idnits 2.17.1 draft-turner-ccmib-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 28 instances of too long lines in the document, the longest one being 5 characters in excess of 72. == There are 3 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 5318 has weird spacing: '...defined by th...' -- The document date (February 28, 2017) is 2614 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1' on line 5637 -- Looks like a reference, but probably isn't: '2' on line 5640 -- Looks like a reference, but probably isn't: '3' on line 5643 -- Looks like a reference, but probably isn't: '10' on line 5321 -- Looks like a reference, but probably isn't: '20' on line 5325 -- Looks like a reference, but probably isn't: '21' on line 5329 -- Looks like a reference, but probably isn't: '22' on line 5333 == Unused Reference: 'RFC5246' is defined on line 5859, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2571 (Obsoleted by RFC 3411) ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) -- Obsolete informational reference (is this intentional?): RFC 1907 (Obsoleted by RFC 3418) Summary: 3 errors (**), 0 flaws (~~), 4 warnings (==), 9 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group S. Azoum 3 Internet-Draft E. Jones 4 Intended status: Standards Track L. Sun 5 Expires: September 1, 2017 SPAWAR Systems Center Pacific 6 M. Irani 7 J. Sun 8 Nathan Kunes, Inc. 9 R. Purvis 10 The MITRE Corporation 11 S. Turner 12 sn3rd 13 February 28, 2017 15 Common Cryptographic MIB (CCMIB) 16 draft-turner-ccmib-01 18 Abstract 20 This document defines a portion of the Management Information Base 21 (MIB) for use with network management protocols in the Internet 22 community. In particular, it describes managed objects used to 23 manage key management implementations including asymmetric keys, 24 symmetric keys, trust anchors, and cryptographic-related firmware. 26 Status of This Memo 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF). Note that other groups may also distribute 33 working documents as Internet-Drafts. The list of current Internet- 34 Drafts is at http://datatracker.ietf.org/drafts/current/. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 This Internet-Draft will expire on September 1, 2017. 43 Copyright Notice 45 Copyright (c) 2017 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents 50 (http://trustee.ietf.org/license-info) in effect on the date of 51 publication of this document. Please review these documents 52 carefully, as they describe your rights and restrictions with respect 53 to this document. Code Components extracted from this document must 54 include Simplified BSD License text as described in Section 4.e of 55 the Trust Legal Provisions and are provided without warranty as 56 described in the Simplified BSD License. 58 Table of Contents 60 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 61 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 62 3. The Internet-Standard Management Framework . . . . . . . . . 3 63 4. Structure of the MIB module . . . . . . . . . . . . . . . . . 3 64 5. Definition of the CC MIB module . . . . . . . . . . . . . . . 3 65 5.1. CC Assignments . . . . . . . . . . . . . . . . . . . . . 3 66 5.2. CC Feature Hierarchy . . . . . . . . . . . . . . . . . . 5 67 5.3. CC Device Info . . . . . . . . . . . . . . . . . . . . . 6 68 5.4. Firmware Management Information . . . . . . . . . . . . . 17 69 5.5. Key Management Information . . . . . . . . . . . . . . . 23 70 5.6. Key Transfer Pull . . . . . . . . . . . . . . . . . . . . 77 71 5.7. Key Transfer Push . . . . . . . . . . . . . . . . . . . . 93 72 5.8. Security Policy Information . . . . . . . . . . . . . . . 106 73 5.9. Secure Connection Information . . . . . . . . . . . . . . 113 74 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 121 75 7. Security Considerations . . . . . . . . . . . . . . . . . . . 121 76 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 121 77 8.1. Normative References . . . . . . . . . . . . . . . . . . 122 78 8.2. Informative References . . . . . . . . . . . . . . . . . 123 79 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 124 81 1. Introduction 83 RFC EDITOR: PLEASE REMOVE THE FOLLOWING PARAGRAPH PRIOR TO 84 PUBLICATION 86 The source for this draft is maintained in GitHub. Suggested changes 87 should be submitted as pull requests at 88 https://github.com/seanturner/draft-turner-ccmib. Instructions are 89 on that page as well. Editorial changes can be managed in GitHub. 91 This document defines a portion of the Management Information Base 92 (MIB) for use with network management protocols in the Internet 93 community. In particular, it describes managed objects used to 94 manage key management implementations including asymmetric keys, 95 symmetric keys, trust anchors, and cryptographic-related firmware. 97 2. Terminology 99 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 100 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 101 "OPTIONAL" in this document are to be interpreted as described in 102 [RFC2119]. 104 3. The Internet-Standard Management Framework 106 For a detailed overview of the documents that describe the current 107 Internet-Standard Management Framework, please refer to section 7 of 108 [RFC3410]. 110 Managed objects are accessed via a virtual information store, termed 111 the Management Information Base or MIB. MIB objects are generally 112 accessed through the Simple Network Management Protocol (SNMP). 113 Objects in the MIB are defined using the mechanisms defined in the 114 Structure of Management Information (SMI). This memo specifies a MIB 115 module that is compliant to the SMIv2, which is described in RFC 2578 116 [RFC2578], STD 58, RFC 2579 [RFC2579], and STD 58, RFC 2580 117 [RFC2580]. 119 4. Structure of the MIB module 121 5. Definition of the CC MIB module 123 5.1. CC Assignments 125 This MIB module makes reference to the following document: [RFC2578]. 127 CC-ASSIGNMENTS-MIB DEFINITIONS ::= BEGIN 129 IMPORTS 130 MODULE-IDENTITY, enterprises 131 FROM SNMPv2-SMI; -- RFC 2578 133 ccAssignmentsMIB MODULE-IDENTITY 134 LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 135 ORGANIZATION "IETF" 136 CONTACT-INFO 137 "Shadi Azoum 138 US Navy 139 email: shadi.azoum@navy.mil 141 Elliott Jones 142 US Navy 143 elliott.jones@navy.mil 144 Lily Sun 145 US Navy 146 lily.sun@navy.mil 148 Mike Irani 149 NKI Engineering 150 irani@nkiengineering.com 152 Jeffrey Sun 153 NKI Engineering 154 sunjeff@nkiengineering.com 156 Ray Purvis 157 MITRE 158 Email:rpurvis@mitre.org 160 Sean Turner 161 sn3rd 162 Email:sean@sn3rd.com" 163 DESCRIPTION 164 "This MIB defines the CC MIB tree hierarchical assignments 165 below it and acts as a reservation mechanism. 167 Copyright (c) 2016 IETF Trust and the persons 168 identified as authors of the code. All rights reserved. 170 Redistribution and use in source and binary forms, with 171 or without modification, is permitted pursuant to, and 172 subject to the license terms contained in, the Simplified 173 BSD License set forth in Section 4.c of the IETF Trust's 174 Legal Provisions Relating to IETF Documennts 175 (http://trustee.ietf.org/license-info). 177 This version of this MIB module is part of RFC xxxx; 178 see the RFC itself for full legal notices." 179 -- RFC Ed.: RFC-editor please fill in xxxx. 180 REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 181 DESCRIPTION "Initial Version. Published as RFC xxxx." 182 -- RFC Ed.: RFC-editor please fill in xxxx. 183 ::= { mib-2 TBD } 185 -- 186 -- Note: Current top-level OID assignments within the CC MIB tree: 187 -- mib-2.TBD : CC-ASSIGNMENTS-MIB (this MIB) 188 -- mib-2.TBD.1 : CC-FEATURE-HIERARCHY-MIB 190 END 192 5.2. CC Feature Hierarchy 194 This MIB module makes reference to the following document: [RFC2578]. 196 CC-FEATURE-HIERARCHY-MIB DEFINITIONS ::= BEGIN 198 IMPORTS 199 ccAssignmentsMIB 200 FROM CC-ASSIGNMENTS-MIB -- FROM {{cc-assign}} 201 MODULE-IDENTITY 202 FROM SNMPv2-SMI; -- FROM RFC 2578 204 ccFeatureHierarchyMIB MODULE-IDENTITY 205 LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 206 ORGANIZATION "IETF" 207 CONTACT-INFO 208 "Shadi Azoum 209 US Navy 210 email: shadi.azoum@navy.mil 212 Elliott Jones 213 US Navy 214 elliott.jones@navy.mil 216 Lily Sun 217 US Navy 218 lily.sun@navy.mil 220 Mike Irani 221 NKI Engineering 222 irani@nkiengineering.com 224 Jeffrey Sun 225 NKI Engineering 226 sunjeff@nkiengineering.com 228 Ray Purvis 229 MITRE 230 Email:rpurvis@mitre.org 232 Sean Turner 233 sn3rd 234 Email:sean@sn3rd.com" 235 DESCRIPTION 236 "This MIB defines the CC MIB features in hierarchical MIB 237 tree assignments. It acts as a reservation mechanism for 238 other MIB sets to be anchored below it. 240 Copyright (c) 2016 IETF Trust and the persons 241 identified as authors of the code. All rights reserved. 243 Redistribution and use in source and binary forms, with 244 or without modification, is permitted pursuant to, and 245 subject to the license terms contained in, the Simplified 246 BSD License set forth in Section 4.c of the IETF Trust's 247 Legal Provisions Relating to IETF Documents 248 (http://trustee.ietf.org/license-info). 250 This version of this MIB module is part of RFC xxxx; 251 see the RFC itself for full legal notices." 252 -- RFC Ed.: RFC-editor please fill in xxxx. 253 REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 254 DESCRIPTION "Initial Version. Published as RFC xxxx." 255 -- RFC Ed.: RFC-editor please fill in xxxx. 256 ::= { ccAssignmentsMIB 1 } 258 ccDeviceInfo OBJECT IDENTIFIER 259 ::= { ccFeatureHierarchyMIB 2 } 260 ccFirmwareManagement OBJECT IDENTIFIER 261 ::= { ccFeatureHierarchyMIB TBD } 262 ccKeyManagement OBJECT IDENTIFIER 263 ::= { ccFeatureHierarchyMIB 3 } 264 ccKeyTransferPull OBJECT IDENTIFIER 265 ::= { ccFeatureHierarchyMIB 4 } 266 ccKeyTransferPush OBJECT IDENTIFIER 267 ::= { ccFeatureHierarchyMIB 5 } 268 ccSecurePolicyInfo OBJECT IDENTIFIER 269 ::= { ccFeatureHierarchyMIB 6 } 270 ccSecureConnectionInfo OBJECT IDENTIFIER 271 ::= { ccFeatureHierarchyMIB 7 } 273 END 275 5.3. CC Device Info 277 This MIB module makes reference to the following documents: 278 [RFC1213], [RFC1907], [RFC2571], [RFC2578], [RFC2579], and [RFC2580]. 280 CC-DEVICE-INFO-MIB DEFINITIONS ::= BEGIN 282 IMPORTS 283 ccDeviceInfo 284 FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} 285 MODULE-COMPLIANCE, OBJECT-GROUP, 286 NOTIFICATION-GROUP 287 FROM SNMPv2-CONF -- FROM RFC 2580 289 OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, 290 MODULE-IDENTITY, TimeTicks 291 FROM SNMPv2-SMI -- FROM RFC 2578 292 SnmpAdminString 293 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571 294 DateAndTime, TruthValue, TimeStamp 295 FROM SNMPv2-TC; -- FROM RFC 2579 297 ccDeviceInfoMIB MODULE-IDENTITY 298 LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 299 ORGANIZATION "IETF" 300 CONTACT-INFO 301 "Shadi Azoum 302 US Navy 303 email: shadi.azoum@navy.mil 305 Elliott Jones 306 US Navy 307 elliott.jones@navy.mil 309 Lily Sun 310 US Navy 311 lily.sun@navy.mil 313 Mike Irani 314 NKI Engineering 315 irani@nkiengineering.com 317 Jeffrey Sun 318 NKI Engineering 319 sunjeff@nkiengineering.com 321 Ray Purvis 322 MITRE 323 Email:rpurvis@mitre.org 325 Sean Turner 326 sn3rd 327 Email:sean@sn3rd.com" 328 DESCRIPTION 329 "This MIB defines the CC MIB Device Information objects. 331 Copyright (c) 2016 IETF Trust and the persons 332 identified as authors of the code. All rights reserved. 334 Redistribution and use in source and binary forms, with 335 or without modification, is permitted pursuant to, and 336 subject to the license terms contained in, the Simplified 337 BSD License set forth in Section 4.c of the IETF Trust's 338 Legal Provisions Relating to IETF Documents 339 (http://trustee.ietf.org/license-info). 