< draft-turner-ccmib-00.txt   draft-turner-ccmib-01.txt >
Network Working Group S. Azoum Network Working Group S. Azoum
Internet-Draft E. Jones Internet-Draft E. Jones
Intended status: Standards Track L. Sun Intended status: Standards Track L. Sun
Expires: January 1, 2017 SPAWAR Systems Center Pacific Expires: September 1, 2017 SPAWAR Systems Center Pacific
M. Irani M. Irani
J. Sun J. Sun
Nathan Kunes, Inc. Nathan Kunes, Inc.
R. Purvis R. Purvis
The MITRE Corporation The MITRE Corporation
S. Turner S. Turner
sn3rd sn3rd
June 30, 2016 February 28, 2017
Common Cryptographic MIB (CCMIB) Common Cryptographic MIB (CCMIB)
draft-turner-ccmib-00 draft-turner-ccmib-01
Abstract Abstract
This document defines a portion of the Management Information Base This document defines a portion of the Management Information Base
(MIB) for use with network management protocols in the Internet (MIB) for use with network management protocols in the Internet
community. In particular, it describes managed objects used to community. In particular, it describes managed objects used to
manage key management implementations including asymmetric keys, manage key management implementations including asymmetric keys,
symmetric keys, trust anchors, and cryptographic-related firmware. symmetric keys, trust anchors, and cryptographic-related firmware.
Status of This Memo Status of This Memo
skipping to change at page 1, line 42 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 1, 2017. This Internet-Draft will expire on September 1, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. The Internet-Standard Management Framework . . . . . . . . . 3 3. The Internet-Standard Management Framework . . . . . . . . . 3
4. Structure of the MIB module . . . . . . . . . . . . . . . . . 3 4. Structure of the MIB module . . . . . . . . . . . . . . . . . 3
5. Definition of the CC MIB module . . . . . . . . . . . . . . . 3 5. Definition of the CC MIB module . . . . . . . . . . . . . . . 3
5.1. CC Assignments [assign] . . . . . . . . . . . . . . . . 3 5.1. CC Assignments . . . . . . . . . . . . . . . . . . . . . 3
5.2. CC Feature Hierarchy . . . . . . . . . . . . . . . . . . 5 5.2. CC Feature Hierarchy . . . . . . . . . . . . . . . . . . 5
5.3. CC Textual Conventions . . . . . . . . . . . . . . . . . 6 5.3. CC Device Info . . . . . . . . . . . . . . . . . . . . . 6
5.4. CC Device Info . . . . . . . . . . . . . . . . . . . . . 11 5.4. Firmware Management Information . . . . . . . . . . . . . 17
5.5. Key Management Info . . . . . . . . . . . . . . . . . . . 30 5.5. Key Management Information . . . . . . . . . . . . . . . 23
5.6. Key Transfer Pull . . . . . . . . . . . . . . . . . . . . 84 5.6. Key Transfer Pull . . . . . . . . . . . . . . . . . . . . 77
5.7. Key Transfer Push . . . . . . . . . . . . . . . . . . . . 100 5.7. Key Transfer Push . . . . . . . . . . . . . . . . . . . . 93
5.8. Security Policy Information . . . . . . . . . . . . . . . 113 5.8. Security Policy Information . . . . . . . . . . . . . . . 106
5.9. Secure Connection Information . . . . . . . . . . . . . . 120 5.9. Secure Connection Information . . . . . . . . . . . . . . 113
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 128 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 121
7. Security Considerations . . . . . . . . . . . . . . . . . . . 128 7. Security Considerations . . . . . . . . . . . . . . . . . . . 121
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 128 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 121
8.1. Normative References . . . . . . . . . . . . . . . . . . 128 8.1. Normative References . . . . . . . . . . . . . . . . . . 122
8.2. Informative References . . . . . . . . . . . . . . . . . 130 8.2. Informative References . . . . . . . . . . . . . . . . . 123
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 130 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 124
1. Introduction 1. Introduction
RFC EDITOR: PLEASE REMOVE THE FOLLOWING PARAGRAPH PRIOR TO
PUBLICATION
The source for this draft is maintained in GitHub. Suggested changes
should be submitted as pull requests at
https://github.com/seanturner/draft-turner-ccmib. Instructions are
on that page as well. Editorial changes can be managed in GitHub.
This document defines a portion of the Management Information Base This document defines a portion of the Management Information Base
(MIB) for use with network management protocols in the Internet (MIB) for use with network management protocols in the Internet
community. In particular, it describes managed objects used to community. In particular, it describes managed objects used to
manage key management implementations including asymmetric keys, manage key management implementations including asymmetric keys,
symmetric keys, trust anchors, and cryptographic-related firmware. symmetric keys, trust anchors, and cryptographic-related firmware.
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
skipping to change at page 3, line 16 skipping to change at page 3, line 23
For a detailed overview of the documents that describe the current For a detailed overview of the documents that describe the current
Internet-Standard Management Framework, please refer to section 7 of Internet-Standard Management Framework, please refer to section 7 of
[RFC3410]. [RFC3410].
Managed objects are accessed via a virtual information store, termed Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. MIB objects are generally the Management Information Base or MIB. MIB objects are generally
accessed through the Simple Network Management Protocol (SNMP). accessed through the Simple Network Management Protocol (SNMP).
Objects in the MIB are defined using the mechanisms defined in the Objects in the MIB are defined using the mechanisms defined in the
Structure of Management Information (SMI). This memo specifies a MIB Structure of Management Information (SMI). This memo specifies a MIB
module that is compliant to the SMIv2, which is described in module that is compliant to the SMIv2, which is described in RFC 2578
[RFC2578], [RFC2579], and [RFC2580]. [RFC2578], STD 58, RFC 2579 [RFC2579], and STD 58, RFC 2580
[RFC2580].
As with all MIB modules, an attempt to SET or CREATE an object to
value that is not supported by the implementation will result in a
failure using a return code that indicates that the value is not
supported.
4. Structure of the MIB module 4. Structure of the MIB module
5. Definition of the CC MIB module 5. Definition of the CC MIB module
5.1. CC Assignments [assign] 5.1. CC Assignments
This MIB module makes reference to the following document: [RFC2578]. This MIB module makes reference to the following document: [RFC2578].
CC-ASSIGNMENTS-MIB DEFINITIONS ::= BEGIN CC-ASSIGNMENTS-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
MODULE-IDENTITY, enterprises MODULE-IDENTITY, enterprises
FROM SNMPv2-SMI; -- RFC 2578 FROM SNMPv2-SMI; -- RFC 2578
ccAssignmentsMIB MODULE-IDENTITY ccAssignmentsMIB MODULE-IDENTITY
skipping to change at page 5, line 13 skipping to change at page 5, line 13
END END
5.2. CC Feature Hierarchy 5.2. CC Feature Hierarchy
This MIB module makes reference to the following document: [RFC2578]. This MIB module makes reference to the following document: [RFC2578].
CC-FEATURE-HIERARCHY-MIB DEFINITIONS ::= BEGIN CC-FEATURE-HIERARCHY-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
ccAssignmentsMIB ccAssignmentsMIB
FROM CC-ASSIGNMENTS-MIB -- FROM [assign] FROM CC-ASSIGNMENTS-MIB -- FROM {{cc-assign}}
MODULE-IDENTITY MODULE-IDENTITY
FROM SNMPv2-SMI; -- FROM RFC 2578 FROM SNMPv2-SMI; -- FROM RFC 2578
ccFeatureHierarchyMIB MODULE-IDENTITY ccFeatureHierarchyMIB MODULE-IDENTITY
LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
ORGANIZATION "IETF" ORGANIZATION "IETF"
CONTACT-INFO CONTACT-INFO
"Shadi Azoum "Shadi Azoum
US Navy US Navy
email: shadi.azoum@navy.mil email: shadi.azoum@navy.mil
skipping to change at page 5, line 49 skipping to change at page 5, line 49
sunjeff@nkiengineering.com sunjeff@nkiengineering.com
Ray Purvis Ray Purvis
MITRE MITRE
Email:rpurvis@mitre.org Email:rpurvis@mitre.org
Sean Turner Sean Turner
sn3rd sn3rd
Email:sean@sn3rd.com" Email:sean@sn3rd.com"
DESCRIPTION DESCRIPTION
"This MIB defines the CC MIB tree hierarchical assignments "This MIB defines the CC MIB features in hierarchical MIB
below it and acts as a reservation mechanism. tree assignments. It acts as a reservation mechanism for
other MIB sets to be anchored below it.
Copyright (c) 2016 IETF Trust and the persons Copyright (c) 2016 IETF Trust and the persons
identified as authors of the code. All rights reserved. identified as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Simplified subject to the license terms contained in, the Simplified
BSD License set forth in Section 4.c of the IETF Trust's BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this MIB module is part of RFC xxxx; This version of this MIB module is part of RFC xxxx;
see the RFC itself for full legal notices." see the RFC itself for full legal notices."
-- RFC Ed.: RFC-editor please fill in xxxx. -- RFC Ed.: RFC-editor please fill in xxxx.
REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
DESCRIPTION "Initial Version. Published as RFC xxxx." DESCRIPTION "Initial Version. Published as RFC xxxx."
-- RFC Ed.: RFC-editor please fill in xxxx. -- RFC Ed.: RFC-editor please fill in xxxx.
::= { ccAssignmentsMIB 1 } ::= { ccAssignmentsMIB 1 }
ccTextualConventions OBJECT IDENTIFIER
::= { ccFeatureHierarchyMIB 1 }
ccDeviceInfo OBJECT IDENTIFIER ccDeviceInfo OBJECT IDENTIFIER
::= { ccFeatureHierarchyMIB 2 } ::= { ccFeatureHierarchyMIB 2 }
ccFirmwareManagement OBJECT IDENTIFIER
::= { ccFeatureHierarchyMIB TBD }
ccKeyManagement OBJECT IDENTIFIER ccKeyManagement OBJECT IDENTIFIER
::= { ccFeatureHierarchyMIB 3 } ::= { ccFeatureHierarchyMIB 3 }
ccKeyTransferPull OBJECT IDENTIFIER ccKeyTransferPull OBJECT IDENTIFIER
::= { ccFeatureHierarchyMIB 4 } ::= { ccFeatureHierarchyMIB 4 }
ccKeyTransferPush OBJECT IDENTIFIER ccKeyTransferPush OBJECT IDENTIFIER
::= { ccFeatureHierarchyMIB 5 } ::= { ccFeatureHierarchyMIB 5 }
ccSecurePolicyInfo OBJECT IDENTIFIER ccSecurePolicyInfo OBJECT IDENTIFIER
::= { ccFeatureHierarchyMIB 6 } ::= { ccFeatureHierarchyMIB 6 }
ccSecureConnectionInfo OBJECT IDENTIFIER ccSecureConnectionInfo OBJECT IDENTIFIER
::= { ccFeatureHierarchyMIB 7 } ::= { ccFeatureHierarchyMIB 7 }
END END
5.3. CC Textual Conventions 5.3. CC Device Info
This MIB module makes reference to following documents: Section 5.2,
[RFC2578], [RFC2579], [RFC5225], and [RFC5246].
CC-TEXTUAL-CONVENTIONS-MIB DEFINITIONS ::= BEGIN
IMPORTS
ccTextualConventions
FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}}
MODULE-IDENTITY, Integer32, Unsigned32
FROM SNMPv2-SMI -- FROM RFC 2578
TEXTUAL-CONVENTION
FROM SNMPv2-TC; -- FROM RFC 2579
ccTextualConventionMIB MODULE-IDENTITY
LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
ORGANIZATION "IETF"
CONTACT-INFO
"Shadi Azoum
US Navy
email: shadi.azoum@navy.mil
Elliott Jones
US Navy
elliott.jones@navy.mil
Lily Sun
US Navy
lily.sun@navy.mil
Mike Irani
NKI Engineering
irani@nkiengineering.com
Jeffrey Sun
NKI Engineering
sunjeff@nkiengineering.com
Ray Purvis
MITRE
Email:rpurvis@mitre.org
Sean Turner
sn3rd
Email:sean@sn3rd.com"
DESCRIPTION
"This MIB defines the CC MIB tree hierarchical assignments
below it and acts as a reservation mechanism.
Copyright (c) 2016 IETF Trust and the persons
identified as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Simplified
BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this MIB module is part of RFC xxxx;
see the RFC itself for full legal notices."
-- RFC Ed.: RFC-editor please fill in xxxx.
REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
DESCRIPTION "Initial Version. Published as RFC xxxx."
-- RFC Ed.: RFC-editor please fill in xxxx.
::= { ccTextualConventions 1 }
-- *****************************************************************
-- IP Address Textual Conventions
-- *****************************************************************
IPAddressType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A value that represents a type of Internet address.
ipv4(1) An IPv4 address as defined by the
IPv4Address textual convention.
ipv6(2) An IPv6 address as defined by the
IPv6Address textual convention.
Implementations must ensure that IPAddressType objects
and any dependent objects (e.g. IPv4Address and IPv6Address
objects) are consistent. An inconsistentValue error must
be generated if an attempt to change an IPv4Address or
IPv6Address object would, for example, lead to an undefined
value. IPAddressType/IPv4Address and
IPAddressType/IPv6Address pairs must be changed together if
IPAddressType changes."
SYNTAX INTEGER { ipv4(1), ipv6(2) }
IPAddress ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Denotes a generic Internet address that is either IPv4 or
IPv6.
Every usage of the IPAddress textual convention is required
to specify the IPAddressType object which provides the
context. It is suggested that the IPAddressType object is
logically registered before the object(s) which use the
IPAddress textual convention if they appear in the same
logical row.
