certificate has 1181 been transmitted and the TLS connection has been fully 1182 established. 1184 If the connection is being established from configuration based 1185 on SNMP-TARGET-MIB configuration, then the snmpTlstmAddrTable 1186 DESCRIPTION clause describes how the verification is done (using 1187 either a certificate fingerprint, or an identity authenticated 1188 via certification path validation). 1190 If the connection is being established for reasons other than 1191 configuration found in the SNMP-TARGET-MIB then configuration and 1192 procedures outside the scope of this document should be followed. 1193 Configuration mechanisms SHOULD be similar in nature to those 1194 defined in the snmpTlstmAddrTable to ensure consistency across 1195 management configuration systems. For example, a command-line 1196 tool for generating SNMP GETs might support specifying either the 1197 server's certificate fingerprint or the expected host name as a 1198 command line argument. 1200 5) (D)TLS provides assurance that the authenticated identity has 1201 been signed by a trusted configured certification authority. If 1202 verification of the server's certificate fails in any way (for 1203 example because of failures in cryptographic verification or the 1204 presented identity did not match the expected named entity) then 1205 the session establishment MUST fail, the 1206 snmpTlstmSessionInvalidServerCertificates object is incremented. 1207 If the session can not be opened for any reason at all, including 1208 cryptographic verification failures and snmpTlstmCertToTSNTable 1209 lookup failures, then the snmpTlstmSessionOpenErrors counter is 1210 incremented and processing stops. 1212 6) The TLSTM-specific session identifier (tlstmSessionID) is set in 1213 the tmSessionID of the tmStateReference passed to the TLS 1214 Transport Model to indicate that the session has been established 1215 successfully and to point to a specific (D)TLS connection for 1216 future use. The tlstmSessionID is also stored in the LCD for 1217 later lookup during processing of incoming messages 1218 (Section 5.1.2). 1220 5.3.2. Accepting a Session as a Server 1222 A (D)TLS server should accept new session connections from any client 1223 that it is able to verify the client's credentials for. This is done 1224 by authenticating the client's presented certificate through a 1225 certificate path validation process (e.g. [RFC5280]) or through 1226 certificate fingerprint verification using fingerprints configured in 1227 the snmpTlstmCertToTSNTable. Afterward the server will determine the 1228 identity of the remote entity using the following procedures. 1230 The (D)TLS server identifies the authenticated identity from the 1231 (D)TLS client's principal certificate using configuration information 1232 from the snmpTlstmCertToTSNTable mapping table. The (D)TLS server 1233 MUST request and expect a certificate from the client and MUST NOT 1234 accept SNMP messages over the (D)TLS connection until the client has 1235 sent a certificate and it has been authenticated. The resulting 1236 derived tmSecurityName is recorded in the tmStateReference cache as 1237 tmSecurityName. The details of the lookup process are fully 1238 described in the DESCRIPTION clause of the snmpTlstmCertToTSNTable 1239 MIB object. If any verification fails in any way (for example 1240 because of failures in cryptographic verification or because of the 1241 lack of an appropriate row in the snmpTlstmCertToTSNTable) then the 1242 session establishment MUST fail, and the 1243 snmpTlstmSessionInvalidClientCertificates object is incremented. If 1244 the session can not be opened for any reason at all, including 1245 cryptographic verification failures, then the 1246 snmpTlstmSessionOpenErrors counter is incremented and processing 1247 stops. 1249 Servers that wish to support multiple principals at a particular port 1250 SHOULD make use of a (D)TLS extension that allows server-side 1251 principal selection like the Server Name Indication extension defined 1252 in Section 3.1 of [RFC4366]. Supporting this will allow, for 1253 example, sending notifications to a specific principal at a given TCP 1254 or UDP port. 1256 5.4. Closing a Session 1258 The TLS Transport Model provides the following primitive to close a 1259 session: 1261 statusInformation = 1262 closeSession( 1263 IN tmSessionID -- session ID of the session to be closed 1264 ) 1266 The following describes the procedure to follow to close a session 1267 between a client and server. This process is followed by any SNMP 1268 engine closing the corresponding SNMP session. 1270 1) Increment either the snmpTlstmSessionClientCloses or the 1271 snmpTlstmSessionServerCloses counter as appropriate. 1273 2) Look up the session using the tmSessionID. 1275 3) If there is no open session associated with the tmSessionID, then 1276 closeSession processing is completed. 1278 4) Have (D)TLS close the specified connection. This MUST include 1279 sending a close_notify TLS Alert to inform the other side that 1280 session cleanup may be performed. 1282 6. MIB Module Overview 1284 This MIB module provides management of the TLS Transport Model. It 1285 defines needed textual conventions, statistical counters, 1286 notifications and configuration infrastructure necessary for session 1287 establishment. Example usage of the configuration tables can be 1288 found in Appendix A. 1290 6.1. Structure of the MIB Module 1292 Objects in this MIB module are arranged into subtrees. Each subtree 1293 is organized as a set of related objects. The overall structure and 1294 assignment of objects to their subtrees, and the intended purpose of 1295 each subtree, is shown below. 1297 6.2. Textual Conventions 1299 Generic and Common Textual Conventions used in this module can be 1300 found summarized at http://www.ops.ietf.org/mib-common-tcs.html 1302 This module defines the following new Textual Conventions: 1304 o A new TransportAddress format for describing (D)TLS connection 1305 addressing requirements. 1307 o A certificate fingerprint allowing MIB module objects to 1308 generically refer to a stored X.509 certificate using a 1309 cryptographic hash as a reference pointer. 1311 6.3. Statistical Counters 1313 The SNMP-TLS-TM-MIB defines counters that provide network management 1314 stations with information about session usage and potential errors 1315 that a device may be experiencing. 1317 6.4. Configuration Tables 1319 The SNMP-TLS-TM-MIB defines configuration tables that an 1320 administrator can use for configuring a device for sending and 1321 receiving SNMP messages over (D)TLS. In particular, there are MIB 1322 tables that extend the SNMP-TARGET-MIB for configuring (D)TLS 1323 certificate usage and a MIB table for mapping incoming (D)TLS client 1324 certificates to SNMPv3 securityNames. 1326 6.4.1. Notifications 1328 The SNMP-TLS-TM-MIB defines notifications to alert management 1329 stations when a (D)TLS connection fails because a server's presented 1330 certificate did not meet an expected value 1331 (snmpTlstmServerCertificateUnknown) or because cryptographic 1332 validation failed (snmpTlstmServerInvalidCertificate). 1334 6.5. Relationship to Other MIB Modules 1336 Some management objects defined in other MIB modules are applicable 1337 to an entity implementing the TLS Transport Model. In particular, it 1338 is assumed that an entity implementing the SNMP-TLS-TM-MIB will 1339 implement the SNMPv2-MIB [RFC3418], the SNMP-FRAMEWORK-MIB [RFC3411], 1340 the SNMP-TARGET-MIB [RFC3413], the SNMP-NOTIFICATION-MIB [RFC3413] 1341 and the SNMP-VIEW-BASED-ACM-MIB [RFC3415]. 1343 The SNMP-TLS-TM-MIB module contained in this document is for managing 1344 TLS Transport Model information. 1346 6.5.1. MIB Modules Required for IMPORTS 1348 The SNMP-TLS-TM-MIB module imports items from SNMPv2-SMI [RFC2578], 1349 SNMPv2-TC [RFC2579], SNMP-FRAMEWORK-MIB [RFC3411], SNMP-TARGET-MIB 1350 [RFC3413] and SNMPv2-CONF [RFC2580]. 1352 7. MIB Module Definition 1354 SNMP-TLS-TM-MIB DEFINITIONS ::= BEGIN 1356 IMPORTS 1357 MODULE-IDENTITY, OBJECT-TYPE, 1358 OBJECT-IDENTITY, mib-2, snmpDomains, 1359 Counter32, Unsigned32, Gauge32, NOTIFICATION-TYPE 1360 FROM SNMPv2-SMI -- RFC2578 or any update thereof 1361 TEXTUAL-CONVENTION, TimeStamp, RowStatus, StorageType, 1362 AutonomousType 1363 FROM SNMPv2-TC -- RFC2579 or any update thereof 1364 MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP 1365 FROM SNMPv2-CONF -- RFC2580 or any update thereof 1366 SnmpAdminString 1367 FROM SNMP-FRAMEWORK-MIB -- RFC3411 or any update thereof 1368 snmpTargetParamsName, snmpTargetAddrName 1369 FROM SNMP-TARGET-MIB -- RFC3413 or any update thereof 1370 ; 1372 snmpTlstmMIB MODULE-IDENTITY 1373 LAST-UPDATED "201005070000Z" 1374 ORGANIZATION "ISMS Working Group" 1375 CONTACT-INFO "WG-EMail: isms@lists.ietf.org 1376 Subscribe: isms-request@lists.ietf.org 1378 Chairs: 1379 Juergen Schoenwaelder 1380 Jacobs University Bremen 1381 Campus Ring 1 1382 28725 Bremen 1383 Germany 1384 +49 421 200-3587 1385 j.schoenwaelder@jacobs-university.de 1387 Russ Mundy 1388 SPARTA, Inc. 1389 7110 Samuel Morse Drive 1390 Columbia, MD 21046 1391 USA 1393 Editor: 1394 Wes Hardaker 1395 Sparta, Inc. 1396 P.O. Box 382 1397 Davis, CA 95617 1398 USA 1399 ietf@hardakers.net 1400 " 1402 DESCRIPTION " 1403 The TLS Transport Model MIB 1405 Copyright (c) 2010 IETF Trust and the persons identified as 1406 the document authors. All rights reserved. 