idnits 2.17.1 draft-ietf-isms-dtls-tm-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** You're using the IETF Trust Provisions' Section 6.b License Notice from 12 Sep 2009 rather than the newer Notice from 28 Dec 2009. (See https://trustee.ietf.org/license-info/) Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 360 has weird spacing: '...patcher v ...' == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (March 6, 2010) is 5164 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 4347 (Obsoleted by RFC 6347) ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) -- Obsolete informational reference (is this intentional?): RFC 4366 (Obsoleted by RFC 5246, RFC 6066) -- No information found for draft-seggelmann-tls-dtls-heartbeat - is the name correct? Summary: 3 errors (**), 0 flaws (~~), 4 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 ISMS W. Hardaker 3 Internet-Draft Sparta, Inc. 4 Intended status: Standards Track March 6, 2010 5 Expires: September 7, 2010 7 Transport Layer Security (TLS) Transport Model for SNMP 8 draft-ietf-isms-dtls-tm-09.txt 10 Abstract 12 This document describes a Transport Model for the Simple Network 13 Management Protocol (SNMP), that uses either the Transport Layer 14 Security protocol or the Datagram Transport Layer Security (DTLS) 15 protocol. The TLS and DTLS protocols provide authentication and 16 privacy services for SNMP applications. This document describes how 17 the TLS Transport Model (TLSTM) implements the needed features of a 18 SNMP Transport Subsystem to make this protection possible in an 19 interoperable way. 21 This transport model is designed to meet the security and operational 22 needs of network administrators. It supports sending of SNMP 23 messages over TLS/TCP and DTLS/UDP. The TLS mode can make use of 24 TCP's improved support for larger packet sizes and the DTLS mode 25 provides potentially superior operation in environments where a 26 connectionless (e.g. UDP) transport is preferred. Both TLS and DTLS 27 integrate well into existing public keying infrastructures. 29 This document also defines a portion of the Management Information 30 Base (MIB) for use with network management protocols. In particular 31 it defines objects for managing the TLS Transport Model for SNMP. 33 Status of this Memo 35 This Internet-Draft is submitted to IETF in full conformance with the 36 provisions of BCP 78 and BCP 79. 38 Internet-Drafts are working documents of the Internet Engineering 39 Task Force (IETF), its areas, and its working groups. Note that 40 other groups may also distribute working documents as Internet- 41 Drafts. 43 Internet-Drafts are draft documents valid for a maximum of six months 44 and may be updated, replaced, or obsoleted by other documents at any 45 time. It is inappropriate to use Internet-Drafts as reference 46 material or to cite them other than as "work in progress." 48 The list of current Internet-Drafts can be accessed at 49 http://www.ietf.org/ietf/1id-abstracts.txt. 51 The list of Internet-Draft Shadow Directories can be accessed at 52 http://www.ietf.org/shadow.html. 54 This Internet-Draft will expire on September 7, 2010. 56 Copyright Notice 58 Copyright (c) 2010 IETF Trust and the persons identified as the 59 document authors. All rights reserved. 61 This document is subject to BCP 78 and the IETF Trust's Legal 62 Provisions Relating to IETF Documents 63 (http://trustee.ietf.org/license-info) in effect on the date of 64 publication of this document. Please review these documents 65 carefully, as they describe your rights and restrictions with respect 66 to this document. Code Components extracted from this document must 67 include Simplified BSD License text as described in Section 4.e of 68 the Trust Legal Provisions and are provided without warranty as 69 described in the BSD License. 71 This document may contain material from IETF Documents or IETF 72 Contributions published or made publicly available before November 73 10, 2008. The person(s) controlling the copyright in some of this 74 material may not have granted the IETF Trust the right to allow 75 modifications of such material outside the IETF Standards Process. 76 Without obtaining an adequate license from the person(s) controlling 77 the copyright in such materials, this document may not be modified 78 outside the IETF Standards Process, and derivative works of it may 79 not be created outside the IETF Standards Process, except to format 80 it for publication as an RFC or to translate it into languages other 81 than English. 83 Table of Contents 85 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 86 1.1. Conventions . . . . . . . . . . . . . . . . . . . . . . . 8 87 2. The Transport Layer Security Protocol . . . . . . . . . . . . 9 88 3. How the TLSTM fits into the Transport Subsystem . . . . . . . 9 89 3.1. Security Capabilities of this Model . . . . . . . . . . . 11 90 3.1.1. Threats . . . . . . . . . . . . . . . . . . . . . . . 11 91 3.1.2. Message Protection . . . . . . . . . . . . . . . . . . 12 92 3.1.3. (D)TLS Connections . . . . . . . . . . . . . . . . . . 13 93 3.2. Security Parameter Passing . . . . . . . . . . . . . . . . 14 94 3.3. Notifications and Proxy . . . . . . . . . . . . . . . . . 14 95 4. Elements of the Model . . . . . . . . . . . . . . . . . . . . 15 96 4.1. X.509 Certificates . . . . . . . . . . . . . . . . . . . . 15 97 4.1.1. Provisioning for the Certificate . . . . . . . . . . . 15 98 4.2. (D)TLS Usage . . . . . . . . . . . . . . . . . . . . . . . 17 99 4.3. SNMP Services . . . . . . . . . . . . . . . . . . . . . . 17 100 4.3.1. SNMP Services for an Outgoing Message . . . . . . . . 18 101 4.3.2. SNMP Services for an Incoming Message . . . . . . . . 18 102 4.4. Cached Information and References . . . . . . . . . . . . 19 103 4.4.1. TLS Transport Model Cached Information . . . . . . . . 19 104 4.4.1.1. tmSecurityName . . . . . . . . . . . . . . . . . . 20 105 4.4.1.2. tmSessionID . . . . . . . . . . . . . . . . . . . 20 106 4.4.1.3. Session State . . . . . . . . . . . . . . . . . . 20 107 5. Elements of Procedure . . . . . . . . . . . . . . . . . . . . 20 108 5.1. Procedures for an Incoming Message . . . . . . . . . . . . 21 109 5.1.1. DTLS over UDP Processing for Incoming Messages . . . . 21 110 5.1.2. Transport Processing for Incoming SNMP Messages . . . 23 111 5.2. Procedures for an Outgoing SNMP Message . . . . . . . . . 24 112 5.3. Establishing or Accepting a Session . . . . . . . . . . . 25 113 5.3.1. Establishing a Session as a Client . . . . . . . . . . 26 114 5.3.2. Accepting a Session as a Server . . . . . . . . . . . 28 115 5.4. Closing a Session . . . . . . . . . . . . . . . . . . . . 29 116 6. MIB Module Overview . . . . . . . . . . . . . . . . . . . . . 29 117 6.1. Structure of the MIB Module . . . . . . . . . . . . . . . 29 118 6.2. Textual Conventions . . . . . . . . . . . . . . . . . . . 29 119 6.3. Statistical Counters . . . . . . . . . . . . . . . . . . . 30 120 6.4. Configuration Tables . . . . . . . . . . . . . . . . . . . 30 121 6.4.1. Notifications . . . . . . . . . . . . . . . . . . . . 30 122 6.5. Relationship to Other MIB Modules . . . . . . . . . . . . 30 123 6.5.1. MIB Modules Required for IMPORTS . . . . . . . . . . . 30 124 7. MIB Module Definition . . . . . . . . . . . . . . . . . . . . 31 125 8. Operational Considerations . . . . . . . . . . . . . . . . . . 52 126 8.1. Sessions . . . . . . . . . . . . . . . . . . . . . . . . . 52 127 8.2. Notification Receiver Credential Selection . . . . . . . . 53 128 8.3. contextEngineID Discovery . . . . . . . . . . . . . . . . 53 129 8.4. Transport Considerations . . . . . . . . . . . . . . . . . 54 130 9. Security Considerations . . . . . . . . . . . . . . . . . . . 54 131 9.1. Certificates, Authentication, and Authorization . . . . . 54 132 9.2. Use with SNMPv1/SNMPv2c Messages . . . . . . . . . . . . . 55 133 9.3. MIB Module Security . . . . . . . . . . . . . . . . . . . 55 134 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 57 135 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 57 136 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 58 137 12.1. Normative References . . . . . . . . . . . . . . . . . . . 58 138 12.2. Informative References . . . . . . . . . . . . . . . . . . 59 139 Appendix A. Target and Notification Configuration Example . . . . 60 140 A.1. Configuring the Notification Originator . . . . . . . . . 60 141 A.2. Configuring the Command Responder . . . . . . . . . . . . 62 142 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 63 144 1. Introduction 146 It is important to understand the modular SNMPv3 architecture as 147 defined by [RFC3411] and enhanced by the Transport Subsystem 148 [RFC5590]. It is also important to understand the terminology of the 149 SNMPv3 architecture in order to understand where the Transport Model 150 described in this document fits into the architecture and how it 151 interacts with the other architecture subsystems. For a detailed 152 overview of the documents that describe the current Internet-Standard 153 Management Framework, please refer to Section 7 of [RFC3410]. 155 This document describes a Transport Model that makes use of the 156 Transport Layer Security (TLS) [RFC5246] and the Datagram Transport 157 Layer Security (DTLS) Protocol [RFC4347], within a transport 158 subsystem [RFC5590]. DTLS is the datagram variant of the Transport 159 Layer Security (TLS) protocol [RFC5246]. The Transport Model in this 160 document is referred to as the Transport Layer Security Transport 161 Model (TLSTM). TLS and DTLS take advantage of the X.509 public 162 keying infrastructure [RFC5280]. While (D)TLS supports multiple 163 authentication mechanisms, this document only discusses X.509 164 certificate based authentication. Although other forms of 165 authentication are possible they are outside the scope of this 166 specification. This transport model is designed to meet the security 167 and operational needs of network administrators, operating in both 168 environments where a connectionless (e.g. UDP) transport is 169 preferred and in environments where large quantities of data need to 170 be sent (e.g. over a TCP based stream). Both TLS and DTLS integrate 171 well into existing public keying infrastructures. This document 172 supports sending of SNMP messages over TLS/TCP and DTLS/UDP. 174 This document also defines a portion of the Management Information 175 Base (MIB) for use with network management protocols. In particular 176 it defines objects for managing the TLS Transport Model for SNMP. 178 Managed objects are accessed via a virtual information store, termed 179 the Management Information Base or MIB. MIB objects are generally 180 accessed through the Simple Network Management Protocol (SNMP). 181 Objects in the MIB are defined using the mechanisms defined in the 182 Structure of Management Information (SMI). This memo specifies a MIB 183 module that is compliant to the SMIv2, which is described in STD 58: 184 [RFC2578], [RFC2579] and [RFC2580]. 186 The diagram shown below gives a conceptual overview of two SNMP 187 entities communicating using the TLS Transport Model. One entity 188 contains a command responder and notification originator application, 189 and the other a command generator and notification responder 190 application. It should be understood that this particular mix of 191 application types is an example only and other combinations are 192 equally valid. Note: this diagram shows the Transport Security Model 193 (TSM) being used as the security model which is defined in [RFC5591]. 195 +---------------------------------------------------------------------+ 196 | Network | 197 +---------------------------------------------------------------------+ 198 ^ | ^ | 199 |Notifications |Commands |Commands |Notifications 200 +---|---------------------|-------+ +--|---------------|--------------+ 201 | | V | | | V | 202 | +------------+ +------------+ | | +-----------+ +----------+ | 203 | | (D)TLS | | (D)TLS | | | | (D)TLS | | (D)TLS | | 204 | | (Client) | | (Server) | | | | (Client) | | (Server) | | 205 | +------------+ +------------+ | | +-----------+ +----------+ | 206 | ^ ^ | | ^ ^ | 207 | | | | | | | | 208 | +-------------+ | | +--------------+ | 209 | +-----|------------+ | | +-----|------------+ | 210 | | V | | | | V | | 211 | | +--------+ | +-----+ | | | +--------+ | +-----+ | 212 | | | TLS TM |<--------->|Cache| | | | | TLS TM |<--------->|Cache| | 213 | | +--------+ | +-----+ | | | +--------+ | +-----+ | 214 | |Transport Subsys. | ^ | | |Transport Subsys. | ^ | 215 | +------------------+ | | | +------------------+ | | 216 | ^ | | | ^ | | 217 | | +--+ | | | +--+ | 218 | v | | | V | | 219 | +-----+ +--------+ +-------+ | | | +-----+ +--------+ +-------+ | | 220 | | | |Message | |Securi.| | | | | | |Message | |Securi.| | | 221 | |Disp.| |Proc. | |Subsys.| | | | |Disp.| |Proc. | |Subsys.| | | 222 | | | |Subsys. | | | | | | | | |Subsys. | | | | | 223 | | | | | | | | | | | | | | | | | | 224 | | | | +----+ | | +---+ | | | | | | | +----+ | | +---+ | | | 225 | | <--->|v3MP|<--> |TSM|<--+ | | | <--->|v3MP|<--->|TSM|<--+ | 226 | | | | +----+ | | +---+ | | | | | | +----+ | | +---+ | | 227 | | | | | | | | | | | | | | | | 228 | +-----+ +--------+ +-------+ | | +-----+ +--------+ +-------+ | 229 | ^ | | ^ | 230 | | | | | | 231 | +-+------------+ | | +-+----------+ | 232 | | | | | | | | 233 | v v | | v V | 234 | +-------------+ +-------------+ | | +-------------+ +-------------+ | 235 | | COMMAND | | NOTIFICAT. | | | | COMMAND | | NOTIFICAT. | | 236 | | RESPONDER | | ORIGINATOR | | | | GENERATOR | | RECEIVER | | 237 | | application | | application | | | | application | | application | | 238 | +-------------+ +-------------+ | | +-------------+ +-------------+ | 239 | SNMP entity | | SNMP entity | 240 +---------------------------------+ +---------------------------------+ 242 1.1. Conventions 244 For consistency with SNMP-related specifications, this document 245 favors terminology as defined in STD 62, rather than favoring 246 terminology that is consistent with non-SNMP specifications. This is 247 consistent with the IESG decision to not require the SNMPv3 248 terminology be modified to match the usage of other non-SNMP 249 specifications when SNMPv3 was advanced to Full Standard. 251 "Authentication" in this document typically refers to the English 252 meaning of "serving to prove the authenticity of" the message, not 253 data source authentication or peer identity authentication. 255 The terms "manager" and "agent" are not used in this document 256 because, in the [RFC3411] architecture, all SNMP entities have the 257 capability of acting as manager, agent, or both depending on the SNMP 258 application types supported in the implementation. Where distinction 259 is required, the application names of command generator, command 260 responder, notification originator, notification receiver, and proxy 261 forwarder are used. See "SNMP Applications" [RFC3413] for further 262 information. 264 Large portions of this document simultaneously refer to both TLS and 265 DTLS when discussing TLSTM components that function equally with 266 either protocol. "(D)TLS" is used in these places to indicate that 267 the statement applies to either or both protocols as appropriate. 268 When a distinction between the protocols is needed they are referred 269 to independently through the use of "TLS" or "DTLS". The Transport 270 Model, however, is named "TLS Transport Model" and refers not to the 271 TLS or DTLS protocol but to the standard defined in this document, 272 which includes support for both TLS and DTLS. 274 Throughout this document, the terms "client" and "server" are used to 275 refer to the two ends of the (D)TLS transport connection. The client 276 actively opens the (D)TLS connection, and the server passively 277 listens for the incoming (D)TLS connection. An SNMP entity may act 278 as a (D)TLS client or server or both, depending on the SNMP 279 applications supported. 