< draft-turner-ccmib-01.txt   draft-turner-ccmib-02.txt >
Network Working Group S. Azoum Network Working Group S. Azoum
Internet-Draft E. Jones Internet-Draft E. Jones
Intended status: Standards Track L. Sun Intended status: Standards Track L. Sun
Expires: September 1, 2017 SPAWAR Systems Center Pacific Expires: December 1, 2018 SPAWAR Systems Center Pacific
M. Irani M. Irani
J. Sun J. Sun
Nathan Kunes, Inc. Nathan Kunes, Inc.
R. Purvis R. Purvis
The MITRE Corporation The MITRE Corporation
S. Turner S. Turner
sn3rd sn3rd
February 28, 2017 May 30, 2018
Common Cryptographic MIB (CCMIB) Common Cryptographic MIB (CCMIB)
draft-turner-ccmib-01 draft-turner-ccmib-02
Abstract Abstract
This document defines a portion of the Management Information Base This document defines a portion of the Management Information Base
(MIB) for use with network management protocols in the Internet (MIB) for use with network management protocols in the Internet
community. In particular, it describes managed objects used to community. In particular, it describes managed objects used to
manage key management implementations including asymmetric keys, manage key management implementations including asymmetric keys,
symmetric keys, trust anchors, and cryptographic-related firmware. symmetric keys, trust anchors, and cryptographic-related firmware.
Status of This Memo Status of This Memo
skipping to change at page 1, line 42 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 1, 2017. This Internet-Draft will expire on December 1, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 2, line 34 skipping to change at page 2, line 34
5.3. CC Device Info . . . . . . . . . . . . . . . . . . . . . 6 5.3. CC Device Info . . . . . . . . . . . . . . . . . . . . . 6
5.4. Firmware Management Information . . . . . . . . . . . . . 17 5.4. Firmware Management Information . . . . . . . . . . . . . 17
5.5. Key Management Information . . . . . . . . . . . . . . . 23 5.5. Key Management Information . . . . . . . . . . . . . . . 23
5.6. Key Transfer Pull . . . . . . . . . . . . . . . . . . . . 77 5.6. Key Transfer Pull . . . . . . . . . . . . . . . . . . . . 77
5.7. Key Transfer Push . . . . . . . . . . . . . . . . . . . . 93 5.7. Key Transfer Push . . . . . . . . . . . . . . . . . . . . 93
5.8. Security Policy Information . . . . . . . . . . . . . . . 106 5.8. Security Policy Information . . . . . . . . . . . . . . . 106
5.9. Secure Connection Information . . . . . . . . . . . . . . 113 5.9. Secure Connection Information . . . . . . . . . . . . . . 113
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 121 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 121
7. Security Considerations . . . . . . . . . . . . . . . . . . . 121 7. Security Considerations . . . . . . . . . . . . . . . . . . . 121
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 121 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 121
8.1. Normative References . . . . . . . . . . . . . . . . . . 122 8.1. Normative References . . . . . . . . . . . . . . . . . . 121
8.2. Informative References . . . . . . . . . . . . . . . . . 123 8.2. Informative References . . . . . . . . . . . . . . . . . 123
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 124 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 123
1. Introduction 1. Introduction
RFC EDITOR: PLEASE REMOVE THE FOLLOWING PARAGRAPH PRIOR TO RFC EDITOR: PLEASE REMOVE THE FOLLOWING PARAGRAPH PRIOR TO
PUBLICATION PUBLICATION
The source for this draft is maintained in GitHub. Suggested changes The source for this draft is maintained in GitHub. Suggested changes
should be submitted as pull requests at should be submitted as pull requests at
https://github.com/seanturner/draft-turner-ccmib. Instructions are https://github.com/seanturner/draft-turner-ccmib. Instructions are
on that page as well. Editorial changes can be managed in GitHub. on that page as well. Editorial changes can be managed in GitHub.
skipping to change at page 4, line 27 skipping to change at page 4, line 27
MITRE MITRE
Email:rpurvis@mitre.org Email:rpurvis@mitre.org
Sean Turner Sean Turner
sn3rd sn3rd
Email:sean@sn3rd.com" Email:sean@sn3rd.com"
DESCRIPTION DESCRIPTION
"This MIB defines the CC MIB tree hierarchical assignments "This MIB defines the CC MIB tree hierarchical assignments
below it and acts as a reservation mechanism. below it and acts as a reservation mechanism.
Copyright (c) 2016 IETF Trust and the persons Copyright (c) 2017 IETF Trust and the persons
identified as authors of the code. All rights reserved. identified as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Simplified subject to the license terms contained in, the Simplified
BSD License set forth in Section 4.c of the IETF Trust's BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documennts Legal Provisions Relating to IETF Documennts
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this MIB module is part of RFC xxxx; This version of this MIB module is part of RFC xxxx;
skipping to change at page 5, line 9 skipping to change at page 5, line 9
-- Note: Current top-level OID assignments within the CC MIB tree: -- Note: Current top-level OID assignments within the CC MIB tree:
-- mib-2.TBD : CC-ASSIGNMENTS-MIB (this MIB) -- mib-2.TBD : CC-ASSIGNMENTS-MIB (this MIB)
-- mib-2.TBD.1 : CC-FEATURE-HIERARCHY-MIB -- mib-2.TBD.1 : CC-FEATURE-HIERARCHY-MIB
END END
5.2. CC Feature Hierarchy 5.2. CC Feature Hierarchy
This MIB module makes reference to the following document: [RFC2578]. This MIB module makes reference to the following document: [RFC2578].
CC-FEATURE-HIERARCHY-MIB DEFINITIONS ::= BEGIN CC-FEATURE-HIERARCHY-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
ccAssignmentsMIB ccAssignmentsMIB
FROM CC-ASSIGNMENTS-MIB -- FROM {{cc-assign}} FROM CC-ASSIGNMENTS-MIB -- FROM {{cc-assign}}
MODULE-IDENTITY MODULE-IDENTITY
FROM SNMPv2-SMI; -- FROM RFC 2578 FROM SNMPv2-SMI; -- FROM RFC 2578
ccFeatureHierarchyMIB MODULE-IDENTITY ccFeatureHierarchyMIB MODULE-IDENTITY
LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
ORGANIZATION "IETF" ORGANIZATION "IETF"
CONTACT-INFO CONTACT-INFO
"Shadi Azoum "Shadi Azoum
US Navy US Navy
email: shadi.azoum@navy.mil email: shadi.azoum@navy.mil
Elliott Jones Elliott Jones
US Navy US Navy
elliott.jones@navy.mil elliott.jones@navy.mil
Lily Sun Lily Sun
US Navy US Navy
lily.sun@navy.mil lily.sun@navy.mil
Mike Irani Mike Irani
NKI Engineering NKI Engineering
irani@nkiengineering.com irani@nkiengineering.com
Jeffrey Sun Jeffrey Sun
NKI Engineering NKI Engineering
sunjeff@nkiengineering.com sunjeff@nkiengineering.com
Ray Purvis Ray Purvis
MITRE MITRE
Email:rpurvis@mitre.org Email:rpurvis@mitre.org
Sean Turner Sean Turner
sn3rd sn3rd
Email:sean@sn3rd.com" Email:sean@sn3rd.com"
DESCRIPTION DESCRIPTION
"This MIB defines the CC MIB features in hierarchical MIB "This MIB defines the CC MIB features in hierarchical MIB
tree assignments. It acts as a reservation mechanism for tree assignments. It acts as a reservation mechanism for
other MIB sets to be anchored below it. other MIB sets to be anchored below it.
Copyright (c) 2016 IETF Trust and the persons Copyright (c) 2017 IETF Trust and the persons
identified as authors of the code. All rights reserved. identified as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Simplified subject to the license terms contained in, the Simplified
BSD License set forth in Section 4.c of the IETF Trust's BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this MIB module is part of RFC xxxx; This version of this MIB module is part of RFC xxxx;
see the RFC itself for full legal notices." see the RFC itself for full legal notices."
-- RFC Ed.: RFC-editor please fill in xxxx. -- RFC Ed.: RFC-editor please fill in xxxx.
REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
DESCRIPTION "Initial Version. Published as RFC xxxx." DESCRIPTION "Initial Version. Published as RFC xxxx."
-- RFC Ed.: RFC-editor please fill in xxxx. -- RFC Ed.: RFC-editor please fill in xxxx.
::= { ccAssignmentsMIB 1 } ::= { ccAssignmentsMIB 1 }
ccDeviceInfo OBJECT IDENTIFIER ccDeviceInfo OBJECT IDENTIFIER
::= { ccFeatureHierarchyMIB 2 } ::= { ccFeatureHierarchyMIB 2 }
ccFirmwareManagement OBJECT IDENTIFIER ccFirmwareManagement OBJECT IDENTIFIER
::= { ccFeatureHierarchyMIB TBD } ::= { ccFeatureHierarchyMIB TBD }
ccKeyManagement OBJECT IDENTIFIER ccKeyManagement OBJECT IDENTIFIER
::= { ccFeatureHierarchyMIB 3 } ::= { ccFeatureHierarchyMIB 3 }
ccKeyTransferPull OBJECT IDENTIFIER ccKeyTransferPull OBJECT IDENTIFIER
::= { ccFeatureHierarchyMIB 4 } ::= { ccFeatureHierarchyMIB 4 }
ccKeyTransferPush OBJECT IDENTIFIER ccKeyTransferPush OBJECT IDENTIFIER
::= { ccFeatureHierarchyMIB 5 } ::= { ccFeatureHierarchyMIB 5 }
ccSecurePolicyInfo OBJECT IDENTIFIER ccSecurePolicyInfo OBJECT IDENTIFIER
::= { ccFeatureHierarchyMIB 6 } ::= { ccFeatureHierarchyMIB 6 }
ccSecureConnectionInfo OBJECT IDENTIFIER ccSecureConnectionInfo OBJECT IDENTIFIER
::= { ccFeatureHierarchyMIB 7 } ::= { ccFeatureHierarchyMIB 7 }
END END
5.3. CC Device Info 5.3. CC Device Info
This MIB module makes reference to the following documents: This MIB module makes reference to the following documents:
[RFC1213], [RFC1907], [RFC2571], [RFC2578], [RFC2579], and [RFC2580]. [RFC1213], [RFC2578], [RFC2579], [RFC2580], [RFC3411], and [RFC3418].
CC-DEVICE-INFO-MIB DEFINITIONS ::= BEGIN CC-DEVICE-INFO-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
ccDeviceInfo ccDeviceInfo
FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}}
MODULE-COMPLIANCE, OBJECT-GROUP, MODULE-COMPLIANCE, OBJECT-GROUP,
NOTIFICATION-GROUP NOTIFICATION-GROUP
FROM SNMPv2-CONF -- FROM RFC 2580 FROM SNMPv2-CONF -- FROM RFC 2580
OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE,
MODULE-IDENTITY, TimeTicks MODULE-IDENTITY, TimeTicks
FROM SNMPv2-SMI -- FROM RFC 2578 FROM SNMPv2-SMI -- FROM RFC 2578
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411
DateAndTime, TruthValue, TimeStamp DateAndTime, TruthValue, TimeStamp
FROM SNMPv2-TC; -- FROM RFC 2579 FROM SNMPv2-TC; -- FROM RFC 2579
ccDeviceInfoMIB MODULE-IDENTITY ccDeviceInfoMIB MODULE-IDENTITY
LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
ORGANIZATION "IETF" ORGANIZATION "IETF"
CONTACT-INFO CONTACT-INFO
"Shadi Azoum "Shadi Azoum
US Navy US Navy
email: shadi.azoum@navy.mil email: shadi.azoum@navy.mil
skipping to change at page 7, line 47 skipping to change at page 7, line 47
Ray Purvis Ray Purvis
MITRE MITRE
Email:rpurvis@mitre.org Email:rpurvis@mitre.org
Sean Turner Sean Turner
sn3rd sn3rd
Email:sean@sn3rd.com" Email:sean@sn3rd.com"
DESCRIPTION DESCRIPTION
"This MIB defines the CC MIB Device Information objects. "This MIB defines the CC MIB Device Information objects.
Copyright (c) 2016 IETF Trust and the persons Copyright (c) 2017 IETF Trust and the persons
identified as authors of the code. All rights reserved. identified as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Simplified subject to the license terms contained in, the Simplified
BSD License set forth in Section 4.c of the IETF Trust's BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this MIB module is part of RFC xxxx; This version of this MIB module is part of RFC xxxx;
skipping to change at page 8, line 50 skipping to change at page 8, line 50
and will send an inconsistentValue error." and will send an inconsistentValue error."
::= { cDeviceInfoScalars 1 } ::= { cDeviceInfoScalars 1 }
cSystemUpTime OBJECT-TYPE cSystemUpTime OBJECT-TYPE
SYNTAX TimeTicks SYNTAX TimeTicks
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The amount of time since this host was last initialized. "The amount of time since this host was last initialized.
Note that this is different from sysUpTime in the SNMPv2-MIB Note that this is different from sysUpTime in the SNMPv2-MIB
RFC 1907 because sysUpTime is the uptime of the network RFC 3418 because sysUpTime is the uptime of the network
management portion of the system." management portion of the system."
::= { cDeviceInfoScalars 2 } ::= { cDeviceInfoScalars 2 }
cSystemInitialLoadParameters OBJECT-TYPE cSystemInitialLoadParameters OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(0..128)) SYNTAX SnmpAdminString (SIZE(0..128))
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object contains the parameters (e.g. a pathname and "This object contains the parameters (e.g. a pathname and
skipping to change at page 9, line 49 skipping to change at page 9, line 49
chassis serial number or an internal serial number." chassis serial number or an internal serial number."
::= { cDeviceInfoScalars 5 } ::= { cDeviceInfoScalars 5 }
cLastChanged OBJECT-TYPE cLastChanged OBJECT-TYPE
SYNTAX TimeTicks SYNTAX TimeTicks
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The value of cSystemUpTime the last time any configurable "The value of cSystemUpTime the last time any configurable
object within the MIBs supported by the device has been object within the MIBs supported by the device has been
modified, created, or deleted by either SNMP, agent, or other modified, created, or deleted by either SNMP, agent, or
management method (e.g. via an HMI). Managers can use this other management method (e.g. via an HMI). Managers can use
object to ensure that no changes to any configuration within the this object to ensure that no changes to any configuration
device have happened since the last time it examined the device. within the device have happened since the last time it
examined the device. A value of 0 indicates that no objects
A value of 0 indicates that no objects have been changed since have been changed since the agent initialized."
the agent initialized."
::= { cDeviceInfoScalars 6 } ::= { cDeviceInfoScalars 6 }
cResetDevice OBJECT-TYPE cResetDevice OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The indication of whether a device should be reset. Setting "The indication of whether a device should be reset. Setting
this object to 'true' will perform a reset operation of the this object to 'true' will perform a reset operation of the
device. This must not affect the state of any persistent device. This must not affect the state of any persistent
skipping to change at page 17, line 44 skipping to change at page 17, line 44
DESCRIPTION DESCRIPTION
"This group is composed of notifications related to "This group is composed of notifications related to
component information." component information."
::= { cDeviceInfoGroups 6 } ::= { cDeviceInfoGroups 6 }
END END
5.4. Firmware Management Information 5.4. Firmware Management Information
This MIB module makes references to the following documents: This MIB module makes references to the following documents:
[RFC2571], [RFC2578], [RFC2579], and [RFC2580]. [RFC2578], [RFC2579], [RFC2580], and [RFC3411].