1408 Redistribution and use in source and binary forms, with or 1409 without modification, is permitted pursuant to, and subject 1410 to the license terms contained in, the Simplified BSD License 1411 set forth in Section 4.c of the IETF Trust's Legal Provisions 1412 Relating to IETF Documents 1413 (http://trustee.ietf.org/license-info)." 1415 REVISION "201005070000Z" 1416 DESCRIPTION "This version of this MIB module is part of 1417 RFC XXXX; see the RFC itself for full legal 1418 notices." 1420 -- NOTE to RFC editor: replace XXXX with actual RFC number 1421 -- for this document and change the date to the 1422 -- current date and remove this note 1424 ::= { mib-2 www } 1425 -- RFC Ed.: replace www with IANA-assigned number under the mib-2 1426 -- SNMP OID tree and remove this note 1428 -- ************************************************ 1429 -- subtrees of the SNMP-TLS-TM-MIB 1430 -- ************************************************ 1431 snmpTlstmNotifications OBJECT IDENTIFIER ::= { snmpTlstmMIB 0 } 1432 snmpTlstmIdentities OBJECT IDENTIFIER ::= { snmpTlstmMIB 1 } 1433 snmpTlstmObjects OBJECT IDENTIFIER ::= { snmpTlstmMIB 2 } 1434 snmpTlstmConformance OBJECT IDENTIFIER ::= { snmpTlstmMIB 3 } 1436 -- ************************************************ 1437 -- snmpTlstmObjects - Objects 1438 -- ************************************************ 1440 snmpTLSTCPDomain OBJECT-IDENTITY 1441 STATUS current 1442 DESCRIPTION 1443 "The SNMP over TLS transport domain. The corresponding 1444 transport address is of type SnmpTLSAddress. 1446 The securityName prefix to be associated with the 1447 snmpTLSTCPDomain is 'tls'. This prefix may be used by 1448 security models or other components to identify which secure 1449 transport infrastructure authenticated a securityName." 1450 REFERENCE 1451 "RFC 2579: Textual Conventions for SMIv2" 1453 ::= { snmpDomains xx } 1455 -- RFC Ed.: replace xx with IANA-assigned number and 1456 -- remove this note 1458 -- RFC Ed.: replace 'tls' with the actual IANA assigned prefix string 1459 -- if 'tls' is not assigned to this document. 1461 snmpDTLSUDPDomain OBJECT-IDENTITY 1462 STATUS current 1463 DESCRIPTION 1464 "The SNMP over DTLS/UDP transport domain. The corresponding 1465 transport address is of type SnmpTLSAddress. 1467 The securityName prefix to be associated with the 1468 snmpDTLSUDPDomain is 'dtls'. This prefix may be used by 1469 security models or other components to identify which secure 1470 transport infrastructure authenticated a securityName." 1471 REFERENCE 1472 "RFC 2579: Textual Conventions for SMIv2" 1474 ::= { snmpDomains yy } 1476 -- RFC Ed.: replace yy with IANA-assigned number and 1477 -- remove this note 1479 -- RFC Ed.: replace 'dtls' with the actual IANA assigned prefix string 1480 -- if 'dtls' is not assigned to this document. 1482 SnmpTLSAddress ::= TEXTUAL-CONVENTION 1483 DISPLAY-HINT "1a" 1484 STATUS current 1485 DESCRIPTION 1486 "Represents a IPv4 address, an IPv6 address or an US-ASCII 1487 encoded hostname and port number. 1489 An IPv4 address must be in dotted decimal format followed by a 1490 colon ':' (US-ASCII character 0x3A) and a decimal port number 1491 in US-ASCII. 1493 An IPv6 address must be a colon separated format (as described 1494 in I-D.ietf-6man-text-addr-representation), surrounded by 1495 square brackets ('[', US-ASCII character 0x5B, and ']', 1496 US-ASCII character 0x5D), followed by a colon ':' (US-ASCII 1497 character 0x3A) and a decimal port number in US-ASCII. 1499 A hostname is always in US-ASCII (as per RFC1033); 1500 internationalized hostnames are encoded in US-ASCII as domain 1501 names after transformation via the ToASCII operation specified 1502 in RFC 3490. The ToASCII operation MUST be performed with the 1503 UseSTD3ASCIIRules flag set. The hostname is followed by a 1504 colon ':' (US-ASCII character 0x3A) and a decimal port number 1505 in US-ASCII. The name SHOULD be fully qualified whenever 1506 possible. 1508 Values of this textual convention may not be directly usable 1509 as transport-layer addressing information, and may require 1510 run-time resolution. As such, applications that write them 1511 must be prepared for handling errors if such values are not 1512 supported, or cannot be resolved (if resolution occurs at the 1513 time of the management operation). 1515 The DESCRIPTION clause of TransportAddress objects that may 1516 have SnmpTLSAddress values must fully describe how (and 1517 when) such names are to be resolved to IP addresses and vice 1518 versa. 1520 This textual convention SHOULD NOT be used directly in object 1521 definitions since it restricts addresses to a specific 1522 format. However, if it is used, it MAY be used either on its 1523 own or in conjunction with TransportAddressType or 1524 TransportDomain as a pair. 1526 When this textual convention is used as a syntax of an index 1527 object, there may be issues with the limit of 128 1528 sub-identifiers specified in SMIv2 (STD 58). It is RECOMMENDED 1529 that all MIB documents using this textual convention make 1530 explicit any limitations on index component lengths that 1531 management software must observe. This may be done either by 1532 including SIZE constraints on the index components or by 1533 specifying applicable constraints in the conceptual row 1534 DESCRIPTION clause or in the surrounding documentation." 1535 REFERENCE 1536 "RFC 1033: DOMAIN ADMINISTRATORS OPERATIONS GUIDE 1537 RFC 3490: Internationalizing Domain Names in Applications 1538 I-D.ietf-6man-text-addr-representation: 1539 A Recommendation for IPv6 Address Text Representation 1540 " 1541 SYNTAX OCTET STRING (SIZE (1..255)) 1543 -- RFC Editor: if I-D.ietf-6man-text-addr-representation fails to get 1544 -- published then replace the reference to 1545 -- I-D.ietf-6man-text-addr-representation with a reference to 1546 -- "RFC3513: Internet Protocol Version 6 (IPv6) Addressing Architecture" 1547 -- instead. 1549 SnmpTLSFingerprint ::= TEXTUAL-CONVENTION 1550 DISPLAY-HINT "1x:254x" 1551 STATUS current 1552 DESCRIPTION 1553 "A fingerprint value that can be used to uniquely reference 1554 other data of potentially arbitrary length. 1556 A SnmpTLSFingerprint value is composed of a 1-octet hashing 1557 algorithm identifier followed by the fingerprint value. The 1558 octet value encoded is taken from the IANA TLS HashAlgorithm 1559 Registry (RFC5246). The remaining octets are filled using the 1560 results of the hashing algorithm. 1562 This TEXTUAL-CONVENTION allows for a zero-length (blank) 1563 SnmpTLSFingerprint value for use in tables where the 1564 fingerprint value may be optional. MIB definitions or 1565 implementations may refuse to accept a zero-length value as 1566 appropriate." 1567 REFERENCE "RFC 5246: The Transport Layer 1568 Security (TLS) Protocol Version 1.2 1569 http://www.iana.org/assignments/tls-parameters/ 1570 " 1571 SYNTAX OCTET STRING (SIZE (0..255)) 1573 -- Identities for use in the snmpTlstmCertToTSNTable 1574 snmpTlstmCertToTSNMIdentities OBJECT IDENTIFIER 1575 ::= { snmpTlstmIdentities 1 } 1577 snmpTlstmCertSpecified OBJECT-IDENTITY 1578 STATUS current 1579 DESCRIPTION "Directly specifies the tmSecurityName to be used for 1580 this certificate. The value of the tmSecurityName 1581 to use is specified in the snmpTlstmCertToTSNData 1582 column. The snmpTlstmCertToTSNData column must 1583 contain a non-zero length SnmpAdminString compliant 1584 value or the mapping described in this row must be 1585 considered a failure." 1586 ::= { snmpTlstmCertToTSNMIdentities 1 } 1588 snmpTlstmCertSANRFC822Name OBJECT-IDENTITY 1589 STATUS current 1590 DESCRIPTION "Maps a subjectAltName's rfc822Name to a 1591 tmSecurityName. The local part of the rfc822Name is 1592 passed unaltered but the host-part of the name must 1593 be passed in lower case. This mapping results in a 1594 1:1 correspondence between equivalent subjectAltName 1595 rfc822Name values and tmSecurityName values except 1596 that the host-part of the name MUST be passed in 1597 lower case. 1599 Example rfc822Name Field: FooBar@Example.COM 1600 is mapped to tmSecurityName: FooBar@example.com" 1601 ::= { snmpTlstmCertToTSNMIdentities 2 } 1603 snmpTlstmCertSANDNSName OBJECT-IDENTITY 1604 STATUS current 1605 DESCRIPTION "Maps a subjectAltName's dNSName to a 1606 tmSecurityName after first converting it to all 1607 lower case (RFC5280 does not specify converting to 1608 lower case so this involves an extra step). This 1609 mapping results in a 1:1 correspondence between 1610 subjectAltName dNSName values and the tmSecurityName 1611 values." 