281 The User-Based Security Model (USM) [RFC3414] is a mandatory-to- 282 implement Security Model in STD 62. While (D)TLS and USM frequently 283 refer to a user, the terminology preferred in RFC3411 and in this 284 memo is "principal". A principal is the "who" on whose behalf 285 services are provided or processing takes place. A principal can be, 286 among other things, an individual acting in a particular role; a set 287 of individuals, with each acting in a particular role; an application 288 or a set of applications, or a combination of these within an 289 administrative domain. 291 Throughout this document, the term "session" is used to refer to a 292 secure association between two TLS Transport Models that permits the 293 transmission of one or more SNMP messages within the lifetime of the 294 session. The (D)TLS protocols also have an internal notion of a 295 session and although these two concepts of a session are related, 296 when the term "session" is used this document is referring to the 297 TLSTM's specific session and not directly to the (D)TLS protocol's 298 session. 300 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 301 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 302 document are to be interpreted as described in [RFC2119]. 304 2. The Transport Layer Security Protocol 306 (D)TLS provides authentication, data message integrity, and privacy 307 at the transport layer. (See [RFC4347]) 309 The primary goals of the TLS Transport Model are to provide privacy, 310 peer identity authentication and data integrity between two 311 communicating SNMP entities. The TLS and DTLS protocols provide a 312 secure transport upon which the TLSTM is based. Please refer to 313 [RFC5246] and [RFC4347] for complete descriptions of the protocols. 315 3. How the TLSTM fits into the Transport Subsystem 317 A transport model is a component of the Transport Subsystem. The TLS 318 Transport Model thus fits between the underlying (D)TLS transport 319 layer and the Message Dispatcher [RFC3411] component of the SNMP 320 engine and the Transport Subsystem. 322 The TLS Transport Model will establish a session between itself and 323 the TLS Transport Model of another SNMP engine. The sending 324 transport model passes unencrypted and unauthenticated messages from 325 the Dispatcher to (D)TLS to be encrypted and authenticated, and the 326 receiving transport model accepts decrypted and authenticated/ 327 integrity-checked incoming messages from (D)TLS and passes them to 328 the Dispatcher. 330 After a TLS Transport Model session is established, SNMP messages can 331 conceptually be sent through the session from one SNMP message 332 Dispatcher to another SNMP Message Dispatcher. If multiple SNMP 333 messages are needed to be passed between two SNMP applications they 334 MAY be passed through the same session. A TLSTM implementation 335 engine MAY choose to close the session to conserve resources. 337 The TLS Transport Model of an SNMP engine will perform the 338 translation between (D)TLS-specific security parameters and SNMP- 339 specific, model-independent parameters. 341 The diagram below depicts where the TLS Transport Model fits into the 342 architecture described in RFC3411 and the Transport Subsystem: 344 +------------------------------+ 345 | Network | 346 +------------------------------+ 347 ^ ^ ^ 348 | | | 349 v v v 350 +-------------------------------------------------------------------+ 351 | +--------------------------------------------------+ | 352 | | Transport Subsystem | +--------+ | 353 | | +-----+ +-----+ +-------+ +-------+ | | | | 354 | | | UDP | | SSH | |(D)TLS | . . . | other |<--->| Cache | | 355 | | | | | TM | | TM | | | | | | | 356 | | +-----+ +-----+ +-------+ +-------+ | +--------+ | 357 | +--------------------------------------------------+ ^ | 358 | ^ | | 359 | | | | 360 | Dispatcher v | | 361 | +--------------+ +---------------------+ +----------------+ | | 362 | | Transport | | Message Processing | | Security | | | 363 | | Dispatch | | Subsystem | | Subsystem | | | 364 | | | | +------------+ | | +------------+ | | | 365 | | | | +->| v1MP |<--->| | USM | | | | 366 | | | | | +------------+ | | +------------+ | | | 367 | | | | | +------------+ | | +------------+ | | | 368 | | | | +->| v2cMP |<--->| | Transport | | | | 369 | | Message | | | +------------+ | | | Security |<--+ | 370 | | Dispatch <---->| +------------+ | | | Model | | | 371 | | | | +->| v3MP |<--->| +------------+ | | 372 | | | | | +------------+ | | +------------+ | | 373 | | PDU Dispatch | | | +------------+ | | | Other | | | 374 | +--------------+ | +->| otherMP |<--->| | Model(s) | | | 375 | ^ | +------------+ | | +------------+ | | 376 | | +---------------------+ +----------------+ | 377 | v | 378 | +-------+-------------------------+---------------+ | 379 | ^ ^ ^ | 380 | | | | | 381 | v v v | 382 | +-------------+ +---------+ +--------------+ +-------------+ | 383 | | COMMAND | | ACCESS | | NOTIFICATION | | PROXY | | 384 | | RESPONDER |<->| CONTROL |<->| ORIGINATOR | | FORWARDER | | 385 | | application | | | | applications | | application | | 386 | +-------------+ +---------+ +--------------+ +-------------+ | 387 | ^ ^ | 388 | | | | 389 | v v | 390 | +----------------------------------------------+ | 391 | | MIB instrumentation | SNMP entity | 392 +-------------------------------------------------------------------+ 394 3.1. Security Capabilities of this Model 396 3.1.1. Threats 398 The TLS Transport Model provides protection against the threats 399 identified by the RFC 3411 architecture [RFC3411]: 401 1. Modification of Information - The modification threat is the 402 danger that an unauthorized entity may alter in-transit SNMP 403 messages generated on behalf of an authorized principal in such a 404 way as to effect unauthorized management operations, including 405 falsifying the value of an object. 407 (D)TLS provides verification that the content of each received 408 message has not been modified during its transmission through the 409 network, data has not been altered or destroyed in an 410 unauthorized manner, and data sequences have not been altered to 411 an extent greater than can occur non-maliciously. 413 2. Masquerade - The masquerade threat is the danger that management 414 operations unauthorized for a given principal may be attempted by 415 assuming the identity of another principal that has the 416 appropriate authorizations. 418 The TLSTM verifies of the identity of the (D)TLS server through 419 the use of the (D)TLS protocol and X.509 certificates. A TLS 420 Transport Model implementation MUST support authentication of 421 both the server and the client. 423 3. Message stream modification - The re-ordering, delay or replay of 424 messages can and does occur through the natural operation of many 425 connectionless transport services. The message stream 426 modification threat is the danger that messages may be 427 maliciously re-ordered, delayed or replayed to an extent which is 428 greater than can occur through the natural operation of 429 connectionless transport services, in order to effect 430 unauthorized management operations. 432 (D)TLS provides replay protection with a MAC that includes a 433 sequence number. Since UDP provides no sequencing ability, DTLS 434 uses a sliding window protocol with the sequence number used for 435 replay protection (see [RFC4347]). 437 4. Disclosure - The disclosure threat is the danger of eavesdropping 438 on the exchanges between SNMP engines. 440 (D)TLS provides protection against the disclosure of information 441 to unauthorized recipients or eavesdroppers by allowing for 442 encryption of all traffic between SNMP engines. A TLS Transport 443 Model implementation SHOULD support the message encryption to 444 protect sensitive data from eavesdropping attacks. 446 5. Denial of Service - the RFC 3411 architecture [RFC3411] states 447 that denial of service (DoS) attacks need not be addressed by an 448 SNMP security protocol. However, connectionless transports (like 449 DTLS over UDP) are susceptible to a variety of denial of service 450 attacks because they are more vulnerable to spoofed IP addresses. 451 See Section 4.2 for details how the cookie mechanism is used. 452 Note, however, that this mechanism does not provide any defense 453 against denial of service attacks mounted from valid IP 454 addresses. 456 See Section 9 for more detail on the security considerations 457 associated with the TLSTM and these security threats. 459 3.1.2. Message Protection 461 The RFC 3411 architecture recognizes three levels of security: 463 o without authentication and without privacy (noAuthNoPriv) 465 o with authentication but without privacy (authNoPriv) 467 o with authentication and with privacy (authPriv) 469 The TLS Transport Model determines from (D)TLS the identity of the 470 authenticated principal, the transport type and the transport address 471 associated with an incoming message. The TLS Transport Model 472 provides the identity and destination type and address to (D)TLS for 473 outgoing messages. 475 When an application requests a session for a message it also requests 476 a security level for that session. The TLS Transport Model MUST 477 ensure that the (D)TLS connection provides security at least as high 478 as the requested level of security. How the security level is 479 translated into the algorithms used to provide data integrity and 480 privacy is implementation-dependent. However, the NULL integrity and 481 encryption algorithms MUST NOT be used to fulfill security level 482 requests for authentication or privacy. Implementations MAY choose 483 to force (D)TLS to only allow cipher_suites that provide both 484 authentication and privacy to guarantee this assertion. 486 If a suitable interface between the TLS Transport Model and the 487 (D)TLS Handshake Protocol is implemented to allow the selection of 488 security level dependent algorithms (for example a security level to 489 cipher_suites mapping table) then different security levels may be 490 utilized by the application. 492 The authentication, integrity and privacy algorithms used by the 493 (D)TLS Protocols may vary over time as the science of cryptography 494 continues to evolve and the development of (D)TLS continues over 495 time. Implementers are encouraged to plan for changes in operator 496 trust of particular algorithms. Implementations should offer 497 configuration settings for mapping algorithms to SNMPv3 security 498 levels. 500 3.1.3. (D)TLS Connections 502 (D)TLS connections are opened by the TLS Transport Model during the 503 elements of procedure for an outgoing SNMP message. Since the sender 504 of a message initiates the creation of a (D)TLS connection if needed, 505 the (D)TLS connection will already exist for an incoming message. 507 Implementations MAY choose to instantiate (D)TLS connections in 508 anticipation of outgoing messages. This approach might be useful to 509 ensure that a (D)TLS connection to a given target can be established 510 before it becomes important to send a message over the (D)TLS 511 connection. Of course, there is no guarantee that a pre-established 512 session will still be valid when needed. 514 DTLS connections, when used over UDP, are uniquely identified within 515 the TLS Transport Model by the combination of transportDomain, 516 transportAddress, tmSecurityName, and requestedSecurityLevel 517 associated with each session. Each unique combination of these 518 parameters MUST have a locally-chosen unique tlstmSessionID for each 519 active session. For further information see Section 5. TLS over TCP 520 sessions, on the other hand, do not require a unique pairing of 521 address and port attributes since their lower layer protocols (TCP) 522 already provide adequate session framing. But they must still 523 provide a unique tlstmSessionID for referencing the session. 525 The tlstmSessionID identifier MUST NOT change during the entire 526 duration of the session from the TLSTM's perspective, and MUST 527 uniquely identify a single session. As an implementation hint: note 528 that the (D)TLS internal SessionID does not meet these requirements, 529 since it can change over the life of the connection as seen by the 530 TLSTM (for example, during renegotiation), and does not necessarily 531 uniquely idenfify a TLSTM session (there can be multiple TLSTM 532 sessions sharing the same D(TLS) internal SessionID). 534 3.2. Security Parameter Passing 536 For the (D)TLS server-side, (D)TLS-specific security parameters 537 (i.e., cipher_suites, X.509 certificate fields, IP address and port) 538 are translated by the TLS Transport Model into security parameters 539 for the TLS Transport Model and security model (e.g., 540 tmSecurityLevel, tmSecurityName, transportDomain, transportAddress). 541 The transport-related and (D)TLS-security-related information, 542 including the authenticated identity, are stored in a cache 543 referenced by tmStateReference. 545 For the (D)TLS client-side, the TLS Transport Model takes input 546 provided by the Dispatcher in the sendMessage() Abstract Service 547 Interface (ASI) and input from the tmStateReference cache. The 548 (D)TLS Transport Model converts that information into suitable 549 security parameters for (D)TLS and establishes sessions as needed. 551 The elements of procedure in Section 5 discuss these concepts in much 552 greater detail. 554 3.3. Notifications and Proxy 556 (D)TLS connections may be initiated by (D)TLS clients on behalf of 557 SNMP appplications that initiate communications, such as command 558 generators, notification originators, proxy forwarders. Command 559 generators are frequently operated by a human, but notification 560 originators and proxy forwarders are usually unmanned automated 561 processes. The targets to whom notifications and proxied requests 562 should be sent is typically determined and configured by a network 563 administrator. 565 The SNMP-TARGET-MIB module [RFC3413] contains objects for defining 566 management targets, including transportDomain, transportAddress, 567 securityName, securityModel, and securityLevel parameters, for 568 notification originator, proxy forwarder, and SNMP-controllable 569 command generator applications. Transport domains and transport 570 addresses are configured in the snmpTargetAddrTable, and the 571 securityModel, securityName, and securityLevel parameters are 572 configured in the snmpTargetParamsTable. This document defines a MIB 573 module that extends the SNMP-TARGET-MIB's snmpTargetParamsTable to 574 specify a (D)TLS client-side certificate to use for the connection. 576 When configuring a (D)TLS target, the snmpTargetAddrTDomain and 577 snmpTargetAddrTAddress parameters in snmpTargetAddrTable should be 578 set to the snmpTLSTCPDomain or snmpDTLSUDPDomain object and an 579 appropriate snmpTLSAddress value. When used with the SNMPv3 message 580 processing model, the snmpTargetParamsMPModel column of the 581 snmpTargetParamsTable should be set to a value of 3. The 582 snmpTargetParamsSecurityName should be set to an appropriate 583 securityName value and the tlstmParamsClientFingerprint parameter of 584 the tlstmParamsTable should be set a value that refers to a locally 585 held certificate (and the corresponding private key) to be used. 586 Other parameters, for example cryptographic configuration such as 587 which cipher suites to use, must come from configuration mechanisms 588 not defined in this document. 590 The securityName defined in the snmpTargetParamsSecurityName column 591 will be used by the access control model to authorize any 592 notifications that need to be sent. 594 4. Elements of the Model 596 This section contains definitions required to realize the (D)TLS 597 Transport Model defined by this document. 