CC-FIRMWARE-MANAGEMENT-MIB DEFINITIONS ::= BEGIN CC-FIRMWARE-MANAGEMENT-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411
OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE,
MODULE-IDENTITY MODULE-IDENTITY
FROM SNMPv2-SMI -- FROM RFC 2578 FROM SNMPv2-SMI -- FROM RFC 2578
TimeStamp, TruthValue, RowStatus TimeStamp, TruthValue, RowStatus
FROM SNMPv2-TC -- FROM RFC 2579 FROM SNMPv2-TC -- FROM RFC 2579
MODULE-COMPLIANCE, OBJECT-GROUP, MODULE-COMPLIANCE, OBJECT-GROUP,
NOTIFICATION-GROUP NOTIFICATION-GROUP
FROM SNMPv2-CONF -- FROM RFC 2580; FROM SNMPv2-CONF; -- FROM RFC 2580
ccFirmwareManagementMIB MODULE-IDENTITY ccFirmwareManagementMIB MODULE-IDENTITY
LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
ORGANIZATION "IETF" ORGANIZATION "IETF"
CONTACT-INFO CONTACT-INFO
"Shadi Azoum "Shadi Azoum
US Navy US Navy
email: shadi.azoum@navy.mil email: shadi.azoum@navy.mil
Elliott Jones Elliott Jones
skipping to change at page 23, line 24 skipping to change at page 23, line 24
DESCRIPTION DESCRIPTION
"This group is composed of notifications related to firmware "This group is composed of notifications related to firmware
information." information."
::= { cFirmwareInfoGroups TBD } ::= { cFirmwareInfoGroups TBD }
END END
5.5. Key Management Information 5.5. Key Management Information
This MIB module makes references to the following documents: This MIB module makes references to the following documents:
[RFC2571], [RFC2578], [RFC2579], [RFC2580], [RFC5280], [RFC5914], [RFC2578], [RFC2579], [RFC2580], [RFC3411], [RFC5280], [RFC5914],
[RFC6030], and [RFC6353]. [RFC6030], and [RFC6353].
CC-KEY-MANAGEMENT-MIB DEFINITIONS ::= BEGIN CC-KEY-MANAGEMENT-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
ccKeyManagement ccKeyManagement
FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}}
OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE,
MODULE-IDENTITY MODULE-IDENTITY
FROM SNMPv2-SMI -- FROM RFC 2578 FROM SNMPv2-SMI -- FROM RFC 2578
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411
RowPointer, RowStatus, DateAndTime, RowPointer, RowStatus, DateAndTime,
TruthValue, TimeStamp TruthValue, TimeStamp
FROM SNMPv2-TC -- FROM RFC 2579 FROM SNMPv2-TC -- FROM RFC 2579
MODULE-COMPLIANCE, OBJECT-GROUP, MODULE-COMPLIANCE, OBJECT-GROUP,
NOTIFICATION-GROUP NOTIFICATION-GROUP
FROM SNMPv2-CONF -- FROM RFC 2580 FROM SNMPv2-CONF -- FROM RFC 2580
SnmpTLSFingerprint SnmpTLSFingerprint
FROM SNMP-TLS-TM-MIB; -- FROM RFC 6353 FROM SNMP-TLS-TM-MIB; -- FROM RFC 6353
ccKeyManagementMIB MODULE-IDENTITY ccKeyManagementMIB MODULE-IDENTITY
skipping to change at page 24, line 32 skipping to change at page 24, line 32
Ray Purvis Ray Purvis
MITRE MITRE
Email:rpurvis@mitre.org Email:rpurvis@mitre.org
Sean Turner Sean Turner
sn3rd sn3rd
Email:sean@sn3rd.com" Email:sean@sn3rd.com"
DESCRIPTION DESCRIPTION
"This MIB defines the CC MIB Key Managment objects. "This MIB defines the CC MIB Key Managment objects.
Copyright (c) 2016 IETF Trust and the persons Copyright (c) 2017 IETF Trust and the persons
identified as authors of the code. All rights reserved. identified as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Simplified subject to the license terms contained in, the Simplified
BSD License set forth in Section 4.c of the IETF Trust's BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this MIB module is part of RFC xxxx; This version of this MIB module is part of RFC xxxx;
skipping to change at page 28, line 27 skipping to change at page 28, line 27
::= { cKeyManagementScalars 8 } ::= { cKeyManagementScalars 8 }
cAsymKeyGlobalExpiryWarning OBJECT-TYPE cAsymKeyGlobalExpiryWarning OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
UNITS "days" UNITS "days"
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A global setting, indicating the number of days prior to "A global setting, indicating the number of days prior to
the expiration date of an asymmetric key (value of the expiration date of an asymmetric key (value of
cAsymKeyExpirationDate in the associated cAsymKeyTable entry) cAsymKeyExpirationDate in the associated cAsymKeyTable
for which the cKeyMaterialExpiring notification will be entry) for which the cKeyMaterialExpiring notification will
transmitted. be transmitted.
The value in this object is only used if no value exists for The value in this object is only used if no value exists for
the associated cAsymKeyTable entry's cAsymKeyExpiryWarning the associated cAsymKeyTable entry's cAsymKeyExpiryWarning
object." object."
::= { cKeyManagementScalars 9 } ::= { cKeyManagementScalars 9 }
cGenerateKeyType OBJECT-TYPE cGenerateKeyType OBJECT-TYPE
SYNTAX INTEGER { x509v3(1), psk(2)} SYNTAX INTEGER { x509v3(1), psk(2)}
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
skipping to change at page 38, line 21 skipping to change at page 38, line 21
entered by the manager, can the manager set this column to entered by the manager, can the manager set this column to
active. active.
At a minimum, implementations must support active and At a minimum, implementations must support active and
destroy management functions. Implementations must support destroy management functions. Implementations must support
createAndWait and createAndGo management functions for this createAndWait and createAndGo management functions for this
object if the symmetric key material can be manually entered object if the symmetric key material can be manually entered
by the manager." by the manager."
::= { cSymmetricKeyEntry 12 } ::= { cSymmetricKeyEntry 12 }
-- ********************************************************************* -- *****************************************************************
-- CC MIB cAsymKeyTable -- CC MIB cAsymKeyTable
-- ********************************************************************* -- *****************************************************************
cAsymKeyTableCount OBJECT-TYPE cAsymKeyTableCount OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of rows in the cAsymKeyTable." "The number of rows in the cAsymKeyTable."
::= { cAsymKeyInfo 1 } ::= { cAsymKeyInfo 1 }
cAsymKeyTableLastChanged OBJECT-TYPE cAsymKeyTableLastChanged OBJECT-TYPE
skipping to change at page 42, line 20 skipping to change at page 42, line 20
::= { cAsymKeyEntry 9 } ::= { cAsymKeyEntry 9 }
cAsymKeySubject OBJECT-TYPE cAsymKeySubject OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(1..255)) SYNTAX OCTET STRING (SIZE(1..255))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The entity associated with this Asymmetric Key. "The entity associated with this Asymmetric Key.
For non-X.509 based key material, or when this object does For non-X.509 based key material, or when this object does
not apply for the key material, this column will not exist." not apply for the key material, this column will not
exist."
::= { cAsymKeyEntry 10 } ::= { cAsymKeyEntry 10 }
cAsymKeySubjectType OBJECT-TYPE cAsymKeySubjectType OBJECT-TYPE
SYNTAX BITS { other(0), certificationAuthority(1), SYNTAX BITS { other(0), certificationAuthority(1),
crlIssuer(2) } crlIssuer(2) }
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Defines the type of subject based on the following "Defines the type of subject based on the following
choices. certificationAuthority(1) - When set to 1 choices. certificationAuthority(1) - When set to 1
indicates that the subject (cAsymKeySubject) of the Public indicates that the subject (cAsymKeySubject) of the Public
Key Certificate (PKC) is a Certification Authority (CA). Key Certificate (PKC) is a Certification Authority (CA).
crlIssuer(2) - When set to 1 indicates that the subject crlIssuer(2) - When set to 1 indicates that the subject
(cCertificateSubject) of the Public Key Certificate (PKC) (cCertificateSubject) of the Public Key Certificate (PKC)
is a Certificate Revocation List (CRL) issuer. is a Certificate Revocation List (CRL) issuer.
Bit value translation: Bit value translation:
1000 0000 = other 1000 0000 = other
0100 0000 = certificationAuthority 0100 0000 = certificationAuthority
0010 0000 = crlIssuer 0010 0000 = crlIssuer
For non-X.509 based key material, or when this object does not For non-X.509 based key material, or when this object does
apply for the key material, this column will not exist." not apply for the key material, this column will not
exist."