341 This version of this MIB module is part of RFC xxxx; 342 see the RFC itself for full legal notices." 343 -- RFC Ed.: RFC-editor please fill in xxxx. 344 REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 345 DESCRIPTION "Initial Version. Published as RFC xxxx." 346 -- RFC Ed.: RFC-editor please fill in xxxx. 347 ::= { ccDeviceInfo 1 } 349 -- ***************************************************************** 350 -- Device Information Segments 351 -- ***************************************************************** 353 cDeviceInfoConformance OBJECT IDENTIFIER 354 ::= { ccDeviceInfoMIB 1} 355 cDeviceComponentVersInfo OBJECT IDENTIFIER 356 ::= { ccDeviceInfoMIB 2} 357 cDeviceInfoScalars OBJECT IDENTIFIER 358 ::= { ccDeviceInfoMIB 5} 359 cDeviceInfoNotify OBJECT IDENTIFIER 360 ::= { ccDeviceInfoMIB 6} 362 -- ***************************************************************** 363 -- General Device Information Scalars 364 -- ***************************************************************** 366 cSystemDate OBJECT-TYPE 367 SYNTAX DateAndTime 368 MAX-ACCESS read-write 369 STATUS current 370 DESCRIPTION 371 "The host's notion of the local date and time of day. Note, 372 some implementations will not allow changing of this object 373 and will send an inconsistentValue error." 374 ::= { cDeviceInfoScalars 1 } 376 cSystemUpTime OBJECT-TYPE 377 SYNTAX TimeTicks 378 MAX-ACCESS read-only 379 STATUS current 380 DESCRIPTION 381 "The amount of time since this host was last initialized. 382 Note that this is different from sysUpTime in the SNMPv2-MIB 383 RFC 1907 because sysUpTime is the uptime of the network 384 management portion of the system." 386 ::= { cDeviceInfoScalars 2 } 388 cSystemInitialLoadParameters OBJECT-TYPE 389 SYNTAX SnmpAdminString (SIZE(0..128)) 390 MAX-ACCESS read-write 391 STATUS current 392 DESCRIPTION 393 "This object contains the parameters (e.g. a pathname and 394 parameter) supplied to the load device when requesting the 395 initial operating system configuration from that device. 396 Note that writing to this object just changes the 397 configuration that will be used the next time the operating 398 system is loaded and does not actually cause the reload to 399 occur." 400 ::= { cDeviceInfoScalars 3 } 402 cSecurityLevel OBJECT-TYPE 403 SYNTAX SnmpAdminString (SIZE(0..255)) 404 MAX-ACCESS read-write 405 STATUS current 406 DESCRIPTION 407 "The security level that this object is working at. 408 Different communities of interest may have different 409 conventions. The following values are defined and when used 410 by agents have specific meaning: UNCLASSIFIED, RESTRICTED, 411 CONFIDENTIAL, SECRET, TOP_SECRET." 412 ::= { cDeviceInfoScalars 4 } 414 cElectronicSerialNumber OBJECT-TYPE 415 SYNTAX OCTET STRING 416 MAX-ACCESS read-only 417 STATUS current 418 DESCRIPTION 419 "The Electronic Serial Number of the device. This may be the 420 chassis serial number or an internal serial number." 421 ::= { cDeviceInfoScalars 5 } 423 cLastChanged OBJECT-TYPE 424 SYNTAX TimeTicks 425 MAX-ACCESS read-only 426 STATUS current 427 DESCRIPTION 428 "The value of cSystemUpTime the last time any configurable 429 object within the MIBs supported by the device has been 430 modified, created, or deleted by either SNMP, agent, or other 431 management method (e.g. via an HMI). Managers can use this 432 object to ensure that no changes to any configuration within the 433 device have happened since the last time it examined the device. 435 A value of 0 indicates that no objects have been changed since 436 the agent initialized." 437 ::= { cDeviceInfoScalars 6 } 439 cResetDevice OBJECT-TYPE 440 SYNTAX TruthValue 441 MAX-ACCESS read-write 442 STATUS current 443 DESCRIPTION 444 "The indication of whether a device should be reset. Setting 445 this object to 'true' will perform a reset operation of the 446 device. This must not affect the state of any persistent 447 configuration data, zeroize any of the key material or erase 448 the audit log. When read this object should return false. 449 When set to false this object must not perform any operation 450 but should accept this as a valid SET operation." 451 ::= { cDeviceInfoScalars 7 } 453 cSanitizeDevice OBJECT-TYPE 454 SYNTAX TruthValue 455 MAX-ACCESS read-write 456 STATUS current 457 DESCRIPTION 458 "The indication of whether persistent data should be erased. 459 Setting this object to 'true' will erase all persistent data 460 and return the box to an uninitialized state. It will 461 zeroize all keying data, erase all persistent storage and 462 auditing information. Setting this object will certainly 463 render the device unreachable from distant managers since it 464 will be unconfigured. When read this object should return 465 false. When set to false this object must not perform any 466 operation but should accept this as a valid SET operation." 467 ::= { cDeviceInfoScalars 8 } 469 cRenderInoperable OBJECT-TYPE 470 SYNTAX TruthValue 471 MAX-ACCESS read-write 472 STATUS current 473 DESCRIPTION 474 "The indication of whether persistent data should be erased. 475 Setting this object to 'true' will erase all persistent data 476 and return the box to an uninitialized state. It will 477 zeroize all keying data, erase all persistent storage and 478 auditing information. In addition, when supported, the 479 device is expected to perform some internal function that 480 will make the box unusable without returning to the factory 481 or some equivalent. Setting this object will certainly 482 render the device unreachable from distant managers since it 483 will be unconfigured. When read this object should return 484 false. When set to false this object must not perform any 485 operation but should accept this as a valid SET operation." 486 ::= { cDeviceInfoScalars 9 } 488 cVendorName OBJECT-TYPE 489 SYNTAX OCTET STRING 490 MAX-ACCESS read-only 491 STATUS current 492 DESCRIPTION 493 "This object stores the device's vendor name and is intended 494 to be displayed and meaningful to the human operator (e.g. 495 Flinstones Inc). In other words, this object is not intended 496 to store the vendor's authoritative identification value 497 (i.e. sysObjectID RFC 1213)." 498 ::= { cDeviceInfoScalars 10 } 500 cModelIdentifier OBJECT-TYPE 501 SYNTAX OCTET STRING 502 MAX-ACCESS read-only 503 STATUS current 504 DESCRIPTION 505 "This object stores the device's model identifier. In 506 general, this would include the model name and model 507 number." 508 ::= { cDeviceInfoScalars 11 } 510 cHardwareVersionNumber OBJECT-TYPE 511 SYNTAX OCTET STRING 512 MAX-ACCESS read-only 513 STATUS current 514 DESCRIPTION 515 "This object stores the device's hardware version." 516 ::= { cDeviceInfoScalars 12 } 518 -- ***************************************************************** 519 -- Device Information Notifications 520 -- ***************************************************************** 522 cResetDeviceInitialized NOTIFICATION-TYPE 523 STATUS current 524 DESCRIPTION 525 "A notification from the device to the management station 526 indicating that the device is being reset due to a change in 527 the value of cResetDevice. This notification should be sent 528 before the device performs any other reset operations (such 529 as shutting down interfaces, etc.)" 530 ::= { cDeviceInfoNotify 3 } 532 cSanitizeDeviceInitialized NOTIFICATION-TYPE 533 STATUS current 534 DESCRIPTION 535 "A notification from the device to the management station 536 indicating that the device is being sanitized due to a 537 change in the value of cSanitizeDevice. This notification 538 should be sent before the device performs any other sanitize 539 operations (such as shutting down interfaces, etc.)" 540 ::= { cDeviceInfoNotify 4 } 542 cTamperEventIndicated NOTIFICATION-TYPE 543 STATUS current 544 DESCRIPTION 545 "A notification from the device to the management station 546 indicating that the device has detected a tamper event. This 547 notification should be sent before the device performs any 548 operations (such as shutting down interfaces, etc.)" 549 ::= { cDeviceInfoNotify 5 } 551 cDeviceComponentDisabled NOTIFICATION-TYPE 552 OBJECTS { 553 cDeviceComponentName, 554 cDeviceComponentVersion, 555 cDeviceComponentOpStatus 556 } 557 STATUS current 558 DESCRIPTION 559 "A notification from the device to the management station 560 indicating a component described in the 561 cDeviceComponentVersTable has been disabled." 562 ::= { cDeviceInfoNotify 9 } 564 cDeviceComponentEnabled NOTIFICATION-TYPE 565 OBJECTS { 566 cDeviceComponentName, 567 cDeviceComponentVersion 568 } 569 STATUS current 570 DESCRIPTION 571 "A notification from the device to the management station 572 indicating a component described in the 573 cDeviceComponentVersTable has been enabled." 574 ::= { cDeviceInfoNotify 10 } 576 -- ***************************************************************** 577 -- CC MIB cDeviceComponentVersTable 578 -- ***************************************************************** 579 cDeviceComponentVersTableCount OBJECT-TYPE 580 SYNTAX Unsigned32 581 MAX-ACCESS read-only 582 STATUS current 583 DESCRIPTION 584 "The number of rows in the cDeviceComponentVersTable." 585 ::= { cDeviceComponentVersInfo 1 } 587 cDeviceComponentVersTableLastChanged OBJECT-TYPE 588 SYNTAX TimeStamp 589 MAX-ACCESS read-only 590 STATUS current 591 DESCRIPTION 592 "The last time any entry in the table was modified, created, 593 or deleted by either SNMP, agent, or other management method 594 (e.g. via an HMI). Managers can use this object to ensure 595 that no changes to configuration of this table have happened 596 since the last time it examined the table. A value of 0 597 indicates that no entry has been changed since the agent 598 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 599 should be used to populate this column." 600 ::= { cDeviceComponentVersInfo 2 } 602 cDeviceComponentVersTable OBJECT-TYPE 603 SYNTAX SEQUENCE OF CDeviceComponentVersEntry 604 MAX-ACCESS not-accessible 605 STATUS current 606 DESCRIPTION 607 "The table containing a description of the specification 608 versions of components or specifications supported by the 609 ECU. Note that it is possible for multiple versions of a 610 given specification to be registered within the table." 611 ::= { cDeviceComponentVersInfo 3 } 613 cDeviceComponentVersEntry OBJECT-TYPE 614 SYNTAX CDeviceComponentVersEntry 615 MAX-ACCESS not-accessible 616 STATUS current 617 DESCRIPTION 618 "A row containing a module descriptive name and its version 619 that is supported by this device." 620 INDEX { cDeviceComponentName, cDeviceComponentVersion } 621 ::= { cDeviceComponentVersTable 1 } 623 cDeviceComponentVersEntry ::= SEQUENCE { 624 cDeviceComponentName SnmpAdminString, 625 cDeviceComponentVersion SnmpAdminString, 626 cDeviceComponentOpStatus INTEGER, 627 cDeviceComponentDescription OCTET STRING 628 } 630 cDeviceComponentName OBJECT-TYPE 631 SYNTAX SnmpAdminString (SIZE(1..32)) 632 MAX-ACCESS read-only 633 STATUS current 634 DESCRIPTION 635 "The module name or specification name. The string value to 636 be used in this field should be documented in the text of 637 the specification a given row is reporting information on. 639 Specification names beginning with a prefix of 'vendor-' are 640 reserved for private use by the vendor of the device. 642 The string 'device' (exact) is reserved for vendors to 643 register a software revision version of the device. 645 The string 'hardware' (exact) is reserved for vendors to 646 register a model number of the hardware of the device." 