599 4.1. X.509 Certificates 601 (D)TLS can make use of X.509 certificates for authentication of both 602 sides of the transport. This section discusses the use of X.509 603 certificates in the TLSTM. 605 While (D)TLS supports multiple authentication mechanisms, this 606 document only discusses X.509 certificate based authentication; Other 607 forms of authentication are are outside the scope of this 608 specification. TLSTM implementations are REQUIRED to support X.509 609 certificates. 611 4.1.1. Provisioning for the Certificate 613 Authentication using (D)TLS will require that SNMP entities have 614 certificates, either signed by trusted certification authorities, or 615 self-signed. Furthermore, SNMP entities will most commonly need to 616 be provisioned with root certificates which represent the list of 617 trusted certificate authorities that an SNMP entity can use for 618 certificate verification. SNMP entities SHOULD also be provisioned 619 with a X.509 certificate revocation mechanism which can be used to 620 verify that a certificate has not been revoked. Trusted public keys 621 from either CA certificates and/or self-signed certificates, MUST be 622 installed into the server through a trusted out of band mechanism and 623 their authenticity MUST be verified before access is granted. 625 Having received a certificate from a connecting TLSTM client, the 626 authenticated tmSecurityName of the principal is derived using the 627 tlstmCertToTSNTable. This table allows mapping of incoming 628 connections to tmSecurityNames through defined transformations. The 629 transformations defined in the TLSTM-MIB include: 631 o Mapping a certificate's subjectAltName or CommonName components to 632 a tmSecurityName, or 634 o Mapping a certificate's fingerprint value to a directly specified 635 tmSecurityName 637 As an implementation hint: implementations may choose to discard any 638 connections for which no potential tlstmCertToTSNTable mapping exists 639 before performing certificate verification to avoid expending 640 computational resources associated with certificate verification. 642 Enterprise configurations are encouraged to map a "subjectAltName" 643 component of the X.509 certificate to the TLSTM specific 644 tmSecurityName. The authenticated identity can be obtained by the 645 TLS Transport Model by extracting the subjectAltName(s) from the 646 peer's certificate. The receiving application will then have an 647 appropriate tmSecurityName for use by other SNMPv3 components like an 648 access control model. 650 An example of this type of mapping setup can be found in Appendix A. 652 This tmSecurityName may be later translated from a TLSTM specific 653 tmSecurityName to a SNMP engine securityName by the security model. 654 A security model, like the TSM security model [RFC5591], may perform 655 an identity mapping or a more complex mapping to derive the 656 securityName from the tmSecurityName offered by the TLS Transport 657 Model. 659 A pictorial view of the complete transformation process (using the 660 TSM security model for the example) is shown below: 662 +-------------+ +-------+ +-----+ 663 | Certificate | | | | | 664 | Path | | TLSTM | tmSecurityName | TSM | 665 | Validation | --> | | ----------------->| | 666 +-------------+ +-------+ +-----+ 667 | 668 | securityName 669 V 670 +-------------+ 671 | application | 672 +-------------+ 674 4.2. (D)TLS Usage 676 (D)TLS MUST negotiate a cipher suite that uses X.509 certificates for 677 authentication, and MUST authenticate both the client and the server. 678 The mandatory-to-implement cipher suite is specified in the TLS 679 specification [RFC5246]. 681 TLSTM verifies the certificates when the connection is opened (see 682 Section 5.3). For this reason, TLS renegotiation with different 683 certificates MUST NOT be done. That is, implementations MUST either 684 disable renegotiation completely (RECOMMENDED), or MUST present the 685 same certificate during renegotiation (and MUST verify that the other 686 end presented the same certificate). 688 For DTLS over UDP, each SNMP message MUST be placed in a single UDP 689 datagram; it MAY be split to multiple DTLS records. In other words, 690 if a single datagram contains multiple DTLS application_data records, 691 they are concatenated when received. The TLSTM implementation SHOULD 692 return an error if the SNMP message does not fit in the UDP datagram, 693 and thus cannot be sent. 695 For DTLS over UDP, the DTLS server implementation MUST support DTLS 696 cookies ([RFC4347] already requires that clients support DTLS 697 cookies). Implementations are not required to perform the cookie 698 exchange for every DTLS handshake; however, enabling it by default is 699 RECOMMENDED. 701 For DTLS, replay protection MUST be used. 703 4.3. SNMP Services 705 This section describes the services provided by the TLS Transport 706 Model with their inputs and outputs. The services are between the 707 Transport Model and the Dispatcher. 709 The services are described as primitives of an abstract service 710 interface (ASI) and the inputs and outputs are described as abstract 711 data elements as they are passed in these abstract service 712 primitives. 714 4.3.1. SNMP Services for an Outgoing Message 716 The Dispatcher passes the information to the TLS Transport Model 717 using the ASI defined in the transport subsystem: 719 statusInformation = 720 sendMessage( 721 IN destTransportDomain -- transport domain to be used 722 IN destTransportAddress -- transport address to be used 723 IN outgoingMessage -- the message to send 724 IN outgoingMessageLength -- its length 725 IN tmStateReference -- reference to transport state 726 ) 728 The abstract data elements returned from or passed as parameters into 729 the abstract service primitives are as follows: 731 statusInformation: An indication of whether the sending of the 732 message was successful. If not, it is an indication of the 733 problem. 735 destTransportDomain: The transport domain for the associated 736 destTransportAddress. The Transport Model uses this parameter to 737 determine the transport type of the associated 738 destTransportAddress. This document specifies the 739 snmpTLSTCPDomain and the snmpDTLSUDPDomain transport domains. 741 destTransportAddress: The transport address of the destination TLS 742 Transport Model in a format specified by the SnmpTLSAddress 743 TEXTUAL-CONVENTION. 745 outgoingMessage: The outgoing message to send to (D)TLS for 746 encapsulation and transmission. 748 outgoingMessageLength: The length of the outgoingMessage field. 750 tmStateReference: A reference to tmState to be used when securing 751 outgoing messages. 753 4.3.2. SNMP Services for an Incoming Message 755 The TLS Transport Model processes the received message from the 756 network using the (D)TLS service and then passes it to the Dispatcher 757 using the following ASI: 759 statusInformation = 760 receiveMessage( 761 IN transportDomain -- origin transport domain 762 IN transportAddress -- origin transport address 763 IN incomingMessage -- the message received 764 IN incomingMessageLength -- its length 765 IN tmStateReference -- reference to transport state 766 ) 768 The abstract data elements returned from or passed as parameters into 769 the abstract service primitives are as follows: 771 statusInformation: An indication of whether the passing of the 772 message was successful. If not, it is an indication of the 773 problem. 775 transportDomain: The transport domain for the associated 776 transportAddress. This document specifies the snmpTLSTCPDomain 777 and the snmpDTLSUDPDomain transport domains. 779 transportAddress: The transport address of the source of the 780 received message in a format specified by the SnmpTLSAddress 781 TEXTUAL-CONVENTION. 783 incomingMessage: The whole SNMP message after being processed by 784 (D)TLS and the (D)TLS transport layer data has been removed. 786 incomingMessageLength: The length of the incomingMessage field. 788 tmStateReference: A reference to tmSecurityData to be used by the 789 security model. 791 4.4. Cached Information and References 793 When performing SNMP processing, there are two levels of state 794 information that may need to be retained: the immediate state linking 795 a request-response pair, and potentially longer-term state relating 796 to transport and security. "Transport Subsystem for the Simple 797 Network Management Protocol" [RFC5590] defines general requirements 798 for caches and references. 800 4.4.1. TLS Transport Model Cached Information 802 The TLS Transport Model has specific responsibilities regarding the 803 cached information. See the Elements of Procedure in Section 5 for 804 detailed processing instructions on the use of the tmStateReference 805 fields by the TLS Transport Model. 807 4.4.1.1. tmSecurityName 809 The tmSecurityName MUST be a human-readable name (in snmpAdminString 810 format) representing the identity that has been set according to the 811 procedures in Section 5. The tmSecurityName MUST be constant for all 812 traffic passing through an TLSTM session. Messages MUST NOT be sent 813 through an existing (D)TLS connection that was established using a 814 different tmSecurityName. 816 On the (D)TLS server side of a connection the tmSecurityName is 817 derived using the procedures described in Section 5.3.2 and the 818 TLSTM-MIB's tlstmCertToTSNTable DESCRIPTION clause. 820 On the (D)TLS client side of a connection the tmSecurityName is 821 presented to the TLS Transport Model by the application (possibly 822 because of configuration specified in the SNMP-TARGET-MIB). 824 The securityName MAY be derived from the tmSecurityName by a Security 825 Model and MAY be used to configure notifications and access controls 826 in MIB modules. Transport Models SHOULD generate a predictable 827 tmSecurityName so operators will know what to use when configuring 828 MIB modules that use securityNames derived from tmSecurityNames. The 829 TLSTM generates predictable tmSecurityNames based on the 830 configuration found in the TLSTM-MIB's tlstmCertToTSNTable and relies 831 on the network operators to have configured this table appropriately. 833 4.4.1.2. tmSessionID 835 The tmSessionID MUST be recorded per message at the time of receipt. 836 When tmSameSecurity is set, the recorded tmSessionID can be used to 837 determine whether the (D)TLS connection available for sending a 838 corresponding outgoing message is the same (D)TLS connection as was 839 used when receiving the incoming message (e.g., a response to a 840 request). 842 4.4.1.3. Session State 844 The per-session state that is referenced by tmStateReference may be 845 saved across multiple messages in a Local Configuration Datastore. 846 Additional session/connection state information might also be stored 847 in a Local Configuration Datastore. 849 5. Elements of Procedure 851 Abstract service interfaces have been defined by [RFC3411] and 852 further augmented by [RFC5590] to describe the conceptual data flows 853 between the various subsystems within an SNMP entity. The TLSTM uses 854 some of these conceptual data flows when communicating between 855 subsystems. 857 To simplify the elements of procedure, the release of state 858 information is not always explicitly specified. As a general rule, 859 if state information is available when a message gets discarded, the 860 message-state information should also be released. If state 861 information is available when a session is closed, the session state 862 information should also be released. Sensitive information, like 863 cryptographic keys, should be overwritten appropriately prior to 864 being released. 866 An error indication in statusInformation will typically include the 867 Object Identifier (OID) and value for an incremented error counter. 868 This may be accompanied by the requested securityLevel and the 869 tmStateReference. Per-message context information is not accessible 870 to Transport Models, so for the returned counter OID and value, 871 contextEngine would be set to the local value of snmpEngineID and 872 contextName to the default context for error counters. 874 5.1. Procedures for an Incoming Message 876 This section describes the procedures followed by the (D)TLS 877 Transport Model when it receives a (D)TLS protected packet. The 878 required functionality is broken into two different sections. 880 Section 5.1.1 describes the processing required for de-multiplexing 881 multiple DTLS connections, which is specifically needed for DTLS over 882 UDP sessions. It is assumed that TLS protocol implementations 883 already provide appropriate message demultiplexing. 885 Section 5.1.2 describes the transport processing required once the 886 (D)TLS processing has been completed. This will be needed for all 887 (D)TLS-based connections. 889 5.1.1. DTLS over UDP Processing for Incoming Messages 891 For connection-oriented transport protocols, such as TCP, the 892 transport protocol takes care of demultiplexing incoming packets to 893 the right connection. Depending on the DTLS implementation, for DTLS 894 over UDP, this demultiplexing may need to be done by the TLSTM 895 implementation. 897 Like TCP, DTLS over UDP uses the four-tuple for identifying the connection 899 (and relevant DTLS connection state). This means that when 900 establishing a new session, implementations MUST use a different UDP 901 source port number for each active connection to a remote destination 902 IP-address/port-number combination to ensure the remote entity can 903 disambiguate between multiple connections. 905 If demultiplexing received UDP datagrams to DTLS connection state is 906 done by the TLSTM implementation (instead of the DTLS 907 implementation), the steps below describe one possible method to 908 accomplish this. 910 The important output results from the steps in this process are the 911 remote transport address, incomingMessage, incomingMessageLength, and 912 the tlstmSessionID. 914 1) The TLS Transport Model examines the raw UDP message, in an 915 implementation-dependent manner. 917 2) The TLS Transport Model queries the LCD using the transport 918 parameters (source and destination IP addresses and ports) to 919 determine if a session already exists. 921 2a) f a matching entry in the LCD does not exist, then the UDP 922 packet is passed to the DTLS implementation for processing. 923 If the DTLS implementation decides to continue with the 924 connection and allocate state for it, it returns a new DTLS 925 connection handle (an implementation dependent detail). In 926 this case, TLSTM selects a new tlstmSessionId, and caches 927 this and the DTLS connection handle as a new entry in the 928 LCD (indexed by the transport parameters). If the DTLS 929 implementation returns an error or does not allocate 930 connection state (which can happen with the stateless cookie 931 exchange), processing stops. 933 2b) If a session does exist in the LCD then its DTLS connection 934 handle (an implementation dependent detail) and its 935 tlstmSessionId is extracted from the LCD. The UDP packet 936 and the connection handle is passed to the DTLS 937 implementation. If the DTLS implementation returns success 938 but does not return an incomingMessage and an 939 incomingMessageLength then processing stops (this is the 940 case when the UDP datagram contained DTLS handshake 941 messages, for example). If the DTLS implementation returns 942 an error then processing stops. 944 3) Retrieve the incomingMessage and an incomingMessageLength from 945 DTLS. These results and the tlstmSessionID are used below in 946 Section 5.1.2 to complete the processing of the incoming message. 