::= { cAsymKeyEntry 11 } ::= { cAsymKeyEntry 11 }
cAsymKeySubjectAltName OBJECT-TYPE cAsymKeySubjectAltName OBJECT-TYPE
SYNTAXSnmpAdminString (SIZE(1..32)) SYNTAXSnmpAdminString (SIZE(1..32))
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A reference string that points to a set of Certificate "A reference string that points to a set of Certificate
Subject Alternative Subject Names in the Subject Alternative Subject Names in the
cCertSubAltNameTable. cCertSubAltNameTable.
skipping to change at page 49, line 9 skipping to change at page 49, line 9
At a minimum, implementations must support active and At a minimum, implementations must support active and
destroy management functions. Support for notInService and destroy management functions. Support for notInService and
notReady management functions is optional. Implementations notReady management functions is optional. Implementations
must not support createAndWait and createAndGo management must not support createAndWait and createAndGo management
functions for this object. functions for this object.
Some implementations may restrict the deletion of Trust Some implementations may restrict the deletion of Trust
Anchors to specific protocols (e.g. TAMP)." Anchors to specific protocols (e.g. TAMP)."
::= { cTrustAnchorEntry 8 } ::= { cTrustAnchorEntry 8 }
-- ********************************************************************* -- *****************************************************************
-- CC MIB cCKLTable -- CC MIB cCKLTable
-- ********************************************************************* -- *****************************************************************
cCKLTableCount OBJECT-TYPE cCKLTableCount OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of rows in the cCKLTable." "The number of rows in the cCKLTable."
::= { cCKLInfo 1 } ::= { cCKLInfo 1 }
cCKLLastChanged OBJECT-TYPE cCKLLastChanged OBJECT-TYPE
skipping to change at page 52, line 21 skipping to change at page 52, line 21
::= { cCKLEntry 7 } ::= { cCKLEntry 7 }
cCKLLastUpdate OBJECT-TYPE cCKLLastUpdate OBJECT-TYPE
SYNTAX DateAndTime SYNTAX DateAndTime
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The date this CKL/CRL was last updated." "The date this CKL/CRL was last updated."
::= { cCKLEntry 8 } ::= { cCKLEntry 8 }
-- ********************************************************************* -- *****************************************************************
-- CC MIB cCDMStoreTable -- CC MIB cCDMStoreTable
-- ********************************************************************* -- *****************************************************************
cCDMStoreTableCount OBJECT-TYPE cCDMStoreTableCount OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of rows in the cCDMStoreTable." "The number of rows in the cCDMStoreTable."
::= { cCDMStoreInfo 1 } ::= { cCDMStoreInfo 1 }
cCDMStoreTableLastChanged OBJECT-TYPE cCDMStoreTableLastChanged OBJECT-TYPE
skipping to change at page 59, line 40 skipping to change at page 59, line 40
initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
should be used to populate this column." should be used to populate this column."
::= { cCertPathCtrlsInfo 2 } ::= { cCertPathCtrlsInfo 2 }
cCertPathCtrlsTable OBJECT-TYPE cCertPathCtrlsTable OBJECT-TYPE
SYNTAX SEQUENCE OF CCertPathCtrlsEntry SYNTAX SEQUENCE OF CCertPathCtrlsEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The table containing the controls and constraints applied "The table containing the controls and constraints applied
to a certificate in order to process certificate trust paths." to a certificate in order to process certificate trust
paths."
::= { cCertPathCtrlsInfo 3 } ::= { cCertPathCtrlsInfo 3 }
cCertPathCtrlsEntry OBJECT-TYPE cCertPathCtrlsEntry OBJECT-TYPE
SYNTAX CCertPathCtrlsEntry SYNTAX CCertPathCtrlsEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A row containing information about certificate path "A row containing information about certificate path
controls and constraints." controls and constraints."
INDEX { cCertPathCtrlsKeyFingerprint } INDEX { cCertPathCtrlsKeyFingerprint }
skipping to change at page 65, line 5 skipping to change at page 65, line 5
cCertPolicyQualifier OBJECT-TYPE cCertPolicyQualifier OBJECT-TYPE
SYNTAX OCTET STRING SYNTAX OCTET STRING
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Qualifier information with type based on "Qualifier information with type based on
cCertPolicyQualifierID." cCertPolicyQualifierID."
::= { cCertPolicyEntry 5 } ::= { cCertPolicyEntry 5 }
-- ********************************************************************* -- *****************************************************************
-- CC MIB cPolicyMappingTable -- CC MIB cPolicyMappingTable
-- ********************************************************************* -- *****************************************************************
cPolicyMappingTableCount OBJECT-TYPE cPolicyMappingTableCount OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of rows in the cPolicyMappingTable." "The number of rows in the cPolicyMappingTable."
::= { cPolicyMappingInfo 1 } ::= { cPolicyMappingInfo 1 }
cPolicyMappingTableLastChanged OBJECT-TYPE cPolicyMappingTableLastChanged OBJECT-TYPE
skipping to change at page 67, line 5 skipping to change at page 67, line 5
cPolicyMappingIssuerPolicy OBJECT-TYPE cPolicyMappingIssuerPolicy OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER SYNTAX OBJECT IDENTIFIER
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Indicates the issuer domain policy that the issuer "Indicates the issuer domain policy that the issuer
Certificate Authority (CA) considers equivalent to the Certificate Authority (CA) considers equivalent to the
subject CA domain policy." subject CA domain policy."
::= { cPolicyMappingEntry 4 } ::= { cPolicyMappingEntry 4 }
-- ********************************************************************* -- *****************************************************************
-- CC MIB cNameConstraintTable -- CC MIB cNameConstraintTable
-- ********************************************************************* -- *****************************************************************
cNameConstraintTableCount OBJECT-TYPE cNameConstraintTableCount OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of rows in the cNameConstraintTable." "The number of rows in the cNameConstraintTable."
::= { cNameConstraintInfo 1 } ::= { cNameConstraintInfo 1 }
cNameConstraintTableLastChanged OBJECT-TYPE cNameConstraintTableLastChanged OBJECT-TYPE
skipping to change at page 67, line 49 skipping to change at page 67, line 49
path can be stored." path can be stored."
::= { cNameConstraintInfo 3 } ::= { cNameConstraintInfo 3 }
cNameConstraintEntry OBJECT-TYPE cNameConstraintEntry OBJECT-TYPE
SYNTAX CNameConstraintEntry SYNTAX CNameConstraintEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A row designating an entity's distinguished name to a name "A row designating an entity's distinguished name to a name
space." space."
INDEX { cNameConstraintGenSubtree, cNameConstraintSubtreeIndex } INDEX { cNameConstraintGenSubtree,
cNameConstraintSubtreeIndex }
::= { cNameConstraintTable 1 } ::= { cNameConstraintTable 1 }
CNameConstraintEntry ::= SEQUENCE { CNameConstraintEntry ::= SEQUENCE {
cNameConstraintGenSubtree OCTET STRING, cNameConstraintGenSubtree OCTET STRING,
cNameConstraintSubtreeIndex Unsigned32, cNameConstraintSubtreeIndex Unsigned32,
cNameConstraintBaseName SnmpAdminString cNameConstraintBaseName SnmpAdminString
} }
cNameConstraintGenSubtree OBJECT-TYPE cNameConstraintGenSubtree OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(1..255)) SYNTAX OCTET STRING (SIZE(1..255))
skipping to change at page 72, line 51 skipping to change at page 73, line 4
cAsymKeyExpiryWarning, cAsymKeyExpiryWarning,
cAsymKeySubject, cAsymKeySubject,
cAsymKeySubjectType, cAsymKeySubjectType,
cAsymKeyUsage, cAsymKeyUsage,
cAsymKeyClassification, cAsymKeyClassification,
cAsymKeySource, cAsymKeySource,
cAsymKeyRowStatus, cAsymKeyRowStatus,
cAsymKeyVersion, cAsymKeyVersion,
cAsymKeyRekey, cAsymKeyRekey,
cAsymKeyType cAsymKeyType
}
}
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This group is composed of objects related to asymmetric key "This group is composed of objects related to asymmetric key
information." information."