647 ::= { cDeviceComponentVersEntry 1 } 649 cDeviceComponentVersion OBJECT-TYPE 650 SYNTAX SnmpAdminString (SIZE(1..32)) 651 MAX-ACCESS read-only 652 STATUS current 653 DESCRIPTION 654 "The version of the specification or module name listed in 655 the cDeviceComponentName object field in this row. The 656 string value to be used in this field should be documented 657 in the text of a specification, of the device, or elsewhere. 658 If the cDeviceComponentName begins with a 'vendor-' prefix, 659 the format of this field is vendor specific." 660 ::= { cDeviceComponentVersEntry 2 } 662 cDeviceComponentOpStatus OBJECT-TYPE 663 SYNTAX INTEGER { up(1), notReady(2), 664 administrativelyDown(3) } 665 MAX-ACCESS read-write 666 STATUS current 667 DESCRIPTION 668 "The current operational state of the interface feature. 670 This row may be used to enable/disable components or modules 671 in the device, and some implementations may allow for 672 various versions of a component to be activated. Devices may 673 use this construct to roll back versions of a device 674 software, or to allow various software feature versions to 675 be installed. 677 Agents may reject the changing this object for certain rows. 678 An example of this is changing the operational status of a 679 row that describes the software the device and not a 680 particular feature. In this event, the agent should return 681 an inconsistentValue error." 682 ::= { cDeviceComponentVersEntry 3 } 684 cDeviceComponentDescription OBJECT-TYPE 685 SYNTAX OCTET STRING 686 MAX-ACCESS read-write 687 STATUS current 688 DESCRIPTION 689 "A description of the component. Agents may reject the 690 changing this object certain rows. In this event, the agent 691 should return an inconsistentValue error." 692 ::= { cDeviceComponentVersEntry 4 } 694 -- ***************************************************************** 695 -- Module Conformance Information 696 -- ***************************************************************** 698 cDeviceInfoCompliances OBJECT IDENTIFIER 699 ::= { cDeviceInfoConformance 1} 700 cDeviceInfoGroups OBJECT IDENTIFIER 701 ::= { cDeviceInfoConformance 2} 703 cDeviceInfoSystemCompliance MODULE-COMPLIANCE 704 STATUS current 705 DESCRIPTION 706 "Compliance levels for system information." 707 MODULE 708 MANDATORY-GROUPS { cDeviceInfoSystemGroup } 710 GROUP cDeviceInfoSystemNotifyGroup 711 DESCRIPTION 712 "This notification group is optional for implementation." 714 OBJECT cSystemInitialLoadParameters 715 MIN-ACCESS not-accessible 716 DESCRIPTION 717 "Implementation of this object is optional." 719 OBJECT cSecurityLevel 720 MIN-ACCESS not-accessible 721 DESCRIPTION 722 "Implementation of this object is optional." 723 cSanitizeDevice 724 MIN-ACCESS not-accessible 725 DESCRIPTION 726 "Implementation of this object is optional." 728 OBJECT cRenderInoperable 729 MIN-ACCESS not-accessible 730 DESCRIPTION 731 "Implementation of this object is optional." 732 ::= { cDeviceInfoCompliances 1 } 734 cDeviceInfoComponentCompliance MODULE-COMPLIANCE 735 STATUS current 736 DESCRIPTION 737 "Compliance levels for component information." 738 MODULE 739 MANDATORY-GROUPS { cDeviceInfoComponentGroup } 741 GROUP cDeviceInfoComponentNotifyGroup 742 DESCRIPTION 743 "This notification group is optional for implementation." 744 ::= { cDeviceInfoCompliances 2 } 746 cDeviceInfoSystemGroup OBJECT-GROUP 747 OBJECTS { 748 cSystemDate, 749 cSystemUpTime, 750 cSystemInitialLoadParameters, 751 cSecurityLevel, 752 cElectronicSerialNumber, 753 cLastChanged, 754 cResetDevice, 755 cSanitizeDevice, 756 cRenderInoperable, 757 cVendorName, 758 cModelIdentifier, 759 cHardwareVersionNumber 760 } 761 STATUS current 762 DESCRIPTION 763 "This group is composed of objects related to system 764 information." 765 ::= { cDeviceInfoGroups 1 } 767 cDeviceInfoComponentGroup OBJECT-GROUP 768 OBJECTS { 769 cDeviceComponentVersTableCount, 770 cDeviceComponentVersTableLastChanged, 771 cDeviceComponentName, 772 cDeviceComponentVersion, 773 cDeviceComponentOpStatus, 774 cDeviceComponentDescription 775 } 776 STATUS current 777 DESCRIPTION 778 "This group is composed of objects related to component 779 information." 780 ::= { cDeviceInfoGroups 2 } 782 cDeviceInfoSystemNotifyGroup NOTIFICATION-GROUP 783 NOTIFICATIONS { 784 cResetDeviceInitialized, 785 cSanitizeDeviceInitialized, 786 cTamperEventIndicated, 787 cSanitizeDeviceInitialized 788 } 789 STATUS current 790 DESCRIPTION 791 "This group is composed of notifications related to system 792 information." 793 ::= { cDeviceInfoGroups 5 } 795 cDeviceInfoComponentNotifyGroup NOTIFICATION-GROUP 796 NOTIFICATIONS { 797 cDeviceComponentDisabled, 798 cDeviceComponentEnabled 799 } 800 STATUS current 801 DESCRIPTION 802 "This group is composed of notifications related to 803 component information." 804 ::= { cDeviceInfoGroups 6 } 806 END 808 5.4. Firmware Management Information 810 This MIB module makes references to the following documents: 811 [RFC2571], [RFC2578], [RFC2579], and [RFC2580]. 813 CC-FIRMWARE-MANAGEMENT-MIB DEFINITIONS ::= BEGIN 815 IMPORTS 816 SnmpAdminString 817 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571 818 OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, 819 MODULE-IDENTITY 820 FROM SNMPv2-SMI -- FROM RFC 2578 821 TimeStamp, TruthValue, RowStatus 822 FROM SNMPv2-TC -- FROM RFC 2579 823 MODULE-COMPLIANCE, OBJECT-GROUP, 824 NOTIFICATION-GROUP 825 FROM SNMPv2-CONF -- FROM RFC 2580; 827 ccFirmwareManagementMIB MODULE-IDENTITY 828 LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 829 ORGANIZATION "IETF" 830 CONTACT-INFO 831 "Shadi Azoum 832 US Navy 833 email: shadi.azoum@navy.mil 835 Elliott Jones 836 US Navy 837 elliott.jones@navy.mil 839 Lily Sun 840 US Navy 841 lily.sun@navy.mil 843 Mike Irani 844 NKI Engineering 845 irani@nkiengineering.com 847 Jeffrey Sun 848 NKI Engineering 849 sunjeff@nkiengineering.com 851 Ray Purvis 852 MITRE 853 Email:rpurvis@mitre.org 855 Sean Turner 856 sn3rd 857 Email:sean@sn3rd.com" 858 DESCRIPTION 859 "This MIB defines the CC MIB Firmware Managment objects. 861 Copyright (c) 2017 IETF Trust and the persons 862 identified as authors of the code. All rights reserved. 864 Redistribution and use in source and binary forms, with 865 or without modification, is permitted pursuant to, and 866 subject to the license terms contained in, the Simplified 867 BSD License set forth in Section 4.c of the IETF Trust's 868 Legal Provisions Relating to IETF Documents 869 (http://trustee.ietf.org/license-info). 871 This version of this MIB module is part of RFC xxxx; 872 see the RFC itself for full legal notices." 873 -- RFC Ed.: RFC-editor please fill in xxxx. 874 REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 875 DESCRIPTION "Initial Version. Published as RFC xxxx." 876 -- RFC Ed.: RFC-editor please fill in xxxx. 877 ::= { ccFirmwareManagement 1 } 879 -- ***************************************************************** 880 -- Firmware Information Segments 881 -- ***************************************************************** 883 cFirmwareInfo OBJECT IDENTIFIER 884 ::= { ccFirmwareManagementMIB TBD } 885 cFirmwareInfoNoitify OBJECT IDENTIFIER 886 ::= { ccFirmwareManagementMIB TBD } 888 -- ***************************************************************** 889 -- Firmware Information Notifications 890 -- ***************************************************************** 892 cFirmwareInstallFailed NOTIFICATION-TYPE 893 STATUS current 894 DESCRIPTION 895 "A notification from the device to the management station 896 indicating a firmware install failed." 897 ::= { cFirmwareInfoNotify TBD } 899 cFirmwareInstallSuccess NOTIFICATION-TYPE 900 OBJECTS { 901 cFirmwareName, 902 cFirmwareVersion, 903 cFirmwareSource 904 } 905 STATUS current 906 DESCRIPTION 907 "A notification from the device to the management station 908 indicating a firmware install succeeded." 909 ::= { cFirmwareInfoNotify TBD } 911 -- ***************************************************************** 912 -- CC MIB cFirmwareInformationTable 913 -- ***************************************************************** 915 cFirmwareInformationTableCount OBJECT-TYPE 916 SYNTAX Unsigned32 917 MAX-ACCESS read-only 918 STATUS current 919 DESCRIPTION 920 "The number of rows in the cFirmwareInformationTable." 921 ::= { cFirmwareInfo 1 } 923 cFirmwareInformationTableLastChanged OBJECT-TYPE 924 SYNTAX TimeStamp 925 MAX-ACCESS read-only 926 STATUS current 927 DESCRIPTION 928 "The last time any entry in the table was modified, created, 929 or deleted by either SNMP, agent, or other management method 930 (e.g. via an HMI). Managers can use this object to ensure 931 that no changes to configuration of this table have happened 932 since the last time it examined the table. A value of 0 933 indicates that no entry has been changed since the agent 934 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 935 should be used to populate this column." 936 ::= { cFirmwareInfo 2 } 938 cFirmwareInformationTable OBJECT-TYPE 939 SYNTAX SEQUENCE OF CFirmwareInformationEntry 940 MAX-ACCESS not-accessible 941 STATUS current 942 DESCRIPTION 943 "A table that lists firmware versions available in the 944 device, along with their versions and type. This is used to 945 list currently loaded firmware versions of running firmware 946 and other available firmware versions in support of 947 returning to a previous version of the firmware." 948 ::= { cFirmwareInfo 3 } 950 cFirmwareInformationEntry OBJECT-TYPE 951 SYNTAX CFirmwareInformationEntry 952 MAX-ACCESS not-accessible 953 STATUS current 954 DESCRIPTION 955 "A row containing a firmware package name, version, and 956 source." 957 INDEX { cFirmwareName } 958 ::= { cFirmwareInformationTable 1 } 960 CFirmwareInformationEntry ::= SEQUENCE { 961 cFirmwareName OCTET STRING, 962 cFirmwareVersion SnmpAdminString, 963 cFirmwareSource SnmpAdminString, 964 cFirmwareRunning TruthValue, 965 cFirmwareRowStatus RowStatus 966 } 968 cFirmwareName OBJECT-TYPE 969 SYNTAX OCTET STRING (SIZE(1..255)) 970 MAX-ACCESS read-only 971 STATUS current 972 DESCRIPTION 973 "Unique identifier provided in the firmware package." 974 ::= { cFirmwareInformationEntry 1 } 976 cFirmwareVersion OBJECT-TYPE 977 SYNTAX SnmpAdminString (SIZE(1..255)) 978 MAX-ACCESS read-only 979 STATUS current 980 DESCRIPTION 981 "Version of firmware (provided in the package); for legacy 982 firmware packages, this column would be the empty string, 983 ''." 984 ::= { cFirmwareInformationEntry 2 } 986 cFirmwareSource OBJECT-TYPE 987 SYNTAX SnmpAdminString (SIZE(1..255)) 988 MAX-ACCESS read-only 989 STATUS current 990 DESCRIPTION 991 "This column is used by the implementation to describe how 992 the firmware was received. Agents may use any string which 993 adequately describes the interface such as 'USB' or 994 'DS-100.' Agents may also reference entries in the ifTable 995 when appropriate. If received using a Secure Object 996 Maagement System (SOMS) server, the exact URI that was used 997 to retrieve the firmware package would be configured in this 998 column." 999 ::= { cFirmwareInformationEntry 3 } 1001 cFirmwareRunning OBJECT-TYPE 1002 SYNTAX TruthValue 1003 MAX-ACCESS read-write 1004 STATUS current 1005 DESCRIPTION 1006 "Indicates if the firmware is currently running. Only one 1007 row in the table should have this object set to True at any 1008 given time. If this object is set from False to True, the 1009 agent must install the firmware, uninstall the previous 1010 running firmware and change the cFirmwareRunning object for 1011 the previous running firmware from True to False." 