948 5.1.2. Transport Processing for Incoming SNMP Messages 950 The procedures in this section describe how the TLS Transport Model 951 should process messages that have already been properly extracted 952 from the (D)TLS stream. Note that care must be taken when processing 953 messages originating from either TLS or DTLS to ensure they're 954 complete and single. For example, multiple SNMP messages can be 955 passed through a single DTLS message and partial SNMP messages may be 956 received from a TLS stream. These steps describe the processing of a 957 singular SNMP message after it has been delivered from the (D)TLS 958 stream. 960 1) Determine the tlstmSessionID for the incoming message. The 961 tlstmSessionID MUST be a unique session identifier for this 962 (D)TLS connection. The contents and format of this identifier 963 are implementation-dependent as long as it is unique to the 964 session. A session identifier MUST NOT be reused until all 965 references to it are no longer in use. The tmSessionID is equal 966 to the tlstmSessionID discussed in Section 5.1.1. tmSessionID 967 refers to the session identifier when stored in the 968 tmStateReference and tlstmSessionID refers to the session 969 identifier when stored in the LCD. They MUST always be equal 970 when processing a given session's traffic. 972 If this is the first message received through this session and 973 the session does not have an assigned tlstmSessionID yet then the 974 snmpTlstmSessionAccepts counter is incremented and a 975 tlstmSessionID for the session is created. This will only happen 976 on the server side of a connection because a client would have 977 already assigned a tlstmSessionID during the openSession() 978 invocation. Implementations may have performed the procedures 979 described in Section 5.3.2 prior to this point or they may 980 perform them now, but the procedures described in Section 5.3.2 981 MUST be performed before continuing beyond this point. 983 2) Create a tmStateReference cache for the subsequent reference and 984 assign the following values within it: 986 tmTransportDomain = snmpTLSTCPDomain or snmpDTLSUDPDomain as 987 appropriate. 989 tmTransportAddress = The address the message originated from. 991 tmSecurityLevel = The derived tmSecurityLevel for the session, 992 as discussed in Section 3.1.2 and Section 5.3. 994 tmSecurityName = The derived tmSecurityName for the session as 995 discussed in Section 5.3. This value MUST be constant during 996 the lifetime of the session. 998 tmSessionID = The tlstmSessionID described in step 1 above. 1000 3) The incomingMessage and incomingMessageLength are assigned values 1001 from the (D)TLS processing. 1003 4) The TLS Transport Model passes the transportDomain, 1004 transportAddress, incomingMessage, and incomingMessageLength to 1005 the Dispatcher using the receiveMessage ASI: 1007 statusInformation = 1008 receiveMessage( 1009 IN transportDomain -- snmpTLSTCPDomain or snmpDTLSUDPDomain, 1010 IN transportAddress -- address for the received message 1011 IN incomingMessage -- the whole SNMP message from (D)TLS 1012 IN incomingMessageLength -- the length of the SNMP message 1013 IN tmStateReference -- transport info 1014 ) 1016 5.2. Procedures for an Outgoing SNMP Message 1018 The Dispatcher sends a message to the TLS Transport Model using the 1019 following ASI: 1021 statusInformation = 1022 sendMessage( 1023 IN destTransportDomain -- transport domain to be used 1024 IN destTransportAddress -- transport address to be used 1025 IN outgoingMessage -- the message to send 1026 IN outgoingMessageLength -- its length 1027 IN tmStateReference -- transport info 1028 ) 1030 This section describes the procedure followed by the TLS Transport 1031 Model whenever it is requested through this ASI to send a message. 1033 1) If tmStateReference does not refer to a cache containing values 1034 for tmTransportDomain, tmTransportAddress, tmSecurityName, 1035 tmRequestedSecurityLevel, and tmSameSecurity, then increment the 1036 snmpTlstmSessionInvalidCaches counter, discard the message, and 1037 return the error indication in the statusInformation. Processing 1038 of this message stops. 1040 2) Extract the tmSessionID, tmTransportDomain, tmTransportAddress, 1041 tmSecurityName, tmRequestedSecurityLevel, and tmSameSecurity 1042 values from the tmStateReference. Note: The tmSessionID value 1043 may be undefined if no session exists yet over which the message 1044 can be sent. 1046 3) If tmSameSecurity is true and either tmSessionID is undefined or 1047 refers to a session that is no longer open then increment the 1048 snmpTlstmSessionNoSessions counter, discard the message and 1049 return the error indication in the statusInformation. Processing 1050 of this message stops. 1052 4) If tmSameSecurity is false and tmSessionID refers to a session 1053 that is no longer available then an implementation SHOULD open a 1054 new session using the openSession() ASI (described in greater 1055 detail in step 5b). Instead of opening a new session an 1056 implementation MAY return a snmpTlstmSessionNoSessions error to 1057 the calling module and stop processing of the message. 1059 5) If tmSessionID is undefined, then use tmTransportDomain, 1060 tmTransportAddress, tmSecurityName and tmRequestedSecurityLevel 1061 to see if there is a corresponding entry in the LCD suitable to 1062 send the message over. 1064 5a) If there is a corresponding LCD entry, then this session 1065 will be used to send the message. 1067 5b) If there is not a corresponding LCD entry, then open a 1068 session using the openSession() ASI (discussed further in 1069 Section 5.3.1). Implementations MAY wish to offer message 1070 buffering to prevent redundant openSession() calls for the 1071 same cache entry. If an error is returned from 1072 openSession(), then discard the message, discard the 1073 tmStateReference, increment the snmpTlstmSessionOpenErrors, 1074 return an error indication to the calling module and stop 1075 processing of the message. 1077 6) Using either the session indicated by the tmSessionID if there 1078 was one or the session resulting from a previous step (4 or 5), 1079 pass the outgoingMessage to (D)TLS for encapsulation and 1080 transmission. 1082 5.3. Establishing or Accepting a Session 1084 Establishing a (D)TLS connection as either a client or a server 1085 requires slightly different processing. The following two sections 1086 describe the necessary processing steps. 1088 5.3.1. Establishing a Session as a Client 1090 The TLS Transport Model provides the following primitive for use by a 1091 client to establish a new (D)TLS connection: 1093 statusInformation = -- errorIndication or success 1094 openSession( 1095 IN tmStateReference -- transport information to be used 1096 OUT tmStateReference -- transport information to be used 1097 IN maxMessageSize -- of the sending SNMP entity 1098 ) 1100 The following describes the procedure to follow when establishing a 1101 SNMP over (D)TLS connection between SNMP engines for exchanging SNMP 1102 messages. This process is followed by any SNMP client's engine when 1103 establishing a session for subsequent use. 1105 This MAY be done automatically for an SNMP application that initiates 1106 a transaction, such as a command generator, a notification 1107 originator, or a proxy forwarder. 1109 1) The snmpTlstmSessionOpens counter is incremented. 1111 2) The client selects the appropriate certificate and cipher_suites 1112 for the key agreement based on the tmSecurityName and the 1113 tmRequestedSecurityLevel for the session. For sessions being 1114 established as a result of a SNMP-TARGET-MIB based operation, the 1115 certificate will potentially have been identified via the 1116 tlstmParamsTable mapping and the cipher_suites will have to be 1117 taken from system-wide or implementation-specific configuration. 1118 If no row in the tlstmParamsTable exists then implementations MAY 1119 choose to establish the connection using a default client 1120 certificate available to the application. Otherwise, the 1121 certificate and appropriate cipher_suites will need to be passed 1122 to the openSession() ASI as supplemental information or 1123 configured through an implementation-dependent mechanism. It is 1124 also implementation-dependent and possibly policy-dependent how 1125 tmRequestedSecurityLevel will be used to influence the security 1126 capabilities provided by the (D)TLS connection. However this is 1127 done, the security capabilities provided by (D)TLS MUST be at 1128 least as high as the level of security indicated by the 1129 tmRequestedSecurityLevel parameter. The actual security level of 1130 the session is reported in the tmStateReference cache as 1131 tmSecurityLevel. For (D)TLS to provide strong authentication, 1132 each principal acting as a command generator SHOULD have its own 1133 certificate. 1135 3) Using the destTransportDomain and destTransportAddress values, 1136 the client will initiate the (D)TLS handshake protocol to 1137 establish session keys for message integrity and encryption. 1139 If the attempt to establish a session is unsuccessful, then 1140 snmpTlstmSessionOpenErrors is incremented, an error indication is 1141 returned, and processing stops. If the session failed to open 1142 because the presented server certificate was unknown or invalid 1143 then the snmpTlstmSessionUnknownServerCertificate or 1144 snmpTlstmSessionInvalidServerCertificates MUST be incremented and 1145 a tlstmServerCertificateUnknown or tlstmServerInvalidCertificate 1146 notification SHOULD be sent as appropriate. Reasons for server 1147 certificate invalidation includes, but is not limited to, 1148 cryptographic validation failures and an unexpected presented 1149 certificate identity. 1151 4) The (D)TLS client MUST then verify that the (D)TLS server's 1152 presented certificate is the expected certificate. The (D)TLS 1153 client MUST NOT transmit SNMP messages until the server 1154 certificate has been authenticated and the client certificate has 1155 been transmitted. 1157 If the connection is being established from configuration based 1158 on SNMP-TARGET-MIB configuration, then the tlstmAddrTable 1159 DESCRIPTION clause describes how the verification is done (using 1160 either a certificate fingerprint, or an identity authenticated 1161 via certification path validation). 1163 If the connection is being established for reasons other than 1164 configuration found in the SNMP-TARGET-MIB then configuration and 1165 procedures outside the scope of this document should be followed. 1166 Configuration mechanisms SHOULD be similar in nature to those 1167 defined in the tlstmAddrTable to ensure consistency across 1168 management configuration systems. For example, a command-line 1169 tool for generating SNMP GETs might support specifying either the 1170 server's certificate fingerprint or the expected host name as a 1171 command line argument. 1173 5) (D)TLS provides assurance that the authenticated identity has 1174 been signed by a trusted configured certification authority. If 1175 verification of the server's certificate fails in any way (for 1176 example because of failures in cryptographic verification or the 1177 presented identity did not match the expected named entity) then 1178 the session establishment MUST fail, the 1179 snmpTlstmSessionInvalidServerCertificates object is incremented. 1180 If the session can not be opened for any reason at all, including 1181 cryptographic verification failures, then the 1182 snmpTlstmSessionOpenErrors counter is incremented and processing 1183 stops. 1185 6) The TLSTM-specific session identifier (tlstmSessionID) is set in 1186 the tmSessionID of the tmStateReference passed to the TLS 1187 Transport Model to indicate that the session has been established 1188 successfully and to point to a specific (D)TLS connection for 1189 future use. The tlstmSessionID is also stored in the LCD for 1190 later lookup during processing of incoming messages 1191 (Section 5.1.2). 1193 5.3.2. Accepting a Session as a Server 1195 A (D)TLS server should accept new session connections from any client 1196 that it is able to verify the client's credentials for. This is done 1197 by authenticating the client's presented certificate through a 1198 certificate path validation process (e.g. [RFC5280]) or through 1199 certificate fingerprint verification using fingerprints configure in 1200 the tlstmCertToTSNTable. Afterward the server will determine the 1201 identity of the remote entity using the following procedures. 1203 The (D)TLS server identifies the authenticated identity from the 1204 (D)TLS client's principal certificate using configuration information 1205 from the tlstmCertToTSNTable mapping table. The (D)TLS server MUST 1206 request and expect a certificate from the client and MUST NOT accept 1207 SNMP messages over the (D)TLS connection until the client has sent a 1208 certificate and it has been authenticated. The resulting derived 1209 tmSecurityName is recorded in the tmStateReference cache as 1210 tmSecurityName. The details of the lookup process are fully 1211 described in the DESCRIPTION clause of the tlstmCertToTSNTable MIB 1212 object. If any verification fails in any way (for example because of 1213 failures in cryptographic verification or because of the lack of an 1214 appropriate row in the tlstmCertToTSNTable) then the session 1215 establishment MUST fail, the 1216 snmpTlstmSessionInvalidClientCertificates object is incremented. If 1217 the session can not be opened for any reason at all, including 1218 cryptographic verification failures, then the 1219 snmpTlstmSessionOpenErrors counter is incremented and processing 1220 stops. 1222 Servers that wish to support multiple principals at a particular port 1223 SHOULD make use of a (D)TLS extension that allows server-side 1224 principal selection like the Server Name Indication extension defined 1225 in Section 3.1 of [RFC4366]. Supporting this will allow, for 1226 example, sending notifications to a specific principal at a given TCP 1227 or UDP port. 1229 5.4. Closing a Session 1231 The TLS Transport Model provides the following primitive to close a 1232 session: 1234 statusInformation = 1235 closeSession( 1236 IN tmSessionID -- session ID of the session to be closed 1237 ) 1239 The following describes the procedure to follow to close a session 1240 between a client and server. This process is followed by any SNMP 1241 engine closing the corresponding SNMP session. 1243 1) Increment either the snmpTlstmSessionClientCloses or the 1244 snmpTlstmSessionServerCloses counter as appropriate. 1246 2) Look up the session using the tmSessionID. 1248 3) If there is no open session associated with the tmSessionID, then 1249 closeSession processing is completed. 1251 4) Have (D)TLS close the specified connection. This SHOULD include 1252 sending a close_notify TLS Alert to inform the other side that 1253 session cleanup may be performed. 1255 6. MIB Module Overview 1257 This MIB module provides management of the TLS Transport Model. It 1258 defines needed textual conventions, statistical counters, 1259 notifications and configuration infrastructure necessary for session 1260 establishment. Example usage of the configuration tables can be 1261 found in Appendix A. 1263 6.1. Structure of the MIB Module 1265 Objects in this MIB module are arranged into subtrees. Each subtree 1266 is organized as a set of related objects. The overall structure and 1267 assignment of objects to their subtrees, and the intended purpose of 1268 each subtree, is shown below. 1270 6.2. Textual Conventions 1272 Generic and Common Textual Conventions used in this module can be 1273 found summarized at http://www.ops.ietf.org/mib-common-tcs.html 1274 This module defines the following new Textual Conventions: 1276 o A new TransportAddress format for describing (D)TLS connection 1277 addressing requirements. 1279 o A certificate fingerprint allowing MIB module objects to 1280 generically refer to a stored X.509 certificate using a 1281 cryptographic hash as a reference pointer. 