The value of an IPAddress object must always be consistent
with the value of the associated IPAddressType object.
Attempts to set an IPAddress object to a value which is
inconsistent with the associated IPAddressType must
fail with an inconsistentValue error.
See the IPv4Address and IPv6Address textual conventions for
more details."
SYNTAX OCTET STRING (SIZE(4|16))
IPv4Address ::= TEXTUAL-CONVENTION
DISPLAY-HINT "1d.1d.1d.1d"
STATUS current
DESCRIPTION
"Represents an IPv4 network address:
octets contents encoding
1-4 IPv4 address network-byte order
The corresponding IPAddressType value is ipv4(1)."
SYNTAX OCTET STRING (SIZE(4))
IPv6Address ::= TEXTUAL-CONVENTION
DISPLAY-HINT "2x:2x:2x:2x:2x:2x:2x:2x"
STATUS current
DESCRIPTION
"Represents an IPv6 network address:
octets contents encoding
1-16 IPv6 address network-byte order
The corresponding InetAddressType value is ipv6(2)."
SYNTAX OCTET STRING (SIZE(16))
PortNumber ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION
"Represents a 16 bit port number of an Internet transport
layer protocol. Port numbers are assigned by IANA. A current
list of all assignments is available from
<http://www.iana.org/>.
The value zero represents the ANY (wildcard) value. In
regards to a filter or rule, this means that any port number
satisfies the filter or rule."
SYNTAX Unsigned32 (0..65535)
ROHCCompressionProfiles ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A 16-bit field that conveys the compression profiles the
local or peer decompressor supports. Only ROHCv2 compression
profiles are used and they are defined using the following
bit setting scheme shown below. Note that the bit setting
scheme does not correspond to the compression profile values
defined in RFC 5225. It is purely used in the MIB to convey
the compression profiles the local or peer decompressor
supports.
(0) compressionProfile1: IP/UDP/RTP
(1) compressionProfile2: IP/UDP
(2) compressionProfile3: IP/ESP
(3) compressionProfile4: IP
(4) compressionProfile5: IP/UDP-Lite/RTP
(5) compressionProfile6: IP/UDP-Lite
(6-15) RESERVED"
SYNTAX BITS { compressionProfile1(0), compressionProfile2(1),
compressionProfile3(2), compressionProfile4(3),
compressionProfile5(4), compressionProfile6(5) }
ROHCModes ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"An indication of whether RObust Header Compression (ROHC)
will be used in a Generic INE Secure Connection and how it
is being used. This textual convention is only applicable to
dynamic Secure Connections, where negotiation is required
for establishment.
[noROHC] = ROHC will not be used
[useROHCWithoutFeedback] = ROHC will be used and feedback
will not be sent on the Secure Connection
[useROHCWithFeedback] = ROHC will be used and feedback will
be sent on the Secure Connection
[rohcAcceptableWithoutFeedback] = ROHC will not be signaled
for use by this device as an initiator of the Secure
Connection; feedback will also not be sent on the Secure
Connection.
[rohcAcceptableWithFeedback] = ROHC will not be signaled for
use by this device as an initiator of the Secure
Connection; feedback will be sent on the Secure
Connection."
SYNTAX INTEGER { noROHC(1), useROHCWithoutFeedback(2),
useROHCWithFeedback(3),
rohcAcceptableWithoutFeedback(4),
rohcAcceptableWithFeedback(5) }
KeyFingerprint ::= TEXTUAL-CONVENTION
DISPLAY-HINT "1x:1x"
STATUS current
DESCRIPTION
"A fingerprint value that can be used to uniquely reference
key materials of potentially arbitrary length.
A KeyFingerprint value is composed of a 1-octet hashing
algorithm identifier followed by the fingerprint value. The
octet value encoded is taken from the IANA TLS HashAlgorithm
Registry RFC 5246. The remaining 19 octets are filled using
the results of the hashing algorithm on the raw key material
and inherent tagging information, truncated to 19 octets.
With public key certificates, for example, a hash of the
entire structure truncated to 19 octets is used.
If no tagging information is available, the text 'NO_TAG'
(without quotes) will be used as input."
REFERENCE "RFC 5246: The Transport Layer
Security (TLS) Protocol Version 1.2
http://www.iana.org/assignments/tls-parameters/"
SYNTAX OCTET STRING (SIZE(20))
END
5.4. CC Device Info
This MIB module makes reference to the following documents: This MIB module makes reference to the following documents:
[RFC1213], [RFC1907], [RFC2571], [RFC2578], [RFC2579], and [RFC2580]. [RFC1213], [RFC1907], [RFC2571], [RFC2578], [RFC2579], and [RFC2580].
CC-DEVICE-INFO-MIB DEFINITIONS ::= BEGIN CC-DEVICE-INFO-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
ccDeviceInfo ccDeviceInfo
FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}}
MODULE-COMPLIANCE, OBJECT-GROUP, MODULE-COMPLIANCE, OBJECT-GROUP,
NOTIFICATION-GROUP NOTIFICATION-GROUP
FROM SNMPv2-CONF -- FROM RFC 2580 FROM SNMPv2-CONF -- FROM RFC 2580
OBJECT-TYPE, Unsigned32, Integer32,
NOTIFICATION-TYPE, Counter64, MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE,
TimeTicks MODULE-IDENTITY, TimeTicks
FROM SNMPv2-SMI -- FROM RFC 2578 FROM SNMPv2-SMI -- FROM RFC 2578
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571
RowPointer, RowStatus, DateAndTime, TruthValue, DateAndTime, TruthValue, TimeStamp
TEXTUAL-CONVENTION, TimeStamp
FROM SNMPv2-TC; -- FROM RFC 2579 FROM SNMPv2-TC; -- FROM RFC 2579
ccDeviceInfoMIB MODULE-IDENTITY ccDeviceInfoMIB MODULE-IDENTITY
LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
ORGANIZATION "IETF"
CONTACT-INFO
"Shadi Azoum "Shadi Azoum
US Navy US Navy
email: shadi.azoum@navy.mil email: shadi.azoum@navy.mil
Elliott Jones Elliott Jones
US Navy US Navy
elliott.jones@navy.mil elliott.jones@navy.mil
Lily Sun Lily Sun
US Navy US Navy
skipping to change at page 12, line 31 skipping to change at page 7, line 45
sunjeff@nkiengineering.com sunjeff@nkiengineering.com
Ray Purvis Ray Purvis
MITRE MITRE
Email:rpurvis@mitre.org Email:rpurvis@mitre.org
Sean Turner Sean Turner
sn3rd sn3rd
Email:sean@sn3rd.com" Email:sean@sn3rd.com"
DESCRIPTION DESCRIPTION
"This MIB defines the CC MIB tree hierarchical assignments "This MIB defines the CC MIB Device Information objects.
below it and acts as a reservation mechanism.
Copyright (c) 2016 IETF Trust and the persons Copyright (c) 2016 IETF Trust and the persons
identified as authors of the code. All rights reserved. identified as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Simplified subject to the license terms contained in, the Simplified
BSD License set forth in Section 4.c of the IETF Trust's BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this MIB module is part of RFC xxxx; This version of this MIB module is part of RFC xxxx;
see the RFC itself for full legal notices." see the RFC itself for full legal notices."
-- RFC Ed.: RFC-editor please fill in xxxx. -- RFC Ed.: RFC-editor please fill in xxxx.
REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
DESCRIPTION "Initial Version. Published as RFC xxxx." DESCRIPTION "Initial Version. Published as RFC xxxx."
-- RFC Ed.: RFC-editor please fill in xxxx. -- RFC Ed.: RFC-editor please fill in xxxx.
::= { ccDeviceInfo 1 } ::= { ccDeviceInfo 1 }
-- ***************************************************************** -- *****************************************************************
-- Device Info Information Segments -- Device Information Segments
-- ***************************************************************** -- *****************************************************************
cDeviceInfoConformance OBJECT IDENTIFIER cDeviceInfoConformance OBJECT IDENTIFIER
::= { ccDeviceInfoMIB 1} ::= { ccDeviceInfoMIB 1}
cDeviceComponentVersInfo OBJECT IDENTIFIER cDeviceComponentVersInfo OBJECT IDENTIFIER
::= { ccDeviceInfoMIB 2} ::= { ccDeviceInfoMIB 2}
cBatteryInfo OBJECT IDENTIFIER
::= { ccDeviceInfoMIB 3}
cFirmwareInfo OBJECT IDENTIFIER
::= { ccDeviceInfoMIB 4}
cDeviceInfoScalars OBJECT IDENTIFIER cDeviceInfoScalars OBJECT IDENTIFIER
::= { ccDeviceInfoMIB 5} ::= { ccDeviceInfoMIB 5}
cDeviceInfoNotify OBJECT IDENTIFIER cDeviceInfoNotify OBJECT IDENTIFIER
::= { ccDeviceInfoMIB 6} ::= { ccDeviceInfoMIB 6}
-- ***************************************************************** -- *****************************************************************
-- General Device Info Scalars -- General Device Information Scalars
-- ***************************************************************** -- *****************************************************************
cSystemDate OBJECT-TYPE cSystemDate OBJECT-TYPE
SYNTAX DateAndTime SYNTAX DateAndTime
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The host's notion of the local date and time of day. Note, "The host's notion of the local date and time of day. Note,
some implementations will not allow changing of this object some implementations will not allow changing of this object
and will send an inconsistentValue error." and will send an inconsistentValue error."
skipping to change at page 16, line 32 skipping to change at page 11, line 40
cHardwareVersionNumber OBJECT-TYPE cHardwareVersionNumber OBJECT-TYPE
SYNTAX OCTET STRING SYNTAX OCTET STRING
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object stores the device's hardware version." "This object stores the device's hardware version."
::= { cDeviceInfoScalars 12 } ::= { cDeviceInfoScalars 12 }
-- ***************************************************************** -- *****************************************************************
-- Device Info Notifications -- Device Information Notifications
-- ***************************************************************** -- *****************************************************************
cFirmwareInstallFailed NOTIFICATION-TYPE
STATUS current
DESCRIPTION
"A notification from the device to the management station
indicating a firmware install failed."
::= { cDeviceInfoNotify 1 }
cFirmwareInstallSuccess NOTIFICATION-TYPE
OBJECTS {
cFirmwareName,
cFirmwareVersion,
cFirmwareSource
}
STATUS current
DESCRIPTION
"A notification from the device to the management station
indicating a firmware install succeeded."
::= { cDeviceInfoNotify 2 }
cResetDeviceInitialized NOTIFICATION-TYPE cResetDeviceInitialized NOTIFICATION-TYPE
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A notification from the device to the management station "A notification from the device to the management station
indicating that the device is being reset due to a change in indicating that the device is being reset due to a change in
the value of cResetDevice. This notification should be sent the value of cResetDevice. This notification should be sent
before the device performs any other reset operations (such before the device performs any other reset operations (such
as shutting down interfaces, etc.)" as shutting down interfaces, etc.)"
::= { cDeviceInfoNotify 3 } ::= { cDeviceInfoNotify 3 }
skipping to change at page 17, line 36 skipping to change at page 12, line 24
cTamperEventIndicated NOTIFICATION-TYPE cTamperEventIndicated NOTIFICATION-TYPE
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A notification from the device to the management station "A notification from the device to the management station
indicating that the device has detected a tamper event. This indicating that the device has detected a tamper event. This
notification should be sent before the device performs any notification should be sent before the device performs any
operations (such as shutting down interfaces, etc.)" operations (such as shutting down interfaces, etc.)"
::= { cDeviceInfoNotify 5 } ::= { cDeviceInfoNotify 5 }
cBatteryLow NOTIFICATION-TYPE
OBJECTS {
cBatteryType,
cBatteryOpStatus,
cBatteryLowThreshold
}
STATUS current
DESCRIPTION
"A notification from the device to the management station
indicating a battery has reached the threshold at which a
battery warning is indicated."
::= { cDeviceInfoNotify 6 }
cBatteryRequiresReplacement NOTIFICATION-TYPE
OBJECTS {
cBatteryType,
cBatteryOpStatus
}
STATUS current
DESCRIPTION
"A notification from the device to the management station
indicating a battery should be charged or changed
immediately."
::= { cDeviceInfoNotify 7 }
cDeviceOnBattery NOTIFICATION-TYPE
OBJECTS {
cBatteryType,
cBatteryOpStatus
}
STATUS current
DESCRIPTION
"A notification from the device to the management station
indicating the device is on battery power. This notification
is sent when the device is no longer connected to an
external power source and is operating using a battery for
main power."
::= { cDeviceInfoNotify 8 }
cDeviceComponentDisabled NOTIFICATION-TYPE cDeviceComponentDisabled NOTIFICATION-TYPE
OBJECTS { OBJECTS {
cDeviceComponentName, cDeviceComponentName,
cDeviceComponentVersion, cDeviceComponentVersion,
cDeviceComponentOpStatus cDeviceComponentOpStatus
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A notification from the device to the management station "A notification from the device to the management station
indicating a component described in the indicating a component described in the
skipping to change at page 21, line 27 skipping to change at page 15, line 24
SYNTAX OCTET STRING SYNTAX OCTET STRING
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A description of the component. Agents may reject the "A description of the component. Agents may reject the
changing this object certain rows. In this event, the agent changing this object certain rows. In this event, the agent
should return an inconsistentValue error." should return an inconsistentValue error."