1012 ::= { cFirmwareInformationEntry 4 } 1014 cFirmwareRowStatus OBJECT-TYPE 1015 SYNTAX RowStatus 1016 MAX-ACCESS read-write 1017 STATUS current 1018 DESCRIPTION 1019 "The status of the row, by which old entries may be deleted 1020 from this table. At a minimum, implementations must support 1021 destroy management functions. Support for active and 1022 notReady management functions is optional." 1023 ::= { cFirmwareInformationEntry 5 } 1025 -- ***************************************************************** 1026 -- Module Conformance Information 1027 -- ***************************************************************** 1029 cFirmwareInfoCompliances OBJECT IDENTIFIER 1030 ::= { cFirmwareInfoConformance 1} 1031 cFirmwareInfoGroups OBJECT IDENTIFIER 1032 ::= { cFirmwareInfoConformance 2} 1034 cFirmwareInfoCompliance MODULE-COMPLIANCE 1035 STATUS current 1036 DESCRIPTION 1037 "Compliance levels for firmware information." 1038 MODULE 1039 MANDATORY-GROUPS { cFirmwareInfoGroup } 1040 GROUP cFirmwareInfoNotifyGroup 1041 DESCRIPTION 1042 "This notification group is optional for implementation." 1043 ::= { cDeviceInfoCompliances TBD } 1045 cFirmwareInfoGroup OBJECT-GROUP 1046 OBJECTS { 1047 cFirmwareInformationTableCount, 1048 cFirmwareInformationTableLastChanged, 1049 cFirmwareName, 1050 cFirmwareVersion, 1051 cFirmwareSource, 1052 cFirmwareRunning, 1053 cFirmwareRowStatus 1054 } 1055 STATUS current 1056 DESCRIPTION 1057 "This group is composed of objects related to firmware 1058 information." 1059 ::= { cFirmwareInfoGroups TBD } 1061 cFirmwareInfoNotifyGroup NOTIFICATION-GROUP 1062 NOTIFICATIONS { 1063 cFirmwareInstallFailed, 1064 cFirmwareInstallSuccess 1065 } 1066 STATUS current 1067 DESCRIPTION 1068 "This group is composed of notifications related to firmware 1069 information." 1070 ::= { cFirmwareInfoGroups TBD } 1072 END 1074 5.5. Key Management Information 1076 This MIB module makes references to the following documents: 1077 [RFC2571], [RFC2578], [RFC2579], [RFC2580], [RFC5280], [RFC5914], 1078 [RFC6030], and [RFC6353]. 1080 CC-KEY-MANAGEMENT-MIB DEFINITIONS ::= BEGIN 1082 IMPORTS 1083 ccKeyManagement 1084 FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} 1085 OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, 1086 MODULE-IDENTITY 1087 FROM SNMPv2-SMI -- FROM RFC 2578 1088 SnmpAdminString 1089 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571 1090 RowPointer, RowStatus, DateAndTime, 1091 TruthValue, TimeStamp 1092 FROM SNMPv2-TC -- FROM RFC 2579 1093 MODULE-COMPLIANCE, OBJECT-GROUP, 1094 NOTIFICATION-GROUP 1095 FROM SNMPv2-CONF -- FROM RFC 2580 1096 SnmpTLSFingerprint 1097 FROM SNMP-TLS-TM-MIB; -- FROM RFC 6353 1099 ccKeyManagementMIB MODULE-IDENTITY 1100 LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 1101 ORGANIZATION "IETF" 1102 CONTACT-INFO 1103 "Shadi Azoum 1104 US Navy 1105 email: shadi.azoum@navy.mil 1107 Elliott Jones 1108 US Navy 1109 elliott.jones@navy.mil 1111 Lily Sun 1112 US Navy 1113 lily.sun@navy.mil 1115 Mike Irani 1116 NKI Engineering 1117 irani@nkiengineering.com 1119 Jeffrey Sun 1120 NKI Engineering 1121 sunjeff@nkiengineering.com 1123 Ray Purvis 1124 MITRE 1125 Email:rpurvis@mitre.org 1127 Sean Turner 1128 sn3rd 1129 Email:sean@sn3rd.com" 1130 DESCRIPTION 1131 "This MIB defines the CC MIB Key Managment objects. 1133 Copyright (c) 2016 IETF Trust and the persons 1134 identified as authors of the code. All rights reserved. 1136 Redistribution and use in source and binary forms, with 1137 or without modification, is permitted pursuant to, and 1138 subject to the license terms contained in, the Simplified 1139 BSD License set forth in Section 4.c of the IETF Trust's 1140 Legal Provisions Relating to IETF Documents 1141 (http://trustee.ietf.org/license-info). 1143 This version of this MIB module is part of RFC xxxx; 1144 see the RFC itself for full legal notices." 1145 -- RFC Ed.: RFC-editor please fill in xxxx. 1146 REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 1147 DESCRIPTION "Initial Version. Published as RFC xxxx." 1148 -- RFC Ed.: RFC-editor please fill in xxxx. 1149 ::= { ccKeyManagement 1 } 1151 -- ***************************************************************** 1152 -- Key Management Information Segments 1153 -- ***************************************************************** 1155 cSymmetricKeyInfo OBJECT IDENTIFIER 1156 ::= { ccKeyManagementMIB 1 } 1157 cAsymKeyInfo OBJECT IDENTIFIER 1158 ::= { ccKeyManagementMIB 2 } 1159 cTrustAnchorInfo OBJECT IDENTIFIER 1160 ::= { ccKeyManagementMIB 3 } 1161 cCKLInfo OBJECT IDENTIFIER 1162 ::= { ccKeyManagementMIB 4 } 1163 cCDMStoreInfo OBJECT IDENTIFIER 1164 ::= { ccKeyManagementMIB 5 } 1165 cCertSubAltNameInfo OBJECT IDENTIFIER 1166 ::= { ccKeyManagementMIB 6 } 1167 cCertPathCtrlsInfo OBJECT IDENTIFIER 1168 ::= { ccKeyManagementMIB 7 } 1169 cCertPolicyInfo OBJECT IDENTIFIER 1170 ::= { ccKeyManagementMIB 8 } 1171 cPolicyMappingInfo OBJECT IDENTIFIER 1172 ::= { ccKeyManagementMIB 9 } 1173 cNameConstraintInfo OBJECT IDENTIFIER 1174 ::= { ccKeyManagementMIB 10 } 1175 cKeyManagementScalars OBJECT IDENTIFIER 1176 ::= { ccKeyManagementMIB 11 } 1177 cKeyManagementNotify OBJECT IDENTIFIER 1178 ::= { ccKeyManagementMIB 12 } 1179 cKeyManagementConformance OBJECT IDENTIFIER 1180 ::= { ccKeyManagementMIB 13 } 1182 -- ***************************************************************** 1183 -- Key Management Information Scalars 1184 -- ***************************************************************** 1186 cZeroizeAllKeys OBJECT-TYPE 1187 SYNTAX TruthValue 1188 MAX-ACCESS read-write 1189 STATUS current 1190 DESCRIPTION 1191 "Setting this object to 'true' removes all entries in key 1192 material tables and zeroizes key materials. It is applicable 1193 to symmetric keys, asymmetric keys, and Trust Anchors (TA). 1194 It must not modify any other information in the device such 1195 as the persistent storage or the audit log. When read this 1196 object should return false. If this object is set to the 1197 same value as the current value, the device must not perform 1198 any operation but should accept this as a valid SET 1199 operation. Note after being set to true, an agent should 1200 reset this object to false once it has zeroized all the keys 1201 stored in the device." 1202 ::= { cKeyManagementScalars 1 } 1204 cZeroizeSymmetricKeyTable OBJECT-TYPE 1205 SYNTAX TruthValue 1206 MAX-ACCESS read-write 1207 STATUS current 1208 DESCRIPTION 1209 "Setting this object to 'true' removes all entries in the 1210 cSymmetricKeyTablekey and zeroizes the associated key 1211 materials. This operation must not modify any other 1212 information in the device such as the persistent storage or 1213 the audit log. When read this object should return false. If 1214 this object is set to the same value as the current value, 1215 the device must not perform any operation but should accept 1216 this as a valid SET operation. Note after being set to true, 1217 an agent should reset this object to false once it has 1218 zeroized the specific key materials stored in the device." 1219 ::= { cKeyManagementScalars 2 } 1221 cZeroizeAsymKeyTable OBJECT-TYPE 1222 SYNTAX TruthValue 1223 MAX-ACCESS read-write 1224 STATUS current 1225 DESCRIPTION 1226 "Setting this object to 'true' removes all entries in the 1227 cAsymKeyTable, cCertSubAltNameTable, and zeroizes the 1228 associated key materials. This operation must not modify any 1229 other information in the device such as the persistent 1230 storage or the audit log. When read this object should 1231 return false. If this object is set to the same value as the 1232 current value, the device must not perform any operation but 1233 should accept this as a valid SET operation. Note after 1234 being set to true, an agent should reset this object to 1235 false once it has zeroized the specific key materials stored 1236 in the device." 1237 ::= { cKeyManagementScalars 3 } 1239 cZeroizeTrustAnchorTable OBJECT-TYPE 1240 SYNTAX TruthValue 1241 MAX-ACCESS read-write 1242 STATUS current 1243 DESCRIPTION 1244 "Setting this object to 'true' removes all entries in the 1245 cTrustAnchorTable. This operation must not modify any other 1246 information in the device such as the persistent storage or 1247 the audit log. When read this object should return false. If 1248 this object is set to the same value as the current value, 1249 the device must not perform any operation but should accept 1250 this as a valid SET operation. Note after being set to true, 1251 an agent should reset this object to false once it has 1252 zeroized the specific key materials stored in the device. 1254 Some implementations may restrict the deletion of Trust 1255 Anchors to specific protocols (e.g. TAMP)." 1256 ::= { cKeyManagementScalars 4 } 1258 cZeroizeCDMStoreTable OBJECT-TYPE 1259 SYNTAX TruthValue 1260 MAX-ACCESS read-write 1261 STATUS current 1262 DESCRIPTION 1263 "Setting this object to 'true' removes all entries in the 1264 cCDMStoreTable that are of type symkey, asymkey, and 1265 trustAnchor. This operation must not modify any other 1266 information in the device such as the persistent storage or 1267 the audit log. When read this object should return false. If 1268 this object is set to the same value as the current value, 1269 the device must not perform any operation but should accept 1270 this as a valid SET operation. Note after being set to true, 1271 an agent should reset this object to false once it has 1272 zeroized the specific key materials stored in the device." 1273 ::= { cKeyManagementScalars 5 } 1275 cKeyMaterialTableOID OBJECT-TYPE 1276 SYNTAX OBJECT IDENTIFIER 1277 MAX-ACCESS read-write 1278 STATUS current 1279 DESCRIPTION 1280 "The OID of the table for which (1) a successful or failed 1281 configuration occurred upon a key material load or (2) a key 1282 material has expired, will expire, or had its expiration 1283 date changed (3) a key material has been zeroized." 1284 ::= { cKeyManagementScalars 6 } 1286 cKeyMaterialFingerprint OBJECT-TYPE 1287 SYNTAX SnmpTLSFingerprint 1288 MAX-ACCESS accessible-for-notify 1289 STATUS current 1290 DESCRIPTION 1291 "The fingerprint of the key material to be transmitted in a 1292 notification." 1293 ::= { cKeyManagementScalars 7 } 1295 cSymKeyGlobalExpiryWarning OBJECT-TYPE 1296 SYNTAX Unsigned32 1297 UNITS "days" 1298 MAX-ACCESS read-write 1299 STATUS current 1300 DESCRIPTION 1301 "A global setting, indicating the number of days prior to 1302 the expiration date of a symmetric key (value of 1303 cSymKeyExpirationDate in the associated cSymmetricKeyTable 1304 entry) for which the cKeyMaterialExpiring notification will 1305 be transmitted. 1307 The value in this object is only used if no value exists for 1308 the associated cSymmetricKeyTable entry's 1309 cSymKeyExpiryWarning object." 1310 ::= { cKeyManagementScalars 8 } 1312 cAsymKeyGlobalExpiryWarning OBJECT-TYPE 1313 SYNTAX Unsigned32 1314 UNITS "days" 1315 MAX-ACCESS read-write 1316 STATUS current 1317 DESCRIPTION 1318 "A global setting, indicating the number of days prior to 1319 the expiration date of an asymmetric key (value of 1320 cAsymKeyExpirationDate in the associated cAsymKeyTable entry) 1321 for which the cKeyMaterialExpiring notification will be 1322 transmitted. 1324 The value in this object is only used if no value exists for 1325 the associated cAsymKeyTable entry's cAsymKeyExpiryWarning 1326 object." 1327 ::= { cKeyManagementScalars 9 } 1329 cGenerateKeyType OBJECT-TYPE 1330 SYNTAX INTEGER { x509v3(1), psk(2)} 1331 MAX-ACCESS read-write 1332 STATUS current 1333 DESCRIPTION 1334 "The type of key material to be generated 1336 [1] x509v3: X.509v3 certificate per RFC 5280. 