1612 REFERENCE "RFC5280 - Internet X.509 Public Key Infrastructure 1613 Certificate and Certificate Revocation 1614 List (CRL) Profile" 1615 ::= { snmpTlstmCertToTSNMIdentities 3 } 1617 snmpTlstmCertSANIpAddress OBJECT-IDENTITY 1618 STATUS current 1619 DESCRIPTION "Maps a subjectAltName's iPAddress to a 1620 tmSecurityName by transforming the binary encoded 1621 address as follows: 1623 1) for IPv4 the value is converted into a decimal 1624 dotted quad address (e.g. '192.0.2.1') 1626 2) for IPv6 addresses the value is converted into a 1627 32-character all lowercase hexadecimal string 1628 without any colon separators. 1630 This mapping results in a 1:1 correspondence between 1631 subjectAltName iPAddress values and the 1632 tmSecurityName values. 1634 The resulting length is the maximum length supported 1635 by the View-Based Access Control Model (VACM). 1636 Using both the Transport Security Model's support 1637 for transport prefixes (see the SNMP-TSM-MIB's 1638 snmpTsmConfigurationUsePrefix object for details) 1639 will result in securityName lengths that exceed what 1640 VACM can handle." 1641 ::= { snmpTlstmCertToTSNMIdentities 4 } 1643 snmpTlstmCertSANAny OBJECT-IDENTITY 1644 STATUS current 1645 DESCRIPTION "Maps any of the following fields using the 1646 corresponding mapping algorithms: 1648 |------------+----------------------------| 1649 | Type | Algorithm | 1650 |------------+----------------------------| 1651 | rfc822Name | snmpTlstmCertSANRFC822Name | 1652 | dNSName | snmpTlstmCertSANDNSName | 1653 | iPAddress | snmpTlstmCertSANIpAddress | 1654 |------------+----------------------------| 1656 The first matching subjectAltName value found in the 1657 certificate of the above types MUST be used when 1658 deriving the tmSecurityName. The mapping algorithm 1659 specified in the 'Algorithm' column MUST be used to 1660 derive the tmSecurityName. 1662 This mapping results in a 1:1 correspondence between 1663 subjectAltName values and tmSecurityName values. The 1664 three sub-mapping algorithms produced by this 1665 combined algorithm cannot produce conflicting 1666 results between themselves." 1667 ::= { snmpTlstmCertToTSNMIdentities 5 } 1669 snmpTlstmCertCommonName OBJECT-IDENTITY 1670 STATUS current 1671 DESCRIPTION "Maps a certificate's CommonName to a tmSecurityName 1672 after converting it to a UTF-8 encoding. The usage 1673 of CommonNames is deprecated and users are 1674 encouraged to use subjectAltName mapping methods 1675 instead. This mapping results in a 1:1 1676 correspondence between certificate CommonName values 1677 and tmSecurityName values." 1678 ::= { snmpTlstmCertToTSNMIdentities 6 } 1680 -- The snmpTlstmSession Group 1682 snmpTlstmSession OBJECT IDENTIFIER ::= { snmpTlstmObjects 1 } 1684 snmpTlstmSessionOpens OBJECT-TYPE 1685 SYNTAX Counter32 1686 MAX-ACCESS read-only 1687 STATUS current 1688 DESCRIPTION 1689 "The number of times an openSession() request has been executed 1690 as an (D)TLS client, regardless of whether it succeeded or 1691 failed." 1692 ::= { snmpTlstmSession 1 } 1694 snmpTlstmSessionClientCloses OBJECT-TYPE 1695 SYNTAX Counter32 1696 MAX-ACCESS read-only 1697 STATUS current 1698 DESCRIPTION 1699 "The number of times a closeSession() request has been 1700 executed as an (D)TLS client, regardless of whether it 1701 succeeded or failed." 1702 ::= { snmpTlstmSession 2 } 1704 snmpTlstmSessionOpenErrors OBJECT-TYPE 1705 SYNTAX Counter32 1706 MAX-ACCESS read-only 1707 STATUS current 1708 DESCRIPTION 1709 "The number of times an openSession() request failed to open a 1710 session as a (D)TLS client, for any reason." 1711 ::= { snmpTlstmSession 3 } 1713 snmpTlstmSessionAccepts OBJECT-TYPE 1714 SYNTAX Counter32 1715 MAX-ACCESS read-only 1716 STATUS current 1717 DESCRIPTION 1718 "The number of times a (D)TLS server has accepted a new 1719 connection from a client and has received at least one SNMP 1720 message through it." 1721 ::= { snmpTlstmSession 4 } 1723 snmpTlstmSessionServerCloses OBJECT-TYPE 1724 SYNTAX Counter32 1725 MAX-ACCESS read-only 1726 STATUS current 1727 DESCRIPTION 1728 "The number of times a closeSession() request has been 1729 executed as an (D)TLS server, regardless of whether it 1730 succeeded or failed." 1731 ::= { snmpTlstmSession 5 } 1733 snmpTlstmSessionNoSessions OBJECT-TYPE 1734 SYNTAX Counter32 1735 MAX-ACCESS read-only 1736 STATUS current 1737 DESCRIPTION 1738 "The number of times an outgoing message was dropped because 1739 the session associated with the passed tmStateReference was no 1740 longer (or was never) available." 1741 ::= { snmpTlstmSession 6 } 1743 snmpTlstmSessionInvalidClientCertificates OBJECT-TYPE 1744 SYNTAX Counter32 1745 MAX-ACCESS read-only 1746 STATUS current 1747 DESCRIPTION 1748 "The number of times an incoming session was not established 1749 on an (D)TLS server because the presented client certificate 1750 was invalid. Reasons for invalidation include, but are not 1751 limited to, cryptographic validation failures or lack of a 1752 suitable mapping row in the snmpTlstmCertToTSNTable." 1753 ::= { snmpTlstmSession 7 } 1755 snmpTlstmSessionUnknownServerCertificate OBJECT-TYPE 1756 SYNTAX Counter32 1757 MAX-ACCESS read-only 1758 STATUS current 1759 DESCRIPTION 1760 "The number of times an outgoing session was not established 1761 on an (D)TLS client because the server certificate presented 1762 by a SNMP over (D)TLS server was invalid because no 1763 configured fingerprint or CA was acceptable to validate it. 1764 This may result because there was no entry in the 1765 snmpTlstmAddrTable or because no path could be found to a 1766 known certification authority." 1768 ::= { snmpTlstmSession 8 } 1770 snmpTlstmSessionInvalidServerCertificates OBJECT-TYPE 1771 SYNTAX Counter32 1772 MAX-ACCESS read-only 1773 STATUS current 1774 DESCRIPTION 1775 "The number of times an outgoing session was not established 1776 on an (D)TLS client because the server certificate presented 1777 by an SNMP over (D)TLS server could not be validated even if 1778 the fingerprint or expected validation path was known. I.E., 1779 a cryptographic validation error occurred during certificate 1780 validation processing. 1782 Reasons for invalidation include, but are not 1783 limited to, cryptographic validation failures." 1784 ::= { snmpTlstmSession 9 } 1786 snmpTlstmSessionInvalidCaches OBJECT-TYPE 1787 SYNTAX Counter32 1788 MAX-ACCESS read-only 1789 STATUS current 1790 DESCRIPTION 1791 "The number of outgoing messages dropped because the 1792 tmStateReference referred to an invalid cache." 1793 ::= { snmpTlstmSession 10 } 1795 -- Configuration Objects 1797 snmpTlstmConfig OBJECT IDENTIFIER ::= { snmpTlstmObjects 2 } 1799 -- Certificate mapping 1801 snmpTlstmCertificateMapping OBJECT IDENTIFIER ::= { snmpTlstmConfig 1 } 1803 snmpTlstmCertToTSNCount OBJECT-TYPE 1804 SYNTAX Gauge32 1805 MAX-ACCESS read-only 1806 STATUS current 1807 DESCRIPTION 1808 "A count of the number of entries in the 1809 snmpTlstmCertToTSNTable" 1810 ::= { snmpTlstmCertificateMapping 1 } 1812 snmpTlstmCertToTSNTableLastChanged OBJECT-TYPE 1813 SYNTAX TimeStamp 1814 MAX-ACCESS read-only 1815 STATUS current 1816 DESCRIPTION 1817 "The value of sysUpTime.0 when the snmpTlstmCertToTSNTable was 1818 last modified through any means, or 0 if it has not been 1819 modified since the command responder was started." 1820 ::= { snmpTlstmCertificateMapping 2 } 1822 snmpTlstmCertToTSNTable OBJECT-TYPE 1823 SYNTAX SEQUENCE OF SnmpTlstmCertToTSNEntry 1824 MAX-ACCESS not-accessible 1825 STATUS current 1826 DESCRIPTION 1827 "This table is used by a (D)TLS server to map the (D)TLS 1828 client's presented X.509 certificate to a tmSecurityName. 1830 On an incoming (D)TLS/SNMP connection the client's presented 1831 certificate must either be validated based on an established 1832 trust anchor, or it must directly match a fingerprint in this 1833 table. This table does not provide any mechanisms for 1834 configuring the trust anchors; the transfer of any needed 1835 trusted certificates for path validation is expected to occur 1836 through an out-of-band transfer. 1838 Once the certificate has been found acceptable (either by path 1839 validation or directly matching a fingerprint in this table), 1840 this table is consulted to determine the appropriate 1841 tmSecurityName to identify with the remote connection. This 1842 is done by considering each active row from this table in 1843 prioritized order according to its snmpTlstmCertToTSNID value. 1844 Each row's snmpTlstmCertToTSNFingerprint value determines 1845 whether the row is a match for the incoming connection: 1847 1) If the row's snmpTlstmCertToTSNFingerprint value 1848 identifies the presented certificate then consider the 1849 row as a successful match. 1851 2) If the row's snmpTlstmCertToTSNFingerprint value 1852 identifies a locally held copy of a trusted CA 1853 certificate and that CA certificate was used to 1854 validate the path to the presented certificate then 1855 consider the row as a successful match. 