::= { cDeviceComponentVersEntry 4 } ::= { cDeviceComponentVersEntry 4 }
-- ***************************************************************** -- *****************************************************************
-- CC MIB cBatteryInfoTable -- Module Conformance Information
-- ***************************************************************** -- *****************************************************************
cBatteryInfoTableCount OBJECT-TYPE cDeviceInfoCompliances OBJECT IDENTIFIER
SYNTAX Unsigned32 ::= { cDeviceInfoConformance 1}
MAX-ACCESS read-only cDeviceInfoGroups OBJECT IDENTIFIER
STATUS current ::= { cDeviceInfoConformance 2}
cDeviceInfoSystemCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION DESCRIPTION
"The number of rows in the cBatteryInfoTable." "Compliance levels for system information."
::= { cBatteryInfo 1 } MODULE
MANDATORY-GROUPS { cDeviceInfoSystemGroup }
cBatteryInfoTableLastChanged OBJECT-TYPE GROUP cDeviceInfoSystemNotifyGroup
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION DESCRIPTION
"The last time any entry in the table was modified, created, "This notification group is optional for implementation."
or deleted by either SNMP, agent, or other management method
(e.g. via an HMI). Managers can use this object to ensure
that no changes to configuration of this table have happened
since the last time it examined the table. A value of 0
indicates that no entry CC-DEVICE-INFO-MIB cSystemUpTime
should be used to populate this column."
::= { cBatteryInfo 2 }
cBatteryInfoTable OBJECT-TYPE OBJECT cSystemInitialLoadParameters
SYNTAX SEQUENCE OF CBatteryInfoEntry MIN-ACCESS not-accessible
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION DESCRIPTION
"The table containing information on each of the batteries "Implementation of this object is optional."
installed in the device."
::= { cBatteryInfo 3 }
cBatteryInfoEntry OBJECT-TYPE OBJECT cSecurityLevel
SYNTAX CBatteryInfoEntry MIN-ACCESS not-accessible
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION DESCRIPTION
"A row continuing information on a specific battery. If a "Implementation of this object is optional."
device cannot return status of a battery it should not cSanitizeDevice
create a row in this table for that battery." MIN-ACCESS not-accessible
INDEX { cBatteryIndex } DESCRIPTION
::= { cBatteryInfoTable 1 } "Implementation of this object is optional."
CBatteryInfoEntry ::= SEQUENCE { OBJECT cRenderInoperable
cBatteryIndex Unsigned32, MIN-ACCESS not-accessible
cBatteryType INTEGER, DESCRIPTION
cBatteryOpStatus INTEGER, "Implementation of this object is optional."
cBatteryLowThreshold Integer32 ::= { cDeviceInfoCompliances 1 }
}
cBatteryIndex OBJECT-TYPE cDeviceInfoComponentCompliance MODULE-COMPLIANCE
SYNTAX Unsigned32 STATUS current
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION DESCRIPTION
"A numerical index used to identify the battery. This value "Compliance levels for component information."
uniquely identifies a battery on this device. The value MODULE
should be persistent for a given battery, but management MANDATORY-GROUPS { cDeviceInfoComponentGroup }
stations should not depend on it as it may not be possible
for some devices to retain identical indexes (especially
across reboots)."
::= { cBatteryInfoEntry 1 }
cBatteryType OBJECT-TYPE GROUP cDeviceInfoComponentNotifyGroup
SYNTAX INTEGER { other(1), main(2), clock(3), security(4) }
MAX-ACCESS read-only
STATUS current
DESCRIPTION DESCRIPTION
"The type of battery. Other(1) describes a battery which is "This notification group is optional for implementation."
not otherwise defined here. Main(2) batteries are used for ::= { cDeviceInfoCompliances 2 }
operation of the device when not connected to a power
source. Clock(3) is used to describe batteries which cannot
provide main power to the device but maintain clock or other
persistent data. Security(4) is used for batteries which
perform specific security functions or which may render the
device inoperable when the battery is depleted. If a battery
is used for both clock and security, Security should be
returned."
::= { cBatteryInfoEntry 2 }
cBatteryOpStatus OBJECT-TYPE cDeviceInfoSystemGroup OBJECT-GROUP
SYNTAX INTEGER { unknown(1), batteryNormal(2), OBJECTS {
batteryLow(3), batteryDepleted(4), cSystemDate,
batteryMissing(5) } cSystemUpTime,
MAX-ACCESS read-only cSystemInitialLoadParameters,
cSecurityLevel,
cElectronicSerialNumber,
cLastChanged,
cResetDevice,
cSanitizeDevice,
cRenderInoperable,
cVendorName,
cModelIdentifier,
cHardwareVersionNumber
}
STATUS current
DESCRIPTION
"This group is composed of objects related to system
information."
::= { cDeviceInfoGroups 1 }
cDeviceInfoComponentGroup OBJECT-GROUP
OBJECTS {
cDeviceComponentVersTableCount,
cDeviceComponentVersTableLastChanged,
cDeviceComponentName,
cDeviceComponentVersion,
cDeviceComponentOpStatus,
cDeviceComponentDescription
}
STATUS current
DESCRIPTION
"This group is composed of objects related to component
information."
::= { cDeviceInfoGroups 2 }
cDeviceInfoSystemNotifyGroup NOTIFICATION-GROUP
NOTIFICATIONS {
cResetDeviceInitialized,
cSanitizeDeviceInitialized,
cTamperEventIndicated,
cSanitizeDeviceInitialized
}
STATUS current
DESCRIPTION
"This group is composed of notifications related to system
information."
::= { cDeviceInfoGroups 5 }
cDeviceInfoComponentNotifyGroup NOTIFICATION-GROUP
NOTIFICATIONS {
cDeviceComponentDisabled,
cDeviceComponentEnabled
}
STATUS current
DESCRIPTION
"This group is composed of notifications related to
component information."
::= { cDeviceInfoGroups 6 }
END
5.4. Firmware Management Information
This MIB module makes references to the following documents:
[RFC2571], [RFC2578], [RFC2579], and [RFC2580].
CC-FIRMWARE-MANAGEMENT-MIB DEFINITIONS ::= BEGIN
IMPORTS
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571
OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE,
MODULE-IDENTITY
FROM SNMPv2-SMI -- FROM RFC 2578
TimeStamp, TruthValue, RowStatus
FROM SNMPv2-TC -- FROM RFC 2579
MODULE-COMPLIANCE, OBJECT-GROUP,
NOTIFICATION-GROUP
FROM SNMPv2-CONF -- FROM RFC 2580;
ccFirmwareManagementMIB MODULE-IDENTITY
LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
ORGANIZATION "IETF"
CONTACT-INFO
"Shadi Azoum
US Navy
email: shadi.azoum@navy.mil
Elliott Jones
US Navy
elliott.jones@navy.mil
Lily Sun
US Navy
lily.sun@navy.mil
Mike Irani
NKI Engineering
irani@nkiengineering.com
Jeffrey Sun
NKI Engineering
sunjeff@nkiengineering.com
Ray Purvis
MITRE
Email:rpurvis@mitre.org
Sean Turner
sn3rd
Email:sean@sn3rd.com"
DESCRIPTION
"This MIB defines the CC MIB Firmware Managment objects.
Copyright (c) 2017 IETF Trust and the persons
identified as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Simplified
BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this MIB module is part of RFC xxxx;
see the RFC itself for full legal notices."
-- RFC Ed.: RFC-editor please fill in xxxx.
REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
DESCRIPTION "Initial Version. Published as RFC xxxx."
-- RFC Ed.: RFC-editor please fill in xxxx.
::= { ccFirmwareManagement 1 }
-- *****************************************************************
-- Firmware Information Segments
-- *****************************************************************
cFirmwareInfo OBJECT IDENTIFIER
::= { ccFirmwareManagementMIB TBD }
cFirmwareInfoNoitify OBJECT IDENTIFIER
::= { ccFirmwareManagementMIB TBD }
-- *****************************************************************
-- Firmware Information Notifications
-- *****************************************************************
cFirmwareInstallFailed NOTIFICATION-TYPE
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Indication of the status of the battery." "A notification from the device to the management station
::= {cBatteryInfoEntry 3} indicating a firmware install failed."
::= { cFirmwareInfoNotify TBD }
cBatteryLowThreshold OBJECT-TYPE cFirmwareInstallSuccess NOTIFICATION-TYPE
SYNTAX Integer32 (0..100) OBJECTS {
MAX-ACCESS read-write cFirmwareName,
cFirmwareVersion,
cFirmwareSource
}
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The percentage of capacity at which the cBatteryLow "A notification from the device to the management station
notification will be generated. A value of zero indicates indicating a firmware install succeeded."
that the notification should never be sent for this battery. ::= { cFirmwareInfoNotify TBD }
This object should not be implemented if the device will
detect a low battery, but the actual percentage is not
measurable. This object only needs be writable for
implementations that support modification of the warning
level percentage."
::= { cBatteryInfoEntry 4 }
-- ***************************************************************** -- *****************************************************************
-- CC MIB cFirmwareInformationTable -- CC MIB cFirmwareInformationTable
-- ***************************************************************** -- *****************************************************************
cFirmwareInformationTableCount OBJECT-TYPE cFirmwareInformationTableCount OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 25, line 26 skipping to change at page 21, line 38
cFirmwareSource OBJECT-TYPE cFirmwareSource OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(1..255)) SYNTAX SnmpAdminString (SIZE(1..255))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This column is used by the implementation to describe how "This column is used by the implementation to describe how
the firmware was received. Agents may use any string which the firmware was received. Agents may use any string which
adequately describes the interface such as 'USB' or adequately describes the interface such as 'USB' or
'DS-100.' Agents may also reference entries in the ifTable 'DS-100.' Agents may also reference entries in the ifTable
when appropriate. If received using a Cryptographic Device when appropriate. If received using a Secure Object
Material (CDM) server, the exact URI that was used to Maagement System (SOMS) server, the exact URI that was used
retrieve the firmware package would be configured in this to retrieve the firmware package would be configured in this
column." column."
::= { cFirmwareInformationEntry 3 } ::= { cFirmwareInformationEntry 3 }
cFirmwareRunning OBJECT-TYPE cFirmwareRunning OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Indicates if the firmware is currently running. Only one "Indicates if the firmware is currently running. Only one
row in the table should have this object set to True at any row in the table should have this object set to True at any
skipping to change at page 26, line 12 skipping to change at page 22, line 24
"The status of the row, by which old entries may be deleted "The status of the row, by which old entries may be deleted
from this table. At a minimum, implementations must support from this table. At a minimum, implementations must support
destroy management functions. Support for active and destroy management functions. Support for active and
notReady management functions is optional." notReady management functions is optional."
::= { cFirmwareInformationEntry 5 } ::= { cFirmwareInformationEntry 5 }
-- ***************************************************************** -- *****************************************************************
-- Module Conformance Information -- Module Conformance Information
-- ***************************************************************** -- *****************************************************************
cDeviceInfoCompliances OBJECT IDENTIFIER cFirmwareInfoCompliances OBJECT IDENTIFIER
::= { cDeviceInfoConformance 1} ::= { cFirmwareInfoConformance 1}
cDeviceInfoGroups OBJECT IDENTIFIER cFirmwareInfoGroups OBJECT IDENTIFIER
::= { cDeviceInfoConformance 2} ::= { cFirmwareInfoConformance 2}
cDeviceInfoSystemCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Compliance levels for system information."
MODULE
MANDATORY-GROUPS { cDeviceInfoSystemGroup }
GROUP cDeviceInfoSystemNotifyGroup
DESCRIPTION
"This notification group is optional for implementation."
OBJECT cSystemInitialLoadParameters
MIN-ACCESS not-accessible
DESCRIPTION
"Implementation of this object is optional."
OBJECT cSecurityLevel
MIN-ACCESS not-accessible
DESCRIPTION
"Implementation of this object is optional."
cSanitizeDevice
MIN-ACCESS not-accessible
DESCRIPTION
"Implementation of this object is optional."
OBJECT cRenderInoperable
MIN-ACCESS not-accessible
DESCRIPTION
"Implementation of this object is optional."
::= { cDeviceInfoCompliances 1 }
cDeviceInfoComponentCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Compliance levels for component information."
MODULE
MANDATORY-GROUPS { cDeviceInfoComponentGroup }
GROUP cDeviceInfoComponentNotifyGroup
DESCRIPTION
"This notification group is optional for implementation."
::= { cDeviceInfoCompliances 2 }
cDeviceInfoBatteryCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Compliance levels for battery information."
MODULE
MANDATORY-GROUPS { cDeviceInfoBatteryGroup }
GROUP cDeviceInfoBatteryNotifyGroup
DESCRIPTION
"This notification group is optional for implementation."
OBJECT cBatteryLowThreshold
MIN-ACCESS not-accessible
DESCRIPTION
"Implementation of this object is optional."
::= { cDeviceInfoCompliances 3 }
cDeviceInfoFirmwareCompliance MODULE-COMPLIANCE cFirmwareInfoCompliance MODULE-COMPLIANCE
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Compliance levels for firmware information." "Compliance levels for firmware information."
MODULE MODULE
MANDATORY-GROUPS { cDeviceInfoFirmwareGroup } MANDATORY-GROUPS { cFirmwareInfoGroup }
GROUP cDeviceInfoFirmwareNotifyGroup GROUP cFirmwareInfoNotifyGroup
DESCRIPTION DESCRIPTION
"This notification group is optional for implementation." "This notification group is optional for implementation."
::= { cDeviceInfoCompliances 4 } ::= { cDeviceInfoCompliances TBD }
cDeviceInfoSystemGroup OBJECT-GROUP
OBJECTS {
cSystemDate,
cSystemUpTime,
cSystemInitialLoadParameters,
cSecurityLevel,
cElectronicSerialNumber,
cLastChanged,
cResetDevice,
cSanitizeDevice,
cRenderInoperable,
cVendorName,
cModelIdentifier,
cHardwareVersionNumber
}
STATUS current
DESCRIPTION
"This group is composed of objects related to system
information."