1283 6.3. Statistical Counters 1285 The TLSTM-MIB defines some counters that can provide network 1286 management stations with information about session usage and 1287 potential errors that a MIB-instrumented device may be experiencing. 1289 6.4. Configuration Tables 1291 The TLSTM-MIB defines configuration tables that an administrator can 1292 use for configuring a MIB-instrumented device for sending and 1293 receiving SNMP messages over (D)TLS. In particular, there are MIB 1294 tables that extend the SNMP-TARGET-MIB for configuring (D)TLS 1295 certificate usage and a MIB table for mapping incoming (D)TLS client 1296 certificates to SNMPv3 securityNames. 1298 6.4.1. Notifications 1300 The TLSTM-MIB defines notifications to alert management stations when 1301 a (D)TLS connection fails because a server's presented certificate 1302 did not meet an expected value (tlstmServerCertificateUnknown) or 1303 because cryptographic validation failed 1304 (tlstmServerInvalidCertificate). 1306 6.5. Relationship to Other MIB Modules 1308 Some management objects defined in other MIB modules are applicable 1309 to an entity implementing the TLS Transport Model. In particular, it 1310 is assumed that an entity implementing the TLSTM-MIB will implement 1311 the SNMPv2-MIB [RFC3418], the SNMP-FRAMEWORK-MIB [RFC3411], the SNMP- 1312 TARGET-MIB [RFC3413], the SNMP-NOTIFICATION-MIB [RFC3413] and the 1313 SNMP-VIEW-BASED-ACM-MIB [RFC3415]. 1315 The TLSTM-MIB module contained in this document is for managing TLS 1316 Transport Model information. 1318 6.5.1. MIB Modules Required for IMPORTS 1320 The TLSTM-MIB module imports items from SNMPv2-SMI [RFC2578], 1321 SNMPv2-TC [RFC2579], SNMP-FRAMEWORK-MIB [RFC3411], SNMP-TARGET-MIB 1323 [RFC3413] and SNMPv2-CONF [RFC2580]. 1325 7. MIB Module Definition 1327 TLSTM-MIB DEFINITIONS ::= BEGIN 1329 IMPORTS 1330 MODULE-IDENTITY, OBJECT-TYPE, 1331 OBJECT-IDENTITY, snmpModules, snmpDomains, 1332 Counter32, Unsigned32, NOTIFICATION-TYPE 1333 FROM SNMPv2-SMI 1334 TEXTUAL-CONVENTION, TimeStamp, RowStatus, StorageType, 1335 AutonomousType 1336 FROM SNMPv2-TC 1337 MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP 1338 FROM SNMPv2-CONF 1339 SnmpAdminString 1340 FROM SNMP-FRAMEWORK-MIB 1341 snmpTargetParamsName, snmpTargetAddrName 1342 FROM SNMP-TARGET-MIB 1343 ; 1345 tlstmMIB MODULE-IDENTITY 1346 LAST-UPDATED "201003060000Z" 1347 ORGANIZATION "ISMS Working Group" 1348 CONTACT-INFO "WG-EMail: isms@lists.ietf.org 1349 Subscribe: isms-request@lists.ietf.org 1351 Chairs: 1352 Juergen Schoenwaelder 1353 Jacobs University Bremen 1354 Campus Ring 1 1355 28725 Bremen 1356 Germany 1357 +49 421 200-3587 1358 j.schoenwaelder@jacobs-university.de 1360 Russ Mundy 1361 SPARTA, Inc. 1362 7110 Samuel Morse Drive 1363 Columbia, MD 21046 1364 USA 1366 Co-editors: 1367 Wes Hardaker 1368 Sparta, Inc. 1370 P.O. Box 382 1371 Davis, CA 95617 1372 USA 1373 ietf@hardakers.net 1374 " 1376 DESCRIPTION " 1377 The TLS Transport Model MIB 1379 Copyright (c) 2010 IETF Trust and the persons identified as 1380 the document authors. All rights reserved. 1382 Redistribution and use in source and binary forms, with or 1383 without modification, is permitted pursuant to, and subject 1384 to the license terms contained in, the Simplified BSD License 1385 set forth in Section 4.c of the IETF Trust's Legal Provisions 1386 Relating to IETF Documents 1387 (http://trustee.ietf.org/license-info). 1389 This version of this MIB module is part of RFC XXXX; 1390 see the RFC itself for full legal notices." 1392 -- NOTE to RFC editor: replace XXXX with actual RFC number 1393 -- for this document and remove this note 1395 REVISION "201003060000Z" 1396 DESCRIPTION "The initial version, published in RFC XXXX." 1397 -- NOTE to RFC editor: replace XXXX with actual RFC number 1398 -- for this document and remove this note 1400 ::= { snmpModules xxxx } 1401 -- RFC Ed.: replace xxxx with IANA-assigned number and 1402 -- remove this note 1404 -- ************************************************ 1405 -- subtrees of the TLSTM-MIB 1406 -- ************************************************ 1408 tlstmNotifications OBJECT IDENTIFIER ::= { tlstmMIB 0 } 1409 tlstmIdentities OBJECT IDENTIFIER ::= { tlstmMIB 1 } 1410 tlstmObjects OBJECT IDENTIFIER ::= { tlstmMIB 2 } 1411 tlstmConformance OBJECT IDENTIFIER ::= { tlstmMIB 3 } 1413 -- ************************************************ 1414 -- tlstmObjects - Objects 1415 -- ************************************************ 1417 snmpTLSTCPDomain OBJECT-IDENTITY 1418 STATUS current 1419 DESCRIPTION 1420 "The SNMP over TLS transport domain. The corresponding 1421 transport address is of type SnmpTLSAddress. 1423 The securityName prefix to be associated with the 1424 snmpTLSTCPDomain is 'tls'. This prefix may be used by 1425 security models or other components to identify which secure 1426 transport infrastructure authenticated a securityName." 1428 ::= { snmpDomains xx } 1430 -- RFC Ed.: replace xx with IANA-assigned number and 1431 -- remove this note 1433 -- RFC Ed.: replace 'tls' with the actual IANA assigned prefix string 1434 -- if 'tls' is not assigned to this document. 1436 snmpDTLSUDPDomain OBJECT-IDENTITY 1437 STATUS current 1438 DESCRIPTION 1439 "The SNMP over DTLS/UDP transport domain. The corresponding 1440 transport address is of type SnmpTLSAddress. 1442 The securityName prefix to be associated with the 1443 snmpDTLSUDPDomain is 'dudp'. This prefix may be used by 1444 security models or other components to identify which secure 1445 transport infrastructure authenticated a securityName." 1447 ::= { snmpDomains yy } 1449 -- RFC Ed.: replace yy with IANA-assigned number and 1450 -- remove this note 1452 -- RFC Ed.: replace 'dudp' with the actual IANA assigned prefix string 1453 -- if 'dudp' is not assigned to this document. 1455 SnmpTLSAddress ::= TEXTUAL-CONVENTION 1456 DISPLAY-HINT "1a" 1457 STATUS current 1458 DESCRIPTION 1459 "Represents a IPv4 address, an IPv6 address or an US-ASCII 1460 encoded hostname and port number. 1462 An IPv4 address must be in dotted decimal format followed by a 1463 colon ':' (US-ASCII character 0x3A) and a decimal port number 1464 in US-ASCII. 1466 An IPv6 address must be a colon separated format, surrounded 1467 by square brackets ('[', US-ASCII character 0x5B, and ']', 1468 US-ASCII character 0x5D), followed by a colon ':' (US-ASCII 1469 character 0x3A) and a decimal port number in US-ASCII. 1471 A hostname is always in US-ASCII (as per RFC1033); 1472 internationalized hostnames are encoded in US-ASCII as 1473 specified in RFC 3490. The hostname is followed by a colon 1474 ':' (US-ASCII character 0x3A) and a decimal port number in 1475 US-ASCII. The name SHOULD be fully qualified whenever 1476 possible. 1478 Values of this textual convention may not be directly usable 1479 as transport-layer addressing information, and may require 1480 run-time resolution. As such, applications that write them 1481 must be prepared for handling errors if such values are not 1482 supported, or cannot be resolved (if resolution occurs at the 1483 time of the management operation). 1485 The DESCRIPTION clause of TransportAddress objects that may 1486 have SnmpTLSAddress values must fully describe how (and 1487 when) such names are to be resolved to IP addresses and vice 1488 versa. 1490 This textual convention SHOULD NOT be used directly in object 1491 definitions since it restricts addresses to a specific 1492 format. However, if it is used, it MAY be used either on its 1493 own or in conjunction with TransportAddressType or 1494 TransportDomain as a pair. 1496 When this textual convention is used as a syntax of an index 1497 object, there may be issues with the limit of 128 1498 sub-identifiers specified in SMIv2 (STD 58). It is RECOMMENDED 1499 that all MIB documents using this textual convention make 1500 explicit any limitations on index component lengths that 1501 management software must observe. This may be done either by 1502 including SIZE constraints on the index components or by 1503 specifying applicable constraints in the conceptual row 1504 DESCRIPTION clause or in the surrounding documentation." 1505 REFERENCE 1506 "RFC 1033: DOMAIN ADMINISTRATORS OPERATIONS GUIDE 1507 RFC 3490: Internationalizing Domain Names in Applications 1508 RFC 3986: Uniform Resource Identifier (URI): Generic Syntax 1509 RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2 1510 " 1511 SYNTAX OCTET STRING (SIZE (1..255)) 1513 Fingerprint ::= TEXTUAL-CONVENTION 1514 DISPLAY-HINT "1x:254x" 1515 STATUS current 1516 DESCRIPTION 1517 "A Fingerprint value that can be used to uniquely reference 1518 other data of potentially arbitrary length. 1520 A Fingerprint value is composed of a 1-octet hashing algorithm 1521 identifier followed by the fingerprint value. The octet value 1522 encoded is taken from the IANA TLS HashAlgorithm Registry 1523 (RFC5246). The remaining octets are filled using the results 1524 of the hashing algorithm. 1526 This TEXTUAL-CONVENTION allows for a zero-length (blank) 1527 Fingerprint value for use in tables where the fingerprint value 1528 may be optional. MIB definitions or implementations may refuse 1529 to accept a zero-length value as appropriate." 1530 REFERENCE 1531 "RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2 1532 http://www.iana.org/assignments/tls-parameters/ 1533 " 1534 SYNTAX OCTET STRING (SIZE (0..255)) 1536 -- Identities for use in the tlstmCertToTSNTable 1538 tlstmCertToTSNMIdentities OBJECT IDENTIFIER ::= { tlstmIdentities 1 } 1540 tlstmCertSpecified OBJECT-IDENTITY 1541 STATUS current 1542 DESCRIPTION "Directly specifies the tmSecurityName to be used for 1543 this certificate. The value of the tmSecurityName 1544 to use is specified in the tlstmCertToTSNData 1545 column. The tlstmCertToTSNData column must contain 1546 a non-zero length SnmpAdminString compliant value or 1547 the mapping described in this row must be considered 1548 a failure." 1549 ::= { tlstmCertToTSNMIdentities 1 } 1551 tlstmCertSANRFC822Name OBJECT-IDENTITY 1552 STATUS current 1553 DESCRIPTION "Maps a subjectAltName's rfc822Name to a 1554 tmSecurityName. The local part of the rfc822Name is 1555 passed unaltered but the host-part of the name must 1556 be passed in lower case. 1558 Example rfc822Name Field: FooBar@Example.COM 1559 is mapped to tmSecurityName: FooBar@example.com" 1560 ::= { tlstmCertToTSNMIdentities 2 } 1562 tlstmCertSANDNSName OBJECT-IDENTITY 1563 STATUS current 1564 DESCRIPTION "Maps a subjectAltName's dNSName to a 1565 tmSecurityName after first converting it to all 1566 lower case." 1567 ::= { tlstmCertToTSNMIdentities 3 } 1569 tlstmCertSANIpAddress OBJECT-IDENTITY 1570 STATUS current 1571 DESCRIPTION "Maps a subjectAltName's iPAddress to a 1572 tmSecurityName by transforming the binary encoded 1573 address as follows: 1575 1) for IPv4 the value is converted into a decimal 1576 dotted quad address (e.g. '192.0.2.1') 1578 2) for IPv6 addresses the value is converted into a 1579 32-character all lowercase hexadecimal string 1580 without any colon separators. 1582 Note that the resulting length is the maximum 1583 length supported by the View-Based Access Control 1584 Model (VACM). Note that using both the Transport 1585 Security Model's support for transport prefixes 1586 (see the SNMP-TSM-MIB's 1587 snmpTsmConfigurationUsePrefix object for details) 1588 will result in securityName lengths that exceed 1589 what VACM can handle." 1590 ::= { tlstmCertToTSNMIdentities 4 } 1592 tlstmCertSANAny OBJECT-IDENTITY 1593 STATUS current 1594 DESCRIPTION "Maps any of the following fields using the 1595 corresponding mapping algorithms: 1597 |------------+------------------------| 1598 | Type | Algorithm | 1599 |------------+------------------------| 1600 | rfc822Name | tlstmCertSANRFC822Name | 1601 | dNSName | tlstmCertSANDNSName | 1602 | iPAddress | tlstmCertSANIpAddress | 1603 |------------+------------------------| 1605 The first matching subjectAltName value found in the 1606 certificate of the above types MUST be used when 1607 deriving the tmSecurityName." 1608 ::= { tlstmCertToTSNMIdentities 5 } 1610 tlstmCertCommonName OBJECT-IDENTITY 1611 STATUS current 1613 DESCRIPTION "Maps a certificate's CommonName to a tmSecurityName 1614 after converting it to a UTF-8 encoding." 1615 ::= { tlstmCertToTSNMIdentities 6 } 1617 -- The snmpTlstmSession Group 1619 snmpTlstmSession OBJECT IDENTIFIER ::= { tlstmObjects 1 } 1621 snmpTlstmSessionOpens OBJECT-TYPE 1622 SYNTAX Counter32 1623 MAX-ACCESS read-only 1624 STATUS current 1625 DESCRIPTION 1626 "The number of times an openSession() request has been executed 1627 as an (D)TLS client, regardless of whether it succeeded or 1628 failed." 1629 ::= { snmpTlstmSession 1 } 1631 snmpTlstmSessionClientCloses OBJECT-TYPE 1632 SYNTAX Counter32 1633 MAX-ACCESS read-only 1634 STATUS current 1635 DESCRIPTION 1636 "The number of times a closeSession() request has been 1637 executed as an (D)TLS client, regardless of whether it 1638 succeeded or failed." 1639 ::= { snmpTlstmSession 2 } 1641 snmpTlstmSessionOpenErrors OBJECT-TYPE 1642 SYNTAX Counter32 1643 MAX-ACCESS read-only 1644 STATUS current 1645 DESCRIPTION 1646 "The number of times an openSession() request failed to open a 1647 session as a (D)TLS client, for any reason." 1648 ::= { snmpTlstmSession 3 } 1650 snmpTlstmSessionAccepts OBJECT-TYPE 1651 SYNTAX Counter32 1652 MAX-ACCESS read-only 1653 STATUS current 1654 DESCRIPTION 1655 "The number of times a (D)TLS server has accepted a new 1656 connection from a client and has received at least one SNMP 1657 message through it." 1659 ::= { snmpTlstmSession 4 } 1661 snmpTlstmSessionServerCloses OBJECT-TYPE 1662 SYNTAX Counter32 1663 MAX-ACCESS read-only 1664 STATUS current 1665 DESCRIPTION 1666 "The number of times a closeSession() request has been 1667 executed as an (D)TLS server, regardless of whether it 1668 succeeded or failed." 1669 ::= { snmpTlstmSession 5 } 1671 snmpTlstmSessionNoSessions OBJECT-TYPE 1672 SYNTAX Counter32 1673 MAX-ACCESS read-only 1674 STATUS current 1675 DESCRIPTION 1676 "The number of times an outgoing message was dropped because 1677 the session associated with the passed tmStateReference was no 1678 longer (or was never) available." 1679 ::= { snmpTlstmSession 6 } 1681 snmpTlstmSessionInvalidClientCertificates OBJECT-TYPE 1682 SYNTAX Counter32 1683 MAX-ACCESS read-only 1684 STATUS current 1685 DESCRIPTION 1686 "The number of times an incoming session was not established 1687 on an (D)TLS server because the presented client certificate was 1688 invalid. Reasons for invalidation include, but are not 1689 limited to, cryptographic validation failures or lack of a 1690 suitable mapping row in the tlstmCertToTSNTable." 1691 ::= { snmpTlstmSession 7 } 1693 snmpTlstmSessionUnknownServerCertificate OBJECT-TYPE 1694 SYNTAX Counter32 1695 MAX-ACCESS read-only 1696 STATUS current 1697 DESCRIPTION 1698 "The number of times an outgoing session was not established 1699 on an (D)TLS client because the server certificate presented 1700 by a SNMP over (D)TLS server was invalid because no 1701 configured fingerprint or CA was acceptable to validate it. 1702 This may result because there was no entry in the 1703 tlstmAddrTable or because no path could be found to a known 1704 certification authority." 1705 ::= { snmpTlstmSession 8 } 1707 snmpTlstmSessionInvalidServerCertificates OBJECT-TYPE 1708 SYNTAX Counter32 1709 MAX-ACCESS read-only 1710 STATUS current 1711 DESCRIPTION 1712 "The number of times an outgoing session was not established 1713 on an (D)TLS client because the server certificate presented 1714 by an SNMP over (D)TLS server could not be validated even if 1715 the fingerprint or expected validation path was known. I.E., 1716 a cryptographic validation error occurred during certificate 1717 validation processing. 1719 Reasons for invalidation include, but are not 1720 limited to, cryptographic validation failures." 