1857 Once a matching row has been found, the 1858 snmpTlstmCertToTSNMapType value can be used to determine how 1859 the tmSecurityName to associate with the session should be 1860 determined. See the snmpTlstmCertToTSNMapType column's 1861 DESCRIPTION for details on determining the tmSecurityName 1862 value. If it is impossible to determine a tmSecurityName from 1863 the row's data combined with the data presented in the 1864 certificate then additional rows MUST be searched looking for 1865 another potential match. If a resulting tmSecurityName mapped 1866 from a given row is not compatible with the needed 1867 requirements of a tmSecurityName (e.g., VACM imposes a 1868 32-octet-maximum length and the certificate derived 1869 securityName could be longer) then it must be considered an 1870 invalid match and additional rows MUST be searched looking for 1871 another potential match. 1873 If no matching and valid row can be found, the connection MUST 1874 be closed and SNMP messages MUST NOT be accepted over it. 1876 Missing values of snmpTlstmCertToTSNID are acceptable and 1877 implementations should continue to the next highest numbered 1878 row. It is recommended that administrators skip index values 1879 to leave room for the insertion of future rows (E.G., use values 1880 of 10 and 20 when creating initial rows). 1882 Users are encouraged to make use of certificates with 1883 subjectAltName fields that can be used as tmSecurityNames so 1884 that a single root CA certificate can allow all child 1885 certificate's subjectAltName to map directly to a 1886 tmSecurityName via a 1:1 transformation. However, this table 1887 is flexible to allow for situations where existing deployed 1888 certificate infrastructures do not provide adequate 1889 subjectAltName values for use as tmSecurityNames. 1890 Certificates may also be mapped to tmSecurityNames using the 1891 CommonName portion of the Subject field. However, the usage 1892 of the CommonName field is deprecated and thus this usage is 1893 NOT RECOMMENDED. Direct mapping from each individual 1894 certificate fingerprint to a tmSecurityName is also possible 1895 but requires one entry in the table per tmSecurityName and 1896 requires more management operations to completely configure a 1897 device." 1898 ::= { snmpTlstmCertificateMapping 3 } 1900 snmpTlstmCertToTSNEntry OBJECT-TYPE 1901 SYNTAX SnmpTlstmCertToTSNEntry 1902 MAX-ACCESS not-accessible 1903 STATUS current 1904 DESCRIPTION 1905 "A row in the snmpTlstmCertToTSNTable that specifies a mapping 1906 for an incoming (D)TLS certificate to a tmSecurityName to use 1907 for a connection." 1908 INDEX { snmpTlstmCertToTSNID } 1909 ::= { snmpTlstmCertToTSNTable 1 } 1911 SnmpTlstmCertToTSNEntry ::= SEQUENCE { 1912 snmpTlstmCertToTSNID Unsigned32, 1913 snmpTlstmCertToTSNFingerprint SnmpTLSFingerprint, 1914 snmpTlstmCertToTSNMapType AutonomousType, 1915 snmpTlstmCertToTSNData OCTET STRING, 1916 snmpTlstmCertToTSNStorageType StorageType, 1917 snmpTlstmCertToTSNRowStatus RowStatus 1918 } 1920 snmpTlstmCertToTSNID OBJECT-TYPE 1921 SYNTAX Unsigned32 (1..4294967295) 1922 MAX-ACCESS not-accessible 1923 STATUS current 1924 DESCRIPTION 1925 "A unique, prioritized index for the given entry. Lower 1926 numbers indicate a higher priority." 1927 ::= { snmpTlstmCertToTSNEntry 1 } 1929 snmpTlstmCertToTSNFingerprint OBJECT-TYPE 1930 SYNTAX SnmpTLSFingerprint (SIZE(1..255)) 1931 MAX-ACCESS read-create 1932 STATUS current 1933 DESCRIPTION 1934 "A cryptographic hash of a X.509 certificate. The results of 1935 a successful matching fingerprint to either the trusted CA in 1936 the certificate validation path or to the certificate itself 1937 is dictated by the snmpTlstmCertToTSNMapType column." 1938 ::= { snmpTlstmCertToTSNEntry 2 } 1940 snmpTlstmCertToTSNMapType OBJECT-TYPE 1941 SYNTAX AutonomousType 1942 MAX-ACCESS read-create 1943 STATUS current 1944 DESCRIPTION 1945 "Specifies the mapping type for deriving a tmSecurityName from 1946 a certificate. Details for mapping of a particular type SHALL 1947 be specified in the DESCRIPTION clause of the OBJECT-IDENTITY 1948 that describes the mapping. If a mapping succeeds it will 1949 return a tmSecurityName for use by the TLSTM model and 1950 processing stops. 1952 If the resulting mapped value is not compatible with the 1953 needed requirements of a tmSecurityName (e.g., VACM imposes a 1954 32-octet-maximum length and the certificate derived 1955 securityName could be longer) then future rows MUST be 1956 searched for additional snmpTlstmCertToTSNFingerprint matches 1957 to look for a mapping that succeeds. 1959 Suitable values for assigning to this object that are defined 1960 within the SNMP-TLS-TM-MIB can be found in the 1961 snmpTlstmCertToTSNMIdentities portion of the MIB tree." 1962 DEFVAL { snmpTlstmCertSpecified } 1963 ::= { snmpTlstmCertToTSNEntry 3 } 1965 snmpTlstmCertToTSNData OBJECT-TYPE 1966 SYNTAX OCTET STRING (SIZE(0..1024)) 1967 MAX-ACCESS read-create 1968 STATUS current 1969 DESCRIPTION 1970 "Auxiliary data used as optional configuration information for 1971 a given mapping specified by the snmpTlstmCertToTSNMapType 1972 column. Only some mapping systems will make use of this 1973 column. The value in this column MUST be ignored for any 1974 mapping type that does not require data present in this 1975 column." 1976 DEFVAL { "" } 1977 ::= { snmpTlstmCertToTSNEntry 4 } 1979 snmpTlstmCertToTSNStorageType OBJECT-TYPE 1980 SYNTAX StorageType 1981 MAX-ACCESS read-create 1982 STATUS current 1983 DESCRIPTION 1984 "The storage type for this conceptual row. Conceptual rows 1985 having the value 'permanent' need not allow write-access to 1986 any columnar objects in the row." 1987 DEFVAL { nonVolatile } 1988 ::= { snmpTlstmCertToTSNEntry 5 } 1990 snmpTlstmCertToTSNRowStatus OBJECT-TYPE 1991 SYNTAX RowStatus 1992 MAX-ACCESS read-create 1993 STATUS current 1994 DESCRIPTION 1995 "The status of this conceptual row. This object may be used 1996 to create or remove rows from this table. 1998 To create a row in this table, an administrator must set this 1999 object to either createAndGo(4) or createAndWait(5). 2001 Until instances of all corresponding columns are appropriately 2002 configured, the value of the corresponding instance of the 2003 snmpTlstmParamsRowStatus column is notReady(3). 2005 In particular, a newly created row cannot be made active until 2006 the corresponding snmpTlstmCertToTSNFingerprint, 2007 snmpTlstmCertToTSNMapType, and snmpTlstmCertToTSNData columns 2008 have been set. 2010 The following objects may not be modified while the 2011 value of this object is active(1): 2012 - snmpTlstmCertToTSNFingerprint 2013 - snmpTlstmCertToTSNMapType 2014 - snmpTlstmCertToTSNData 2015 An attempt to set these objects while the value of 2016 snmpTlstmParamsRowStatus is active(1) will result in 2017 an inconsistentValue error." 2018 ::= { snmpTlstmCertToTSNEntry 6 } 2020 -- Maps tmSecurityNames to certificates for use by the SNMP-TARGET-MIB 2022 snmpTlstmParamsCount OBJECT-TYPE 2023 SYNTAX Gauge32 2024 MAX-ACCESS read-only 2025 STATUS current 2026 DESCRIPTION 2027 "A count of the number of entries in the snmpTlstmParamsTable" 2028 ::= { snmpTlstmCertificateMapping 4 } 2030 snmpTlstmParamsTableLastChanged OBJECT-TYPE 2031 SYNTAX TimeStamp 2032 MAX-ACCESS read-only 2033 STATUS current 2034 DESCRIPTION 2035 "The value of sysUpTime.0 when the snmpTlstmParamsTable 2036 was last modified through any means, or 0 if it has not been 2037 modified since the command responder was started." 2038 ::= { snmpTlstmCertificateMapping 5 } 2040 snmpTlstmParamsTable OBJECT-TYPE 2041 SYNTAX SEQUENCE OF SnmpTlstmParamsEntry 2042 MAX-ACCESS not-accessible 2043 STATUS current 2044 DESCRIPTION 2045 "This table is used by a (D)TLS client when a (D)TLS 2046 connection is being set up using an entry in the 2047 SNMP-TARGET-MIB. It extends the SNMP-TARGET-MIB's 2048 snmpTargetParamsTable with a fingerprint of a certificate to 2049 use when establishing such a (D)TLS connection." 2050 ::= { snmpTlstmCertificateMapping 6 } 2052 snmpTlstmParamsEntry OBJECT-TYPE 2053 SYNTAX SnmpTlstmParamsEntry 2054 MAX-ACCESS not-accessible 2055 STATUS current 2056 DESCRIPTION 2057 "A conceptual row containing a fingerprint hash of a locally 2058 held certificate for a given snmpTargetParamsEntry. The 2059 values in this row should be ignored if the connection that 2060 needs to be established, as indicated by the SNMP-TARGET-MIB 2061 infrastructure, is not a certificate and (D)TLS based 2062 connection. The connection SHOULD NOT be established if the 2063 certificate fingerprint stored in this entry does not point to 2064 a valid locally held certificate or if it points to an 2065 unusable certificate (such as might happen when the 2066 certificate's expiration date has been reached)." 2067 INDEX { IMPLIED snmpTargetParamsName } 2068 ::= { snmpTlstmParamsTable 1 } 2070 SnmpTlstmParamsEntry ::= SEQUENCE { 2071 snmpTlstmParamsClientFingerprint SnmpTLSFingerprint, 2072 snmpTlstmParamsStorageType StorageType, 2073 snmpTlstmParamsRowStatus RowStatus 2074 } 2076 snmpTlstmParamsClientFingerprint OBJECT-TYPE 2077 SYNTAX SnmpTLSFingerprint 2078 MAX-ACCESS read-create 2079 STATUS current 2080 DESCRIPTION 2081 "This object stores the hash of the public portion of a 2082 locally held X.509 certificate. The X.509 certificate, its 2083 public key, and the corresponding private key will be used 2084 when initiating a (D)TLS connection as a (D)TLS client." 