::= { cDeviceInfoGroups 1 }
cDeviceInfoComponentGroup OBJECT-GROUP
OBJECTS {
cDeviceComponentVersTableCount,
cDeviceComponentVersTableLastChanged,
cDeviceComponentName,
cDeviceComponentVersion,
cDeviceComponentOpStatus,
cDeviceComponentDescription
}
STATUS current
DESCRIPTION
"This group is composed of objects related to component
information."
::= { cDeviceInfoGroups 2 }
cDeviceInfoBatteryGroup OBJECT-GROUP
OBJECTS {
cBatteryInfoTableCount,
cBatteryInfoTableLastChanged,
cBatteryType,
cBatteryOpStatus,
cBatteryLowThreshold
}
STATUS current
DESCRIPTION
"This group is composed of objects related to battery
information."
::= { cDeviceInfoGroups 3 }
cDeviceInfoFirmwareGroup OBJECT-GROUP cFirmwareInfoGroup OBJECT-GROUP
OBJECTS { OBJECTS {
cFirmwareInformationTableCount, cFirmwareInformationTableCount,
cFirmwareInformationTableLastChanged, cFirmwareInformationTableLastChanged,
cFirmwareName, cFirmwareName,
cFirmwareVersion, cFirmwareVersion,
cFirmwareSource, cFirmwareSource,
cFirmwareRunning, cFirmwareRunning,
cFirmwareRowStatus cFirmwareRowStatus
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This group is composed of objects related to firmware "This group is composed of objects related to firmware
information." information."
::= { cDeviceInfoGroups 4 } ::= { cFirmwareInfoGroups TBD }
cDeviceInfoSystemNotifyGroup NOTIFICATION-GROUP
NOTIFICATIONS {
cResetDeviceInitialized,
cSanitizeDeviceInitialized,
cTamperEventIndicated,
cSanitizeDeviceInitialized
}
STATUS current
DESCRIPTION
"This group is composed of notifications related to system
information."
::= { cDeviceInfoGroups 5 }
cDeviceInfoComponentNotifyGroup NOTIFICATION-GROUP
NOTIFICATIONS {
cDeviceComponentDisabled,
cDeviceComponentEnabled
}
STATUS current
DESCRIPTION
"This group is composed of notifications related to
component information."
::= { cDeviceInfoGroups 6 }
cDeviceInfoBatteryNotifyGroup NOTIFICATION-GROUP
NOTIFICATIONS {
cBatteryLow,
cBatteryRequiresReplacement,
cDeviceOnBattery
}
STATUS current
DESCRIPTION
"This group is composed of notifications related to battery
information."
::= { cDeviceInfoGroups 7 }
cDeviceInfoFirmwareNotifyGroup NOTIFICATION-GROUP cFirmwareInfoNotifyGroup NOTIFICATION-GROUP
NOTIFICATIONS { NOTIFICATIONS {
cFirmwareInstallFailed, cFirmwareInstallFailed,
cFirmwareInstallSuccess cFirmwareInstallSuccess
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This group is composed of notifications related to firmware "This group is composed of notifications related to firmware
information." information."
::= { cDeviceInfoGroups 8 } ::= { cFirmwareInfoGroups TBD }
END END
5.5. Key Management Info 5.5. Key Management Information
This MIB module makes references to the following documents: This MIB module makes references to the following documents:
[RFC2571], [RFC2578], [RFC2579], [RFC2580], [RFC5280], [RFC5914], [RFC2571], [RFC2578], [RFC2579], [RFC2580], [RFC5280], [RFC5914],
[RFC6030], and [RFC6353]. [RFC6030], and [RFC6353].
CC-KEY-MANAGEMENT-MIB DEFINITIONS ::= BEGIN CC-KEY-MANAGEMENT-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
ccKeyManagement ccKeyManagement
FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}}
OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE,
Counter64, MODULE-IDENTITY MODULE-IDENTITY
FROM SNMPv2-SMI -- FROM RFC 2578 FROM SNMPv2-SMI -- FROM RFC 2578
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571
RowPointer, RowStatus, DateAndTime, RowPointer, RowStatus, DateAndTime,
TruthValue,TEXTUAL-CONVENTION, TimeStamp TruthValue, TimeStamp
FROM SNMPv2-TC -- FROM RFC 2579 FROM SNMPv2-TC -- FROM RFC 2579
MODULE-COMPLIANCE, OBJECT-GROUP, MODULE-COMPLIANCE, OBJECT-GROUP,
NOTIFICATION-GROUP NOTIFICATION-GROUP
FROM SNMPv2-CONF -- FROM RFC 2580 FROM SNMPv2-CONF -- FROM RFC 2580
SnmpTLSFingerprint SnmpTLSFingerprint
FROM SNMP-TLS-TM-MIB; -- FROM RFC 6353 FROM SNMP-TLS-TM-MIB; -- FROM RFC 6353
ccKeyManagementMIB MODULE-IDENTITY ccKeyManagementMIB MODULE-IDENTITY
LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
ORGANIZATION "IETF"
CONTACT-INFO
"Shadi Azoum "Shadi Azoum
US Navy US Navy
email: shadi.azoum@navy.mil email: shadi.azoum@navy.mil
Elliott Jones Elliott Jones
US Navy US Navy
elliott.jones@navy.mil elliott.jones@navy.mil
Lily Sun Lily Sun
US Navy US Navy
skipping to change at page 31, line 19 skipping to change at page 24, line 30
sunjeff@nkiengineering.com sunjeff@nkiengineering.com
Ray Purvis Ray Purvis
MITRE MITRE
Email:rpurvis@mitre.org Email:rpurvis@mitre.org
Sean Turner Sean Turner
sn3rd sn3rd
Email:sean@sn3rd.com" Email:sean@sn3rd.com"
DESCRIPTION DESCRIPTION
"This MIB defines the CC MIB tree hierarchical assignments "This MIB defines the CC MIB Key Managment objects.
below it and acts as a reservation mechanism.
Copyright (c) 2016 IETF Trust and the persons Copyright (c) 2016 IETF Trust and the persons
identified as authors of the code. All rights reserved. identified as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Simplified subject to the license terms contained in, the Simplified
BSD License set forth in Section 4.c of the IETF Trust's BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
skipping to change at page 32, line 4 skipping to change at page 25, line 14
-- ***************************************************************** -- *****************************************************************
cSymmetricKeyInfo OBJECT IDENTIFIER cSymmetricKeyInfo OBJECT IDENTIFIER
::= { ccKeyManagementMIB 1 } ::= { ccKeyManagementMIB 1 }
cAsymKeyInfo OBJECT IDENTIFIER cAsymKeyInfo OBJECT IDENTIFIER
::= { ccKeyManagementMIB 2 } ::= { ccKeyManagementMIB 2 }
cTrustAnchorInfo OBJECT IDENTIFIER cTrustAnchorInfo OBJECT IDENTIFIER
::= { ccKeyManagementMIB 3 } ::= { ccKeyManagementMIB 3 }
cCKLInfo OBJECT IDENTIFIER cCKLInfo OBJECT IDENTIFIER
::= { ccKeyManagementMIB 4 } ::= { ccKeyManagementMIB 4 }
cCDMStoreInfo OBJECT IDENTIFIER cCDMStoreInfo OBJECT IDENTIFIER
::= { ccKeyManagementMIB 5 } ::= { ccKeyManagementMIB 5 }
cCertSubAltNameInfo OBJECT IDENTIFIER cCertSubAltNameInfo OBJECT IDENTIFIER
::= { ccKeyManagementMIB 6 } ::= { ccKeyManagementMIB 6 }
cCertPathCtrlsInfo OBJECT IDENTIFIER cCertPathCtrlsInfo OBJECT IDENTIFIER
::= { ccKeyManagementMIB 7 } ::= { ccKeyManagementMIB 7 }
cCertPolicyInfo OBJECT IDENTIFIER cCertPolicyInfo OBJECT IDENTIFIER
::= { ccKeyManagementMIB 8 } ::= { ccKeyManagementMIB 8 }
cPolicyMappingInfo OBJECT IDENTIFIER cPolicyMappingInfo OBJECT IDENTIFIER
::= { ccKeyManagementMIB 9 } ::= { ccKeyManagementMIB 9 }
cNameConstraintInfo OBJECT IDENTIFIER cNameConstraintInfo OBJECT IDENTIFIER
::= { ccKeyManagementMIB 10 } ::= { ccKeyManagementMIB 10 }
cKeyManagementScalars OBJECT IDENTIFIER cKeyManagementScalars OBJECT IDENTIFIER
::= { ccKeyManagementMIB 11 } ::= { ccKeyManagementMIB 11 }
cKeyManagementNotify OBJECT IDENTIFIER cKeyManagementNotify OBJECT IDENTIFIER
::= { ccKeyManagementMIB 12 } ::= { ccKeyManagementMIB 12 }
cKeyManagementConformance OBJECT IDENTIFIER cKeyManagementConformance OBJECT IDENTIFIER
::= { ccKeyManagementMIB 13 } ::= { ccKeyManagementMIB 13 }
-- ***************************************************************** -- *****************************************************************
-- Key Management Scalars -- Key Management Information Scalars
-- ***************************************************************** -- *****************************************************************
cZeroizeAllKeys OBJECT-TYPE cZeroizeAllKeys OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Setting this object to 'true' removes all entries in key "Setting this object to 'true' removes all entries in key
material tables and zeroizes key materials. It is applicable material tables and zeroizes key materials. It is applicable
to symmetric keys, asymmetric keys, and Trust Anchors (TA). to symmetric keys, asymmetric keys, and Trust Anchors (TA).
skipping to change at page 52, line 10 skipping to change at page 45, line 19
When this object does not apply for the key material, this When this object does not apply for the key material, this
column will not exist." column will not exist."
::= { cAsymKeyEntry 17 } ::= { cAsymKeyEntry 17 }
cAsymKeyRekey OBJECT-TYPE cAsymKeyRekey OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Setting this object to 'true' imitates a rekey operation "Setting this object to 'true' initates a rekey operation
for the asymmetric key material. Note, additional for the asymmetric key material. Note, additional
configurations will likely be required based on the configurations will likely be required based on the
supported key management protocol. supported key management protocol.
Note after being set to true, an agent should reset this Note after being set to true, an agent should reset this
object to false once the rekey operation has completed." object to false once the rekey operation has completed."
::= { cAsymKeyEntry 18 } ::= { cAsymKeyEntry 18 }
cAsymKeyType OBJECT-TYPE cAsymKeyType OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(1..255)) SYNTAX OCTET STRING (SIZE(1..255))
skipping to change at page 61, line 4 skipping to change at page 54, line 15
(1) symKey - This row contains information about a stored (1) symKey - This row contains information about a stored
symmetric key. symmetric key.
(2) asymKey - This row contains information about a stored (2) asymKey - This row contains information about a stored
asymmetric key. asymmetric key.
(3) trustAnchor - This row contains information about a (3) trustAnchor - This row contains information about a
stored Trust Anchor (TA). stored Trust Anchor (TA).
(4) crl - This row contains information about a stored (4) crl - This row contains information about a stored
Certificate Revocation List (CRL). Certificate Revocation List (CRL).
(5) ckl - This row contains information about a stored (5) ckl - This row contains information about a stored
Compromised Key List (CKL). Compromised Key List (CKL).
(6) firmware - This row contains information about stored (6) firmware - This row contains information about stored
firmware. firmware.
(7) storeAndForwardWrappedPkg - This row contains (7) storeAndForwardWrappedPkg - This row contains
information about a stored encrypted wrapped package, information about a stored encrypted wrapped package,
typically meant to be forwarded to another device." typically meant to be forwarded to another device."
::= { cCDMStoreEntry 2 } ::= { cCDMStoreEntry 2 }
cCDMStoreSource OBJECT-TYPE cCDMStoreSource OBJECT-TYPE
SYNTAX SnmpAdminString SYNTAX SnmpAdminString
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An administrative name that identifies the source of this "An administrative name that identifies the source of this
Crypto Device Material (CDM). This could be the URI used Crypto Device Material (CDM). This could be the URI used
when downloaded from the CDM server or a physical port when downloaded from the Secure Object Management System
designator for CDM downloaded via HMI." (SOMS) server or a physical port designator for CDM
downloaded via HMI."
::= { cCDMStoreEntry 3 } ::= { cCDMStoreEntry 3 }
cCDMStoreID OBJECT-TYPE cCDMStoreID OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(1..255)) SYNTAX OCTET STRING (SIZE(1..255))
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Represents a unique identifier assigned to this Crypto "Represents a unique identifier assigned to this Crypto
Device Material (CDM). This would typically be an identifier Device Material (CDM). This would typically be an identifier
inherent to the CDM, such as a serial number or other form inherent to the CDM, such as a serial number or other form
skipping to change at page 84, line 37 skipping to change at page 78, line 4
This MIB module makes reference to the following documents: This MIB module makes reference to the following documents:
[RFC2571], [RFC2578], [RFC2579], and [RFC2580]. [RFC2571], [RFC2578], [RFC2579], and [RFC2580].