::= { cKeyManagementGroups 2 } ::= { cKeyManagementGroups 2 }
cKeyManCertSubAltNameGroup OBJECT-GROUP cKeyManCertSubAltNameGroup OBJECT-GROUP
OBJECTS { OBJECTS {
cAsymKeySubjectAltName, cAsymKeySubjectAltName,
cCertSubAltNameTableCount, cCertSubAltNameTableCount,
skipping to change at page 77, line 44 skipping to change at page 77, line 46
DESCRIPTION DESCRIPTION
"This group is composed of notifications related to Crypto "This group is composed of notifications related to Crypto
Device Material store information." Device Material store information."
::= { cKeyManagementGroups 17 } ::= { cKeyManagementGroups 17 }
END END
5.6. Key Transfer Pull 5.6. Key Transfer Pull
This MIB module makes reference to the following documents: This MIB module makes reference to the following documents:
[RFC2571], [RFC2578], [RFC2579], and [RFC2580]. [RFC2578], [RFC2579], [RFC2580], and [RFC3411].
CC-KEY-TRANSFER-PULL-MIB DEFINITIONS ::= BEGIN CC-KEY-TRANSFER-PULL-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
ccKeyTransferPull ccKeyTransferPull
FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}}
MODULE-COMPLIANCE, OBJECT-GROUP, MODULE-COMPLIANCE, OBJECT-GROUP,
NOTIFICATION-GROUP NOTIFICATION-GROUP
FROM SNMPv2-CONF -- FROM RFC 2580 FROM SNMPv2-CONF -- FROM RFC 2580
OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE,
MODULE-IDENTITY MODULE-IDENTITY
FROM SNMPv2-SMI -- FROM RFC 2578 FROM SNMPv2-SMI -- FROM RFC 2578
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411
<<<<<<< HEAD
RowStatus, TimeStamp RowStatus, TimeStamp
=======
RowPointer, RowStatus, DateAndTime,
TimeStamp
>>>>>>> master
FROM SNMPv2-TC; -- FROM RFC 2579 FROM SNMPv2-TC; -- FROM RFC 2579
ccKeyTransferPullMIB MODULE-IDENTITY ccKeyTransferPullMIB MODULE-IDENTITY
LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
ORGANIZATION "IETF" ORGANIZATION "IETF"
CONTACT-INFO CONTACT-INFO
"Shadi Azoum "Shadi Azoum
US Navy US Navy
email: shadi.azoum@navy.mil email: shadi.azoum@navy.mil
skipping to change at page 79, line 5 skipping to change at page 78, line 50
Ray Purvis Ray Purvis
MITRE MITRE
Email:rpurvis@mitre.org Email:rpurvis@mitre.org
Sean Turner Sean Turner
sn3rd sn3rd
Email:sean@sn3rd.com" Email:sean@sn3rd.com"
DESCRIPTION DESCRIPTION
"This MIB defines the CC MIB Key Transfer Pull objects. "This MIB defines the CC MIB Key Transfer Pull objects.
Copyright (c) 2016 IETF Trust and the persons Copyright (c) 2017 IETF Trust and the persons
identified as authors of the code. All rights reserved. identified as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Simplified subject to the license terms contained in, the Simplified
BSD License set forth in Section 4.c of the IETF Trust's BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this MIB module is part of RFC xxxx; This version of this MIB module is part of RFC xxxx;
skipping to change at page 79, line 47 skipping to change at page 79, line 44
-- ***************************************************************** -- *****************************************************************
-- Key Transfer Pull Scalars -- Key Transfer Pull Scalars
-- ***************************************************************** -- *****************************************************************
cSOMSServerRetryDelay OBJECT-TYPE cSOMSServerRetryDelay OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The amount of time to wait after a download attempt to the "The amount of time to wait after a download attempt to the
Secure Object Management System (SOMS) server fails before Secure Object Management System (SOMS) server fails before
attempting to retry the operation. Note, this scalar applies attempting to retry the operation. Note, this scalar applies
to the download of any type of item from the SOMS server to the download of any type of item from the SOMS server
(e.g. CDMs, PALs)." (e.g. CDMs, PALs)."
::= { cKeyTransferPullScalars 1 } ::= { cKeyTransferPullScalars 1 }
cSOMSServerRetryMaxAttempts OBJECT-TYPE cSOMSServerRetryMaxAttempts OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The amount of retries attempted before the download attempt "The amount of retries attempted before the download attempt
to the Secure Object Management System (SOMS) server is to the Secure Object Management System (SOMS) server is
considered a failure. Note, this scalar applies to the considered a failure. Note, this scalar applies to the
download of any type of item from the SOMS server (e.g. CDMs, download of any type of item from the SOMS server (e.g.
PALs)." CDMs, PALs)."
::= { cKeyTransferPullScalars 2 } ::= { cKeyTransferPullScalars 2 }
cCDMPullRetrievalPriorities OBJECT-TYPE cCDMPullRetrievalPriorities OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An indication of which cryptographic device materials "An indication of which cryptographic device materials
(CDMs) to retrieve based on this value and a configured (CDMs) to retrieve based on this value and a configured
cCDMDeliveryPriority in a cCDMDeliveryTable entry. This cCDMDeliveryPriority in a cCDMDeliveryTable entry. This
skipping to change at page 80, line 38 skipping to change at page 80, line 33
implies that only cCDMDeliveryTable entries with a implies that only cCDMDeliveryTable entries with a
cCDMDeliveryPriority value of '5' or less can be acted upon cCDMDeliveryPriority value of '5' or less can be acted upon
(i.e. retrieved). (i.e. retrieved).
Different types of ECUs may have different values for this Different types of ECUs may have different values for this
scalar. Bandwidth-limited ECUs, for example, may configure scalar. Bandwidth-limited ECUs, for example, may configure
lower values for only retrieving high-priority CDMs. lower values for only retrieving high-priority CDMs.
A value of 0, also a default value for this scalar, A value of 0, also a default value for this scalar,
indicates that all cCDMDeliveryTable entries can be acted indicates that all cCDMDeliveryTable entries can be acted
upon regardless of the configured cCDMDeliveryPriority value." upon regardless of the configured cCDMDeliveryPriority
value."
DEFVAL {0} DEFVAL {0}
::= { cKeyTransferPullScalars 3 } ::= { cKeyTransferPullScalars 3 }
cPALDeliveryRequest OBJECT-TYPE cPALDeliveryRequest OBJECT-TYPE
SYNTAX INTEGER { readyForDownload(1), downloadAndParse(2), SYNTAX INTEGER { readyForDownload(1), downloadAndParse(2),
discard(3) } discard(3) }
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This scalar controls the server's PAL download process - "This scalar controls the server's PAL download process -
skipping to change at page 93, line 6 skipping to change at page 93, line 4
cPALastDownloadDate, cPALastDownloadDate,
cCDMDeliveryPriority, cCDMDeliveryPriority,
cCDMDeliveryRequest, cCDMDeliveryRequest,
cCDMDeliveryStatus, cCDMDeliveryStatus,
cCDMDeliveryRowStatus cCDMDeliveryRowStatus
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This group is composed of objects related to delivery "This group is composed of objects related to delivery
information." information."
::= { cKeyTransferPullGroups 2 } ::= { cKeyTransferPullGroups 2 }
cKeyTransferPullDeliveryNotifyGroup NOTIFICATION-GROUP cKeyTransferPullDeliveryNotifyGroup NOTIFICATION-GROUP
NOTIFICATIONS { NOTIFICATIONS {
cPALPullReceiveSuccess, cPALPullReceiveSuccess,
cPALPullReceiveFailed, cPALPullReceiveFailed,
cCDMPullReceiveSuccess, cCDMPullReceiveSuccess,
cCDMPullReceiveFailed cCDMPullReceiveFailed
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This group is composed of notifications related to delivery "This group is composed of notifications related to delivery
information." information."
::= { cKeyTransferPullGroups 3 } ::= { cKeyTransferPullGroups 3 }
END END
5.7. Key Transfer Push 5.7. Key Transfer Push
This MIB module makes reference to following documents: [RFC2571], This MIB module makes reference to following documents: [RFC2578],
[RFC2578], [RFC2579], [RFC2580]. [RFC2579], [RFC2580], and [RFC3411].