1721 ::= { snmpTlstmSession 9 } 1723 snmpTlstmSessionInvalidCaches OBJECT-TYPE 1724 SYNTAX Counter32 1725 MAX-ACCESS read-only 1726 STATUS current 1727 DESCRIPTION 1728 "The number of outgoing messages dropped because the 1729 tmStateReference referred to an invalid cache." 1730 ::= { snmpTlstmSession 10 } 1732 -- Configuration Objects 1734 tlstmConfig OBJECT IDENTIFIER ::= { tlstmObjects 2 } 1736 -- Certificate mapping 1738 tlstmCertificateMapping OBJECT IDENTIFIER ::= { tlstmConfig 1 } 1740 tlstmCertToTSNCount OBJECT-TYPE 1741 SYNTAX Unsigned32 1742 MAX-ACCESS read-only 1743 STATUS current 1744 DESCRIPTION 1745 "A count of the number of entries in the tlstmCertToTSNTable" 1746 ::= { tlstmCertificateMapping 1 } 1748 tlstmCertToTSNTableLastChanged OBJECT-TYPE 1749 SYNTAX TimeStamp 1750 MAX-ACCESS read-only 1751 STATUS current 1752 DESCRIPTION 1753 "The value of sysUpTime.0 when the tlstmCertToTSNTable 1754 was last modified through any means, or 0 if it has not been 1755 modified since the command responder was started." 1756 ::= { tlstmCertificateMapping 2 } 1758 tlstmCertToTSNTable OBJECT-TYPE 1759 SYNTAX SEQUENCE OF TlstmCertToTSNEntry 1760 MAX-ACCESS not-accessible 1761 STATUS current 1762 DESCRIPTION 1763 "A table listing the fingerprints of X.509 certificates known 1764 to the entity and the associated method for determining the 1765 SNMPv3 security name from a certificate. 1767 On an incoming (D)TLS/SNMP connection the client's presented 1768 certificate must be examined and validated based on an 1769 established trusted path from a CA certificate or self-signed 1770 public certificate (e.g. RFC5280). This table provides a 1771 mapping from a validated certificate to a tmSecurityName. 1772 This table does not provide any mechanisms for uploading 1773 trusted certificates; the transfer of any needed trusted 1774 certificates for path validation is expected to occur through 1775 an out-of-band transfer. 1777 Once the authenticity of a certificate has been verified, this 1778 table is consulted to determine the appropriate tmSecurityName 1779 to identify with the remote connection. This is done by 1780 considering each active row from this table in prioritized 1781 order according to its tlstmCertToTSNID value. Each row's 1782 tlstmCertToTSNFingerprint value determines whether the row is a 1783 match for the incoming connection: 1785 1) If the row's tlstmCertToTSNFingerprint value identifies 1786 the presented certificate then consider the row as a 1787 successful match. 1789 2) If the row's tlstmCertToTSNFingerprint value identifies 1790 a locally held copy of a trusted CA certificate and 1791 that CA certificate was used to validate the path to 1792 the presented certificate then consider the row as a 1793 successful match. 1795 Once a matching row has been found, the tlstmCertToTSNMapType 1796 value can be used to determine how the tmSecurityName to 1797 associate with the session should be determined. See the 1798 tlstmCertToTSNMapType column's DESCRIPTION for details on 1799 determining the tmSecurityName value. If it is impossible to 1800 determine a tmSecurityName from the row's data combined with the 1801 data presented in the certificate then additional rows MUST be 1802 searched looking for another potential match. If a resulting 1803 tmSecurityName mapped from a given row is not compatible with 1804 the needed requirements of a tmSecurityName (e.g., VACM imposes 1805 a 32-octet-maximum length and the certificate derived 1806 securityName could be longer) then it must be considered an 1807 invalid match and additional rows MUST be searched looking for 1808 another potential match. 1810 Missing values of tlstmCertToTSNID are acceptable and 1811 implementations should continue to the next highest numbered 1812 row. E.G., the table may legally contain only two rows with 1813 tlstmCertToTSNID values of 10 and 20. 1815 Users are encouraged to make use of certificates with 1816 subjectAltName fields that can be used as tmSecurityNames so 1817 that a single root CA certificate can allow all child 1818 certificate's subjectAltName to map directly to a 1819 tmSecurityName via a 1:1 transformation. However, this table 1820 is flexible to allow for situations where existing deployed 1821 certificate infrastructures do not provide adequate 1822 subjectAltName values for use as tmSecurityNames. 1823 Certificates may also be mapped to tmSecurityNames using the 1824 CommonName portion of the Subject field. However, the usage 1825 of the CommonName field is deprecated and thus this usage is 1826 NOT RECOMMENDED. Direct mapping from each individual 1827 certificate fingerprint to a tmSecurityName is also possible 1828 but requires one entry in the table per tmSecurityName and 1829 requires more management operations to completely configure a 1830 device." 1831 ::= { tlstmCertificateMapping 3 } 1833 tlstmCertToTSNEntry OBJECT-TYPE 1834 SYNTAX TlstmCertToTSNEntry 1835 MAX-ACCESS not-accessible 1836 STATUS current 1837 DESCRIPTION 1838 "A row in the tlstmCertToTSNTable that specifies a mapping for 1839 an incoming (D)TLS certificate to a tmSecurityName to use for a 1840 connection." 1841 INDEX { tlstmCertToTSNID } 1842 ::= { tlstmCertToTSNTable 1 } 1844 TlstmCertToTSNEntry ::= SEQUENCE { 1845 tlstmCertToTSNID Unsigned32, 1846 tlstmCertToTSNFingerprint Fingerprint, 1847 tlstmCertToTSNMapType AutonomousType, 1848 tlstmCertToTSNData OCTET STRING, 1849 tlstmCertToTSNStorageType StorageType, 1850 tlstmCertToTSNRowStatus RowStatus 1852 } 1854 tlstmCertToTSNID OBJECT-TYPE 1855 SYNTAX Unsigned32 (1..4294967295) 1856 MAX-ACCESS not-accessible 1857 STATUS current 1858 DESCRIPTION 1859 "A unique, prioritized index for the given entry. Lower 1860 numbers indicate a higher priority." 1861 ::= { tlstmCertToTSNEntry 1 } 1863 tlstmCertToTSNFingerprint OBJECT-TYPE 1864 SYNTAX Fingerprint (SIZE(1..255)) 1865 MAX-ACCESS read-create 1866 STATUS current 1867 DESCRIPTION 1868 "A cryptographic hash of a X.509 certificate. The results of 1869 a successful matching fingerprint to either the trusted CA in 1870 the certificate validation path or to the certificate itself 1871 is dictated by the tlstmCertToTSNMapType column." 1872 ::= { tlstmCertToTSNEntry 2 } 1874 tlstmCertToTSNMapType OBJECT-TYPE 1875 SYNTAX AutonomousType 1876 MAX-ACCESS read-create 1877 STATUS current 1878 DESCRIPTION 1879 "Specifies the mapping type for deriving a tmSecurityName from a 1880 certificate. Details for mapping of a particular type SHALL 1881 be specified in the DESCRIPTION clause of the OBJECT-IDENTITY 1882 that describes the mapping. If a mapping succeeds it will 1883 return a tmSecurityName for use by the TLSTM model and 1884 processing stops. 1886 If the resulting mapped value is not compatible with the 1887 needed requirements of a tmSecurityName (e.g., VACM imposes a 1888 32-octet-maximum length and the certificate derived 1889 securityName could be longer) then future rows MUST be 1890 searched for additional tlstmCertToTSNFingerprint matches to 1891 look for a mapping that succeeds." 1892 DEFVAL { tlstmCertSpecified } 1893 ::= { tlstmCertToTSNEntry 3 } 1895 tlstmCertToTSNData OBJECT-TYPE 1896 SYNTAX OCTET STRING (SIZE(0..1024)) 1897 MAX-ACCESS read-create 1898 STATUS current 1899 DESCRIPTION 1900 "Auxiliary data used as optional configuration information for 1901 a given mapping specified by the tlstmCertToTSNMapType column. 1902 Only some mapping systems will make use of this column. The 1903 value in this column MUST be ignored for any mapping type that 1904 does not require data present in this column." 1905 DEFVAL { "" } 1906 ::= { tlstmCertToTSNEntry 4 } 1908 tlstmCertToTSNStorageType OBJECT-TYPE 1909 SYNTAX StorageType 1910 MAX-ACCESS read-create 1911 STATUS current 1912 DESCRIPTION 1913 "The storage type for this conceptual row. Conceptual rows 1914 having the value 'permanent' need not allow write-access to 1915 any columnar objects in the row." 1916 DEFVAL { nonVolatile } 1917 ::= { tlstmCertToTSNEntry 5 } 1919 tlstmCertToTSNRowStatus OBJECT-TYPE 1920 SYNTAX RowStatus 1921 MAX-ACCESS read-create 1922 STATUS current 1923 DESCRIPTION 1924 "The status of this conceptual row. This object may be used 1925 to create or remove rows from this table. 1927 To create a row in this table, an administrator must set this 1928 object to either createAndGo(4) or createAndWait(5). 1930 Until instances of all corresponding columns are appropriately 1931 configured, the value of the corresponding instance of the 1932 tlstmParamsRowStatus column is 'notReady'. 1934 In particular, a newly created row cannot be made active until 1935 the corresponding tlstmCertToTSNFingerprint, 1936 tlstmCertToTSNMapType, and tlstmCertToTSNData columns have been 1937 set. 1939 The following objects may not be modified while the 1940 value of this object is active(1): 1941 - tlstmCertToTSNFingerprint 1942 - tlstmCertToTSNMapType 1943 - tlstmCertToTSNData 1944 An attempt to set these objects while the value of 1945 tlstmParamsRowStatus is active(1) will result in 1946 an inconsistentValue error." 1947 ::= { tlstmCertToTSNEntry 6 } 1949 -- Maps tmSecurityNames to certificates for use by the SNMP-TARGET-MIB 1951 tlstmParamsCount OBJECT-TYPE 1952 SYNTAX Unsigned32 1953 MAX-ACCESS read-only 1954 STATUS current 1955 DESCRIPTION 1956 "A count of the number of entries in the tlstmParamsTable" 1957 ::= { tlstmCertificateMapping 4 } 1959 tlstmParamsTableLastChanged OBJECT-TYPE 1960 SYNTAX TimeStamp 1961 MAX-ACCESS read-only 1962 STATUS current 1963 DESCRIPTION 1964 "The value of sysUpTime.0 when the tlstmParamsTable 1965 was last modified through any means, or 0 if it has not been 1966 modified since the command responder was started." 1967 ::= { tlstmCertificateMapping 5 } 1969 tlstmParamsTable OBJECT-TYPE 1970 SYNTAX SEQUENCE OF TlstmParamsEntry 1971 MAX-ACCESS not-accessible 1972 STATUS current 1973 DESCRIPTION 1974 "This table is used by a (D)TLS client when a (D)TLS 1975 connection is being set up using an entry in the 1976 SNMP-TARGET-MIB. It extends the SNMP-TARGET-MIB's 1977 snmpTargetParamsTable with a fingerprint of a certificate to 1978 use when establishing such a (D)TLS connection." 1979 ::= { tlstmCertificateMapping 6 } 1981 tlstmParamsEntry OBJECT-TYPE 1982 SYNTAX TlstmParamsEntry 1983 MAX-ACCESS not-accessible 1984 STATUS current 1985 DESCRIPTION 1986 "A conceptual row containing a fingerprint hash of a locally 1987 held certificate for a given snmpTargetParamsEntry. The 1988 values in this row should be ignored if the connection that 1989 needs to be established, as indicated by the SNMP-TARGET-MIB 1990 infrastructure, is not a certificate and (D)TLS based 1991 connection. The connection SHOULD NOT be established if the 1992 certificate fingerprint stored in this entry does not point to 1993 a valid locally held certificate or if it points to an unusable 1994 certificate (such as might happen when the certificate's 1995 expiration date has been reached)." 1996 INDEX { IMPLIED snmpTargetParamsName } 1997 ::= { tlstmParamsTable 1 } 1999 TlstmParamsEntry ::= SEQUENCE { 2000 tlstmParamsClientFingerprint Fingerprint, 2001 tlstmParamsStorageType StorageType, 2002 tlstmParamsRowStatus RowStatus 2003 } 2005 tlstmParamsClientFingerprint OBJECT-TYPE 2006 SYNTAX Fingerprint 2007 MAX-ACCESS read-create 2008 STATUS current 2009 DESCRIPTION 2010 "A cryptographic hash of a X.509 certificate. This object 2011 should store the hash of a locally held X.509 certificate (and 2012 the corresponding private key) that should be used when 2013 initiating a (D)TLS connection as a (D)TLS client." 2014 ::= { tlstmParamsEntry 1 } 2016 tlstmParamsStorageType OBJECT-TYPE 2017 SYNTAX StorageType 2018 MAX-ACCESS read-create 2019 STATUS current 2020 DESCRIPTION 2021 "The storage type for this conceptual row. Conceptual rows 2022 having the value 'permanent' need not allow write-access to 2023 any columnar objects in the row." 2024 DEFVAL { nonVolatile } 2025 ::= { tlstmParamsEntry 2 } 2027 tlstmParamsRowStatus OBJECT-TYPE 2028 SYNTAX RowStatus 2029 MAX-ACCESS read-create 2030 STATUS current 2031 DESCRIPTION 2032 "The status of this conceptual row. This object may be used 2033 to create or remove rows from this table. 2035 To create a row in this table, an administrator must set this 2036 object to either createAndGo(4) or createAndWait(5). 2038 Until instances of all corresponding columns are appropriately 2039 configured, the value of the corresponding instance of the 2040 tlstmParamsRowStatus column is 'notReady'. 2042 In particular, a newly created row cannot be made active until 2043 the corresponding tlstmParamsClientFingerprint column has 2044 been set. 2046 The tlstmParamsClientFingerprint object may not be modified 2047 while the value of this object is active(1). 2049 An attempt to set these objects while the value of 2050 tlstmParamsRowStatus is active(1) will result in 2051 an inconsistentValue error." 2052 ::= { tlstmParamsEntry 3 } 2054 tlstmAddrCount OBJECT-TYPE 2055 SYNTAX Unsigned32 2056 MAX-ACCESS read-only 2057 STATUS current 2058 DESCRIPTION 2059 "A count of the number of entries in the tlstmAddrTable" 2060 ::= { tlstmCertificateMapping 7 } 2062 tlstmAddrTableLastChanged OBJECT-TYPE 2063 SYNTAX TimeStamp 2064 MAX-ACCESS read-only 2065 STATUS current 2066 DESCRIPTION 2067 "The value of sysUpTime.0 when the tlstmAddrTable 2068 was last modified through any means, or 0 if it has not been 2069 modified since the command responder was started." 2070 ::= { tlstmCertificateMapping 8 } 2072 tlstmAddrTable OBJECT-TYPE 2073 SYNTAX SEQUENCE OF TlstmAddrEntry 2074 MAX-ACCESS not-accessible 2075 STATUS current 2076 DESCRIPTION 2077 "This table is used by a (D)TLS client when a (D)TLS 2078 connection is being set up using an entry in the 2079 SNMP-TARGET-MIB. It extends the SNMP-TARGET-MIB's 2080 snmpTargetAddrTable so that the client can verify that the 2081 correct server has been reached. This verification can use 2082 either a certificate fingerprint, or an identity 2083 authenticated via certification path validation. 2085 If there is an active row in this table corresponding to the 2086 entry in the SNMP-TARGET-MIB that was used to establish the 2087 connection, and the row's tlstmAddrServerFingerprint column 2088 has non-empty value, then the server's presented certificate 2089 is compared with the tlstmAddrServerFingerprint value (and 2090 the tlstmAddrServerIdentity column is ignored). If the 2091 fingerprint matches, the verification has succeeded. If the 2092 fingerprint does not match then the connection MUST be 2093 closed. 2095 If the server's presented certificate has passed 2096 certification path validation [RFC5280] to a configured 2097 trust anchor, and an active row exists with a zero-length 2098 tlstmAddrServerFingerprint value, then the 2099 tlstmAddrServerIdentity column contains the expected host 2100 name. This expected host name is then compared against the 2101 server's certificate as follows: 2103 - Implementations MUST support matching the expected host 2104 name against a dNSName in the subjectAltName extension field 2105 and SHOULD support checking the name against the common name 2106 portion of the subject distinguished name. 2108 - The '*' (ASCII 0x2a) wildcard character is allowed in the 2109 dNSName of the subjectAltName extension (and in common name, 2110 if used to store the host name), but only as the left-most 2111 (least significant) DNS label in that value. This wildcard 2112 matches any left-most DNS label in the server name. That 2113 is, the subject *.example.com matches the server names 2114 a.example.com and b.example.com, but does not match 2115 example.com or a.b.example.com. Implementations MUST 2116 support wildcards in certificates as specified above, but 2117 MAY provide a configuration option to disable them. 2119 - If the locally configured name is an internationalized 2120 domain name, conforming implementations MUST convert it to 2121 the ASCII Compatible Encoding (ACE) format for performing 2122 comparisons, as specified in Section 7 of [RFC5280]. 