CC-KEY-TRANSFER-PULL-MIB DEFINITIONS ::= BEGIN CC-KEY-TRANSFER-PULL-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
ccKeyTransferPull ccKeyTransferPull
FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}}
MODULE-COMPLIANCE, OBJECT-GROUP, MODULE-COMPLIANCE, OBJECT-GROUP,
NOTIFICATION-GROUP NOTIFICATION-GROUP
ROM SNMPv2-CONF -- FROM RFC 2580 FROM SNMPv2-CONF -- FROM RFC 2580
OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE,
Counter64, MODULE-IDENTITY MODULE-IDENTITY
FROM SNMPv2-SMI -- FROM RFC 2578 FROM SNMPv2-SMI -- FROM RFC 2578
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571
<<<<<<< HEAD
RowStatus, TimeStamp
=======
RowPointer, RowStatus, DateAndTime, RowPointer, RowStatus, DateAndTime,
TruthValue, TEXTUAL-CONVENTION, TimeStamp TimeStamp
>>>>>>> master
FROM SNMPv2-TC; -- FROM RFC 2579 FROM SNMPv2-TC; -- FROM RFC 2579
ccKeyTransferPullMIB MODULE-IDENTITY ccKeyTransferPullMIB MODULE-IDENTITY
LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
ORGANIZATION "IETF"
CONTACT-INFO
"Shadi Azoum "Shadi Azoum
US Navy US Navy
email: shadi.azoum@navy.mil email: shadi.azoum@navy.mil
Elliott Jones Elliott Jones
US Navy US Navy
elliott.jones@navy.mil elliott.jones@navy.mil
Lily Sun Lily Sun
US Navy US Navy
skipping to change at page 85, line 27 skipping to change at page 78, line 50
sunjeff@nkiengineering.com sunjeff@nkiengineering.com
Ray Purvis Ray Purvis
MITRE MITRE
Email:rpurvis@mitre.org Email:rpurvis@mitre.org
Sean Turner Sean Turner
sn3rd sn3rd
Email:sean@sn3rd.com" Email:sean@sn3rd.com"
DESCRIPTION DESCRIPTION
"This MIB defines the CC MIB tree hierarchical assignments "This MIB defines the CC MIB Key Transfer Pull objects.
below it and acts as a reservation mechanism.
Copyright (c) 2016 IETF Trust and the persons Copyright (c) 2016 IETF Trust and the persons
identified as authors of the code. All rights reserved. identified as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Simplified subject to the license terms contained in, the Simplified
BSD License set forth in Section 4.c of the IETF Trust's BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
skipping to change at page 86, line 4 skipping to change at page 79, line 26
see the RFC itself for full legal notices." see the RFC itself for full legal notices."
-- RFC Ed.: RFC-editor please fill in xxxx. -- RFC Ed.: RFC-editor please fill in xxxx.
REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
DESCRIPTION "Initial Version. Published as RFC xxxx." DESCRIPTION "Initial Version. Published as RFC xxxx."
-- RFC Ed.: RFC-editor please fill in xxxx. -- RFC Ed.: RFC-editor please fill in xxxx.
::= { 1 } ::= { 1 }
-- ***************************************************************** -- *****************************************************************
-- Key Transfer Pull Information Segments -- Key Transfer Pull Information Segments
-- ***************************************************************** -- *****************************************************************
cKeyTransferPullConformance OBJECT IDENTIFIER cKeyTransferPullConformance OBJECT IDENTIFIER
::= { ccKeyTransferPullMIB 1 } ::= { ccKeyTransferPullMIB 1 }
cKeyTransferPullScalars OBJECT IDENTIFIER cKeyTransferPullScalars OBJECT IDENTIFIER
::= { ccKeyTransferPullMIB 2 } ::= { ccKeyTransferPullMIB 2 }
cKeyTransferPullNotify OBJECT IDENTIFIER cKeyTransferPullNotify OBJECT IDENTIFIER
::= { ccKeyTransferPullMIB 3 } ::= { ccKeyTransferPullMIB 3 }
cCDMServerInfo OBJECT IDENTIFIER cSOMSServerInfo OBJECT IDENTIFIER
::= { ccKeyTransferPullMIB 4 } ::= { ccKeyTransferPullMIB 4 }
cCDMDeliveryInfo OBJECT IDENTIFIER cCDMDeliveryInfo OBJECT IDENTIFIER
::= { ccKeyTransferPullMIB 5 } ::= { ccKeyTransferPullMIB 5 }
-- ***************************************************************** -- *****************************************************************
-- Key Transfer Pull Scalars -- Key Transfer Pull Scalars
-- ***************************************************************** -- *****************************************************************
cCDMServerRetryDelay OBJECT-TYPE cSOMSServerRetryDelay OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The amount of time to wait after a download attempt to the "The amount of time to wait after a download attempt to the
cryptographic device material (CDM) server fails before Secure Object Management System (SOMS) server fails before
attempting to retry the operation. Note, this scalar applies attempting to retry the operation. Note, this scalar applies
to the download of any type of item from the CDM server to the download of any type of item from the SOMS server
(e.g. CDMs, CDMLs)." (e.g. CDMs, PALs)."
::= { cKeyTransferPullScalars 1 } ::= { cKeyTransferPullScalars 1 }
cCDMServerRetryMaxAttempts OBJECT-TYPE cSOMSServerRetryMaxAttempts OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The amount of retries attempted before the download attempt "The amount of retries attempted before the download attempt
to the cryptographic device material (CDM) server is to the Secure Object Management System (SOMS) server is
considered a failure. Note, this scalar applies to the considered a failure. Note, this scalar applies to the
download of any type of item from the CDM server (e.g. CDMs, download of any type of item from the SOMS server (e.g. CDMs,
CDMLs)." PALs)."
::= { cKeyTransferPullScalars 2 } ::= { cKeyTransferPullScalars 2 }
cCDMPullRetrievalPriorities OBJECT-TYPE cCDMPullRetrievalPriorities OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An indication of which cryptographic device materials "An indication of which cryptographic device materials
(CDMs) to retrieve based on this value and a configured (CDMs) to retrieve based on this value and a configured
cCDMDeliveryPriority in a cCDMDeliveryTable entry. This cCDMDeliveryPriority in a cCDMDeliveryTable entry. This
skipping to change at page 87, line 19 skipping to change at page 80, line 42
Different types of ECUs may have different values for this Different types of ECUs may have different values for this
scalar. Bandwidth-limited ECUs, for example, may configure scalar. Bandwidth-limited ECUs, for example, may configure
lower values for only retrieving high-priority CDMs. lower values for only retrieving high-priority CDMs.
A value of 0, also a default value for this scalar, A value of 0, also a default value for this scalar,
indicates that all cCDMDeliveryTable entries can be acted indicates that all cCDMDeliveryTable entries can be acted
upon regardless of the configured cCDMDeliveryPriority value." upon regardless of the configured cCDMDeliveryPriority value."
DEFVAL {0} DEFVAL {0}
::= { cKeyTransferPullScalars 3 } ::= { cKeyTransferPullScalars 3 }
cCDMLDeliveryRequest OBJECT-TYPE cPALDeliveryRequest OBJECT-TYPE
SYNTAX INTEGER { readyForDownload(1), downloadAndParse(2), SYNTAX INTEGER { readyForDownload(1), downloadAndParse(2),
discard(3) } discard(3) }
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This scalar controls the server's CDML download process - "This scalar controls the server's PAL download process -
server information is stored in the cCDMServerTable. When server information is stored in the cSOMSServerTable. When
read, it will return 'readyForDownload' if the last action read, it will return 'readyForDownload' if the last action
succeeded. If the last action is in progress or failed, it succeeded. If the last action is in progress or failed, it
will return the last requested action. will return the last requested action.
The values which may be set depend on the current value of The values which may be set depend on the current value of
this object and the cCDMLDeliveryStatus object. this object and the cPALDeliveryStatus object.
In order to initiate a new download, this object must In order to initiate a new download, this object must
contain the value 'readyForDownload', and the contain the value 'readyForDownload', and the
cCDMLDeliveryStatus must contain the value 'complete'. At cPALDeliveryStatus must contain the value 'complete'. At
which point, setting this object to to 'downloadAndParse' which point, setting this object to to 'downloadAndParse'
initiates the CDML download process. Note, the initiates the PAL download process. Note, the
cCDMLDeliveryStatus should transition to 'inProgress' at cPALDeliveryStatus should transition to 'inProgress' at
the device begins the CDML download process from the the device begins the PAL download process from the
server(s) and URI(s) listed in the cCDMLServerTable (as server(s) and URI(s) listed in the cSOMSServerTable (as
ordered by the cCDMLServerPriority index). ordered by the cSOMSServerPriority index).
If the CDML download fails, the next highest priority URI If the PAL download fails, the next highest priority URI
will be tried, and so on. will be tried, and so on.
While a CDML download is in progress, or if the CDML While a PAL download is in progress, or if the PAL
download fails for all possible servers and URIs (indicated download fails for all possible servers and URIs (indicated
by a cCDMLDeliveryStatus value of 'downloadFailed'), this by a cPALDeliveryStatus value of 'downloadFailed'), this
object will return an inconsistentValue error for any new object will return an inconsistentValue error for any new
value except 'discard' (which will cancel the current value except 'discard' (which will cancel the current
download). download).
If the CDML download succeeded, the cCDMLDeliveryStatusvalue If the PAL download succeeded, the cPALDeliveryStatus value
remains inProgress and the device attempts to parse the remains inProgress and the device attempts to parse the
download immediately. During the parsing of the CDML, all download immediately. During the parsing of the PAL, all
new values will return inconsistentValue error (i.e. the new values will return inconsistentValue error (i.e. the
parse process can not be aborted). If the parse fails, the parse process can not be aborted). If the parse fails, the
cCDMLDeliveryStatus will transition to 'parseFailed', and cPALDeliveryStatus will transition to 'parseFailed', and
this object must be set to 'discard' before a new CDML this object must be set to 'discard' before a new PAL
download is attempted." download is attempted."
::= { cKeyTransferPullScalars 4 } ::= { cKeyTransferPullScalars 4 }
cCDMLDeliveryStatus OBJECT-TYPE cPALDeliveryStatus OBJECT-TYPE
SYNTAX INTEGER { complete(1), inProgress(2), SYNTAX INTEGER { complete(1), inProgress(2),
downloadFailed(3), downloadFailed(3),
parseFailed(4) } parseFailed(4) }
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This indicates the current state of a CDML download. "This indicates the current state of a PAL download.
'complete' indicates that the last requested 'complete' indicates that the last requested
cCDMLDeliveryRequest action was successful. cPALDeliveryRequest action was successful.
'inProgress' indicates that a CDML download or CDML parse is 'inProgress' indicates that a PAL download or PAL parse is
underway. underway.
'downloadFailed' indicates that the last attempted CDML 'downloadFailed' indicates that the last attempted PAL
download failed. download failed.
'parseFailed' indicates that the last attempted CDML parse 'parseFailed' indicates that the last attempted PAL parse
failed. failed.
The relationship between this object and The relationship between this object and
cCDMLDeliveryRequest is detailed in the following table. The cPALDeliveryRequest is detailed in the following table. The
table indicates values of cCDMLDeliveryRequest that are table indicates values of cPALDeliveryRequest that are
allowed depending on the current value of this object. allowed depending on the current value of this object.
cCDMLDeliveryRequest! cCDMLDeliveryStatus cPALDeliveryRequest! cPALDeliveryStatus
--------------------+-----------+----------+--------------+------------ --------------------+-----------+----------+--------------+------------
! ! complete !inProgress!downloadFailed!parseFailed! ! ! complete !inProgress!downloadFailed!parseFailed!
--------------------+-----------+----------+--------------+------------ --------------------+-----------+----------+--------------+------------
! readyForDownload ! allowed ! error ! error ! error ! ! readyForDownload ! allowed ! error ! error ! error !
--------------------+-----------+----------+--------------+------------ --------------------+-----------+----------+--------------+------------
! downloadAndParse ! allowed ! error ! error ! error ! ! downloadAndParse ! allowed ! error ! error ! error !
--------------------+-----------+----------+--------------+------------ --------------------+-----------+----------+--------------+------------
! discard ! error ! allowed ! allowed ! allowed ! ! discard ! error ! allowed ! allowed ! allowed !
--------------------+-----------+----------+--------------+------------ --------------------+-----------+----------+--------------+------------
As described cCDMLDeliveryRequest description, an As described cPALDeliveryRequest description, an
inconsistentValue error is returned." inconsistentValue error is returned."
DEFVAL {complete} DEFVAL {complete}
::= { cKeyTransferPullScalars 5 } ::= { cKeyTransferPullScalars 5 }
-- ***************************************************************** -- *****************************************************************
-- Key Transfer Pull Notifications -- Key Transfer Pull Notifications
-- ***************************************************************** -- *****************************************************************
cCDMLPullReceiveSuccess NOTIFICATION-TYPE cPALPullReceiveSuccess NOTIFICATION-TYPE
OBJECTS { cCDMServerURI } OBJECTS { cSOMSServerURI }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An attempt to receive a cryptographic device material list "An attempt to receive a Product Availablity List (PAL) has
(CDML) has succeeded. The CDM Server URI is provided with succeeded. The Secure Object Management System (SOMS) server
this notification." URI is provided with this notification."
::= { cKeyTransferPullNotify 1 } ::= { cKeyTransferPullNotify 1 }
cCDMLPullReceiveFailed NOTIFICATION-TYPE cPALPullReceiveFailed NOTIFICATION-TYPE
OBJECTS { OBJECTS {
cCDMServerURI, cSOMSServerURI,
cCDMLDeliveryStatus cPALDeliveryStatus
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An attempt to receive a cryptographic device material list "An attempt to receive a Product Availability List (PAL)
(CDML) has failed. The CDM Server URI and CDML Delivery has failed. The Secure Object Management System (SOMS)
Status are provided with this notification. Note, the server URI and PAL Delivery Status are provided with this
expected values for the CDML Delivery Status are: notification. Note, the expected values for the PAL
'downloadFailed' and 'parseFailed'." Delivery Status are: 'downloadFailed' and 'parseFailed'."