CC-KEY-TRANSFER-PUSH-MIB DEFINITIONS ::= BEGIN CC-KEY-TRANSFER-PUSH-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
ccKeyTransferPush ccKeyTransferPush
FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}}
OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE,
MODULE-IDENTITY MODULE-IDENTITY
FROM SNMPv2-SMI -- FROM RFC 2578 FROM SNMPv2-SMI -- FROM RFC 2578
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411
RowPointer, RowStatus, DateAndTime, RowPointer, RowStatus, DateAndTime,
TimeStamp TimeStamp
FROM SNMPv2-TC -- FROM RFC 2579 FROM SNMPv2-TC -- FROM RFC 2579
MODULE-COMPLIANCE, OBJECT-GROUP, MODULE-COMPLIANCE, OBJECT-GROUP,
NOTIFICATION-GROUP NOTIFICATION-GROUP
FROM SNMPv2-CONF; -- FROM RFC 2580 FROM SNMPv2-CONF; -- FROM RFC 2580
ccKeyTransferPushMIB MODULE-IDENTITY ccKeyTransferPushMIB MODULE-IDENTITY
LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
ORGANIZATION "IETF" ORGANIZATION "IETF"
skipping to change at page 94, line 30 skipping to change at page 94, line 29
Ray Purvis Ray Purvis
MITRE MITRE
Email:rpurvis@mitre.org Email:rpurvis@mitre.org
Sean Turner Sean Turner
sn3rd sn3rd
Email:sean@sn3rd.com" Email:sean@sn3rd.com"
DESCRIPTION DESCRIPTION
"This MIB defines the CC MIB Key Transfer Push object. "This MIB defines the CC MIB Key Transfer Push object.
Copyright (c) 2016 IETF Trust and the persons Copyright (c) 2017 IETF Trust and the persons
identified as authors of the code. All rights reserved. identified as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Simplified subject to the license terms contained in, the Simplified
BSD License set forth in Section 4.c of the IETF Trust's BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this MIB module is part of RFC xxxx; This version of this MIB module is part of RFC xxxx;
skipping to change at page 106, line 43 skipping to change at page 106, line 43
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This group is composed of notifications related to receiver "This group is composed of notifications related to receiver
information." information."
::= { cKeyTransferPushGroups 4 } ::= { cKeyTransferPushGroups 4 }
END END
5.8. Security Policy Information 5.8. Security Policy Information
This module makes reference to: Section 5.2, [RFC2571], [RFC2578], This module makes reference to: Section 5.2, [RFC2578], [RFC2579],
[RFC2579], and [RFC2580]. [RFC2580], and {RFC3411}}.
CC-SECURE-POLICY-INFO-MIB DEFINITIONS ::= BEGIN CC-SECURE-POLICY-INFO-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
ccSecurePolicyInfo ccSecurePolicyInfo
FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}}
OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE,
MODULE-IDENTITY MODULE-IDENTITY
FROM SNMPv2-SMI -- FROM RFC 2578 FROM SNMPv2-SMI -- FROM RFC 2578
MODULE-COMPLIANCE, OBJECT-GROUP, MODULE-COMPLIANCE, OBJECT-GROUP,
NOTIFICATION-GROUP NOTIFICATION-GROUP
FROM SNMPv2-CONF -- FROM RFC 2580 FROM SNMPv2-CONF -- FROM RFC 2580
<<<<<<< HEAD
=======
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411
>>>>>>> master RowStatus, TimeStamp
RowStatus, DateAndTime, TimeStamp
FROM SNMPv2-TC; -- FROM RFC 2579 FROM SNMPv2-TC; -- FROM RFC 2579
ccSecurePolicyInfoMIB MODULE-IDENTITY ccSecurePolicyInfoMIB MODULE-IDENTITY
LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
ORGANIZATION "IETF" ORGANIZATION "IETF"
CONTACT-INFO CONTACT-INFO
"Shadi Azoum "Shadi Azoum
US Navy US Navy
email: shadi.azoum@navy.mil email: shadi.azoum@navy.mil
skipping to change at page 108, line 5 skipping to change at page 107, line 49
MITRE MITRE
Email:rpurvis@mitre.org Email:rpurvis@mitre.org
Sean Turner Sean Turner
sn3rd sn3rd
Email:sean@sn3rd.com" Email:sean@sn3rd.com"
DESCRIPTION DESCRIPTION
"This MIB defines the CC MIB Security Policy Information "This MIB defines the CC MIB Security Policy Information
objects. objects.
Copyright (c) 2016 IETF Trust and the persons Copyright (c) 2017 IETF Trust and the persons
identified as authors of the code. All rights reserved. identified as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Simplified subject to the license terms contained in, the Simplified
BSD License set forth in Section 4.c of the IETF Trust's BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this MIB module is part of RFC xxxx; This version of this MIB module is part of RFC xxxx;
skipping to change at page 109, line 42 skipping to change at page 109, line 38
::= { cSecPolicyRuleInfo 2 } ::= { cSecPolicyRuleInfo 2 }
cSecPolicyRuleTable OBJECT-TYPE cSecPolicyRuleTable OBJECT-TYPE
SYNTAX SEQUENCE OF CSecPolicyRuleEntry SYNTAX SEQUENCE OF CSecPolicyRuleEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The cSecPolicyRuleTable stores the Security Policy Rules "The cSecPolicyRuleTable stores the Security Policy Rules
that are compared against inbound and outbound data traffic that are compared against inbound and outbound data traffic
flow. These Security Policy Rules define the actions (e.g. flow. These Security Policy Rules define the actions (e.g.
protect, bypass, discard) on how the data traffic flow should protect, bypass, discard) on how the data traffic flow
be treated." should be treated."
::= { cSecPolicyRuleInfo 3 } ::= { cSecPolicyRuleInfo 3 }
cSecPolicyRuleEntry OBJECT-TYPE cSecPolicyRuleEntry OBJECT-TYPE
SYNTAX CSecPolicyRuleEntry SYNTAX CSecPolicyRuleEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A row containing general information about a Security "A row containing general information about a Security
Policy rule." Policy rule."
INDEX { cSecPolicyRulePriorityID } INDEX { cSecPolicyRulePriorityID }
::= { cSecPolicyRuleTable 1 } ::= { cSecPolicyRuleTable 1 }
CSecPolicyRuleEntry ::= SEQUENCE { CSecPolicyRuleEntry ::= SEQUENCE {
cSecPolicyRulePriorityID Unsigned32, cSecPolicyRulePriorityID Unsigned32,
cSecPolicyRuleDescription OCTET STRING, cSecPolicyRuleDescription OCTET STRING,
cSecPolicyRuleType INTEGER, cSecPolicyRuleType INTEGER,
cSecPolicyRuleFilterReference SnmpAdminString, cSecPolicyRuleFilterReference SnmpAdminString,
cSecPolicyRuleAction INTEGER, cSecPolicyRuleAction INTEGER,
cSecPolicyRuleRowStatus RowStatus cSecPolicyRuleRowStatus RowStatus
skipping to change at page 111, line 28 skipping to change at page 111, line 25
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object indicates what action the ECU should take on "This object indicates what action the ECU should take on
matching a data traffic flow against a filter (as defined by matching a data traffic flow against a filter (as defined by
cSecPolicyRuleFilterReference). The value of this column can cSecPolicyRuleFilterReference). The value of this column can
take one of four enumeration values. take one of four enumeration values.
[1] protect: The 'protect' enumeration value indicates that [1] protect: The 'protect' enumeration value indicates that
the data traffic flow should be protected by a Secure the data traffic flow should be protected by a Secure
Connection with attributes defined by the associated filter Connection with attributes defined by the associated filter
(cSecPolicyRuleFilterReference). (cSecPolicyRuleFilterReference).
[10] bypass: The 'bypass' enumeration value indicates that [10] bypass: The 'bypass' enumeration value indicates that
the data traffic flow should be bypassed with no the data traffic flow should be bypassed with no
cryptographic protection/services provided. cryptographic protection/services provided.
[20] discard: The 'discard enumeration value indicates that [20] discard: The 'discard enumeration value indicates that
the data traffic flow, agnostic of their direction, should the data traffic flow, agnostic of their direction, should
be discarded. be discarded.
[21] discardInbound: The 'discardInbound' enumeration value [21] discardInbound: The 'discardInbound' enumeration value
indicates that an inbound data traffic flow should be indicates that an inbound data traffic flow should be
discarded. discarded.