2124 If the expected host name fails these conditions then the 2125 connection MUST be closed. 2127 If there is no row in this table corresponding to the entry 2128 in the SNMP-TARGET-MIB and the server can be authorized by 2129 another, implementation dependent means, then the connection 2130 MAY still proceed." 2132 ::= { tlstmCertificateMapping 9 } 2134 tlstmAddrEntry OBJECT-TYPE 2135 SYNTAX TlstmAddrEntry 2136 MAX-ACCESS not-accessible 2137 STATUS current 2138 DESCRIPTION 2139 "A conceptual row containing a copy of a certificate's 2140 fingerprint for a given snmpTargetAddrEntry. The values in 2141 this row should be ignored if the connection that needs to be 2142 established, as indicated by the SNMP-TARGET-MIB 2143 infrastructure, is not a (D)TLS based connection. If an 2144 tlstmAddrEntry exists for a given snmpTargetAddrEntry then the 2145 presented server certificate MUST match or the connection MUST 2146 NOT be established. If a row in this table does not exist to 2147 match a snmpTargetAddrEntry row then the connection SHOULD 2148 still proceed if some other certificate validation path 2149 algorithm (e.g. RFC5280) can be used." 2150 INDEX { IMPLIED snmpTargetAddrName } 2151 ::= { tlstmAddrTable 1 } 2153 TlstmAddrEntry ::= SEQUENCE { 2154 tlstmAddrServerFingerprint Fingerprint, 2155 tlstmAddrServerIdentity SnmpAdminString, 2156 tlstmAddrStorageType StorageType, 2157 tlstmAddrRowStatus RowStatus 2158 } 2160 tlstmAddrServerFingerprint OBJECT-TYPE 2161 SYNTAX Fingerprint 2162 MAX-ACCESS read-create 2163 STATUS current 2164 DESCRIPTION 2165 "A cryptographic hash of a public X.509 certificate. This 2166 object should store the hash of the public X.509 certificate 2167 that the remote server should present during the (D)TLS 2168 connection setup. The fingerprint of the presented 2169 certificate and this hash value MUST match exactly or the 2170 connection MUST NOT be established." 2171 DEFVAL { "" } 2172 ::= { tlstmAddrEntry 1 } 2174 tlstmAddrServerIdentity OBJECT-TYPE 2175 SYNTAX SnmpAdminString 2176 MAX-ACCESS read-create 2177 STATUS current 2178 DESCRIPTION 2179 "The reference identity to check against the identity 2180 presented by the remote system." 2181 DEFVAL { "" } 2182 ::= { tlstmAddrEntry 2 } 2184 tlstmAddrStorageType OBJECT-TYPE 2185 SYNTAX StorageType 2186 MAX-ACCESS read-create 2187 STATUS current 2188 DESCRIPTION 2189 "The storage type for this conceptual row. Conceptual rows 2190 having the value 'permanent' need not allow write-access to 2191 any columnar objects in the row." 2192 DEFVAL { nonVolatile } 2193 ::= { tlstmAddrEntry 3 } 2195 tlstmAddrRowStatus OBJECT-TYPE 2196 SYNTAX RowStatus 2197 MAX-ACCESS read-create 2198 STATUS current 2199 DESCRIPTION 2200 "The status of this conceptual row. This object may be used 2201 to create or remove rows from this table. 2203 To create a row in this table, an administrator must set this 2204 object to either createAndGo(4) or createAndWait(5). 2206 Until instances of all corresponding columns are 2207 appropriately configured, the value of the 2208 corresponding instance of the tlstmAddrRowStatus 2209 column is 'notReady'. 2211 In particular, a newly created row cannot be made active until 2212 the corresponding tlstmAddrServerFingerprint column has been 2213 set. 2215 Rows MUST NOT be active if the tlstmAddrServerFingerprint 2216 column is blank and the tlstmAddrServerIdentity is set to '*' 2217 since this would insecurely accept any presented certificate. 2219 The tlstmAddrServerFingerprint object may not be modified 2220 while the value of this object is active(1). 2222 An attempt to set these objects while the value of 2223 tlstmAddrRowStatus is active(1) will result in 2224 an inconsistentValue error." 2225 ::= { tlstmAddrEntry 4 } 2227 -- ************************************************ 2228 -- tlstmNotifications - Notifications Information 2229 -- ************************************************ 2231 tlstmServerCertificateUnknown NOTIFICATION-TYPE 2232 OBJECTS { snmpTlstmSessionUnknownServerCertificate } 2233 STATUS current 2234 DESCRIPTION 2235 "Notification that the server certificate presented by a SNMP 2236 over (D)TLS server was invalid because no configured 2237 fingerprint or CA was acceptable to validate it. This may 2238 be because there was no entry in the tlstmAddrTable or 2239 because no path could be found to known certificate 2240 authority. 2242 To avoid notification loops, this notification MUST NOT be 2243 sent to servers that themselves have triggered the 2244 notification." 2245 ::= { tlstmNotifications 1 } 2247 tlstmServerInvalidCertificate NOTIFICATION-TYPE 2248 OBJECTS { tlstmAddrServerFingerprint, 2249 snmpTlstmSessionInvalidServerCertificates} 2250 STATUS current 2251 DESCRIPTION 2252 "Notification that the server certificate presented by an SNMP 2253 over (D)TLS server could not be validated even if the 2254 fingerprint or expected validation path was known. I.E., a 2255 cryptographic validation occurred during certificate 2256 validation processing. 2258 To avoid notification loops, this notification MUST NOT be 2259 sent to servers that themselves have triggered the 2260 notification." 2261 ::= { tlstmNotifications 2 } 2263 -- ************************************************ 2264 -- tlstmCompliances - Conformance Information 2265 -- ************************************************ 2267 tlstmCompliances OBJECT IDENTIFIER ::= { tlstmConformance 1 } 2269 tlstmGroups OBJECT IDENTIFIER ::= { tlstmConformance 2 } 2271 -- ************************************************ 2272 -- Compliance statements 2273 -- ************************************************ 2275 tlstmCompliance MODULE-COMPLIANCE 2276 STATUS current 2277 DESCRIPTION 2278 "The compliance statement for SNMP engines that support the 2279 TLSTM-MIB" 2281 MODULE 2282 MANDATORY-GROUPS { tlstmStatsGroup, 2283 tlstmIncomingGroup, 2284 tlstmOutgoingGroup, 2285 tlstmNotificationGroup } 2286 ::= { tlstmCompliances 1 } 2288 -- ************************************************ 2289 -- Units of conformance 2290 -- ************************************************ 2291 tlstmStatsGroup OBJECT-GROUP 2292 OBJECTS { 2293 snmpTlstmSessionOpens, 2294 snmpTlstmSessionClientCloses, 2295 snmpTlstmSessionOpenErrors, 2296 snmpTlstmSessionAccepts, 2297 snmpTlstmSessionServerCloses, 2298 snmpTlstmSessionNoSessions, 2299 snmpTlstmSessionInvalidClientCertificates, 2300 snmpTlstmSessionUnknownServerCertificate, 2301 snmpTlstmSessionInvalidServerCertificates, 2302 snmpTlstmSessionInvalidCaches 2303 } 2304 STATUS current 2305 DESCRIPTION 2306 "A collection of objects for maintaining 2307 statistical information of an SNMP engine which 2308 implements the SNMP TLS Transport Model." 2309 ::= { tlstmGroups 1 } 2311 tlstmIncomingGroup OBJECT-GROUP 2312 OBJECTS { 2313 tlstmCertToTSNCount, 2314 tlstmCertToTSNTableLastChanged, 2315 tlstmCertToTSNFingerprint, 2316 tlstmCertToTSNMapType, 2317 tlstmCertToTSNData, 2318 tlstmCertToTSNStorageType, 2319 tlstmCertToTSNRowStatus 2320 } 2321 STATUS current 2322 DESCRIPTION 2323 "A collection of objects for maintaining 2324 incoming connection certificate mappings to 2325 tmSecurityNames of an SNMP engine which implements the 2326 SNMP TLS Transport Model." 2327 ::= { tlstmGroups 2 } 2329 tlstmOutgoingGroup OBJECT-GROUP 2330 OBJECTS { 2331 tlstmParamsCount, 2332 tlstmParamsTableLastChanged, 2333 tlstmParamsClientFingerprint, 2334 tlstmParamsStorageType, 2335 tlstmParamsRowStatus, 2336 tlstmAddrCount, 2337 tlstmAddrTableLastChanged, 2338 tlstmAddrServerFingerprint, 2339 tlstmAddrServerIdentity, 2340 tlstmAddrStorageType, 2341 tlstmAddrRowStatus 2342 } 2343 STATUS current 2344 DESCRIPTION 2345 "A collection of objects for maintaining 2346 outgoing connection certificates to use when opening 2347 connections as a result of SNMP-TARGET-MIB settings." 2348 ::= { tlstmGroups 3 } 2350 tlstmNotificationGroup NOTIFICATION-GROUP 2351 NOTIFICATIONS { 2352 tlstmServerCertificateUnknown, 2353 tlstmServerInvalidCertificate 2354 } 2355 STATUS current 2356 DESCRIPTION 2357 "Notifications" 2358 ::= { tlstmGroups 4 } 2360 END 2362 8. Operational Considerations 2364 This section discusses various operational aspects of deploying 2365 TLSTM. 2367 8.1. Sessions 2369 A session is discussed throughout this document as meaning a security 2370 association between two TLSTM instances. State information for the 2371 sessions are maintained in each TLSTM implementation and this 2372 information is created and destroyed as sessions are opened and 2373 closed. A "broken" session (one side up and one side down) can 2374 result if one side of a session is brought down abruptly (i.e., 2375 reboot, power outage, etc.). Whenever possible, implementations 2376 SHOULD provide graceful session termination through the use of 2377 disconnect messages. Implementations SHOULD also have a system in 2378 place for detecting "broken" sessions through the use of heartbeats 2379 [I-D.seggelmann-tls-dtls-heartbeat] or other detection mechanisms. 2381 Implementations SHOULD limit the lifetime of established sessions 2382 depending on the algorithms used for generation of the master session 2383 secret, the privacy and integrity algorithms used to protect 2384 messages, the environment of the session, the amount of data 2385 transferred, and the sensitivity of the data. 2387 8.2. Notification Receiver Credential Selection 2389 When an SNMP engine needs to establish an outgoing session for 2390 notifications, the snmpTargetParamsTable includes an entry for the 2391 snmpTargetParamsSecurityName of the target. Servers that wish to 2392 support multiple principals at a particular port SHOULD make use of 2393 the Server Name Indication extension defined in Section 3.1 of 2394 [RFC4366]. Without the Server Name Indication the receiving SNMP 2395 engine (Server) will not know which (D)TLS certificate to offer to 2396 the Client so that the tmSecurityName identity-authentication will be 2397 successful. 2399 Another solution is to maintain a one-to-one mapping between 2400 certificates and incoming ports for notification receivers. This can 2401 be handled at the notification originator by configuring the 2402 snmpTargetAddrTable (snmpTargetAddrTDomain and 2403 snmpTargetAddrTAddress) and requiring the receiving SNMP engine to 2404 monitor multiple incoming static ports based on which principals are 2405 capable of receiving notifications. 2407 Implementations MAY also choose to designate a single Notification 2408 Receiver Principal to receive all incoming notifications or select an 2409 implementation specific method of selecting a server certificate to 2410 present to clients. 2412 8.3. contextEngineID Discovery 2414 Most command responders have contextEngineIDs that are identical to 2415 the USM securityEngineID. USM provides a discovery service that 2416 allows command generators to determine a securityEngineID and thus a 2417 default contextEngineID to use. Because the TLS Transport Model does 2418 not make use of a securityEngineID, it may be difficult for command 2419 generators to discover a suitable default contextEngineID. 2420 Implementations should consider offering another engineID discovery 2421 mechanism to continue providing Command Generators with a suitable 2422 contextEngineID mechanism. A recommended discovery solution is 2423 documented in [RFC5343]. 2425 8.4. Transport Considerations 2427 This document defines how SNMP messages can be transmitted over the 2428 TLS and DTLS based protocols. Each of these protocols are 2429 additionally based on other transports (TCP and UDP). These three 2430 protocols also have operational considerations that must be taken 2431 into consideration when selecting a (D)TLS based protocol to use such 2432 as its performance in degraded or limited networks. It is beyond the 2433 scope of this document to summarize the characteristics of these 2434 transport mechanisms. Please refer to the base protocol documents 2435 for details on messaging considerations with respect to MTU size, 2436 fragmentation, performance in lossy-networks, etc. 2438 9. Security Considerations 2440 This document describes a transport model that permits SNMP to 2441 utilize (D)TLS security services. The security threats and how the 2442 (D)TLS transport model mitigates these threats are covered in detail 2443 throughout this document. Security considerations for DTLS are 2444 covered in [RFC4347] and security considerations for TLS are 2445 described in Section 11 and Appendices D, E, and F of TLS 1.2 2446 [RFC5246]. When run over UDP, DTLS is more vulnerable to denial of 2447 service attacks from spoofed IP addresses; see Section 4.2 for 2448 details how the cookie exchange is used to address this issue. 2450 9.1. Certificates, Authentication, and Authorization 2452 Implementations are responsible for providing a security certificate 2453 installation and configuration mechanism. Implementations SHOULD 2454 support certificate revocation lists. 2456 (D)TLS provides for authentication of the identity of both the (D)TLS 2457 server and the (D)TLS client. Access to MIB objects for the 2458 authenticated principal MUST be enforced by an access control 2459 subsystem (e.g. the VACM). 2461 Authentication of the command generator principal's identity is 2462 important for use with the SNMP access control subsystem to ensure 2463 that only authorized principals have access to potentially sensitive 2464 data. The authenticated identity of the command generator 2465 principal's certificate is mapped to an SNMP model-independent 2466 securityName for use with SNMP access control. 2468 The (D)TLS handshake only provides assurance that the certificate of 2469 the authenticated identity has been signed by an configured accepted 2470 certification authority. (D)TLS has no way to further authorize or 2471 reject access based on the authenticated identity. An Access Control 2472 Model (such as the VACM) provides access control and authorization of 2473 a command generator's requests to a command responder and a 2474 notification responder's authorization to receive Notifications from 2475 a notification originator. However to avoid man-in-the-middle 2476 attacks both ends of the (D)TLS based connection MUST check the 2477 certificate presented by the other side against what was expected. 2478 For example, command generators must check that the command responder 2479 presented and authenticated itself with a X.509 certificate that was 2480 expected. Not doing so would allow an impostor, at a minimum, to 2481 present false data, receive sensitive information and/or provide a 2482 false belief that configuration was actually received and acted upon. 2483 Authenticating and verifying the identity of the (D)TLS server and 2484 the (D)TLS client for all operations ensures the authenticity of the 2485 SNMP engine that provides MIB data. 2487 The instructions found in the DESCRIPTION clause of the 2488 tlstmCertToTSNTable object must be followed exactly. It is also 2489 important that the rows of the table be searched in prioritized order 2490 starting with the row containing the lowest numbered tlstmCertToTSNID 2491 value. 2493 9.2. Use with SNMPv1/SNMPv2c Messages 2495 The SNMPv1 and SNMPv2c message processing described in [RFC3584] (BCP 2496 74) always selects the SNMPv1 or SNMPv2c Security Models, 2497 respectively. Both of these and the User-based Security Model 2498 typically used with SNMPv3 derive the securityName and securityLevel 2499 from the SNMP message received, even when the message was received 2500 over a secure transport. Access control decisions are therefore made 2501 based on the contents of the SNMP message, rather than using the 2502 authenticated identity and securityLevel provided by the TLS 2503 Transport Model. 