::= { cKeyTransferPullNotify 2 } ::= { cKeyTransferPullNotify 2 }
cCDMPullReceiveSuccess NOTIFICATION-TYPE cCDMPullReceiveSuccess NOTIFICATION-TYPE
OBJECTS { OBJECTS {
cCDMType, cCDMType,
cCDMURI cCDMURI
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 90, line 16 skipping to change at page 83, line 37
cCDMURI cCDMURI
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An attempt to receive a cryptographic device material (CDM) "An attempt to receive a cryptographic device material (CDM)
has failed. The CDM Type and CDM URI are provided with this has failed. The CDM Type and CDM URI are provided with this
notification." notification."
::= { cKeyTransferPullNotify 4 } ::= { cKeyTransferPullNotify 4 }
-- ***************************************************************** -- *****************************************************************
-- CC MIB cCDMServerTable -- CC MIB cSOMSServerTable
-- ***************************************************************** -- *****************************************************************
cCDMServerTableCount OBJECT-TYPE cSOMSServerTableCount OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of rows in the cCDMServerTable" "The number of rows in the cSOMSServerTable"
::= { cCDMServerInfo 1 } ::= { cSOMSServerInfo 1 }
cCDMServerTableLastChanged OBJECT-TYPE cSOMSServerTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp SYNTAX TimeStamp
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The last time any entry in the table was modified, created, "The last time any entry in the table was modified, created,
or deleted by either SNMP, agent, or other management method or deleted by either SNMP, agent, or other management method
(e.g. via an HMI). Managers can use this object to ensure (e.g. via an HMI). Managers can use this object to ensure
that no changes to configuration of this table have happened that no changes to configuration of this table have happened
since the last time it examined the table. A value of 0 since the last time it examined the table. A value of 0
indicates that no entry has been changed since the agent indicates that no entry has been changed since the agent
initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
should be used to populate this column." should be used to populate this column."
::= { cCDMServerInfo 2 } ::= { cSOMSServerInfo 2 }
cCDMServerTable OBJECT-TYPE cSOMSServerTable OBJECT-TYPE
SYNTAX SEQUENCE OF CCDMServerEntry SYNTAX SEQUENCE OF CSOMSServerEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The table containing a list of servers that will be queried "The table containing a list of servers that will be queried
for available cryptographic device materials (CDMs), such as for available cryptographic device materials (CDMs), such as
keys and firmware packages. This table is also used to keys and firmware packages. This table is also used to
obtain the cryptographic device material list (CDML), which obtain the Product Avaialability List (PAL), which is a list
is a list detailing available CDMs and their associated detailing available CDMs and their associated location for
location for obtainment." obtainment."
::= { cCDMServerInfo 3 } ::= { cSOMSServerInfo 3 }
cCDMServerEntry OBJECT-TYPE cSOMSServerEntry OBJECT-TYPE
SYNTAX CCDMServerEntry SYNTAX CSOMSServerEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A row containing information about a server that has "A row containing information about a server that has
available CDMLs/CDMs for download." available PALs/CDMs for download."
INDEX { cCDMServerPriority } INDEX { cSOMSServerPriority }
::= { cCDMServerTable 1 } ::= { cSOMSServerTable 1 }
CCDMServerEntry ::= SEQUENCE { CSOMSServerEntry ::= SEQUENCE {
cCDMServerPriority Unsigned32, cSOMSServerPriority Unsigned32,
cCDMServerURI OCTET STRING, cSOMSServerURI OCTET STRING,
cCDMServerAdditionalInfo SnmpAdminString, cSOMSServerAdditionalInfo SnmpAdminString,
cCDMServerRowStatus RowStatus cSOMSServerRowStatus RowStatus
} }
cCDMServerPriority OBJECT-TYPE cSOMSServerPriority OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A unique numeric index that identifies a server that has "A unique numeric index that identifies a server that has
available CDMLs/CDMs for download. This index also provides available PALs/CDMs for download. This index also provides
server prioritization functionality - lower values have a server prioritization functionality - lower values have a
higher priority. For example, the server with the lowest higher priority. For example, the server with the lowest
value will be the first server for CDML/CDM downloads. In value will be the first server for PAL/CDM downloads. In
the event of failure, the next lowest value server will be the event of failure, the next lowest value server will be
tried, and so on. tried, and so on.
This column is the sole index to the cCDMServerTable." This column is the sole index to the cSOMSServerTable."
::= { cCDMServerEntry 1 } ::= { cSOMSServerEntry 1 }
cCDMServerURI OBJECT-TYPE cSOMSServerURI OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(1..255)) SYNTAX OCTET STRING (SIZE(1..255))
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The location of the server that has available CDMLs/CDMs "The location of the server that has available PALs/CDMs
for download. The value in this column is represented as a for download. The value in this column is represented as a
URI. URI.
Note, download of a CDML will typically result in the Note, download of a PAL will typically result in the
population of new CDM entries in the cCDMDeliveryTable." population of new CDM entries in the cCDMDeliveryTable."
::= { cSOMSServerEntry 2 }
::= { cCDMServerEntry 2 } cSOMSServerAdditionalInfo OBJECT-TYPE
cCDMServerAdditionalInfo OBJECT-TYPE
SYNTAX SnmpAdminString SYNTAX SnmpAdminString
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Additional information about the CDM Server. This "Additional information about the SOMS server. This
information is manually configured by the manager both at or information is manually configured by the manager both at or
after row creation." after row creation."
::= { cCDMServerEntry 3 } ::= { cSOMSServerEntry 3 }
cCDMServerRowStatus OBJECT-TYPE cSOMSServerRowStatus OBJECT-TYPE
SYNTAX RowStatus SYNTAX RowStatus
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The status of the row, by which new entries may be created "The status of the row, by which new entries may be created
or old entries deleted from this table. or old entries deleted from this table.
Entries created within this table may not become active Entries created within this table may not become active
unless all read-create columns in this column have valid unless all read-create columns in this column have valid
values, as detailed by each individual column's description. values, as detailed by each individual column's description.
At a minimum, implementations must support createAndGo, At a minimum, implementations must support createAndGo,
active, and destroy management functions. Support for active, and destroy management functions. Support for
createAndWait, notInService, and notReady management createAndWait, notInService, and notReady management
functions is optional." functions is optional."
::= { cCDMServerEntry 4 } ::= { cSOMSServerEntry 4 }
-- ***************************************************************** -- *****************************************************************
-- CC MIB cCDMDeliveryTable -- CC MIB cCDMDeliveryTable
-- ***************************************************************** -- *****************************************************************
cCDMDeliveryTableCount OBJECT-TYPE cCDMDeliveryTableCount OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 94, line 32 skipping to change at page 88, line 4
cCDMURI OBJECT-TYPE cCDMURI OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(1..255)) SYNTAX OCTET STRING (SIZE(1..255))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The location of the cryptographic device material (CDM), "The location of the cryptographic device material (CDM),
represented in a URI format. Because of its type, the represented in a URI format. Because of its type, the
associated URI of the CDM Server can easily be derived. associated URI of the CDM Server can easily be derived.
This column is typically populated by an agent upon querying This column is typically populated by an agent upon querying
a CDM Server (e.g. downloading and parsing a cryptographic a SOMS Server (e.g. downloading and parsing a Product
device material list (CDML) from a CDM Server (entry in the Availability List (PAL) from a SOMS Server (entry in the
cCDMServerTable)). However, a manager can also configure an cSOMSServerTable)). However, a manager can also configure an
entry in this table with predetermined knowledge of the CDM entry in this table with predetermined knowledge of the CDM
location." location."
::= { cCDMDeliveryEntry 2 } ::= { cCDMDeliveryEntry 2 }
cCDMPackageSize OBJECT-TYPE cCDMPackageSize OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
UNITS "bytes" UNITS "bytes"
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The package size, in bytes, of the cryptographic device "The package size, in bytes, of the cryptographic device
material (CDM). This information is retrieved from a material (CDM). This information is retrieved from a
cryptographic device material list (CDML) or a server's Product Availability List (PAL) or a server's product
product availability response following a query. This column availability response following a query. This column
does not apply to notifications found in CDMLs." does not apply to notifications found in PALs."
::= { cCDMDeliveryEntry 3 } ::= { cCDMDeliveryEntry 3 }
cCDMAdditionalInfo OBJECT-TYPE cCDMAdditionalInfo OBJECT-TYPE
SYNTAX SnmpAdminString SYNTAX SnmpAdminString
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Additional information about the cryptographic device "Additional information about the cryptographic device
material (CDM). This information can be retrieved from the material (CDM). This information can be retrieved from the
downloaded cryptographic device material list (CDML) or downloaded Product Availability List (PAL) or manually
manually configured by the manager both at or after row configured by the manager both at or after row creation."
creation."
::= { cCDMDeliveryEntry 4 } ::= { cCDMDeliveryEntry 4 }
cCDMLastDownloadDate OBJECT-TYPE cCDMLastDownloadDate OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(14)) SYNTAX OCTET STRING (SIZE(14))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This is a 14 character field that will be populated with "This is a 14 character field that will be populated with
the following values depending on the state of the download the following values depending on the state of the download
and the CDM type. and the CDM type.
skipping to change at page 98, line 47 skipping to change at page 92, line 18
OBJECT cCDMDeliveryStatus OBJECT cCDMDeliveryStatus
SYNTAX INTEGER { complete(1), inProgress(2), downloadFailed(3), SYNTAX INTEGER { complete(1), inProgress(2), downloadFailed(3),
installFailed(4) } installFailed(4) }
DESCRIPTION DESCRIPTION
"Implementation of this enumeration value(s) is mandatory - "Implementation of this enumeration value(s) is mandatory -
enumeration values not listed here are optional." enumeration values not listed here are optional."
::= { cKeyTransferPullCompliances 1 } ::= { cKeyTransferPullCompliances 1 }
cKeyTransferPullServerGroup OBJECT-GROUP cKeyTransferPullServerGroup OBJECT-GROUP
OBJECTS { OBJECTS {
cCDMServerRetryDelay, cSOMSServerRetryDelay,
cCDMServerRetryMaxAttempts, cSOMSServerRetryMaxAttempts,
cCDMServerTableCount, cSOMSServerTableCount,
cCDMServerTableLastChanged, cSOMSServerTableLastChanged,
cCDMServerURI, cSOMSServerURI,
cCDMServerAdditionalInfo, cSOMSServerAdditionalInfo,
cCDMServerRowStatus cSOMSServerRowStatus
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This group is composed of objects related to server "This group is composed of objects related to server
information." information."
::= { cKeyTransferPullGroups 1 } ::= { cKeyTransferPullGroups 1 }
cKeyTransferPullDeliveryGroup OBJECT-GROUP cKeyTransferPullDeliveryGroup OBJECT-GROUP
OBJECTS { OBJECTS {
cCDMPullRetrievalPriorities, cCDMPullRetrievalPriorities,
cCDMLDeliveryRequest, cPALDeliveryRequest,
cCDMLDeliveryStatus, cPALDeliveryStatus,
cCDMDeliveryTableCount, cCDMDeliveryTableCount,
cCDMDeliveryTableLastChanged, cCDMDeliveryTableLastChanged,
cCDMDeliveryTableLastChanged, cCDMDeliveryTableLastChanged,
cCDMType, cCDMType,
cCDMURI, cCDMURI,
cCDMPackageSize, cCDMPackageSize,
cCDMAdditionalInfo, cCDMAdditionalInfo,
cCDMLastDownloadDate, cPALastDownloadDate,
cCDMDeliveryPriority, cCDMDeliveryPriority,
cCDMDeliveryRequest, cCDMDeliveryRequest,
cCDMDeliveryStatus, cCDMDeliveryStatus,
cCDMDeliveryRowStatus cCDMDeliveryRowStatus
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This group is composed of objects related to delivery "This group is composed of objects related to delivery
information." information."
::= { cKeyTransferPullGroups 2 } ::= { cKeyTransferPullGroups 2 }
cKeyTransferPullDeliveryNotifyGroup NOTIFICATION-GROUP cKeyTransferPullDeliveryNotifyGroup NOTIFICATION-GROUP
NOTIFICATIONS { NOTIFICATIONS {
cCDMLPullReceiveSuccess, cPALPullReceiveSuccess,
cCDMLPullReceiveFailed, cPALPullReceiveFailed,
cCDMPullReceiveSuccess, cCDMPullReceiveSuccess,
cCDMPullReceiveFailed cCDMPullReceiveFailed
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This group is composed of notifications related to delivery "This group is composed of notifications related to delivery
information." information."
::= { cKeyTransferPullGroups 3 } ::= { cKeyTransferPullGroups 3 }
END END
skipping to change at page 100, line 16 skipping to change at page 93, line 34
This MIB module makes reference to following documents: [RFC2571], This MIB module makes reference to following documents: [RFC2571],
[RFC2578], [RFC2579], [RFC2580]. [RFC2578], [RFC2579], [RFC2580].