[22] discardOutbound: The 'discardOutbound' enumeration [22] discardOutbound: The 'discardOutbound' enumeration
value indicates that an outbound data traffic flow should be value indicates that an outbound data traffic flow should be
discarded. discarded.
Implementations that do not support the 'discardInbound' and Implementations that do not support the 'discardInbound' and
'discardOutbound' enumeration values should return a 'discardOutbound' enumeration values should return a
wrongValue exception during a SET to the cSecPolicyRuleAction wrongValue exception during a SET to the
object. cSecPolicyRuleAction object.
A valid enumeration value must be specified in order for A valid enumeration value must be specified in order for
cSecPolicyRuleRowStatus to be 'active'." cSecPolicyRuleRowStatus to be 'active'."
::= { cSecPolicyRuleEntry 5 } ::= { cSecPolicyRuleEntry 5 }
cSecPolicyRuleRowStatus OBJECT-TYPE cSecPolicyRuleRowStatus OBJECT-TYPE
SYNTAX RowStatus SYNTAX RowStatus
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 113, line 30 skipping to change at page 113, line 26
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This group is composed of notifications related to secure "This group is composed of notifications related to secure
policy information." policy information."
::= { cSecurePolicyGroups 2 } ::= { cSecurePolicyGroups 2 }
END END
5.9. Secure Connection Information 5.9. Secure Connection Information
This module makes reference to: Section 5.2, [RFC2571], [RFC2578], This module makes reference to: Section 5.2, [RFC2578], [RFC2579],
[RFC2579], and [RFC2580], [RFC4303]. [RFC2580], [RFC3411], and [RFC4303].
CC-SECURE-CONNECTION-INFO-MIB DEFINITIONS ::= BEGIN CC-SECURE-CONNECTION-INFO-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
ccSecureConnectionInfo ccSecureConnectionInfo
FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}}
OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE,
MODULE-IDENTITY MODULE-IDENTITY
FROM SNMPv2-SMI -- FROM RFC 2578 FROM SNMPv2-SMI -- FROM RFC 2578
MODULE-COMPLIANCE, OBJECT-GROUP, MODULE-COMPLIANCE, OBJECT-GROUP,
NOTIFICATION-GROUP NOTIFICATION-GROUP
FROM SNMPv2-CONF -- FROM RFC 2580 FROM SNMPv2-CONF -- FROM RFC 2580
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411
RowStatus, DateAndTime, TimeStamp RowStatus, DateAndTime, TimeStamp
FROM SNMPv2-TC; -- FROM RFC 2579 FROM SNMPv2-TC; -- FROM RFC 2579
ccSecureConnectionInfoMIB MODULE-IDENTITY ccSecureConnectionInfoMIB MODULE-IDENTITY
LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
ORGANIZATION "IETF" ORGANIZATION "IETF"
CONTACT-INFO CONTACT-INFO
"Shadi Azoum "Shadi Azoum
US Navy US Navy
email: shadi.azoum@navy.mil email: shadi.azoum@navy.mil
skipping to change at page 114, line 36 skipping to change at page 114, line 31
MITRE MITRE
Email:rpurvis@mitre.org Email:rpurvis@mitre.org
Sean Turner Sean Turner
sn3rd sn3rd
Email:sean@sn3rd.com" Email:sean@sn3rd.com"
DESCRIPTION DESCRIPTION
"This MIB defines the CC MIB Secure Connection Information "This MIB defines the CC MIB Secure Connection Information
objects. objects.
Copyright (c) 2016 IETF Trust and the persons Copyright (c) 2017 IETF Trust and the persons
identified as authors of the code. All rights reserved. identified as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Simplified subject to the license terms contained in, the Simplified
BSD License set forth in Section 4.c of the IETF Trust's BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this MIB module is part of RFC xxxx; This version of this MIB module is part of RFC xxxx;
skipping to change at page 115, line 44 skipping to change at page 115, line 37
::= { cSecureConnectionInfoNotify 1 } ::= { cSecureConnectionInfoNotify 1 }
cSecConnectionDeleted NOTIFICATION-TYPE cSecConnectionDeleted NOTIFICATION-TYPE
OBJECTS { cSecConTableID } OBJECTS { cSecConTableID }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A notification indicating that an existent Secure "A notification indicating that an existent Secure
Connection was successfully deleted." Connection was successfully deleted."
::= { cSecureConnectionInfoNotify 2 } ::= { cSecureConnectionInfoNotify 2 }
-- ********************************************************************* -- *****************************************************************
-- CC MIB cSecConTable -- CC MIB cSecConTable
-- ********************************************************************* -- *****************************************************************
cSecConTableCount OBJECT-TYPE cSecConTableCount OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of rows in the cSecConTable." "The number of rows in the cSecConTable."
::= { cSecureConnectionInfo 1 } ::= { cSecureConnectionInfo 1 }
cSecConTableLastChanged OBJECT-TYPE cSecConTableLastChanged OBJECT-TYPE
skipping to change at page 120, line 8 skipping to change at page 119, line 50
The set of RowStatus enumerations that must be supported is The set of RowStatus enumerations that must be supported is
dependent on the type of secure connection. At a minimum, dependent on the type of secure connection. At a minimum,
implementations must support createAndGo and destroy if the implementations must support createAndGo and destroy if the
secure connection can be created and destroyed by the secure connection can be created and destroyed by the
manager. Implementations must support active and manager. Implementations must support active and
notInService if the secure connection can be notInService if the secure connection can be
enabled/disabled by the manager." enabled/disabled by the manager."
::= { cSecConEntry 9 } ::= { cSecConEntry 9 }
-- ********************************************************************* -- *****************************************************************
-- Module Conformance Information -- Module Conformance Information
-- ********************************************************************* -- *****************************************************************
cSecureConnectionCompliances OBJECT IDENTIFIER cSecureConnectionCompliances OBJECT IDENTIFIER
::= { cSecureConnectionConformance 1} ::= { cSecureConnectionConformance 1}
cSecureConnectionGroups OBJECT IDENTIFIER cSecureConnectionGroups OBJECT IDENTIFIER
::= { cSecureConnectionConformance 2} ::= { cSecureConnectionConformance 2}
cSecureConnectionCompliance MODULE-COMPLIANCE cSecureConnectionCompliance MODULE-COMPLIANCE
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Compliance levels for secure connection information." "Compliance levels for secure connection information."
skipping to change at page 121, line 37 skipping to change at page 121, line 31
access and GET/SET (read/change/create/delete) the objects in this access and GET/SET (read/change/create/delete) the objects in this
MIB module. MIB module.
Implementations SHOULD provide the security features described by the Implementations SHOULD provide the security features described by the
SNMPv3 framework (see [RFC3410]), and implementations claiming SNMPv3 framework (see [RFC3410]), and implementations claiming
compliance to the SNMPv3 standard MUST include full support for compliance to the SNMPv3 standard MUST include full support for
authentication and privacy via the User-based Security Model (USM) authentication and privacy via the User-based Security Model (USM)
[RFC3414] with the AES cipher algorithm [RFC3826]. Implementations [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations
MAY also provide support for the Transport Security Model (TSM) MAY also provide support for the Transport Security Model (TSM)
[RFC5591] in combination with a secure transport such as SSH [RFC5591] in combination with a secure transport such as SSH
[RFC5592] or TLS/DTLS {RFC6353}. [RFC5592] or TLS/DTLS [RFC6353].
Further, deployment of SNMP versions prior to SNMPv3 is NOT Further, deployment of SNMP versions prior to SNMPv3 is NOT
RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
enable cryptographic security. It is then a customer/operator enable cryptographic security. It is then a customer/operator
responsibility to ensure that the SNMP entity giving access to an responsibility to ensure that the SNMP entity giving access to an
instance of this MIB module is properly configured to give access to instance of this MIB module is properly configured to give access to
the objects only to those principals (users) that have legitimate the objects only to those principals (users) that have legitimate
rights to indeed GET or SET (change/create/delete) them. rights to indeed GET or SET (change/create/delete) them.