2085 ::= { snmpTlstmParamsEntry 1 } 2087 snmpTlstmParamsStorageType OBJECT-TYPE 2088 SYNTAX StorageType 2089 MAX-ACCESS read-create 2090 STATUS current 2091 DESCRIPTION 2092 "The storage type for this conceptual row. Conceptual rows 2093 having the value 'permanent' need not allow write-access to 2094 any columnar objects in the row." 2095 DEFVAL { nonVolatile } 2096 ::= { snmpTlstmParamsEntry 2 } 2098 snmpTlstmParamsRowStatus OBJECT-TYPE 2099 SYNTAX RowStatus 2100 MAX-ACCESS read-create 2101 STATUS current 2102 DESCRIPTION 2103 "The status of this conceptual row. This object may be used 2104 to create or remove rows from this table. 2106 To create a row in this table, an administrator must set this 2107 object to either createAndGo(4) or createAndWait(5). 2109 Until instances of all corresponding columns are appropriately 2110 configured, the value of the corresponding instance of the 2111 snmpTlstmParamsRowStatus column is notReady(3). 2113 In particular, a newly created row cannot be made active until 2114 the corresponding snmpTlstmParamsClientFingerprint column has 2115 been set. 2117 The snmpTlstmParamsClientFingerprint object may not be modified 2118 while the value of this object is active(1). 2120 An attempt to set these objects while the value of 2121 snmpTlstmParamsRowStatus is active(1) will result in 2122 an inconsistentValue error." 2123 ::= { snmpTlstmParamsEntry 3 } 2125 snmpTlstmAddrCount OBJECT-TYPE 2126 SYNTAX Gauge32 2127 MAX-ACCESS read-only 2128 STATUS current 2129 DESCRIPTION 2130 "A count of the number of entries in the snmpTlstmAddrTable" 2131 ::= { snmpTlstmCertificateMapping 7 } 2133 snmpTlstmAddrTableLastChanged OBJECT-TYPE 2134 SYNTAX TimeStamp 2135 MAX-ACCESS read-only 2136 STATUS current 2137 DESCRIPTION 2138 "The value of sysUpTime.0 when the snmpTlstmAddrTable 2139 was last modified through any means, or 0 if it has not been 2140 modified since the command responder was started." 2141 ::= { snmpTlstmCertificateMapping 8 } 2143 snmpTlstmAddrTable OBJECT-TYPE 2144 SYNTAX SEQUENCE OF SnmpTlstmAddrEntry 2145 MAX-ACCESS not-accessible 2146 STATUS current 2147 DESCRIPTION 2148 "This table is used by a (D)TLS client when a (D)TLS 2149 connection is being set up using an entry in the 2150 SNMP-TARGET-MIB. It extends the SNMP-TARGET-MIB's 2151 snmpTargetAddrTable so that the client can verify that the 2152 correct server has been reached. This verification can use 2153 either a certificate fingerprint, or an identity 2154 authenticated via certification path validation. 2156 If there is an active row in this table corresponding to the 2157 entry in the SNMP-TARGET-MIB that was used to establish the 2158 connection, and the row's snmpTlstmAddrServerFingerprint 2159 column has non-empty value, then the server's presented 2160 certificate is compared with the 2161 snmpTlstmAddrServerFingerprint value (and the 2162 snmpTlstmAddrServerIdentity column is ignored). If the 2163 fingerprint matches, the verification has succeeded. If the 2164 fingerprint does not match then the connection MUST be 2165 closed. 2167 If the server's presented certificate has passed 2168 certification path validation [RFC5280] to a configured 2169 trust anchor, and an active row exists with a zero-length 2170 snmpTlstmAddrServerFingerprint value, then the 2171 snmpTlstmAddrServerIdentity column contains the expected 2172 host name. This expected host name is then compared against 2173 the server's certificate as follows: 2175 - Implementations MUST support matching the expected host 2176 name against a dNSName in the subjectAltName extension 2177 field and MAY support checking the name against the 2178 CommonName portion of the subject distinguished name. 2180 - The '*' (ASCII 0x2a) wildcard character is allowed in the 2181 dNSName of the subjectAltName extension (and in common 2182 name, if used to store the host name), but only as the 2183 left-most (least significant) DNS label in that value. 2184 This wildcard matches any left-most DNS label in the 2185 server name. That is, the subject *.example.com matches 2186 the server names a.example.com and b.example.com, but does 2187 not match example.com or a.b.example.com. Implementations 2188 MUST support wildcards in certificates as specified above, 2189 but MAY provide a configuration option to disable them. 2191 - If the locally configured name is an internationalized 2192 domain name, conforming implementations MUST convert it to 2193 the ASCII Compatible Encoding (ACE) format for performing 2194 comparisons, as specified in Section 7 of [RFC5280]. 2196 If the expected host name fails these conditions then the 2197 connection MUST be closed. 2199 If there is no row in this table corresponding to the entry 2200 in the SNMP-TARGET-MIB and the server can be authorized by 2201 another, implementation dependent means, then the connection 2202 MAY still proceed." 2204 ::= { snmpTlstmCertificateMapping 9 } 2206 snmpTlstmAddrEntry OBJECT-TYPE 2207 SYNTAX SnmpTlstmAddrEntry 2208 MAX-ACCESS not-accessible 2209 STATUS current 2210 DESCRIPTION 2211 "A conceptual row containing a copy of a certificate's 2212 fingerprint for a given snmpTargetAddrEntry. The values in 2213 this row should be ignored if the connection that needs to be 2214 established, as indicated by the SNMP-TARGET-MIB 2215 infrastructure, is not a (D)TLS based connection. If an 2216 snmpTlstmAddrEntry exists for a given snmpTargetAddrEntry then 2217 the presented server certificate MUST match or the connection 2218 MUST NOT be established. If a row in this table does not 2219 exist to match a snmpTargetAddrEntry row then the connection 2220 SHOULD still proceed if some other certificate validation path 2221 algorithm (e.g. RFC5280) can be used." 2222 INDEX { IMPLIED snmpTargetAddrName } 2223 ::= { snmpTlstmAddrTable 1 } 2225 SnmpTlstmAddrEntry ::= SEQUENCE { 2226 snmpTlstmAddrServerFingerprint SnmpTLSFingerprint, 2227 snmpTlstmAddrServerIdentity SnmpAdminString, 2228 snmpTlstmAddrStorageType StorageType, 2229 snmpTlstmAddrRowStatus RowStatus 2230 } 2232 snmpTlstmAddrServerFingerprint OBJECT-TYPE 2233 SYNTAX SnmpTLSFingerprint 2234 MAX-ACCESS read-create 2235 STATUS current 2236 DESCRIPTION 2237 "A cryptographic hash of a public X.509 certificate. This 2238 object should store the hash of the public X.509 certificate 2239 that the remote server should present during the (D)TLS 2240 connection setup. The fingerprint of the presented 2241 certificate and this hash value MUST match exactly or the 2242 connection MUST NOT be established." 2243 DEFVAL { "" } 2244 ::= { snmpTlstmAddrEntry 1 } 2246 snmpTlstmAddrServerIdentity OBJECT-TYPE 2247 SYNTAX SnmpAdminString 2248 MAX-ACCESS read-create 2249 STATUS current 2250 DESCRIPTION 2251 "The reference identity to check against the identity 2252 presented by the remote system." 2253 DEFVAL { "" } 2254 ::= { snmpTlstmAddrEntry 2 } 2256 snmpTlstmAddrStorageType OBJECT-TYPE 2257 SYNTAX StorageType 2258 MAX-ACCESS read-create 2259 STATUS current 2260 DESCRIPTION 2261 "The storage type for this conceptual row. Conceptual rows 2262 having the value 'permanent' need not allow write-access to 2263 any columnar objects in the row." 2264 DEFVAL { nonVolatile } 2265 ::= { snmpTlstmAddrEntry 3 } 2267 snmpTlstmAddrRowStatus OBJECT-TYPE 2268 SYNTAX RowStatus 2269 MAX-ACCESS read-create 2270 STATUS current 2271 DESCRIPTION 2272 "The status of this conceptual row. This object may be used 2273 to create or remove rows from this table. 2275 To create a row in this table, an administrator must set this 2276 object to either createAndGo(4) or createAndWait(5). 2278 Until instances of all corresponding columns are 2279 appropriately configured, the value of the 2280 corresponding instance of the snmpTlstmAddrRowStatus 2281 column is notReady(3). 2283 In particular, a newly created row cannot be made active until 2284 the corresponding snmpTlstmAddrServerFingerprint column has been 2285 set. 2287 Rows MUST NOT be active if the snmpTlstmAddrServerFingerprint 2288 column is blank and the snmpTlstmAddrServerIdentity is set to 2289 '*' since this would insecurely accept any presented 2290 certificate. 2292 The snmpTlstmAddrServerFingerprint object may not be modified 2293 while the value of this object is active(1). 2295 An attempt to set these objects while the value of 2296 snmpTlstmAddrRowStatus is active(1) will result in 2297 an inconsistentValue error." 2298 ::= { snmpTlstmAddrEntry 4 } 2300 -- ************************************************ 2301 -- snmpTlstmNotifications - Notifications Information 2302 -- ************************************************ 2304 snmpTlstmServerCertificateUnknown NOTIFICATION-TYPE 2305 OBJECTS { snmpTlstmSessionUnknownServerCertificate } 2306 STATUS current 2307 DESCRIPTION 2308 "Notification that the server certificate presented by a SNMP 2309 over (D)TLS server was invalid because no configured 2310 fingerprint or CA was acceptable to validate it. This may be 2311 because there was no entry in the snmpTlstmAddrTable or 2312 because no path could be found to known certificate 2313 authority. 