CC-KEY-TRANSFER-PUSH-MIB DEFINITIONS ::= BEGIN CC-KEY-TRANSFER-PUSH-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
ccKeyTransferPush ccKeyTransferPush
FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}}
OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE,
Counter64, MODULE-IDENTITY MODULE-IDENTITY
FROM SNMPv2-SMI -- FROM RFC 2578 FROM SNMPv2-SMI -- FROM RFC 2578
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571
RowPointer, RowStatus, DateAndTime, RowPointer, RowStatus, DateAndTime,
TruthValue, TEXTUAL-CONVENTION, TimeStamp TimeStamp
FROM SNMPv2-TC -- FROM RFC 2579 FROM SNMPv2-TC -- FROM RFC 2579
MODULE-COMPLIANCE, OBJECT-GROUP, MODULE-COMPLIANCE, OBJECT-GROUP,
NOTIFICATION-GROUP NOTIFICATION-GROUP
FROM SNMPv2-CONF; -- FROM RFC 2580 FROM SNMPv2-CONF; -- FROM RFC 2580
ccKeyTransferPushMIB MODULE-IDENTITY ccKeyTransferPushMIB MODULE-IDENTITY
LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
ORGANIZATION "IETF"
CONTACT-INFO
"Shadi Azoum "Shadi Azoum
US Navy US Navy
email: shadi.azoum@navy.mil email: shadi.azoum@navy.mil
Elliott Jones Elliott Jones
US Navy US Navy
elliott.jones@navy.mil elliott.jones@navy.mil
Lily Sun Lily Sun
US Navy US Navy
lily.sun@navy.mil lily.sun@navy.mil
Mike Irani Mike Irani
NKI Engineering NKI Engineering
skipping to change at page 101, line 7 skipping to change at page 94, line 28
sunjeff@nkiengineering.com sunjeff@nkiengineering.com
Ray Purvis Ray Purvis
MITRE MITRE
Email:rpurvis@mitre.org Email:rpurvis@mitre.org
Sean Turner Sean Turner
sn3rd sn3rd
Email:sean@sn3rd.com" Email:sean@sn3rd.com"
DESCRIPTION DESCRIPTION
"This MIB defines the CC MIB tree hierarchical assignments "This MIB defines the CC MIB Key Transfer Push object.
below it and acts as a reservation mechanism.
Copyright (c) 2016 IETF Trust and the persons Copyright (c) 2016 IETF Trust and the persons
identified as authors of the code. All rights reserved. identified as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Simplified subject to the license terms contained in, the Simplified
BSD License set forth in Section 4.c of the IETF Trust's BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
skipping to change at page 109, line 28 skipping to change at page 102, line 46
::= { cCDMPushSrcInfo 2 } ::= { cCDMPushSrcInfo 2 }
cCDMPushSrcTable OBJECT-TYPE cCDMPushSrcTable OBJECT-TYPE
SYNTAX SEQUENCE OF CCDMPushSrcEntry SYNTAX SEQUENCE OF CCDMPushSrcEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This table provides the list of authorized senders that "This table provides the list of authorized senders that
this receiving device will accept Cryptographic Device this receiving device will accept Cryptographic Device
Material (CDM) transfers from. Servers for the Material (CDM) transfers from. Servers for the
cCDMServerTable are not listed in this table since this cSOMSServerTable are not listed in this table since this
table is specific for the Push Model." table is specific for the Push Model."
::= { cCDMPushSrcInfo 3 } ::= { cCDMPushSrcInfo 3 }
cCDMPushSrcEntry OBJECT-TYPE cCDMPushSrcEntry OBJECT-TYPE
SYNTAX CCDMPushSrcEntry SYNTAX CCDMPushSrcEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A row containing information about an authorized sender "A row containing information about an authorized sender
that this receiving device will accept." that this receiving device will accept."
skipping to change at page 113, line 26 skipping to change at page 106, line 43
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This group is composed of notifications related to receiver "This group is composed of notifications related to receiver
information." information."
::= { cKeyTransferPushGroups 4 } ::= { cKeyTransferPushGroups 4 }
END END
5.8. Security Policy Information 5.8. Security Policy Information
This module makes reference to: Section 5.2, Section 5.3, [RFC2571], This module makes reference to: Section 5.2, [RFC2571], [RFC2578],
[RFC2578], [RFC2579], and [RFC2580]. [RFC2579], and [RFC2580].
~~~~ CC-SECURE-POLICY-INFO-MIB DEFINITIONS ::= BEGIN
CC-SECURE-POLICY-INFO-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
ccSecurePolicyInfo ccSecurePolicyInfo
FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}}
OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE,
MODULE-IDENTITY
FROM SNMPv2-SMI -- FROM RFC 2578
MODULE-COMPLIANCE, OBJECT-GROUP,
NOTIFICATION-GROUP
FROM SNMPv2-CONF -- FROM RFC 2580
<<<<<<< HEAD
=======
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571
>>>>>>> master
RowStatus, DateAndTime, TimeStamp
FROM SNMPv2-TC; -- FROM RFC 2579
FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} ccSecurePolicyInfoMIB MODULE-IDENTITY
IPAddressType, IPAddress, PortNumber, LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
ROHCModes ORGANIZATION "IETF"
FROM CC-TEXTUAL-CONVENTIONS-MIB -- FROM {{cc-txt}} CONTACT-INFO
OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, "Shadi Azoum
Counter64, MODULE-IDENTITY US Navy
FROM SNMPv2-SMI -- FROM RFC 2578 email: shadi.azoum@navy.mil
MODULE-COMPLIANCE, OBJECT-GROUP,
NOTIFICATION-GROUP
FROM SNMPv2-CONF -- FROM RFC 2580
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571
RowPointer, RowStatus, DateAndTime,
TruthValue, TEXTUAL-CONVENTION, TimeStamp
FROM SNMPv2-TC; -- FROM RFC 2579
ccSecurePolicyInfoMIB MODULE-IDENTITY Elliott Jones
"Shadi Azoum US Navy
US Navy elliott.jones@navy.mil
email: shadi.azoum@navy.mil
Elliott Jones Lily Sun
US Navy US Navy
elliott.jones@navy.mil lily.sun@navy.mil
Lily Sun Mike Irani
US Navy NKI Engineering
lily.sun@navy.mil irani@nkiengineering.com
Mike Irani Jeffrey Sun
NKI Engineering NKI Engineering
irani@nkiengineering.com sunjeff@nkiengineering.com
Jeffrey Sun Ray Purvis
NKI Engineering MITRE
sunjeff@nkiengineering.com Email:rpurvis@mitre.org
Ray Purvis Sean Turner
MITRE sn3rd
Email:rpurvis@mitre.org Email:sean@sn3rd.com"
DESCRIPTION
"This MIB defines the CC MIB Security Policy Information
objects.
Sean Turner Copyright (c) 2016 IETF Trust and the persons
sn3rd identified as authors of the code. All rights reserved.
Email:sean@sn3rd.com"
DESCRIPTION
"This MIB defines the CC MIB tree hierarchical assignments
below it and acts as a reservation mechanism.
Copyright (c) 2016 IETF Trust and the persons Redistribution and use in source and binary forms, with
identified as authors of the code. All rights reserved. or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Simplified
BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info).
Redistribution and use in source and binary forms, with This version of this MIB module is part of RFC xxxx;
or without modification, is permitted pursuant to, and see the RFC itself for full legal notices."
subject to the license terms contained in, the Simplified -- RFC Ed.: RFC-editor please fill in xxxx.
BSD License set forth in Section 4.c of the IETF Trust's REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
Legal Provisions Relating to IETF Documents DESCRIPTION "Initial Version. Published as RFC xxxx."
(http://trustee.ietf.org/license-info). -- RFC Ed.: RFC-editor please fill in xxxx.
::= { ccSecurePolicyInfo 1 }
This version of this MIB module is part of RFC xxxx; -- *****************************************************************
see the RFC itself for full legal notices." -- Secure Policy Info Information Segments
-- RFC Ed.: RFC-editor please fill in xxxx. -- *****************************************************************
REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
DESCRIPTION "Initial Version. Published as RFC xxxx."
-- RFC Ed.: RFC-editor please fill in xxxx.
::= { ccSecurePolicyInfo 1 }
-- ***************************************************************** cSecurePolicyConformance OBJECT IDENTIFIER
-- Secure Policy Info Information Segments ::= { ccSecurePolicyInfoMIB 1 }
-- ***************************************************************** cSecPolicyRuleInfo OBJECT IDENTIFIER
::= { ccSecurePolicyInfoMIB 2 }
cSecurePolicyInfoScalars OBJECT IDENTIFIER
::= { ccSecurePolicyInfoMIB 3 }
cSecurePolicyInfoNotify OBJECT IDENTIFIER
::= { ccSecurePolicyInfoMIB 4 }
cSecurePolicyConformance OBJECT IDENTIFIER -- *****************************************************************
::= { ccSecurePolicyInfoMIB 1 } -- Secure Policy Info Scalars
cSecPolicyRuleInfo OBJECT IDENTIFIER -- *****************************************************************
::= { ccSecurePolicyInfoMIB 2 }
cSecurePolicyInfoScalars OBJECT IDENTIFIER
::= { ccSecurePolicyInfoMIB 3 }
cSecurePolicyInfoNotify OBJECT IDENTIFIER
::= { ccSecurePolicyInfoMIB 4 }
-- ***************************************************************** -- *****************************************************************
-- Secure Policy Info Scalars -- Secure Policy Info Notifications
-- ***************************************************************** -- *****************************************************************
-- ***************************************************************** cSecPolicyChanged NOTIFICATION-TYPE
-- Secure Policy Info Notifications OBJECTS {
-- ***************************************************************** cSecPolicyRulePriorityID,
cSecPolicyRuleDescription
}
STATUS current
DESCRIPTION
"A notification indicating that an existent Security Policy
entry in the cSecPolicyRuleTable in has changed."
cSecPolicyChanged NOTIFICATION-TYPE ::= { cSecurePolicyInfoNotify 1 }
OBJECTS {
cSecPolicyRulePriorityID,
cSecPolicyRuleDescription
}
STATUS current
DESCRIPTION
"A notification indicating that an existent Security Policy
entry in the cSecPolicyRuleTable in has changed."
::= { cSecurePolicyInfoNotify 1 }
-- ***************************************************************** -- *****************************************************************
-- CC MIB cSecPolicyRuleTable -- CC MIB cSecPolicyRuleTable
-- ***************************************************************** -- *****************************************************************
cSecPolicyRuleTableCount OBJECT-TYPE cSecPolicyRuleTableCount OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of rows in the cSecPolicyRuleTable." "The number of rows in the cSecPolicyRuleTable."
::= { cSecPolicyRuleInfo 1 } ::= { cSecPolicyRuleInfo 1 }
cSecPolicyRuleTableLastChanged OBJECT-TYPE cSecPolicyRuleTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp SYNTAX TimeStamp
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The last time any entry in the table was modified, created, "The last time any entry in the table was modified, created,
or deleted by either SNMP, agent, or other management method or deleted by either SNMP, agent, or other management method
(e.g. via an HMI). Managers can use this object to ensure (e.g. via an HMI). Managers can use this object to ensure
that no changes to configuration of this table have happened that no changes to configuration of this table have happened
since the last time it examined the table. A value of 0 since the last time it examined the table. A value of 0
indicates that no entry has been changed since the agent indicates that no entry has been changed since the agent
initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
should be used to populate this column." should be used to populate this column."
::= { cSecPolicyRuleInfo 2 } ::= { cSecPolicyRuleInfo 2 }
cSecPolicyRuleTable OBJECT-TYPE cSecPolicyRuleTable OBJECT-TYPE
SYNTAX SEQUENCE OF CSecPolicyRuleEntry SYNTAX SEQUENCE OF CSecPolicyRuleEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The cSecPolicyRuleTable stores the Security Policy Rules "The cSecPolicyRuleTable stores the Security Policy Rules
that are compared against inbound and outbound data traffic that are compared against inbound and outbound data traffic
flow. These Security Policy Rules define the actions (e.g. flow. These Security Policy Rules define the actions (e.g.
protect, bypass, discard) on how the data traffic flow should protect, bypass, discard) on how the data traffic flow should
be treated." be treated."
::= { cSecPolicyRuleInfo 3 } ::= { cSecPolicyRuleInfo 3 }
cSecPolicyRuleEntry OBJECT-TYPE cSecPolicyRuleEntry OBJECT-TYPE
SYNTAX CSecPolicyRuleEntry SYNTAX CSecPolicyRuleEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A row containing general information about a Security "A row containing general information about a Security
Policy rule." Policy rule."
INDEX { cSecPolicyRulePriorityID }
::= { cSecPolicyRuleTable 1 }
CSecPolicyRuleEntry ::= SEQUENCE { INDEX { cSecPolicyRulePriorityID }
cSecPolicyRulePriorityID Unsigned32, ::= { cSecPolicyRuleTable 1 }
cSecPolicyRuleDescription OCTET STRING,
cSecPolicyRuleType INTEGER,
cSecPolicyRuleFilterReference SnmpAdminString,
cSecPolicyRuleAction INTEGER,
cSecPolicyRuleRowStatus RowStatus
}
cSecPolicyRulePriorityID OBJECT-TYPE CSecPolicyRuleEntry ::= SEQUENCE {
SYNTAX Unsigned32 cSecPolicyRulePriorityID Unsigned32,
MAX-ACCESS read-only cSecPolicyRuleDescription OCTET STRING,
STATUS current cSecPolicyRuleType INTEGER,
DESCRIPTION cSecPolicyRuleFilterReference SnmpAdminString,
"Local unique index that identifies the priority at which cSecPolicyRuleAction INTEGER,
this Security Policy rule is applied. Lower values have a cSecPolicyRuleRowStatus RowStatus
higher priority (e.g. a value of 1 will be processed before }
a value of 2). This column is the primary index to the
cSecPolicyRuleTable."