2505 9.3. MIB Module Security 2507 There are a number of management objects defined in this MIB module 2508 with a MAX-ACCESS clause of read-write and/or read-create. Such 2509 objects may be considered sensitive or vulnerable in some network 2510 environments. The support for SET operations in a non-secure 2511 environment without proper protection can have a negative effect on 2512 network operations. These are the tables and objects and their 2513 sensitivity/vulnerability: 2515 o The tlstmParamsTable can be used to change the outgoing X.509 2516 certificate used to establish a (D)TLS connection. Modification 2517 to objects in this table need to be adequately authenticated since 2518 modification to values in this table will have profound impacts to 2519 the security of outbound connections from the device. Since 2520 knowledge of authorization rules and certificate usage mechanisms 2521 may be considered sensitive, protection from disclosure of the 2522 SNMP traffic via encryption is also highly recommended. 2524 o The tlstmAddrTable can be used to change the expectations of the 2525 certificates presented by a remote (D)TLS server. Modification to 2526 objects in this table need to be adequately authenticated since 2527 modification to values in this table will have profound impacts to 2528 the security of outbound connections from the device. Since 2529 knowledge of authorization rules and certificate usage mechanisms 2530 may be considered sensitive, protection from disclosure of the 2531 SNMP traffic via encryption is also highly recommended. 2533 o The tlstmCertToTSNTable is used to specify the mapping of incoming 2534 X.509 certificates to tmSecurityNames which eventually get mapped 2535 to a SNMPv3 securityName. Modification to objects in this table 2536 need to be adequately authenticated since modification to values 2537 in this table will have profound impacts to the security of 2538 incoming connections to the device. Since knowledge of 2539 authorization rules and certificate usage mechanisms may be 2540 considered sensitive, protection from disclosure of the SNMP 2541 traffic via encryption is also highly recommended. 2543 Some of the readable objects in this MIB module (i.e., objects with a 2544 MAX-ACCESS other than not-accessible) may be considered sensitive or 2545 vulnerable in some network environments. It is thus important to 2546 control even GET and/or NOTIFY access to these objects and possibly 2547 to even encrypt the values of these objects when sending them over 2548 the network via SNMP. These are the tables and objects and their 2549 sensitivity/vulnerability: 2551 o This MIB contains a collection of counters that monitor the (D)TLS 2552 connections being established with a device. Since knowledge of 2553 connection and certificate usage mechanisms may be considered 2554 sensitive, protection from disclosure of the SNMP traffic via 2555 encryption is also highly recommended. 2557 SNMP versions prior to SNMPv3 did not include adequate security. 2558 Even if the network itself is secure (for example by using IPsec), 2559 even then, there is no control as to who on the secure network is 2560 allowed to access and GET/SET (read/change/create/delete) the objects 2561 in this MIB module. 2563 It is RECOMMENDED that implementers consider the security features as 2564 provided by the SNMPv3 framework (see [RFC3410], section 8), 2565 including full support for the SNMPv3 cryptographic mechanisms (for 2566 authentication and privacy). 2568 Further, deployment of SNMP versions prior to SNMPv3 is NOT 2569 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 2570 enable cryptographic security. It is then a customer/operator 2571 responsibility to ensure that the SNMP entity giving access to an 2572 instance of this MIB module is properly configured to give access to 2573 the objects only to those principals (users) that have legitimate 2574 rights to indeed GET or SET (change/create/delete) them. 2576 10. IANA Considerations 2578 IANA is requested to assign: 2580 1. Two TCP/UDP port numbers from the "Registered Ports" range of the 2581 Port Numbers registry, with keywords "snmptls" and "snmptls- 2582 trap". These are the default ports for receipt of SNMP command 2583 messages (snmptls) and SNMP notification messages (snmptls-trap) 2584 over a TLS Transport Model as defined in this document. 2586 2. an SMI number under snmpDomains for the snmpTLSTCPDomain object 2587 identifier, 2589 3. an SMI number under snmpDomains for the snmpDTLSUDPDomain object 2590 identifier, 2592 4. a SMI number under snmpModules, for the MIB module in this 2593 document, 2595 5. "tls" as the corresponding prefix for the snmpTLSTCPDomain in the 2596 SNMP Transport Model registry, 2598 6. "dudp" as the corresponding prefix for the snmpDTLSUDPDomain in 2599 the SNMP Transport Model registry, 2601 Editor's note: this section should be replaced with appropriate 2602 descriptive assignment text after IANA assignments are made and prior 2603 to publication. 2605 11. Acknowledgements 2607 This document closely follows and copies the Secure Shell Transport 2608 Model for SNMP defined by David Harrington and Joseph Salowey in 2609 [RFC5292]. 2611 This document was reviewed by the following people who helped provide 2612 useful comments (in alphabetical order): Andy Donati, Pasi Eronen, 2613 David Harrington, Jeffrey Hutzelman, Alan Luchuk, Tom Petch, Randy 2614 Presuhn, Ray Purvis, Joseph Salowey, Jurgen Schonwalder, Dave Shield, 2615 Robert Story. 2617 This work was supported in part by the United States Department of 2618 Defense. Large portions of this document are based on work by 2619 General Dynamics C4 Systems and the following individuals: Brian 2620 Baril, Kim Bryant, Dana Deluca, Dan Hanson, Tim Huemiller, John 2621 Holzhauer, Colin Hoogeboom, Dave Kornbau, Chris Knaian, Dan Knaul, 2622 Charles Limoges, Steve Moccaldi, Gerardo Orlando, and Brandon Yip. 2624 12. References 2626 12.1. Normative References 2628 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 2629 Requirement Levels", BCP 14, RFC 2119, March 1997. 2631 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 2632 Schoenwaelder, Ed., "Structure of Management Information 2633 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 2635 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 2636 Schoenwaelder, Ed., "Textual Conventions for SMIv2", 2637 STD 58, RFC 2579, April 1999. 2639 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 2640 "Conformance Statements for SMIv2", STD 58, RFC 2580, 2641 April 1999. 2643 [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An 2644 Architecture for Describing Simple Network Management 2645 Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, 2646 December 2002. 2648 [RFC3413] Levi, D., Meyer, P., and B. Stewart, "Simple Network 2649 Management Protocol (SNMP) Applications", STD 62, 2650 RFC 3413, December 2002. 2652 [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model 2653 (USM) for version 3 of the Simple Network Management 2654 Protocol (SNMPv3)", STD 62, RFC 3414, December 2002. 2656 [RFC3415] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based 2657 Access Control Model (VACM) for the Simple Network 2658 Management Protocol (SNMP)", STD 62, RFC 3415, 2659 December 2002. 2661 [RFC3418] Presuhn, R., "Management Information Base (MIB) for the 2662 Simple Network Management Protocol (SNMP)", STD 62, 2663 RFC 3418, December 2002. 2665 [RFC3584] Frye, R., Levi, D., Routhier, S., and B. Wijnen, 2666 "Coexistence between Version 1, Version 2, and Version 3 2667 of the Internet-standard Network Management Framework", 2668 BCP 74, RFC 3584, August 2003. 2670 [RFC4347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer 2671 Security", RFC 4347, April 2006. 2673 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 2674 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 2676 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 2677 Housley, R., and W. Polk, "Internet X.509 Public Key 2678 Infrastructure Certificate and Certificate Revocation List 2679 (CRL) Profile", RFC 5280, May 2008. 2681 [RFC5590] Harrington, D. and J. Schoenwaelder, "Transport Subsystem 2682 for the Simple Network Management Protocol (SNMP)", 2683 RFC 5590, June 2009. 2685 [RFC5591] Harrington, D. and W. Hardaker, "Transport Security Model 2686 for the Simple Network Management Protocol (SNMP)", 2687 RFC 5591, June 2009. 2689 12.2. Informative References 2691 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 2692 "Introduction and Applicability Statements for Internet- 2693 Standard Management Framework", RFC 3410, December 2002. 2695 [RFC4366] Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J., 2696 and T. Wright, "Transport Layer Security (TLS) 2697 Extensions", RFC 4366, April 2006. 2699 [RFC5292] Chen, E. and S. Sangli, "Address-Prefix-Based Outbound 2700 Route Filter for BGP-4", RFC 5292, August 2008. 2702 [RFC5343] Schoenwaelder, J., "Simple Network Management Protocol 2703 (SNMP) Context EngineID Discovery", RFC 5343, 2704 September 2008. 2706 [I-D.seggelmann-tls-dtls-heartbeat] 2707 Seggelmann, R., Tuexen, M., and M. Williams, "Transport 2708 Layer Security and Datagram Transport Layer Security 2709 Heartbeat Extension". 2711 Appendix A. Target and Notification Configuration Example 2713 Configuring the SNMP-TARGET-MIB and NOTIFICATION-MIB along with 2714 access control settings for the SNMP-VIEW-BASED-ACM-MIB can be a 2715 daunting task without an example to follow. The following section 2716 describes an example of what pieces must be in place to accomplish 2717 this configuration. 2719 The isAccessAllowed() ASI requires configuration to exist in the 2720 following SNMP-VIEW-BASED-ACM-MIB tables: 2722 vacmSecurityToGroupTable 2723 vacmAccessTable 2724 vacmViewTreeFamilyTable 2726 The only table that needs to be discussed as particularly different 2727 here is the vacmSecurityToGroupTable. This table is indexed by both 2728 the SNMPv3 security model and the security name. The security model, 2729 when TLSTM is in use, should be set to the value of 4, corresponding 2730 to the TSM [RFC5591]. An example vacmSecurityToGroupTable row might 2731 be filled out as follows (using a single SNMP SET request): 2733 vacmSecurityModel = 4 (TSM) 2734 vacmSecurityName = "blueberry" 2735 vacmGroupName = "administrators" 2736 vacmSecurityToGroupStorageType = 3 (nonVolatile) 2737 vacmSecurityToGroupStatus = 4 (createAndGo) 2739 This example will assume that the "administrators" group has been 2740 given proper permissions via rows in the vacmAccessTable and 2741 vacmViewTreeFamilyTable. 2743 Depending on whether this VACM configuration is for a Command 2744 Responder or a command generator the security name "blueberry" will 2745 come from a few different locations. 2747 A.1. Configuring the Notification Originator 2749 For notification originators performing authorization checks, the 2750 server's certificate must be verified against the expected 2751 certificate before proceeding to send the notification. The expected 2752 certificate from the server may be listed in the tlstmAddrTable or 2753 may be determined through other X.509 path validation mechanisms. 2754 The securityName to use for VACM authorization checks is set by the 2755 SNMP-TARGET-MIB's snmpTargetParamsSecurityName column. 2757 The certificate that the notification originator should present to 2758 the server is taken from the tlstmParamsClientFingerprint column from 2759 the appropriate entry in the tlstmParamsTable table. (Or else a 2760 default certificate may be used if available.) 2762 To configure a notification originator to open a TLS over TCP 2763 connection to a notification receiver it must be configured so the 2764 server's presented certificate can be verified against the expected 2765 certificate before proceeding to send the notification. This is done 2766 by configuring the tlstmAddrTable accordingly. For example, if the 2767 verification is done via certification path validation (to a trust 2768 anchor configured in implementation dependent manner), then the table 2769 entries could look like: 2771 snmpTargetAddrTable row: 2772 snmpTargetAddrName = "toNRAddr" 2773 snmpTargetAddrTDomain = snmpTLSTCPDomain 2774 snmpTargetAddrTAddress = "192.0.2.1:XXXTLSTCPTRAPPORT" 2775 snmpTargetAddrTimeout = 1500 2776 snmpTargetAddrRetryCount = 3 2777 snmpTargetAddrTagList = "toNRTag" 2778 snmpTargetAddrParams = "toNR" (MUST match below) 2779 snmpTargetAddrStorageType = 3 (nonVolatile) 2780 snmpTargetAddrColumnStatus = 4 (createAndGo) 2782 snmpTargetParamsTable row: 2783 snmpTargetParamsName = toNR 2784 snmpTargetParamsMPModel = SNMPv3 2785 snmpTargetParamsSecurityModel = 4 (TransportSecurityModel) 2786 snmpTargetParamsSecurityName = "blueberry" 2787 snmpTargetParamsSecurityLevel = 3 (authPriv) 2788 snmpTargetParamsStorageType = 3 (nonVolatile) 2789 snmpTargetParamsRowStatus = 4 (createAndGo0 2791 tlstmAddrTable row: 2792 snmpTargetAddrName = "toNRAddr" 2793 tlstmAddrServerFingerprint = "" 2794 tlstmAddrServerIdentity = "server.example.org" 2795 tlstmAddrStorageType = 3 (nonVolatile) 2796 tlstmAddrRowStatus = 4 (createAndGo) 2798 Editor's note: replace the string "XXXTLSTCPTRAPPORT" above with the 2799 appropriately assigned "snmptls-trap" port. 2801 A.2. Configuring the Command Responder 2803 For command responder applications, the vacmSecurityName "blueberry" 2804 value is a value that derived from an incoming (D)TLS connection. 2805 The mapping from a recevied (D)TLS client certificate to a 2806 tmSecurityName is done with the tlstmCertToTSNTable. The 2807 certificates must be loaded into the device so that a 2808 tlstmCertToTSNEntry may refer to it. As an example, consider the 2809 following entry which will provide a mapping from a client's public 2810 X.509's hash fingerprint directly to the "blueberry" tmSecurityName: 2812 tlstmCertToTSNID = 1 (chosen by ordering preference) 2813 tlstmCertToTSNFingerprint = HASH (appropriate fingerprint) 2814 tlstmCertToTSNMapType = tlstmCertSpecified 2815 tlstmCertToTSNSecurityName = "blueberry" 2816 tlstmCertToTSNStorageType = 3 (nonVolatile) 2817 tlstmCertToTSNRowStatus = 4 (createAndGo) 2819 The above is an example of how to map a particular certificate to a 2820 particular tmSecurityName. It is recommended, however, that users 2821 make use of direct subjectAltName or CommonName mappings where 2822 possible as it provides a more scalable approach to certificate 2823 management. This entry provides an example of using a subjectAltName 2824 mapping: 2826 tlstmCertToTSNID = 1 (chosen by ordering preference) 2827 tlstmCertToTSNFingerprint = HASH (appropriate fingerprint) 2828 tlstmCertToTSNMapType = tlstmCertSANAny 2829 tlstmCertToTSNData = "" (not used) 2830 tlstmCertToTSNStorageType = 3 (nonVolatile) 2831 tlstmCertToTSNRowStatus = 4 (createAndGo) 2833 The above entry indicates the subjectAltName field for certificates 2834 created by an issuing certificate with a corresponding fingerprint 2835 will be trusted to always produce common names that are directly one- 2836 to-one mappable into tmSecurityNames. This type of configuration 2837 should only be used when the certificate authorities naming 2838 conventions are carefully controlled. 2840 In the example, if the incoming (D)TLS client provided certificate 2841 contained a subjectAltName where the first listed subjectAltName in 2842 the extension is the rfc822Name of "blueberry@example.com", the 2843 certificate was signed by a certificate matching the 2844 tlstmCertToTSNFingerprint value and the CA's certificate was properly 2845 installed on the device then the string "blueberry@example.com" would 2846 be used as the tmSecurityName for the session. 2848 Author's Address 2850 Wes Hardaker 2851 Sparta, Inc. 2852 P.O. Box 382 2853 Davis, CA 95617 2854 USA 2856 Phone: +1 530 792 1913 2857 Email: ietf@hardakers.net