2315 To avoid notification loops, this notification MUST NOT be 2316 sent to servers that themselves have triggered the 2317 notification." 2318 ::= { snmpTlstmNotifications 1 } 2320 snmpTlstmServerInvalidCertificate NOTIFICATION-TYPE 2321 OBJECTS { snmpTlstmAddrServerFingerprint, 2322 snmpTlstmSessionInvalidServerCertificates} 2323 STATUS current 2324 DESCRIPTION 2325 "Notification that the server certificate presented by an SNMP 2326 over (D)TLS server could not be validated even if the 2327 fingerprint or expected validation path was known. I.E., a 2328 cryptographic validation error occurred during certificate 2329 validation processing. 2331 To avoid notification loops, this notification MUST NOT be 2332 sent to servers that themselves have triggered the 2333 notification." 2334 ::= { snmpTlstmNotifications 2 } 2336 -- ************************************************ 2337 -- snmpTlstmCompliances - Conformance Information 2338 -- ************************************************ 2340 snmpTlstmCompliances OBJECT IDENTIFIER ::= { snmpTlstmConformance 1 } 2341 snmpTlstmGroups OBJECT IDENTIFIER ::= { snmpTlstmConformance 2 } 2343 -- ************************************************ 2344 -- Compliance statements 2345 -- ************************************************ 2347 snmpTlstmCompliance MODULE-COMPLIANCE 2348 STATUS current 2349 DESCRIPTION 2350 "The compliance statement for SNMP engines that support the 2351 SNMP-TLS-TM-MIB" 2352 MODULE 2353 MANDATORY-GROUPS { snmpTlstmStatsGroup, 2354 snmpTlstmIncomingGroup, 2355 snmpTlstmOutgoingGroup, 2356 snmpTlstmNotificationGroup } 2357 ::= { snmpTlstmCompliances 1 } 2359 -- ************************************************ 2360 -- Units of conformance 2361 -- ************************************************ 2362 snmpTlstmStatsGroup OBJECT-GROUP 2363 OBJECTS { 2364 snmpTlstmSessionOpens, 2365 snmpTlstmSessionClientCloses, 2366 snmpTlstmSessionOpenErrors, 2367 snmpTlstmSessionAccepts, 2368 snmpTlstmSessionServerCloses, 2369 snmpTlstmSessionNoSessions, 2370 snmpTlstmSessionInvalidClientCertificates, 2371 snmpTlstmSessionUnknownServerCertificate, 2372 snmpTlstmSessionInvalidServerCertificates, 2373 snmpTlstmSessionInvalidCaches 2374 } 2375 STATUS current 2376 DESCRIPTION 2377 "A collection of objects for maintaining 2378 statistical information of an SNMP engine which 2379 implements the SNMP TLS Transport Model." 2380 ::= { snmpTlstmGroups 1 } 2382 snmpTlstmIncomingGroup OBJECT-GROUP 2383 OBJECTS { 2384 snmpTlstmCertToTSNCount, 2385 snmpTlstmCertToTSNTableLastChanged, 2386 snmpTlstmCertToTSNFingerprint, 2387 snmpTlstmCertToTSNMapType, 2388 snmpTlstmCertToTSNData, 2389 snmpTlstmCertToTSNStorageType, 2390 snmpTlstmCertToTSNRowStatus 2391 } 2392 STATUS current 2393 DESCRIPTION 2394 "A collection of objects for maintaining 2395 incoming connection certificate mappings to 2396 tmSecurityNames of an SNMP engine which implements the 2397 SNMP TLS Transport Model." 2398 ::= { snmpTlstmGroups 2 } 2400 snmpTlstmOutgoingGroup OBJECT-GROUP 2401 OBJECTS { 2402 snmpTlstmParamsCount, 2403 snmpTlstmParamsTableLastChanged, 2404 snmpTlstmParamsClientFingerprint, 2405 snmpTlstmParamsStorageType, 2406 snmpTlstmParamsRowStatus, 2407 snmpTlstmAddrCount, 2408 snmpTlstmAddrTableLastChanged, 2409 snmpTlstmAddrServerFingerprint, 2410 snmpTlstmAddrServerIdentity, 2411 snmpTlstmAddrStorageType, 2412 snmpTlstmAddrRowStatus 2413 } 2414 STATUS current 2415 DESCRIPTION 2416 "A collection of objects for maintaining 2417 outgoing connection certificates to use when opening 2418 connections as a result of SNMP-TARGET-MIB settings." 2419 ::= { snmpTlstmGroups 3 } 2421 snmpTlstmNotificationGroup NOTIFICATION-GROUP 2422 NOTIFICATIONS { 2423 snmpTlstmServerCertificateUnknown, 2424 snmpTlstmServerInvalidCertificate 2425 } 2426 STATUS current 2427 DESCRIPTION 2428 "Notifications" 2429 ::= { snmpTlstmGroups 4 } 2431 END 2432 8. Operational Considerations 2434 This section discusses various operational aspects of deploying 2435 TLSTM. 2437 8.1. Sessions 2439 A session is discussed throughout this document as meaning a security 2440 association between two TLSTM instances. State information for the 2441 sessions are maintained in each TLSTM implementation and this 2442 information is created and destroyed as sessions are opened and 2443 closed. A "broken" session (one side up and one side down) can 2444 result if one side of a session is brought down abruptly (i.e., 2445 reboot, power outage, etc.). Whenever possible, implementations 2446 SHOULD provide graceful session termination through the use of TLS 2447 disconnect messages. Implementations SHOULD also have a system in 2448 place for detecting "broken" sessions through the use of heartbeats 2449 [I-D.seggelmann-tls-dtls-heartbeat] or other detection mechanisms. 2451 Implementations SHOULD limit the lifetime of established sessions 2452 depending on the algorithms used for generation of the master session 2453 secret, the privacy and integrity algorithms used to protect 2454 messages, the environment of the session, the amount of data 2455 transferred, and the sensitivity of the data. 2457 8.2. Notification Receiver Credential Selection 2459 When an SNMP engine needs to establish an outgoing session for 2460 notifications, the snmpTargetParamsTable includes an entry for the 2461 snmpTargetParamsSecurityName of the target. Servers that wish to 2462 support multiple principals at a particular port SHOULD make use of 2463 the Server Name Indication extension defined in Section 3.1 of 2464 [RFC4366]. Without the Server Name Indication the receiving SNMP 2465 engine (Server) will not know which (D)TLS certificate to offer to 2466 the Client so that the tmSecurityName identity-authentication will be 2467 successful. 2469 Another solution is to maintain a one-to-one mapping between 2470 certificates and incoming ports for notification receivers. This can 2471 be handled at the notification originator by configuring the 2472 snmpTargetAddrTable (snmpTargetAddrTDomain and 2473 snmpTargetAddrTAddress) and requiring the receiving SNMP engine to 2474 monitor multiple incoming static ports based on which principals are 2475 capable of receiving notifications. 2477 Implementations MAY also choose to designate a single Notification 2478 Receiver Principal to receive all incoming notifications or select an 2479 implementation specific method of selecting a server certificate to 2480 present to clients. 2482 8.3. contextEngineID Discovery 2484 SNMPv3 requires that an application know the identifier 2485 (snmpEngineID) of the remote SNMP protocol engine in order to 2486 retrieve or manipulate objects maintained on the remote SNMP entity. 2488 [RFC5343] introduces a well-known localEngineID and a discovery 2489 mechanism that can be used to learn the snmpEngineID of a remote SNMP 2490 protocol engine. Implementations are RECOMMENDED to support and use 2491 the contextEngineID discovery mechanism defined in [RFC5343]. 2493 8.4. Transport Considerations 2495 This document defines how SNMP messages can be transmitted over the 2496 TLS and DTLS based protocols. Each of these protocols are 2497 additionally based on other transports (TCP and UDP). These two base 2498 protocols also have operational considerations that must be taken 2499 into consideration when selecting a (D)TLS based protocol to use such 2500 as its performance in degraded or limited networks. It is beyond the 2501 scope of this document to summarize the characteristics of these 2502 transport mechanisms. Please refer to the base protocol documents 2503 for details on messaging considerations with respect to MTU size, 2504 fragmentation, performance in lossy-networks, etc. 2506 9. Security Considerations 2508 This document describes a transport model that permits SNMP to 2509 utilize (D)TLS security services. The security threats and how the 2510 (D)TLS transport model mitigates these threats are covered in detail 2511 throughout this document. Security considerations for DTLS are 2512 covered in [RFC4347] and security considerations for TLS are 2513 described in Section 11 and Appendices D, E, and F of TLS 1.2 2514 [RFC5246]. When run over a connectionless transport such as UDP, 2515 DTLS is more vulnerable to denial of service attacks from spoofed IP 2516 addresses; see Section 4.2 for details how the cookie exchange is 2517 used to address this issue. 2519 9.1. Certificates, Authentication, and Authorization 2521 Implementations are responsible for providing a security certificate 2522 installation and configuration mechanism. Implementations SHOULD 2523 support certificate revocation lists. 