::= { cSecPolicyRuleEntry 1 }
cSecPolicyRuleDescription OBJECT-TYPE cSecPolicyRulePriorityID OBJECT-TYPE
SYNTAX OCTET STRING SYNTAX Unsigned32
MAX-ACCESS read-create MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An administrative string describing the Security Policy "Local unique index that identifies the priority at which
rule. Note, this is a free form OCTET STRING that provides this Security Policy rule is applied. Lower values have a
the user a store for any form of description/documentation higher priority (e.g. a value of 1 will be processed before
for the given entry." a value of 2). This column is the primary index to the
::= { cSecPolicyRuleEntry 2 } cSecPolicyRuleTable."
::= { cSecPolicyRuleEntry 1 }
cSecPolicyRuleType OBJECT-TYPE cSecPolicyRuleDescription OBJECT-TYPE
SYNTAX INTEGER { ipsec(1), tls(2) } SYNTAX OCTET STRING
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Optional column that defines the related protocol type of "An administrative string describing the Security Policy
the Security Policy rule. Depending on this column's set rule. Note, this is a free form OCTET STRING that provides
value, entries will vary in respect to which other the user a store for any form of description/documentation
columns/tables (if at all) must be populated to fully for the given entry."
configure the Security Policy rule." ::= { cSecPolicyRuleEntry 2 }
::= { cSecPolicyRuleEntry 3 }
cSecPolicyRuleFilterReference OBJECT-TYPE cSecPolicyRuleType OBJECT-TYPE
SYNTAX SnmpAdminString SYNTAX INTEGER { ipsec(1), tls(2) }
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A string that references the associated filter for the "Optional column that defines the related protocol type of
Security Policy rule. Data traffic flow (inbound/outbound) the Security Policy rule. Depending on this column's set
comparison against the associated filter provide the basis value, entries will vary in respect to which other
in which a Security Policy rule is applied to the given data columns/tables (if at all) must be populated to fully
traffic flow." configure the Security Policy rule."
::= { cSecPolicyRuleEntry 4 } ::= { cSecPolicyRuleEntry 3 }
cSecPolicyRuleAction OBJECT-TYPE cSecPolicyRuleFilterReference OBJECT-TYPE
SYNTAX INTEGER { protect(1), bypass(10), discard(20), SYNTAX SnmpAdminString
discardInbound(21), discardOutbound(22) } MAX-ACCESS read-create
MAX-ACCESS read-create STATUS current
STATUS current DESCRIPTION
DESCRIPTION "A string that references the associated filter for the
"This object indicates what action the ECU should take on Security Policy rule. Data traffic flow (inbound/outbound)
matching a data traffic flow against a filter (as defined by comparison against the associated filter provide the basis
cSecPolicyRuleFilterReference). The value of this column can in which a Security Policy rule is applied to the given data
take one of four enumeration values. traffic flow."
::= { cSecPolicyRuleEntry 4 }
[1] protect: The 'protect' enumeration value indicates that cSecPolicyRuleAction OBJECT-TYPE
the data traffic flow should be protected by a Secure SYNTAX INTEGER { protect(1), bypass(10), discard(20),
Connection with attributes defined by the associated filter discardInbound(21), discardOutbound(22) }
(cSecPolicyRuleFilterReference). MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates what action the ECU should take on
matching a data traffic flow against a filter (as defined by
cSecPolicyRuleFilterReference). The value of this column can
take one of four enumeration values.
[10] bypass: The 'bypass' enumeration value indicates that [1] protect: The 'protect' enumeration value indicates that
the data traffic flow should be bypassed with no the data traffic flow should be protected by a Secure
cryptographic protection/services provided. Connection with attributes defined by the associated filter
(cSecPolicyRuleFilterReference).
[20] discard: The 'discard enumeration value indicates that [10] bypass: The 'bypass' enumeration value indicates that
the data traffic flow, agnostic of their direction, should the data traffic flow should be bypassed with no
be discarded. cryptographic protection/services provided.
[21] discardInbound: The 'discardInbound' enumeration value [20] discard: The 'discard enumeration value indicates that
indicates that an inbound data traffic flow should be the data traffic flow, agnostic of their direction, should
discarded. be discarded.
[22] discardOutbound: The 'discardOutbound' enumeration [21] discardInbound: The 'discardInbound' enumeration value
value indicates that an outbound data traffic flow should be indicates that an inbound data traffic flow should be
discarded. discarded.
Implementations that do not support the 'discardInbound' and [22] discardOutbound: The 'discardOutbound' enumeration
'discardOutbound' enumeration values should return a value indicates that an outbound data traffic flow should be
wrongValue exception during a SET to the cSecPolicyRuleAction discarded.
object.
A valid enumeration value must be specified in order for Implementations that do not support the 'discardInbound' and
cSecPolicyRuleRowStatus to be 'active'." 'discardOutbound' enumeration values should return a
::= { cSecPolicyRuleEntry 5 } wrongValue exception during a SET to the cSecPolicyRuleAction
object.
cSecPolicyRuleRowStatus OBJECT-TYPE A valid enumeration value must be specified in order for
SYNTAX RowStatus cSecPolicyRuleRowStatus to be 'active'."
MAX-ACCESS read-create ::= { cSecPolicyRuleEntry 5 }
STATUS current
DESCRIPTION
"The status of the row, by which new entries may be created,
or old entries deleted from this table.
Entries created within this table may not become active cSecPolicyRuleRowStatus OBJECT-TYPE
unless all read-create columns in this table have valid SYNTAX RowStatus
values, as detailed by each individual column's description. MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The status of the row, by which new entries may be created,
or old entries deleted from this table.
At a minimum, implementations must support createAndGo and Entries created within this table may not become active
destroy management functions. Support for createAndWait, unless all read-create columns in this table have valid
active, notInService, and notReady management functions is values, as detailed by each individual column's description.
optional."
::= { cSecPolicyRuleEntry 6 }
-- ***************************************************************** At a minimum, implementations must support createAndGo and
-- Module Conformance Information destroy management functions. Support for createAndWait,
-- ***************************************************************** active, notInService, and notReady management functions is
optional."
::= { cSecPolicyRuleEntry 6 }
cSecurePolicyCompliances OBJECT IDENTIFIER -- *****************************************************************
::= { cSecurePolicyConformance 1 } -- Module Conformance Information
cSecurePolicyGroups OBJECT IDENTIFIER -- *****************************************************************
::= { cSecurePolicyConformance 2 }
cSecurePolicyCompliance MODULE-COMPLIANCE cSecurePolicyCompliances OBJECT IDENTIFIER
STATUS current ::= { cSecurePolicyConformance 1 }
DESCRIPTION cSecurePolicyGroups OBJECT IDENTIFIER
"Compliance levels for secure policy information." ::= { cSecurePolicyConformance 2 }
MODULE
MANDATORY-GROUPS { cSecurePolicyGroup }
GROUP cSecurePolicyNotifyGroup cSecurePolicyCompliance MODULE-COMPLIANCE
DESCRIPTION STATUS current
"This notification group is optional for implementation." DESCRIPTION
::= { cSecurePolicyCompliances 1 } "Compliance levels for secure policy information."
MODULE
MANDATORY-GROUPS { cSecurePolicyGroup }
cSecurePolicyGroup OBJECT-GROUP GROUP cSecurePolicyNotifyGroup
OBJECTS { DESCRIPTION
cSecPolicyRuleTableCount, "This notification group is optional for implementation."
cSecPolicyRuleTableLastChanged, ::= { cSecurePolicyCompliances 1 }
cSecPolicyRulePriorityID,
cSecPolicyRuleDescription,
cSecPolicyRuleType,
cSecPolicyRuleFilterReference,
cSecPolicyRuleAction,
cSecPolicyRuleRowStatus
}
STATUS current
DESCRIPTION
"This group is composed of objects related to secure policy
information."
::= { cSecurePolicyGroups 1 }
cSecurePolicyNotifyGroup NOTIFICATION-GROUP cSecurePolicyGroup OBJECT-GROUP
NOTIFICATIONS { OBJECTS {
cSecPolicyChanged cSecPolicyRuleTableCount,
} cSecPolicyRuleTableLastChanged,
STATUS current cSecPolicyRulePriorityID,
DESCRIPTION cSecPolicyRuleDescription,
"This group is composed of notifications related to secure cSecPolicyRuleType,
policy information." cSecPolicyRuleFilterReference,
::= { cSecurePolicyGroups 2 } cSecPolicyRuleAction,
cSecPolicyRuleRowStatus
}
STATUS current
DESCRIPTION
"This group is composed of objects related to secure policy
information."
::= { cSecurePolicyGroups 1 }
END ~~~~ cSecurePolicyNotifyGroup NOTIFICATION-GROUP
NOTIFICATIONS {
cSecPolicyChanged
}
STATUS current
DESCRIPTION
"This group is composed of notifications related to secure
policy information."
::= { cSecurePolicyGroups 2 }
END
5.9. Secure Connection Information 5.9. Secure Connection Information
This module makes reference to: Section 5.2, Section 5.3, [RFC2571], This module makes reference to: Section 5.2, [RFC2571], [RFC2578],
[RFC2578], [RFC2579], and [RFC2580], [RFC4303]. [RFC2579], and [RFC2580], [RFC4303].
CC-SECURE-CONNECTION-INFO-MIB DEFINITIONS ::= BEGIN CC-SECURE-CONNECTION-INFO-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
ccSecureConnectionInfo ccSecureConnectionInfo
FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}}
IPAddressType, IPAddress, PortNumber,
ROHCCompressionProfiles
FROM CC-TEXTUAL-CONVENTIONS-MIB -- FROM {{cc-txt}}
OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE,
Counter64, MODULE-IDENTITY MODULE-IDENTITY
FROM SNMPv2-SMI -- FROM RFC 2578 FROM SNMPv2-SMI -- FROM RFC 2578
MODULE-COMPLIANCE, OBJECT-GROUP, MODULE-COMPLIANCE, OBJECT-GROUP,
NOTIFICATION-GROUP NOTIFICATION-GROUP
FROM SNMPv2-CONF -- FROM RFC 2580 FROM SNMPv2-CONF -- FROM RFC 2580
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571
RowPointer, RowStatus, DateAndTime, RowStatus, DateAndTime, TimeStamp
TruthValue, TEXTUAL-CONVENTION, TimeStamp
FROM SNMPv2-TC; -- FROM RFC 2579 FROM SNMPv2-TC; -- FROM RFC 2579
ccSecureConnectionInfoMIB MODULE-IDENTITY ccSecureConnectionInfoMIB MODULE-IDENTITY
LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
ORGANIZATION "IETF"
CONTACT-INFO
"Shadi Azoum "Shadi Azoum
US Navy US Navy
email: shadi.azoum@navy.mil email: shadi.azoum@navy.mil
Elliott Jones Elliott Jones
US Navy US Navy
elliott.jones@navy.mil elliott.jones@navy.mil
Lily Sun Lily Sun
US Navy US Navy
skipping to change at page 121, line 4 skipping to change at page 114, line 20
US Navy US Navy
elliott.jones@navy.mil elliott.jones@navy.mil
Lily Sun Lily Sun
US Navy US Navy
lily.sun@navy.mil lily.sun@navy.mil
Mike Irani Mike Irani
NKI Engineering NKI Engineering
irani@nkiengineering.com irani@nkiengineering.com
Jeffrey Sun Jeffrey Sun
NKI Engineering NKI Engineering
sunjeff@nkiengineering.com sunjeff@nkiengineering.com
Ray Purvis Ray Purvis
MITRE MITRE
Email:rpurvis@mitre.org Email:rpurvis@mitre.org
Sean Turner Sean Turner
sn3rd sn3rd
Email:sean@sn3rd.com" Email:sean@sn3rd.com"
DESCRIPTION DESCRIPTION
"This MIB defines the CC MIB tree hierarchical assignments "This MIB defines the CC MIB Secure Connection Information
below it and acts as a reservation mechanism. objects.
Copyright (c) 2016 IETF Trust and the persons Copyright (c) 2016 IETF Trust and the persons
identified as authors of the code. All rights reserved. identified as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Simplified subject to the license terms contained in, the Simplified
BSD License set forth in Section 4.c of the IETF Trust's BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
skipping to change at page 130, line 37 skipping to change at page 124, line 9
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart,
"Introduction and Applicability Statements for Internet- "Introduction and Applicability Statements for Internet-
Standard Management Framework", RFC 3410, Standard Management Framework", RFC 3410,
DOI 10.17487/RFC3410, December 2002, DOI 10.17487/RFC3410, December 2002,
<http://www.rfc-editor.org/info/rfc3410>. <http://www.rfc-editor.org/info/rfc3410>.
[RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", [RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)",
RFC 4303, DOI 10.17487/RFC4303, December 2005, RFC 4303, DOI 10.17487/RFC4303, December 2005,
<http://www.rfc-editor.org/info/rfc4303>. <http://www.rfc-editor.org/info/rfc4303>.
[RFC5225] Pelletier, G. and K. Sandlund, "RObust Header Compression
Version 2 (ROHCv2): Profiles for RTP, UDP, IP, ESP and
UDP-Lite", RFC 5225, DOI 10.17487/RFC5225, April 2008,
<http://www.rfc-editor.org/info/rfc5225>.
Authors' Addresses Authors' Addresses
Shadi Azoum Shadi Azoum
SPAWAR Systems Center Pacific SPAWAR Systems Center Pacific
Email: shadi.azoum@navy.mil Email: shadi.azoum@navy.mil
Elliott Jones Elliott Jones
SPAWAR Systems Center Pacific SPAWAR Systems Center Pacific
Email: elliott.jones@navy.mil Email: elliott.jones@navy.mil
Lily Sun Lily Sun
SPAWAR Systems Center Pacific SPAWAR Systems Center Pacific
Email: lily.sun@navy.mil Email: lily.sun@navy.mil
 End of changes. 197 change blocks. 
1007 lines changed or deleted 684 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/