1337 [2] Symmetric Pre-Shared Key." 1338 ::= { cKeyManagementScalars 10 } 1340 cGenerateKey OBJECT-TYPE 1341 SYNTAX TruthValue 1342 MAX-ACCESS read-write 1343 STATUS current 1344 DESCRIPTION 1345 "Setting this object to 'true' will force the generation of 1346 key material, based on the type of key material described in 1347 cGenerateKeyType. Post-generation, the agent must create an 1348 entry in the appropriate key material table that captures 1349 information on this key. 1351 Note after being set to true, an agent should reset this 1352 object to false once the key material has been generated and 1353 an entry created in the appropriate table." 1354 ::= { cKeyManagementScalars 11 } 1356 -- ***************************************************************** 1357 -- Key Management Notifications 1358 -- ***************************************************************** 1360 cKeyMaterialLoadSuccess NOTIFICATION-TYPE 1361 OBJECTS { cKeyMaterialTableOID } 1362 STATUS current 1363 DESCRIPTION 1364 "An attempt to load the device with key material, identified 1365 by the table identifier (e.g. cSymmetricKeyTable), has 1366 succeeded. This notification may be sent upon a single 1367 successful key material load or may be sent upon a series of 1368 successful single key material loads." 1369 ::= { cKeyManagementNotify 1 } 1371 cKeyMaterialLoadFail NOTIFICATION-TYPE 1372 OBJECTS { cKeyMaterialTableOID } 1373 STATUS current 1374 DESCRIPTION 1375 "An attempt to load the device with key material, identified 1376 by the table identifier (e.g. cSymmetricKeyTable), has 1377 failed." 1378 ::= { cKeyManagementNotify 2 } 1380 cKeyMaterialExpiring NOTIFICATION-TYPE 1381 OBJECTS { 1382 cKeyMaterialFingerprint, 1383 cKeyMaterialTableOID 1384 } 1385 STATUS current 1386 DESCRIPTION 1387 "Key Material, identified by Key Fingerprint and OID of the 1388 associated key material table, is about to expire. This 1389 notification is transmitted prior to the key material's 1390 configured expiration date 1391 (cSymKeyExpirationDate/cAsymKeyExpirationDate) as indicated 1392 by a global setting 1393 (cSymKeyGlobalExpiryWarning/cAsymKeyGlobalExpiryWarning) or 1394 the granular setting per key material table entry 1395 (cSymKeyExpiryWarning/cAsymKeyExpiryWarning) if configured." 1396 ::= { cKeyManagementNotify 3 } 1398 cKeyMaterialExpired NOTIFICATION-TYPE 1399 OBJECTS { 1400 cKeyMaterialFingerprint, 1401 cKeyMaterialTableOID 1402 } 1403 STATUS current 1404 DESCRIPTION 1405 "Key Material, identified by Key Fingerprint and OID of the 1406 associated key material table, has expired." 1407 ::= { cKeyManagementNotify 4 } 1409 cKeyMaterialExpirationChanged NOTIFICATION-TYPE 1410 OBJECTS { 1411 cKeyMaterialFingerprint, 1412 cKeyMaterialTableOID 1413 } 1414 STATUS current 1415 DESCRIPTION 1416 "The expiration date of Key Material, identified by Key 1417 Fingerprint and the OID of the associated key material 1418 table, has changed. This can happen by either the 1419 'Expiration' object in the table changing or by the device 1420 making a change due to some other automated security policy 1421 change such as automatically extending a key when no new key 1422 is available." 1423 ::= { cKeyManagementNotify 5 } 1425 cKeyMaterialZeroized NOTIFICATION-TYPE 1426 OBJECTS { 1427 cKeyMaterialFingerprint, 1428 cKeyMaterialTableOID 1429 } 1430 STATUS current 1431 DESCRIPTION 1432 "A key material, identified by fingerprint and OID of the 1433 associated key material table, has been securely deleted and 1434 zeroized. This notification is transmitted upon setting the 1435 Row Status object of the associated key material table entry 1436 to 'destroy', setting the cZeroizeAllKeys object to 'true', 1437 setting the cZeroizeSymmetricKeyTable object to 'true', 1438 setting the cZeroizeAsymKeyTable object to 'true', setting 1439 the cZeroizeTrustAnchorTable object to 'true', or setting 1440 the cZeroizeCDMStoreTable object to 'true'." 1442 ::= { cKeyManagementNotify 6 } 1444 cCKLLoadSuccess NOTIFICATION-TYPE 1445 OBJECTS { 1446 cCKLIndex, 1447 cCKLIssuer 1448 } 1449 STATUS current 1450 DESCRIPTION 1451 "An attempt to load the device with CKL, identified by 1452 cCKLIndex and cCKLIssuer (indexes to the cCKLTable), has 1453 succeeded." 1454 ::= { cKeyManagementNotify 7 } 1456 cCKLLoadFail NOTIFICATION-TYPE 1457 STATUS current 1458 DESCRIPTION 1459 "An attempt to load the device with CKL has failed." 1460 ::= { cKeyManagementNotify 8 } 1462 cCDMAdded NOTIFICATION-TYPE 1463 OBJECTS { 1464 cCDMStoreIndex, 1465 cCDMStoreType 1466 } 1467 STATUS current 1468 DESCRIPTION 1469 "A new cryptographic device material (CDM) entry has been 1470 added to the cCDMStoreTable, as identified cCDMStoreIndex 1471 and cCDMStoreType." 1472 ::= { cKeyManagementNotify 9 } 1474 cCDMDeleted NOTIFICATION-TYPE 1475 OBJECTS { 1476 cCDMStoreIndex, 1477 cCDMStoreType, 1478 cCDMStoreFriendlyName 1479 } 1480 STATUS current 1481 DESCRIPTION 1482 "A cryptographic device material (CDM) entry has been 1483 deleted from the cCDMStoreTable, as identified 1484 cCDMStoreIndex, cCDMStoreType and cCDMStoreFriendlyName." 1485 ::= { cKeyManagementNotify 10 } 1487 cTrustAnchorAdded NOTIFICATION-TYPE 1488 OBJECTS { 1489 cTrustAnchorFingerprint, 1490 cTrustAnchorFormatType, 1491 cTrustAnchorUsageType 1492 } 1493 STATUS current 1494 DESCRIPTION 1495 "A trust anchor has been added to the cTrustAnchorTable, as 1496 identified by cTrustAnchorFingerprint, 1497 cTrustAnchorFormatType, and cTrustAnchorUsageType." 1498 ::= { cKeyManagementNotify 11 } 1500 cTrustAnchorUpdated NOTIFICATION-TYPE 1501 OBJECTS { 1502 cTrustAnchorFingerprint, 1503 cTrustAnchorFormatType, 1504 cTrustAnchorUsageType 1505 } 1506 STATUS current 1507 DESCRIPTION 1508 "A trust anchor has been updated in the cTrustAnchorTable, 1509 as identified by cTrustAnchorFingerprint, 1510 cTrustAnchorFormatType, and cTrustAnchorUsageType." 1511 ::= { cKeyManagementNotify 12 } 1513 cTrustAnchorRemoved NOTIFICATION-TYPE 1514 OBJECTS { 1515 cTrustAnchorFingerprint, 1516 cTrustAnchorFormatType, 1517 cTrustAnchorUsageType 1518 } 1519 STATUS current 1520 DESCRIPTION 1521 "A trust anchor has been removed from the cTrustAnchorTable, 1522 as identified by cTrustAnchorFingerprint, 1523 cTrustAnchorFormatType, and cTrustAnchorUsageType." 1524 ::= { cKeyManagementNotify 13 } 1526 -- ***************************************************************** 1527 -- CC MIB cSymmetricKeyTable 1528 -- ***************************************************************** 1530 cSymmetricKeyTableCount OBJECT-TYPE 1531 SYNTAX Unsigned32 1532 MAX-ACCESS read-only 1533 STATUS current 1534 DESCRIPTION 1535 "The number of rows in the cSymmetricKeyTable." 1536 ::= { cSymmetricKeyInfo 1 } 1538 cSymmetricKeyTableLastChanged OBJECT-TYPE 1539 SYNTAX TimeStamp 1540 MAX-ACCESS read-only 1541 STATUS current 1542 DESCRIPTION 1543 "The last time any entry in the table was modified, created, 1544 or deleted by either SNMP, agent, or other management method 1545 (e.g. via an HMI). Managers can use this object to ensure 1546 that no changes to configuration of this table have happened 1547 since the last time it examined the table. A value of 0 1548 indicates that no entry has been changed since the agent 1549 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 1550 should be used to populate this column." 1551 ::= { cSymmetricKeyInfo 2 } 1553 cSymmetricKeyTable OBJECT-TYPE 1554 SYNTAX SEQUENCE OF CSymmetricKeyEntry 1555 MAX-ACCESS not-accessible 1556 STATUS current 1557 DESCRIPTION 1558 "The table containing the various types of symmetric keys 1559 used by the device." 1560 ::= { cSymmetricKeyInfo 3 } 1562 cSymmetricKeyEntry OBJECT-TYPE 1563 SYNTAX CSymmetricKeyEntry 1564 MAX-ACCESS not-accessible 1565 STATUS current 1566 DESCRIPTION 1567 "A row containing information about a Symmetric Key." 1568 INDEX { cSymKeyFingerprint } 1569 ::= { cSymmetricKeyTable 1 } 1571 CSymmetricKeyEntry ::= SEQUENCE { 1572 cSymKeyFingerprint SnmpTLSFingerprint, 1573 cSymKeyUsage BITS, 1574 cSymKeyID OCTET STRING, 1575 cSymKeyIssuer OCTET STRING, 1576 cSymKeyEffectiveDate DateAndTime, 1577 cSymKeyExpirationDate DateAndTime, 1578 cSymKeyExpiryWarning Unsigned32, 1579 cSymKeyNumberOfTransactions Unsigned32, 1580 cSymKeyFriendlyName SnmpAdminString, 1581 cSymKeyClassification BITS, 1582 cSymKeySource OCTET STRING, 1583 cSymKeyRowStatus RowStatus 1584 } 1585 cSymKeyFingerprint OBJECT-TYPE 1586 SYNTAX SnmpTLSFingerprint 1587 MAX-ACCESS not-accessible 1588 STATUS current 1589 DESCRIPTION 1590 "An inherent identification of the symmetric key and the 1591 primary index to the cSymmetricKeyTable. 1593 This MIB does not provide any additional requirements on 1594 developing the fingerprint. Implementations are cautioned to 1595 develop the hash in a manner that does not compromise the 1596 security of the key material." 1597 ::= { cSymmetricKeyEntry 1 } 1599 cSymKeyUsage OBJECT-TYPE 1600 SYNTAX BITS { oneTimePassword(0), challengeResponse(1), 1601 unlock(2), encrypt(3), decrypt(4), 1602 integrity(5), verify(6), keyWrap(7), 1603 unwrap(8), derive(9), generate(10), 1604 sharedSecret(11) } 1605 MAX-ACCESS read-create 1606 STATUS current 1607 DESCRIPTION 1608 "The intended usage for the key: One Time Password (OTP), 1609 Challenge/Response (CR), Unlock, Encrypt, Decrypt, 1610 Integrity, Verify, KeyWrap, Unwrap, Derive, Generate, 1611 Shared Secret. 1612 From RFC 6030 section 5. 1614 OTP: The key is used for One Time Password (OTP) generation. 1616 CR: The key is used for Challenge/Response purposes. 1618 Unlock: The key is used for an inverse challenge response in 1619 the case where a user has locked the device by entering a 1620 wrong password too many times (for devices with password 1621 input capability). 1623 Encrypt: The key is used for data encryption purposes. 1625 Integrity: The key is used to generate a keyed message 1626 digest for data integrity or authentication purposes. 1628 Verify: The key is used to verify a keyed message digest for 1629 data integrity or authentication purposes (this is the 1630 opposite key usage of 'Integrity'). 1632 Decrypt: The key is used for data decryption purposes. 1634 KeyWrap: The key is used for key wrap purposes. 1636 Unwrap: The key is used for key unwrap purposes. 1638 Derive: The key is used with a key derivation function to 1639 derive a new key. 1641 Generate: The key is used to generate a new key based on a 1642 random number and the previous value of the key. 1644 Shared Secret: The key is used as a shared secret between 1645 entities. 1647 Bit value translation: 1648 1000 0000 0000 0000 = OneTimePassword 1649 0100 0000 0000 0000 = ChallengeResponse 1650 0010 0000 0000 0000 = Unlock 1651 0001 0000 0000 0000 = Encrypt 1652 0000 1000 0000 0000 = Decrypt 1653 0000 0100 0000 0000 = Integrity 1654 0000 0010 0000 0000 = Verify 1655 0000 0001 0000 0000 = KeyWrap 1656 0000 0000 1000 0000 = Unwrap 1657 0000 0000 0100 0000 = Derive 1658 0000 0000 0010 0000 = Generate 1659 0000 0000 0001 0000 = SharedSecret" 1660 ::= { cSymmetricKeyEntry 2 } 1662 cSymKeyID OBJECT-TYPE 1663 SYNTAX OCTET STRING (SIZE(1..255)) 1664 MAX-ACCESS read-create 1665 STATUS current 1666 DESCRIPTION 1667 "Represents a unique identifier assigned to this symmetric 1668 key. This would typically be an identifier inherent to the 1669 key material, such as a serial number or other form of 1670 identifier derived from a tag or other key wrapper. This 1671 object differs from cSymKeyFriendlyName which is a 1672 user-defined ID." 1673 ::= { cSymmetricKeyEntry 3 } 1675 cSymKeyIssuer OBJECT-TYPE 1676 SYNTAX OCTET STRING (SIZE(1..255)) 1677 MAX-ACCESS read-create 1678 STATUS current 1679 DESCRIPTION 1680 "Represents the name of the entity which issued the key. Use 1681 a distinguished name (DN) when one is available." 