2525 (D)TLS provides for authentication of the identity of both the (D)TLS 2526 server and the (D)TLS client. Access to MIB objects for the 2527 authenticated principal MUST be enforced by an access control 2528 subsystem (e.g. the VACM). 2530 Authentication of the command generator principal's identity is 2531 important for use with the SNMP access control subsystem to ensure 2532 that only authorized principals have access to potentially sensitive 2533 data. The authenticated identity of the command generator 2534 principal's certificate is mapped to an SNMP model-independent 2535 securityName for use with SNMP access control. 2537 The (D)TLS handshake only provides assurance that the certificate of 2538 the authenticated identity has been signed by an configured accepted 2539 certification authority. (D)TLS has no way to further authorize or 2540 reject access based on the authenticated identity. An Access Control 2541 Model (such as the VACM) provides access control and authorization of 2542 a command generator's requests to a command responder and a 2543 notification receiver's authorization to receive Notifications from a 2544 notification originator. However to avoid man-in-the-middle attacks 2545 both ends of the (D)TLS based connection MUST check the certificate 2546 presented by the other side against what was expected. For example, 2547 command generators must check that the command responder presented 2548 and authenticated itself with a X.509 certificate that was expected. 2549 Not doing so would allow an impostor, at a minimum, to present false 2550 data, receive sensitive information and/or provide a false belief 2551 that configuration was actually received and acted upon. 2552 Authenticating and verifying the identity of the (D)TLS server and 2553 the (D)TLS client for all operations ensures the authenticity of the 2554 SNMP engine that provides MIB data. 2556 The instructions found in the DESCRIPTION clause of the 2557 snmpTlstmCertToTSNTable object must be followed exactly. It is also 2558 important that the rows of the table be searched in prioritized order 2559 starting with the row containing the lowest numbered 2560 snmpTlstmCertToTSNID value. 2562 9.2. (D)TLS Security Considerations 2564 This section discusses security considerations specific to the usage 2565 of (D)TLS. 2567 9.2.1. TLS Version Requirements 2569 Implementations of TLS typically support multiple versions of the 2570 Transport Layer Security protocol as well as the older Secure Sockets 2571 Layer (SSL) protocol. Because of known security vulnerabilities, 2572 TLSTM clients and servers MUST NOT request, offer, or use SSL 2.0. 2573 See Appendix E.2 of [RFC5246] for further details. 2575 9.2.2. Perfect Forward Secrecy 2577 The use of Perfect Forward Secrecy is RECOMMENDED and can be provided 2578 by (D)TLS with appropriately selected cipher suites, as discussed in 2579 Appendix F of [RFC5246]. 2581 9.3. Use with SNMPv1/SNMPv2c Messages 2583 The SNMPv1 and SNMPv2c message processing described in [RFC3584] (BCP 2584 74) always selects the SNMPv1 or SNMPv2c Security Models, 2585 respectively. Both of these and the User-based Security Model 2586 typically used with SNMPv3 derive the securityName and securityLevel 2587 from the SNMP message received, even when the message was received 2588 over a secure transport. Access control decisions are therefore made 2589 based on the contents of the SNMP message, rather than using the 2590 authenticated identity and securityLevel provided by the TLS 2591 Transport Model. It is RECOMMENDED that only SNMPv3 messages using 2592 the Transport Security Model (TSM) or another secure-transport aware 2593 security model be sent over the TLSTM transport. 2595 Using a non-transport-aware Security Model with a secure Transport 2596 Model is NOT RECOMMENDED. See [RFC5590] Section 7.1 for additional 2597 details on the coexistence of security-aware transports and non- 2598 transport-aware security models. 2600 9.4. MIB Module Security 2602 There are a number of management objects defined in this MIB module 2603 with a MAX-ACCESS clause of read-write and/or read-create. Such 2604 objects may be considered sensitive or vulnerable in some network 2605 environments. The support for SET operations in a non-secure 2606 environment without proper protection can have a negative effect on 2607 network operations. These are the tables and objects and their 2608 sensitivity/vulnerability: 2610 o The snmpTlstmParamsTable can be used to change the outgoing X.509 2611 certificate used to establish a (D)TLS connection. Modification 2612 to objects in this table need to be adequately authenticated since 2613 modification to values in this table will have profound impacts to 2614 the security of outbound connections from the device. Since 2615 knowledge of authorization rules and certificate usage mechanisms 2616 may be considered sensitive, protection from disclosure of the 2617 SNMP traffic via encryption is also highly recommended. 2619 o The snmpTlstmAddrTable can be used to change the expectations of 2620 the certificates presented by a remote (D)TLS server. 2621 Modification to objects in this table need to be adequately 2622 authenticated since modification to values in this table will have 2623 profound impacts to the security of outbound connections from the 2624 device. Since knowledge of authorization rules and certificate 2625 usage mechanisms may be considered sensitive, protection from 2626 disclosure of the SNMP traffic via encryption is also highly 2627 recommended. 2629 o The snmpTlstmCertToTSNTable is used to specify the mapping of 2630 incoming X.509 certificates to tmSecurityNames which eventually 2631 get mapped to a SNMPv3 securityName. Modification to objects in 2632 this table need to be adequately authenticated since modification 2633 to values in this table will have profound impacts to the security 2634 of incoming connections to the device. Since knowledge of 2635 authorization rules and certificate usage mechanisms may be 2636 considered sensitive, protection from disclosure of the SNMP 2637 traffic via encryption is also highly recommended. When this 2638 table contains a significant number of rows it may affect the 2639 system performance when accepting new (D)TLS connections. 2641 Some of the readable objects in this MIB module (i.e., objects with a 2642 MAX-ACCESS other than not-accessible) may be considered sensitive or 2643 vulnerable in some network environments. It is thus important to 2644 control even GET and/or NOTIFY access to these objects and possibly 2645 to even encrypt the values of these objects when sending them over 2646 the network via SNMP. These are the tables and objects and their 2647 sensitivity/vulnerability: 2649 o This MIB contains a collection of counters that monitor the (D)TLS 2650 connections being established with a device. Since knowledge of 2651 connection and certificate usage mechanisms may be considered 2652 sensitive, protection from disclosure of the SNMP traffic via 2653 encryption is also highly recommended. 2655 SNMP versions prior to SNMPv3 did not include adequate security. 2656 Even if the network itself is secure (for example by using IPsec), 2657 even then, there is no control as to who on the secure network is 2658 allowed to access and GET/SET (read/change/create/delete) the objects 2659 in this MIB module. 2661 It is RECOMMENDED that implementers consider the security features as 2662 provided by the SNMPv3 framework (see [RFC3410], section 8), 2663 including full support for the SNMPv3 cryptographic mechanisms (for 2664 authentication and privacy). 2666 Further, deployment of SNMP versions prior to SNMPv3 is NOT 2667 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 2668 enable cryptographic security. It is then a customer/operator 2669 responsibility to ensure that the SNMP entity giving access to an 2670 instance of this MIB module is properly configured to give access to 2671 the objects only to those principals (users) that have legitimate 2672 rights to indeed GET or SET (change/create/delete) them. 2674 10. IANA Considerations 2676 IANA is requested to assign: 2678 1. Two TCP/UDP port numbers from the "Registered Ports" range of the 2679 Port Numbers registry, with the following keywords (where TBD1 2680 and TBD2 correspond to the assigned port numbers): 2682 Keyword Decimal Description References 2683 ------- ------- ----------- ---------- 2684 snmptls TBD1/tcp SNMP-TLS [RFC-isms-dtls-tm] 2685 snmpdtls TBD1/udp SNMP-DTLS [RFC-isms-dtls-tm] 2686 snmptls-trap TBD2/tcp SNMP-Trap-TLS [RFC-isms-dtls-tm] 2687 snmpdtls-trap TBD2/udp SNMP-Trap-DTLS [RFC-isms-dtls-tm] 2689 These are the default ports for receipt of SNMP command messages 2690 (snmptls and snmpdtls) and SNMP notification messages (snmptls- 2691 trap and snmpdtls-trap) over a TLS Transport Model as defined in 2692 this document. 