8. References 8. References
skipping to change at page 122, line 4 skipping to change at page 121, line 42
Further, deployment of SNMP versions prior to SNMPv3 is NOT Further, deployment of SNMP versions prior to SNMPv3 is NOT
RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
enable cryptographic security. It is then a customer/operator enable cryptographic security. It is then a customer/operator
responsibility to ensure that the SNMP entity giving access to an responsibility to ensure that the SNMP entity giving access to an
instance of this MIB module is properly configured to give access to instance of this MIB module is properly configured to give access to
the objects only to those principals (users) that have legitimate the objects only to those principals (users) that have legitimate
rights to indeed GET or SET (change/create/delete) them. rights to indeed GET or SET (change/create/delete) them.
8. References 8. References
8.1. Normative References 8.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-
<http://www.rfc-editor.org/info/rfc2119>. editor.org/info/rfc2119>.
[RFC2571] Wijnen, B., Harrington, D., and R. Presuhn, "An
Architecture for Describing SNMP Management Frameworks",
RFC 2571, DOI 10.17487/RFC2571, April 1999,
<http://www.rfc-editor.org/info/rfc2571>.
[RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J.
Schoenwaelder, Ed., "Structure of Management Information Schoenwaelder, Ed., "Structure of Management Information
Version 2 (SMIv2)", STD 58, RFC 2578, Version 2 (SMIv2)", STD 58, RFC 2578,
DOI 10.17487/RFC2578, April 1999, DOI 10.17487/RFC2578, April 1999, <https://www.rfc-
<http://www.rfc-editor.org/info/rfc2578>. editor.org/info/rfc2578>.
[RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J.
Schoenwaelder, Ed., "Textual Conventions for SMIv2", Schoenwaelder, Ed., "Textual Conventions for SMIv2",
STD 58, RFC 2579, DOI 10.17487/RFC2579, April 1999, STD 58, RFC 2579, DOI 10.17487/RFC2579, April 1999,
<http://www.rfc-editor.org/info/rfc2579>. <https://www.rfc-editor.org/info/rfc2579>.
[RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J. [RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J.
Schoenwaelder, Ed., "Conformance Statements for SMIv2", Schoenwaelder, Ed., "Conformance Statements for SMIv2",
STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999, STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999,
<http://www.rfc-editor.org/info/rfc2580>. <https://www.rfc-editor.org/info/rfc2580>.
[RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An
Architecture for Describing Simple Network Management
Protocol (SNMP) Management Frameworks", STD 62, RFC 3411,
DOI 10.17487/RFC3411, December 2002, <https://www.rfc-
editor.org/info/rfc3411>.
[RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model
(USM) for version 3 of the Simple Network Management (USM) for version 3 of the Simple Network Management
Protocol (SNMPv3)", STD 62, RFC 3414, Protocol (SNMPv3)", STD 62, RFC 3414,
DOI 10.17487/RFC3414, December 2002, DOI 10.17487/RFC3414, December 2002, <https://www.rfc-
<http://www.rfc-editor.org/info/rfc3414>. editor.org/info/rfc3414>.
[RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The [RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The
Advanced Encryption Standard (AES) Cipher Algorithm in the Advanced Encryption Standard (AES) Cipher Algorithm in the
SNMP User-based Security Model", RFC 3826, SNMP User-based Security Model", RFC 3826,
DOI 10.17487/RFC3826, June 2004, DOI 10.17487/RFC3826, June 2004, <https://www.rfc-
<http://www.rfc-editor.org/info/rfc3826>. editor.org/info/rfc3826>.
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246,
DOI 10.17487/RFC5246, August 2008,
<http://www.rfc-editor.org/info/rfc5246>.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
<http://www.rfc-editor.org/info/rfc5280>. <https://www.rfc-editor.org/info/rfc5280>.
[RFC5591] Harrington, D. and W. Hardaker, "Transport Security Model [RFC5591] Harrington, D. and W. Hardaker, "Transport Security Model
for the Simple Network Management Protocol (SNMP)", for the Simple Network Management Protocol (SNMP)",
STD 78, RFC 5591, DOI 10.17487/RFC5591, June 2009, STD 78, RFC 5591, DOI 10.17487/RFC5591, June 2009,
<http://www.rfc-editor.org/info/rfc5591>. <https://www.rfc-editor.org/info/rfc5591>.
[RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure [RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure
Shell Transport Model for the Simple Network Management Shell Transport Model for the Simple Network Management
Protocol (SNMP)", RFC 5592, DOI 10.17487/RFC5592, June Protocol (SNMP)", RFC 5592, DOI 10.17487/RFC5592, June
2009, <http://www.rfc-editor.org/info/rfc5592>. 2009, <https://www.rfc-editor.org/info/rfc5592>.
[RFC5914] Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor [RFC5914] Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor
Format", RFC 5914, DOI 10.17487/RFC5914, June 2010, Format", RFC 5914, DOI 10.17487/RFC5914, June 2010,
<http://www.rfc-editor.org/info/rfc5914>. <https://www.rfc-editor.org/info/rfc5914>.
[RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric [RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric
Key Container (PSKC)", RFC 6030, DOI 10.17487/RFC6030, Key Container (PSKC)", RFC 6030, DOI 10.17487/RFC6030,
October 2010, <http://www.rfc-editor.org/info/rfc6030>. October 2010, <https://www.rfc-editor.org/info/rfc6030>.
[RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport [RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport
Model for the Simple Network Management Protocol (SNMP)", Model for the Simple Network Management Protocol (SNMP)",
STD 78, RFC 6353, DOI 10.17487/RFC6353, July 2011, STD 78, RFC 6353, DOI 10.17487/RFC6353, July 2011,
<http://www.rfc-editor.org/info/rfc6353>. <https://www.rfc-editor.org/info/rfc6353>.
8.2. Informative References 8.2. Informative References
[RFC1213] McCloghrie, K. and M. Rose, "Management Information Base [RFC1213] McCloghrie, K. and M. Rose, "Management Information Base
for Network Management of TCP/IP-based internets: MIB-II", for Network Management of TCP/IP-based internets: MIB-II",
STD 17, RFC 1213, DOI 10.17487/RFC1213, March 1991, STD 17, RFC 1213, DOI 10.17487/RFC1213, March 1991,
<http://www.rfc-editor.org/info/rfc1213>. <https://www.rfc-editor.org/info/rfc1213>.
[RFC1907] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser,
"Management Information Base for Version 2 of the Simple
Network Management Protocol (SNMPv2)", RFC 1907,
DOI 10.17487/RFC1907, January 1996,
<http://www.rfc-editor.org/info/rfc1907>.
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart,
"Introduction and Applicability Statements for Internet- "Introduction and Applicability Statements for Internet-
Standard Management Framework", RFC 3410, Standard Management Framework", RFC 3410,
DOI 10.17487/RFC3410, December 2002, DOI 10.17487/RFC3410, December 2002, <https://www.rfc-
<http://www.rfc-editor.org/info/rfc3410>. editor.org/info/rfc3410>.
[RFC3418] Presuhn, R., Ed., "Management Information Base (MIB) for
the Simple Network Management Protocol (SNMP)", STD 62,
RFC 3418, DOI 10.17487/RFC3418, December 2002,
<https://www.rfc-editor.org/info/rfc3418>.
[RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", [RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)",
RFC 4303, DOI 10.17487/RFC4303, December 2005, RFC 4303, DOI 10.17487/RFC4303, December 2005,
<http://www.rfc-editor.org/info/rfc4303>. <https://www.rfc-editor.org/info/rfc4303>.
Authors' Addresses Authors' Addresses
Shadi Azoum Shadi Azoum
SPAWAR Systems Center Pacific SPAWAR Systems Center Pacific
Email: shadi.azoum@navy.mil Email: shadi.azoum@navy.mil
Elliott Jones Elliott Jones
SPAWAR Systems Center Pacific SPAWAR Systems Center Pacific
Email: elliott.jones@navy.mil Email: elliott.jones@navy.mil
Lily Sun Lily Sun
SPAWAR Systems Center Pacific SPAWAR Systems Center Pacific
Email: lily.sun@navy.mil Email: lily.sun@navy.mil
 End of changes. 96 change blocks. 
186 lines changed or deleted 176 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/