1683 ::= { cSymmetricKeyEntry 4 } 1685 cSymKeyEffectiveDate OBJECT-TYPE 1686 SYNTAX DateAndTime 1687 MAX-ACCESS read-create 1688 STATUS current 1689 DESCRIPTION 1690 "The effective date of the key." 1691 ::= { cSymmetricKeyEntry 5 } 1693 cSymKeyExpirationDate OBJECT-TYPE 1694 SYNTAX DateAndTime 1695 MAX-ACCESS read-create 1696 STATUS current 1697 DESCRIPTION 1698 "The expiration date of the key." 1699 ::= { cSymmetricKeyEntry 6 } 1701 cSymKeyExpiryWarning OBJECT-TYPE 1702 SYNTAX Unsigned32 1703 UNITS "days" 1704 MAX-ACCESS read-create 1705 STATUS current 1706 DESCRIPTION 1707 "The number of days prior to the expiration date of this key 1708 (cSymKeyExpirationDate) for which the cKeyMaterialExpiring 1709 notification will be transmitted. 1711 If configured, the scalar value of 1712 cSymKeyGlobalExpiryWarning will be ignored. The value of 1713 cSymKeyGlobalExpiryWarning will only be used if this column 1714 is not populated, populated with 0, or not implemented." 1715 ::= { cSymmetricKeyEntry 7 } 1717 cSymKeyNumberOfTransactions OBJECT-TYPE 1718 SYNTAX Unsigned32 1719 MAX-ACCESS read-create 1720 STATUS current 1721 DESCRIPTION 1722 "Indicates the maximum number of times a key can be used 1723 after having received it. If this column is not implemented, 1724 then there is no restriction regarding the number of times a 1725 key can be used. 1727 When this number is reached, implementations supporting this 1728 object should stop using this key and send a 1729 cKeyMaterialExpired notification." 1730 ::= { cSymmetricKeyEntry 8 } 1732 cSymKeyFriendlyName OBJECT-TYPE 1733 SYNTAX SnmpAdminString 1734 MAX-ACCESS read-create 1735 STATUS current 1736 DESCRIPTION 1737 "A human readable label of the key for easier reference. It 1738 is used only for helpful or informational purposes." 1739 ::= { cSymmetricKeyEntry 9 } 1741 cSymKeyClassification OBJECT-TYPE 1742 SYNTAX BITS { unclassified(0), restricted(1), 1743 confidential(2), secret(3), topSecret(4) } 1744 MAX-ACCESS read-create 1745 STATUS current 1746 DESCRIPTION 1747 "The classification of the key. 1748 Bit value translation: 1749 1000 0000 = unclassified 1750 0100 0000 = restricted 1751 0010 0000 = confidential 1752 0001 0000 = secret 1753 0000 1000 = topSecret 1754 This column does not exist for devices that do not have the 1755 concept of classification." 1756 ::= { cSymmetricKeyEntry 10 } 1758 cSymKeySource OBJECT-TYPE 1759 SYNTAX OCTET STRING (SIZE(1..255)) 1760 MAX-ACCESS read-create 1761 STATUS current 1762 DESCRIPTION 1763 "The source of the key material. This can be the URI of a 1764 key source entity. If the key was derived from a user-input 1765 password, the string should say PASSWORD. 1767 Keys developed by the device should contain the string 1768 DEVICE-GENERATED. If the key was filled locally then this 1769 column should begin with the word FILL followed by the fill 1770 protocol. If the source is unknown, this column should not 1771 be populated or be set to an empty string, ''." 1772 ::= { cSymmetricKeyEntry 11 } 1774 cSymKeyRowStatus OBJECT-TYPE 1775 SYNTAX RowStatus 1776 MAX-ACCESS read-create 1777 STATUS current 1778 DESCRIPTION 1779 "The status of this row by which existing entries may be 1780 deleted from this table. Setting this column to destroy is 1781 synonymous with zeroizing the key. Any reference(s) to this 1782 object, upon setting this RowStatus to destroy, should be 1783 destroyed as well. 1785 Upon populating this row, this column should automatically 1786 be set to notReady. Only after valid information has been 1787 entered by the manager, can the manager set this column to 1788 active. 1790 At a minimum, implementations must support active and 1791 destroy management functions. Implementations must support 1792 createAndWait and createAndGo management functions for this 1793 object if the symmetric key material can be manually entered 1794 by the manager." 1795 ::= { cSymmetricKeyEntry 12 } 1797 -- ********************************************************************* 1798 -- CC MIB cAsymKeyTable 1799 -- ********************************************************************* 1801 cAsymKeyTableCount OBJECT-TYPE 1802 SYNTAX Unsigned32 1803 MAX-ACCESS read-only 1804 STATUS current 1805 DESCRIPTION 1806 "The number of rows in the cAsymKeyTable." 1807 ::= { cAsymKeyInfo 1 } 1809 cAsymKeyTableLastChanged OBJECT-TYPE 1810 SYNTAX TimeStamp 1811 MAX-ACCESS read-only 1812 STATUS current 1813 DESCRIPTION 1814 "The last time any entry in the table was modified, created, 1815 or deleted by either SNMP, agent, or other management method 1816 (e.g. via an HMI). Managers can use this object to ensure 1817 that no changes to configuration of this table have happened 1818 since the last time it examined the table. A value of 0 1819 indicates that no entry has been changed since the agent 1820 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 1821 should be used to populate this column." 1822 ::= { cAsymKeyInfo 2 } 1824 cAsymKeyTable OBJECT-TYPE 1825 SYNTAX SEQUENCE OF CAsymKeyEntry 1826 MAX-ACCESS not-accessible 1827 STATUS current 1828 DESCRIPTION 1829 "The table containing the Asymmetric Key Material and 1830 Certificates used by the device. Enumeration values, when 1831 applicable follow the conventions in RFC 5280." 1832 ::= { cAsymKeyInfo 3 } 1834 cAsymKeyEntry OBJECT-TYPE 1835 SYNTAX CAsymKeyEntry 1836 MAX-ACCESS not-accessible 1837 STATUS current 1838 DESCRIPTION 1839 "A row containing information about an Asymmetric Key or 1840 Certificate." 1841 INDEX { cAsymKeyFingerprint } 1842 ::= { cAsymKeyTable 1 } 1844 CAsymKeyEntry ::= SEQUENCE { 1845 cAsymKeyFingerprint SnmpTLSFingerprint, 1846 cAsymKeyFriendlyName SnmpAdminString, 1847 cAsymKeySerialNumber OCTET STRING, 1848 cAsymKeyIssuer OCTET STRING, 1849 cAsymKeySignatureAlgorithm OCTET STRING, 1850 cAsymKeyPublicKeyAlgorithm OCTET STRING, 1851 cAsymKeyEffectiveDate DateAndTime, 1852 cAsymKeyExpirationDate DateAndTime, 1853 cAsymKeyExpiryWarning Unsigned32, 1854 cAsymKeySubject OCTET STRING, 1855 cAsymKeySubjectType BITS, 1856 cAsymKeySubjectAltName SnmpAdminString, 1857 cAsymKeyUsage BITS, 1858 cAsymKeyClassification BITS, 1859 cAsymKeySource OCTET STRING, 1860 cAsymKeyRowStatus RowStatus, 1861 cAsymKeyVersion INTEGER, 1862 cAsymKeyRekey TruthValue, 1863 cAsymKeyType OCTET STRING 1864 } 1866 cAsymKeyFingerprint OBJECT-TYPE 1867 SYNTAX SnmpTLSFingerprint 1868 MAX-ACCESS read-only 1869 STATUS current 1870 DESCRIPTION 1871 "An inherent identification of the asymmetric key and the 1872 primary index to the cAsymKeyTable." 1873 ::= { cAsymKeyEntry 1 } 1875 cAsymKeyFriendlyName OBJECT-TYPE 1876 SYNTAX SnmpAdminString 1877 MAX-ACCESS read-write 1878 STATUS current 1879 DESCRIPTION 1880 "A human readable label of the key for easier reference. It 1881 is used only for helpful or informational purposes." 1882 ::= { cAsymKeyEntry 2 } 1884 cAsymKeySerialNumber OBJECT-TYPE 1885 SYNTAX OCTET STRING (SIZE(1..255)) 1886 MAX-ACCESS read-only 1887 STATUS current 1888 DESCRIPTION 1889 "The unique positive integer assigned to the Asymmetric 1890 Key. For Public Key Certificate (PKC) this serial number is 1891 assigned by the Certification Authority (CA). The value is 1892 this column can be up to 20 bytes long per Section 1893 '4.1.2.2. Serial Number' of RFC 5280. Other types of Key 1894 Material may have different serial number format as defined 1895 by the issuer (e.g. a Key Material ID)." 1896 ::= { cAsymKeyEntry 3 } 1898 cAsymKeyIssuer OBJECT-TYPE 1899 SYNTAX OCTET STRING (SIZE(1..255)) 1900 MAX-ACCESS read-only 1901 STATUS current 1902 DESCRIPTION 1903 "The issuer of this key material. For Public Key 1904 Certificates, this is the distinguished name (DN) of the 1905 entity that has signed and issued the Public Key 1906 Certificate (PKC). Other issuers shall be defined by the 1907 class of device and will reference the Key Management 1908 System that delivers the key material for that device." 1909 ::= { cAsymKeyEntry 4 } 1911 cAsymKeySignatureAlgorithm OBJECT-TYPE 1912 SYNTAX OCTET STRING 1913 MAX-ACCESS read-only 1914 STATUS current 1915 DESCRIPTION 1916 "Signature algorithm used by a Certification Authority to 1917 sign this asymmetric key material (e.g. X.509 Certificate). 1918 If no signature/signature algorithm is provided/used, this 1919 column would not exist. 1921 Note, this is a free form OCTET STRING column, meaning 1922 implementations may utilize a standardized definition of 1923 string values or use a proprietary definition of string 1924 values for supported signature algorithms." 1925 ::= { cAsymKeyEntry 5 } 1927 cAsymKeyPublicKeyAlgorithm OBJECT-TYPE 1928 SYNTAX OCTET STRING 1929 MAX-ACCESS read-only 1930 STATUS current 1931 DESCRIPTION 1932 "Public key algorithm with which the public key is used (as 1933 associated with the asymmetric key material (e.g. X.509 1934 Certificate)). 1936 Note, this is a free form OCTET STRING column, meaning 1937 implementations may utilize a standardized definition of 1938 string values or use a proprietary definition of string 1939 values for supported public key algorithms." 1940 ::= { cAsymKeyEntry 6 } 1942 cAsymKeyEffectiveDate OBJECT-TYPE 1943 SYNTAX DateAndTime 1944 MAX-ACCESS read-write 1945 STATUS current 1946 DESCRIPTION 1947 "The date on which the validity period of the Asymmetric 1948 Key begins. This column must not exist when the key 1949 material does not have an inherent and associated effective 1950 date." 1951 ::= { cAsymKeyEntry 7 } 1953 cAsymKeyExpirationDate OBJECT-TYPE 1954 SYNTAX DateAndTime 1955 MAX-ACCESS read-write 1956 STATUS current 1957 DESCRIPTION 1958 "The date on which the validity period of the Asymmetric 1959 Key ends. This column must not exist when the key material 1960 does not have an inherent and associated expiration date." 1961 ::= { cAsymKeyEntry 8 } 1963 cAsymKeyExpiryWarning OBJECT-TYPE 1964 SYNTAX Unsigned32 1965 UNITS "days" 1966 MAX-ACCESS read-write 1967 STATUS current 1968 DESCRIPTION 1969 "The number of days prior to the expiration date of this 1970 key (cAsymKeyExpirationDate) for which the 1971 cKeyMaterialExpiring notification will be transmitted. 1973 If configured, the scalar value of 1974 cAsymKeyGlobalExpiryWarning will be ignored. The value of 1975 cAsymKeyGlobalExpiryWarning will only be used if this 1976 column is not populated, populated with 0, or not 1977 implemented." 1978 ::= { cAsymKeyEntry 9 } 1980 cAsymKeySubject OBJECT-TYPE 1981 SYNTAX OCTET STRING (SIZE(1..255)) 1982 MAX-ACCESS read-only 1983 STATUS current 1984 DESCRIPTION 1985 "The entity associated with this Asymmetric Key. 1987 For non-X.509 based key material, or when this object does 1988 not apply for the key material, this column will not exist." 1989 ::= { cAsymKeyEntry 10 } 1991 cAsymKeySubjectType OBJECT-TYPE 1992 SYNTAX BITS { other(0), certificationAuthority(1), 1993 crlIssuer(2) } 1994 MAX-ACCESS read-only 1995 STATUS current 1996 DESCRIPTION 1997 "Defines the type of subject based on the following 1998 choices. certificationAuthority(1) - When set to 1 1999 indicates that the subject (cAsymKeySubject) of the Public 2000 Key Certificate (PKC) is a Certification Authority (CA). 2001 crlIssuer(2) - When set to 1 indicates that the subject 2002 (cCertificateSubject) of the Public Key Certificate (PKC) 2003 is a Certificate Revocation List (CRL) issuer. 2004 Bit value translation: 2005 1000 0000 = other 2006 0100 0000 = certificationAuthority 2007 0010 0000 = crlIssuer 2008 For non-X.509 based key material, or when this object does not 2009 apply for the key material, this column will not exist." 2010 ::= { cAsymKeyEntry 11 } 2012 cAsymKeySubjectAltName OBJECT-TYPE 2013 SYNTAXSnmpAdminString (SIZE(1..32)) 2014 MAX-ACCESS read-write 2015 STATUS current 2016 DESCRIPTION 2017 "A reference string that points to a set of Certificate 2018 Subject Alternative Subject Names in the 2019 cCertSubAltNameTable. 