2694 2. An SMI number under snmpDomains for the snmpTLSTCPDomain object 2695 identifier, 2697 3. An SMI number under snmpDomains for the snmpDTLSUDPDomain object 2698 identifier, 2700 4. A SMI number under mib-2, for the MIB module in this document, 2702 5. "tls" as the corresponding prefix for the snmpTLSTCPDomain in the 2703 SNMP Transport Model registry, 2705 6. "dtls" as the corresponding prefix for the snmpDTLSUDPDomain in 2706 the SNMP Transport Model registry, 2708 RFC Editor's note: this section should be replaced with appropriate 2709 descriptive assignment text after IANA assignments are made and prior 2710 to publication. 2712 11. Acknowledgements 2714 This document closely follows and copies the Secure Shell Transport 2715 Model for SNMP documented by David Harrington and Joseph Salowey in 2716 [RFC5592]. 2718 This document was reviewed by the following people who helped provide 2719 useful comments (in alphabetical order): Andy Donati, Pasi Eronen, 2720 David Harrington, Jeffrey Hutzelman, Alan Luchuk, Michael Peck, Tom 2721 Petch, Randy Presuhn, Ray Purvis, Peter Saint-Andre, Joseph Salowey, 2722 Jurgen Schonwalder, Dave Shield, Robert Story. 2724 This work was supported in part by the United States Department of 2725 Defense. Large portions of this document are based on work by 2726 General Dynamics C4 Systems and the following individuals: Brian 2727 Baril, Kim Bryant, Dana Deluca, Dan Hanson, Tim Huemiller, John 2728 Holzhauer, Colin Hoogeboom, Dave Kornbau, Chris Knaian, Dan Knaul, 2729 Charles Limoges, Steve Moccaldi, Gerardo Orlando, and Brandon Yip. 2731 12. References 2733 12.1. Normative References 2735 [RFC1033] Lottor, M., "Domain administrators operations guide", 2736 RFC 1033, November 1987. 2738 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 2739 Requirement Levels", BCP 14, RFC 2119, March 1997. 2741 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 2742 Schoenwaelder, Ed., "Structure of Management Information 2743 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 2745 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 2746 Schoenwaelder, Ed., "Textual Conventions for SMIv2", 2747 STD 58, RFC 2579, April 1999. 2749 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 2750 "Conformance Statements for SMIv2", STD 58, RFC 2580, 2751 April 1999. 2753 [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An 2754 Architecture for Describing Simple Network Management 2755 Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, 2756 December 2002. 2758 [RFC3413] Levi, D., Meyer, P., and B. Stewart, "Simple Network 2759 Management Protocol (SNMP) Applications", STD 62, 2760 RFC 3413, December 2002. 2762 [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model 2763 (USM) for version 3 of the Simple Network Management 2764 Protocol (SNMPv3)", STD 62, RFC 3414, December 2002. 2766 [RFC3415] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based 2767 Access Control Model (VACM) for the Simple Network 2768 Management Protocol (SNMP)", STD 62, RFC 3415, 2769 December 2002. 2771 [RFC3418] Presuhn, R., "Management Information Base (MIB) for the 2772 Simple Network Management Protocol (SNMP)", STD 62, 2773 RFC 3418, December 2002. 2775 [RFC3490] Faltstrom, P., Hoffman, P., and A. Costello, 2776 "Internationalizing Domain Names in Applications (IDNA)", 2777 RFC 3490, March 2003. 2779 [RFC3584] Frye, R., Levi, D., Routhier, S., and B. Wijnen, 2780 "Coexistence between Version 1, Version 2, and Version 3 2781 of the Internet-standard Network Management Framework", 2782 BCP 74, RFC 3584, August 2003. 2784 [RFC4347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer 2785 Security", RFC 4347, April 2006. 2787 [RFC4366] Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J., 2788 and T. Wright, "Transport Layer Security (TLS) 2789 Extensions", RFC 4366, April 2006. 2791 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 2792 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 2794 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 2795 Housley, R., and W. Polk, "Internet X.509 Public Key 2796 Infrastructure Certificate and Certificate Revocation List 2797 (CRL) Profile", RFC 5280, May 2008. 2799 [RFC5590] Harrington, D. and J. Schoenwaelder, "Transport Subsystem 2800 for the Simple Network Management Protocol (SNMP)", 2801 RFC 5590, June 2009. 2803 [RFC5591] Harrington, D. and W. Hardaker, "Transport Security Model 2804 for the Simple Network Management Protocol (SNMP)", 2805 RFC 5591, June 2009. 2807 [I-D.draft-ietf-6man-text-addr-representation] 2808 Kawamura, S. and M. Kawashima, "A Recommendation for IPv6 2809 Address Text Representation". 2811 12.2. Informative References 2813 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 2814 "Introduction and Applicability Statements for Internet- 2815 Standard Management Framework", RFC 3410, December 2002. 2817 [RFC5343] Schoenwaelder, J., "Simple Network Management Protocol 2818 (SNMP) Context EngineID Discovery", RFC 5343, 2819 September 2008. 2821 [RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure 2822 Shell Transport Model for the Simple Network Management 2823 Protocol (SNMP)", RFC 5592, June 2009. 2825 [I-D.seggelmann-tls-dtls-heartbeat] 2826 Seggelmann, R., Tuexen, M., and M. Williams, "Transport 2827 Layer Security and Datagram Transport Layer Security 2828 Heartbeat Extension". 2830 Appendix A. Target and Notification Configuration Example 2832 The following sections describe example configuration for the SNMP- 2833 TLS-TM-MIB, the SNMP-TARGET-MIB, the NOTIFICATION-MIB and the SNMP- 2834 VIEW-BASED-ACM-MIB. 2836 A.1. Configuring a Notification Originator 2838 The following row adds the "Joe Cool" user to the "administrators" 2839 group: 2841 vacmSecurityModel = 4 (TSM) 2842 vacmSecurityName = "Joe Cool" 2843 vacmGroupName = "administrators" 2844 vacmSecurityToGroupStorageType = 3 (nonVolatile) 2845 vacmSecurityToGroupStatus = 4 (createAndGo) 2847 The following row configures the snmpTlstmAddrTable to use 2848 certificate path validation and to require the remote notification 2849 receiver to present a certificate for the "server.example.org" 2850 identity. 2852 snmpTargetAddrName = "toNRAddr" 2853 snmpTlstmAddrServerFingerprint = "" 2854 snmpTlstmAddrServerIdentity = "server.example.org" 2855 snmpTlstmAddrStorageType = 3 (nonVolatile) 2856 snmpTlstmAddrRowStatus = 4 (createAndGo) 2858 The following row configures the snmpTargetAddrTable to send 2859 notifications using TLS/TCP to the snmptls-trap port at 192.0.2.1: 2861 snmpTargetAddrName = "toNRAddr" 2862 snmpTargetAddrTDomain = snmpTLSTCPDomain 2863 snmpTargetAddrTAddress = "192.0.2.1:XXXsnmptls-trap" 2864 snmpTargetAddrTimeout = 1500 2865 snmpTargetAddrRetryCount = 3 2866 snmpTargetAddrTagList = "toNRTag" 2867 snmpTargetAddrParams = "toNR" (MUST match above) 2868 snmpTargetAddrStorageType = 3 (nonVolatile) 2869 snmpTargetAddrColumnStatus = 4 (createAndGo) 2871 RFC Editor's note: replace the string "XXXsnmptls-trap" above with 2872 the appropriately assigned "snmptls-trap" port. 2874 The following row configures the snmpTargetParamsTable to send the 2875 notifications to "Joe Cool", using authPriv SNMPv3 notifications 2876 through the TransportSecurityModel [RFC5591]: 2878 snmpTargetParamsName = toNR 2879 snmpTargetParamsMPModel = SNMPv3 2880 snmpTargetParamsSecurityModel = 4 (TransportSecurityModel) 2881 snmpTargetParamsSecurityName = "Joe Cool" 2882 snmpTargetParamsSecurityLevel = 3 (authPriv) 2883 snmpTargetParamsStorageType = 3 (nonVolatile) 2884 snmpTargetParamsRowStatus = 4 (createAndGo0 2886 A.2. Configuring TLSTM to Utilize a Simple Derivation of tmSecurityName 2888 The following row configures the snmpTlstmCertToTSNTable to map a 2889 validated client certificate, referenced by the client's public X.509 2890 hash fingerprint, to a tmSecurityName using the subjectAltName 2891 component of the certificate. 2893 snmpTlstmCertToTSNID = 1 2894 (chosen by ordering preference) 2895 snmpTlstmCertToTSNFingerprint = HASH (appropriate fingerprint) 2896 snmpTlstmCertToTSNMapType = snmpTlstmCertSANAny 2897 snmpTlstmCertToTSNData = "" (not used) 2898 snmpTlstmCertToTSNStorageType = 3 (nonVolatile) 2899 snmpTlstmCertToTSNRowStatus = 4 (createAndGo) 2901 This type of configuration should only be used when the naming 2902 conventions of the (possibly multiple) certificate authorities are 2903 well understood, so two different principals cannot inadvertently be 2904 identified by the same derived tmSecurityName. 2906 A.3. Configuring TLSTM to Utilize Table-Driven Certificate Mapping 2908 The following row configures the snmpTlstmCertToTSNTable to map a 2909 validated client certificate, referenced by the client's public X.509 2910 hash fingerprint, to the directly specified tmSecurityName of "Joe 2911 Cool". 2913 snmpTlstmCertToTSNID = 1 2914 (chosen by ordering preference) 2915 snmpTlstmCertToTSNFingerprint = HASH (appropriate fingerprint) 2916 snmpTlstmCertToTSNMapType = snmpTlstmCertSpecified 2917 snmpTlstmCertToTSNSecurityName = "Joe Cool" 2918 snmpTlstmCertToTSNStorageType = 3 (nonVolatile) 2919 snmpTlstmCertToTSNRowStatus = 4 (createAndGo) 2921 Author's Address 2923 Wes Hardaker 2924 Sparta, Inc. 2925 P.O. Box 382 2926 Davis, CA 95617 2927 USA 2929 Phone: +1 530 792 1913 2930 Email: ietf@hardakers.net