2021 This column should contain an empty string if the 2022 Certificate has no associating Subject Alternative Names. 2024 For non-X.509 based key material, or when this object does 2025 not apply for the key material, this column will not 2026 exist." 2027 ::= { cAsymKeyEntry 12 } 2029 cAsymKeyUsage OBJECT-TYPE 2030 SYNTAX BITS { other(0), digitalSignature(1), 2031 nonRepudiation(2), keyEncipherment(3), 2032 dataEncipherment(4), keyAgreement(5), 2033 keyCertSign(6), cRLSign(7), encipherOnly(8), 2034 decipherOnly(9) } 2035 MAX-ACCESS read-write 2036 STATUS current 2037 DESCRIPTION 2038 "Provides the intended type of usage for the Asymmetric 2039 Key. The following types are supported (defined in Section 2040 4.2.1.3 Key Usage of RFC 5280 for PKC): 2041 other(0), digitalSignature(1), nonRepudiation(2), 2042 keyEncipherment(3), dataEncipherment(4), keyAgreement(5), 2043 keyCertSign(6), cRLSign(7), encipherOnly(8), and 2044 decipherOnly(9) 2045 Bit value translation: 2046 1000 0000 0000 0000 = other, 2047 0100 0000 0000 0000 = digitalSignature, 2048 0010 0000 0000 0000 = nonRepudiation, 2049 0001 0000 0000 0000 = keyEncipherment, 2050 0000 1000 0000 0000 = dataEncipherment, 2051 0000 0100 0000 0000 = keyAgreement, 2052 0000 0010 0000 0000 = keyCertSign, 2053 0000 0001 0000 0000 = cRLSign, 2054 0000 0000 1000 0000 = encipherOnly, 2055 0000 0000 0100 0000 = decipherOnly. 2056 Devices using asymmetric key material not adhering to RFC 2057 5280 (X.509 format) may still use an applicable value for 2058 the Usage, or may use 'other'." 2059 ::= { cAsymKeyEntry 13 } 2061 cAsymKeyClassification OBJECT-TYPE 2062 SYNTAX BITS { unclassified(0), restricted(1), 2063 confidential(2), secret(3), topSecret(4) } 2064 MAX-ACCESS read-only 2065 STATUS current 2066 DESCRIPTION 2067 "The supported classification level supported by the 2068 cAsymKeySubject used by this key material 2069 Bit value translation: 2070 1000 0000 = unclassified, 2071 0100 0000 = restricted, 2072 0010 0000 = confidential, 2073 0001 0000 = secret, 2074 0000 1000 = topSecret. 2076 This column does not exist for devices that do not have the 2077 concept of classification." 2078 ::= { cAsymKeyEntry 14 } 2080 cAsymKeySource OBJECT-TYPE 2081 SYNTAX OCTET STRING (SIZE(1..255)) 2082 MAX-ACCESS read-write 2083 STATUS current 2084 DESCRIPTION 2085 "The source of the key material. This can be the URI of a 2086 key source entity. Keys developed by the device should 2087 contain the string DEVICE-GENERATED. If the key was filled 2088 locally then this column should begin with the word FILL 2089 followed by the fill protocol. If the source is unknown, 2090 this column should be blank." 2091 ::= { cAsymKeyEntry 15 } 2093 cAsymKeyRowStatus OBJECT-TYPE 2094 SYNTAX RowStatus 2095 MAX-ACCESS read-write 2096 STATUS current 2097 DESCRIPTION 2098 "The status of this row by which existing entries may be 2099 deleted from this table. Deleting a row in this table will 2100 also delete analogous rows in the cCertSubAltNameTable that 2101 are referenced by the cAsymKeySubjectAltName. 2103 Setting this column to destroy is synonymous with zeroizing 2104 the key material. Any reference(s) to this object, upon 2105 setting this RowStatus to destroy, should be destroyed as 2107 well. At a minimum, implementations must support active and 2108 destroy management functions. Support for notInService and 2109 notReady management functions is optional. Implementations 2110 must not support createAndWait and createAndGo management 2111 functions for this object." 2112 ::= { cAsymKeyEntry 16 } 2114 cAsymKeyVersion OBJECT-TYPE 2115 SYNTAX INTEGER 2116 MAX-ACCESS read-only 2117 STATUS current 2118 DESCRIPTION 2119 "The version of the asymmetric key material. For example, 2120 X.509 Version 3 certificates would have a value of '2', as 2121 defined in RFC 5280 - Section 4.1.2.1. 2123 When this object does not apply for the key material, this 2124 column will not exist." 2125 ::= { cAsymKeyEntry 17 } 2127 cAsymKeyRekey OBJECT-TYPE 2128 SYNTAX TruthValue 2129 MAX-ACCESS read-create 2130 STATUS current 2131 DESCRIPTION 2132 "Setting this object to 'true' initates a rekey operation 2133 for the asymmetric key material. Note, additional 2134 configurations will likely be required based on the 2135 supported key management protocol. 2137 Note after being set to true, an agent should reset this 2138 object to false once the rekey operation has completed." 2139 ::= { cAsymKeyEntry 18 } 2141 cAsymKeyType OBJECT-TYPE 2142 SYNTAX OCTET STRING (SIZE(1..255)) 2143 MAX-ACCESS read-only 2144 STATUS current 2145 DESCRIPTION 2146 "This column describes the type of asymmetric key material. 2148 Note, this is a free form OCTET STRING column. 2149 Implementations are expected to utilize definition of string 2150 values that apply to their specific nomenclature supported. 2151 If no such nomenclature exists, this column should not be 2152 populated or be set to an empty string (i.e. '')." 2153 ::= { cAsymKeyEntry 19 } 2155 -- ***************************************************************** 2156 -- CC MIB cTrustAnchorTable 2157 -- ***************************************************************** 2159 cTrustAnchorTableCount OBJECT-TYPE 2160 SYNTAX Unsigned32 2161 MAX-ACCESS read-only 2162 STATUS current 2163 DESCRIPTION 2164 "The number of rows in the cTrustAnchorTable." 2166 ::= { cTrustAnchorInfo 1 } 2168 cTrustAnchorTableLastChanged OBJECT-TYPE 2169 SYNTAX TimeStamp 2170 MAX-ACCESS read-only 2171 STATUS current 2172 DESCRIPTION 2173 "The last time any entry in the table was modified, created, 2174 or deleted by either SNMP, agent, or other management method 2175 (e.g. via an HMI). Managers can use this object to ensure 2176 that no changes to configuration of this table have happened 2177 since the last time it examined the table. A value of 0 2178 indicates that no entry has been changed since the agent 2179 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 2180 should be used to populate this column." 2181 ::= { cTrustAnchorInfo 2 } 2183 cTrustAnchorTable OBJECT-TYPE 2184 SYNTAX SEQUENCE OF CTrustAnchorEntry 2185 MAX-ACCESS not-accessible 2186 STATUS current 2187 DESCRIPTION 2188 "The table containing the Trust Anchors (TAs) in this 2189 device." 2190 ::= { cTrustAnchorInfo 3 } 2192 cTrustAnchorEntry OBJECT-TYPE 2193 SYNTAX CTrustAnchorEntry 2194 MAX-ACCESS not-accessible 2195 STATUS current 2196 DESCRIPTION 2197 "A row containing information about a Trust Anchor (TA) that 2198 has been loaded into the device." 2199 INDEX { cTrustAnchorFingerprint } 2200 ::= { cTrustAnchorTable 1 } 2202 CTrustAnchorEntry ::= SEQUENCE { 2203 cTrustAnchorFingerprint SnmpTLSFingerprint, 2204 cTrustAnchorFormatType INTEGER, 2205 cTrustAnchorName OCTET STRING, 2206 cTrustAnchorUsageType INTEGER, 2207 cTrustAnchorKeyIdentifier OCTET STRING, 2208 cTrustAnchorPublicKeyAlgorithm OCTET STRING, 2209 cTrustAnchorContingencyAvail TruthValue, 2210 cTrustAnchorRowStatus RowStatus 2211 } 2213 cTrustAnchorFingerprint OBJECT-TYPE 2214 SYNTAX SnmpTLSFingerprint 2215 MAX-ACCESS read-only 2216 STATUS current 2217 DESCRIPTION 2218 "An inherent identification of the trust anchor and the 2219 primary index to the cTrustAnchorTable." 2220 ::= { cTrustAnchorEntry 1 } 2222 cTrustAnchorFormatType OBJECT-TYPE 2223 SYNTAX INTEGER { x509v3(1), trustAnchorFormat(2), 2224 tbsCertificate(3) } 2225 MAX-ACCESS read-only 2226 STATUS current 2227 DESCRIPTION 2228 "The type/format of the trust anchor. 2230 [1] x509v3: X.509v3 certificate per RFC 5280. 2231 [2] trustAnchorFormat: Trust Anchor Format per RFC 5914. 2232 [3] tbsCertificate: To Be Signed Certificate per RFC 5280." 2233 ::= { cTrustAnchorEntry 2 } 2235 cTrustAnchorName OBJECT-TYPE 2236 SYNTAX OCTET STRING (SIZE(0..255)) 2237 MAX-ACCESS read-only 2238 STATUS current 2239 DESCRIPTION 2240 "The name of the Trust Anchor. When available, this is the 2241 X.500 distinguished name (DN) associated with the Trust 2242 Anchor (TA) used to construct and validate an X.509 2243 certification path. When the value of cTrustAnchorFormatType 2244 is 'trustAnchorFormat', this column is populated with the 2245 value from the taTitle field of the TrustAnchorInfo 2246 structure defined in RFC 5914, which is a human-readable 2247 name for the trust anchor. Otherwise, this column should be 2248 blank." 2249 ::= { cTrustAnchorEntry 3 } 2251 cTrustAnchorUsageType OBJECT-TYPE 2252 SYNTAX INTEGER { other(1), apex(2), management(3), 2253 identity(4), firmware(5), crl(6) } 2254 MAX-ACCESS read-only 2255 STATUS current 2256 DESCRIPTION 2257 "The usage type for the Trust Anchor (TA). Note, crl(6) also 2258 applies to compromised key lists." 2259 ::= { cTrustAnchorEntry 4 } 2261 cTrustAnchorKeyIdentifier OBJECT-TYPE 2262 SYNTAX OCTET STRING (SIZE(1..255)) 2263 MAX-ACCESS read-only 2264 STATUS current 2265 DESCRIPTION 2266 "The identifier of the Trust Anchor's (TA's) public key." 2267 ::= { cTrustAnchorEntry 5 } 2269 cTrustAnchorPublicKeyAlgorithm OBJECT-TYPE 2270 SYNTAX OCTET STRING 2271 MAX-ACCESS read-only 2272 STATUS current 2273 DESCRIPTION 2274 "Public key algorithm with which the public key is used (as 2275 associated with the trust anchor). 2277 Note, this is a free form OCTET STRING column, meaning 2278 implementations may utilize a standardized definition of 2279 string values or use a proprietary definition of string 2280 values for supported public key algorithms." 2281 ::= { cTrustAnchorEntry 6 } 2283 cTrustAnchorContingencyAvail OBJECT-TYPE 2284 SYNTAX TruthValue 2285 MAX-ACCESS read-only 2286 STATUS current 2287 DESCRIPTION 2288 "An indication of the availability of a contingency key for 2289 an Apex Trust Anchor. When set to 'True', a contingency key 2290 is available." 2291 ::= { cTrustAnchorEntry 7 } 2293 cTrustAnchorRowStatus OBJECT-TYPE 2294 SYNTAX RowStatus 2295 MAX-ACCESS read-write 2296 STATUS current 2297 DESCRIPTION 2298 "The status of this row by which existing entries may be 2299 deleted from this table. Setting this column to destroy is 2300 synonymous with zeroizing the Trust Anchor (TA). Any 2301 reference(s) to this object, upon setting this RowStatus to 2302 destroy, should be destroyed as well. 2304 At a minimum, implementations must support active and 2305 destroy management functions. Support for notInService and 2306 notReady management functions is optional. Implementations 2307 must not support createAndWait and createAndGo management 2308 functions for this object. 2310 Some implementations may restrict the deletion of Trust 2311 Anchors to specific protocols (e.g. TAMP)." 2312 ::= { cTrustAnchorEntry 8 } 2314 -- ********************************************************************* 2315 -- CC MIB cCKLTable 2316 -- ********************************************************************* 2318 cCKLTableCount OBJECT-TYPE 2319 SYNTAX Unsigned32 2320 MAX-ACCESS read-only 2321 STATUS current 2322 DESCRIPTION 2323 "The number of rows in the cCKLTable." 2324 ::= { cCKLInfo 1 } 2326 cCKLLastChanged OBJECT-TYPE 2327 SYNTAX TimeStamp 2328 MAX-ACCESS read-only 2329 STATUS current 2330 DESCRIPTION 2331 "The last time any entry in the table was modified, created, 2332 or deleted by either SNMP, agent, or other management method 2333 (e.g. via an HMI). Managers can use this object to ensure 2334 that no changes to configuration of this table have happened 2335 since the last time it examined the table. A value of 0 2336 indicates that no entry has been changed since the agent 2337 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 2338 should be used to populate this column." 2339 ::= { cCKLInfo 2 } 2341 cCKLTable OBJECT-TYPE 2342 SYNTAX SEQUENCE OF CCKLEntry 2343 MAX-ACCESS not-accessible 2344 STATUS current 2345 DESCRIPTION 2346 "The table containing the Compromised Key Lists and 2347 Certificate Revocation Lists (CRLS) used by the device. This 2348 table is used both for CRLs as defined in RFC 5280 and for 2349 other formats of revocation lists (such as Compromised Key 2350 Lists.)" 2351 ::= { cCKLInfo 3 } 2353 cCKLEntry OBJECT-TYPE 2354 SYNTAX CCKLEntry 2355 MAX-ACCESS not-accessible 2356 STATUS current 2357 DESCRIPTION 2358 "A row containing information about a Compromised Key List 2359 or Certificate Revocation List (CRL) used by the device." 2360 INDEX { cCKLIndex, cCKLIssuer } 2361 ::= { cCKLTable 1 } 2363 CCKLEntry ::= SEQUENCE { 2364 cCKLIndex Unsigned32, 2365 cCKLIssuer OCTET STRING, 2366 cCKLSerialNumber OCTET STRING, 2367 cCKLIssueDate DateAndTime, 2368 cCKLNextUpdate DateAndTime, 2369 cCKLRowStatus RowStatus, 2370 cCKLVersion INTEGER, 2371 cCKLLastUpdate DateAndTime 2372 } 2374 cCKLIndex OBJECT-TYPE 2375 SYNTAX Unsigned32 2376 MAX-ACCESS read-only 2377 STATUS current 2378 DESCRIPTION 2379 "An ID that uniquely identifies the Compromised Key List 2380 (CKL) in this table." 2381 ::= { cCKLEntry 1 } 2383 cCKLIssuer OBJECT-TYPE 2384 SYNTAX OCTET STRING (SIZE(0..255)) 2385 MAX-ACCESS read-only 2386 STATUS current 2387 DESCRIPTION 2388 "For devices adhering to RFC 5280 this is the X.500 2389 distinguished name (DN) of the entity that has signed and 2390 issued the Certificate Revocation List (CRL). 2392 Other CRL/CKL issuers may use proprietary naming conventions 2393 or formats. 2395 If the source is unknown, this column should not be 2396 populated or be set to an empty string, ''." 2397 ::= { cCKLEntry 2 } 2399 cCKLSerialNumber OBJECT-TYPE 2400 SYNTAX OCTET STRING (SIZE(0..255)) 2401 MAX-ACCESS read-only 2402 STATUS current 2403 DESCRIPTION 2404 "A Serial Number for this CRL or CKL. 2406 For CRLs adhering to RFC 5280, this will be a monotonically 2407 increasing sequence number for a given Certificate 2408 Revocation List (CRL) scope and CRL issuer. The CRL Number 2409 allows users to easily determine when a particular CKL/CRL 2410 supersedes another CKL/CRL." 2411 ::= { cCKLEntry 3 } 2413 cCKLIssueDate OBJECT-TYPE 2414 SYNTAX DateAndTime 2415 MAX-ACCESS read-only 2416 STATUS current 2417 DESCRIPTION 2418 "The issue date of this CRL/CKL." 2419 ::= { cCKLEntry 4 } 2421 cCKLNextUpdate OBJECT-TYPE 2422 SYNTAX DateAndTime 2423 MAX-ACCESS read-only 2424 STATUS current 2425 DESCRIPTION 2427 "The date by which the next CKL/CRL issued. The next CRL 2428 could be issued before the indicated date, but it will not 2429 be issued any later than the indicated date. 2431 If this value is unknown, this column should not be 2432 populated or be set to an empty string, ''." 2433 ::= { cCKLEntry 5 } 2435 cCKLRowStatus OBJECT-TYPE 2436 SYNTAX RowStatus 2437 MAX-ACCESS read-write 2438 STATUS current 2439 DESCRIPTION 2440 "The status of this row by which existing entries may be 2441 deleted from this table. 2443 At a minimum, implementations must support active and 2444 destroy management functions. Support for notInService and 2445 notReady management functions is optional. Implementations 2446 must not support createAndWait and createAndGo management 2447 functions for this object." 2448 ::= { cCKLEntry 6 } 2450 cCKLVersion OBJECT-TYPE 2451 SYNTAX INTEGER 2452 MAX-ACCESS read-only 2453 STATUS current 2454 DESCRIPTION 2455 "The version of the CKL/CRL. For example, X.509 Version 2 2456 CRLs would have a value of '1', as defined in RFC 5280 - 2457 Section 5.1.2.1. 2459 When this object does not apply for the CKL/CRL, this column 2460 will not exist." 2461 ::= { cCKLEntry 7 } 2463 cCKLLastUpdate OBJECT-TYPE 2464 SYNTAX DateAndTime 2465 MAX-ACCESS read-only 2466 STATUS current 2467 DESCRIPTION 2468 "The date this CKL/CRL was last updated." 2469 ::= { cCKLEntry 8 } 2471 -- ********************************************************************* 2472 -- CC MIB cCDMStoreTable 2473 -- ********************************************************************* 2475 cCDMStoreTableCount OBJECT-TYPE 2476 SYNTAX Unsigned32 2477 MAX-ACCESS read-only 2478 STATUS current 2479 DESCRIPTION 2480 "The number of rows in the cCDMStoreTable." 2481 ::= { cCDMStoreInfo 1 } 2483 cCDMStoreTableLastChanged OBJECT-TYPE 2484 SYNTAX TimeStamp 2485 MAX-ACCESS read-only 2486 STATUS current 2487 DESCRIPTION 2488 "The last time any entry in the table was modified, created, 2489 or deleted by either SNMP, agent, or other management method 2490 (e.g. via an HMI). Managers can use this object to ensure 2491 that no changes to configuration of this table have happened 2492 since the last time it examined the table. A value of 0 2493 indicates that no entry has been changed since the agent 2494 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 2495 should be used to populate this column." 2496 ::= { cCDMStoreInfo 2 } 2498 cCDMStoreTable OBJECT-TYPE 2499 SYNTAX SEQUENCE OF CCDMStoreEntry 2500 MAX-ACCESS not-accessible 2501 STATUS current 2502 DESCRIPTION 2503 "The table containing various types of stored Crypto Device 2504 Material (CDM) that are destined for this device and/or 2505 destined for another device. When sending CDM to a destined 2506 device, the cCDMTransferPkgLocatorRowPtr from the 2507 CC-KEY-TRANSFER-PUSH-MIB can be used to point to the rows in 2508 this table." 2509 ::= { cCDMStoreInfo 3 } 2511 cCDMStoreEntry OBJECT-TYPE 2512 SYNTAX CCDMStoreEntry 2513 MAX-ACCESS not-accessible 2514 STATUS current 2515 DESCRIPTION 2516 "A row containing information about stored Crypto Device 2517 Material (CDM)." 2518 INDEX { cCDMStoreIndex } 2519 ::= { cCDMStoreTable 1 } 2521 CCDMStoreEntry ::= SEQUENCE { 2522 cCDMStoreIndex Unsigned32, 2523 cCDMStoreType INTEGER, 2524 cCDMStoreSource SnmpAdminString, 2525 cCDMStoreID OCTET STRING, 2526 cCDMStoreFriendlyName SnmpAdminString, 2527 cCDMStoreControl INTEGER, 2528 cCDMStoreRowStatus RowStatus 2529 } 2531 cCDMStoreIndex OBJECT-TYPE 2532 SYNTAX Unsigned32 2533 MAX-ACCESS read-only 2534 STATUS current 2535 DESCRIPTION 2536 "A numeric index that identifies a unique location in this 2537 table." 2538 ::= { cCDMStoreEntry 1 } 2540 cCDMStoreType OBJECT-TYPE 2541 SYNTAX INTEGER { symKey(1), asymKey(2), trustAnchor(3), 2542 crl(4), ckl(5), firmware(6), 2543 storeAndForwardWrappedPkg(7) } 2544 MAX-ACCESS read-only 2545 STATUS current 2546 DESCRIPTION 2547 "The type of Crypto Device Material (CDM) populated in this 2548 row. 2550 (1) symKey - This row contains information about a stored 2551 symmetric key. 2552 (2) asymKey - This row contains information about a stored 2553 asymmetric key. 2554 (3) trustAnchor - This row contains information about a 2555 stored Trust Anchor (TA). 2556 (4) crl - This row contains information about a stored 2557 Certificate Revocation List (CRL). 2558 (5) ckl - This row contains information about a stored 2559 Compromised Key List (CKL). 2560 (6) firmware - This row contains information about stored 2561 firmware. 2562 (7) storeAndForwardWrappedPkg - This row contains 2563 information about a stored encrypted wrapped package, 2564 typically meant to be forwarded to another device." 2565 ::= { cCDMStoreEntry 2 } 2567 cCDMStoreSource OBJECT-TYPE 2568 SYNTAX SnmpAdminString 2569 MAX-ACCESS read-only 2570 STATUS current 2571 DESCRIPTION 2572 "An administrative name that identifies the source of this 2573 Crypto Device Material (CDM). This could be the URI used 2574 when downloaded from the Secure Object Management System 2575 (SOMS) server or a physical port designator for CDM 2576 downloaded via HMI." 2577 ::= { cCDMStoreEntry 3 } 2579 cCDMStoreID OBJECT-TYPE 2580 SYNTAX OCTET STRING (SIZE(1..255)) 2581 MAX-ACCESS read-write 2582 STATUS current 2583 DESCRIPTION 2584 "Represents a unique identifier assigned to this Crypto 2585 Device Material (CDM). This would typically be an identifier 2586 inherent to the CDM, such as a serial number or other form 2587 of identifier derived from a tag or other CDM wrapper. This 2588 object differs from cCDMStoreFriendlyName which is a 2589 user-defined ID." 2590 ::= { cCDMStoreEntry 4 } 2592 cCDMStoreFriendlyName OBJECT-TYPE 2593 SYNTAX SnmpAdminString 2594 MAX-ACCESS read-write 2595 STATUS current 2596 DESCRIPTION 2597 "A human readable label of this Crypto Device Material (CDM) 2598 for easier reference. It is used only for helpful or 2599 informational purposes." 2600 ::= { cCDMStoreEntry 5 } 2602 cCDMStoreControl OBJECT-TYPE 2603 SYNTAX INTEGER { readyForInstall(1), install(2), 2604 installAndDiscard(3) } 2605 MAX-ACCESS read-write 2606 STATUS current 2607 DESCRIPTION 2608 "A means to control what happens to the Crypto Device 2609 Material (CDM) stored in this table. 2610 (1) readyForInstall - The CDM is ready for installation. 2611 (2) install - The CDM will be installed in the appropriate 2612 table based on the cCDMStoreType. 2613 (3) installAndDiscard - The CDM will be installed in the 2614 appropriate table based on the cCDMStoreType and 2615 discarded from this table after the install operation is 2616 complete. 2618 Note, setting the cCDMStoreRowStatus object to 'destroy' 2619 will discard the CDM." 2620 ::= { cCDMStoreEntry 6 } 2622 cCDMStoreRowStatus OBJECT-TYPE 2623 SYNTAX RowStatus 2624 MAX-ACCESS read-write 2625 STATUS current 2626 DESCRIPTION 2627 "The status of this row by which existing entries may be 2628 deleted from this table. 2630 At a minimum, implementations must support active and 2631 destroy management functions. Support for notInService and 2632 notReady management functions is optional. Implementations 2633 must not support createAndWait and createAndGo management 2634 functions for this object." 2635 ::= { cCDMStoreEntry 7 } 2637 -- ***************************************************************** 2638 -- CC MIB cCertSubAltNameTable 2639 -- ***************************************************************** 2641 cCertSubAltNameTableCount OBJECT-TYPE 2642 SYNTAX Unsigned32 2643 MAX-ACCESS read-only 2644 STATUS current 2645 DESCRIPTION 2646 "The number of rows in the cCertSubAltNameTable." 2647 ::= { cCertSubAltNameInfo 1 } 2649 cCertSubAltNameTableLastChanged OBJECT-TYPE 2650 SYNTAX TimeStamp 2651 MAX-ACCESS read-only 2652 STATUS current 2653 DESCRIPTION 2654 "The last time any entry in the table was modified, created, 2655 or deleted by either SNMP, agent, or other management method 2656 (e.g. via an HMI). Managers can use this object to ensure 2657 that no changes to configuration of this table have happened 2658 since the last time it examined the table. A value of 0 2659 indicates that no entry has been changed since the agent 2660 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 2661 should be used to populate this column." 2662 ::= { cCertSubAltNameInfo 2 } 2664 cCertSubAltNameTable OBJECT-TYPE 2665 SYNTAX SEQUENCE OF CCertSubAltNameTableEntry 2666 MAX-ACCESS not-accessible 2667 STATUS current 2668 DESCRIPTION 2669 "The table containing a list of Subject Alternative Names 2670 associated with the certificate." 2671 ::= { cCertSubAltNameInfo 3 } 2673 cCertSubAltNameTableEntry OBJECT-TYPE 2674 SYNTAX CCertSubAltNameTableEntry 2675 MAX-ACCESS not-accessible 2676 STATUS current 2677 DESCRIPTION 2678 "A row containing information about a Subject Alternative 2679 Name and its type." 2680 INDEX { cCertSubAltNameList, cCertSubAltNameListIndex } 2681 ::= { cCertSubAltNameTable 1 } 2683 CCertSubAltNameTableEntry ::= SEQUENCE { 2684 cCertSubAltNameList SnmpAdminString, 2685 cCertSubAltNameListIndex Unsigned32, 2686 cCertSubAltNameType INTEGER, 2687 cCertSubAltNameValue1 OCTET STRING, 2688 cCertSubAltNameValue2 OCTET STRING, 2689 cCertSubAltNameRowStatus RowStatus 2690 } 2692 cCertSubAltNameList OBJECT-TYPE 2693 SYNTAX SnmpAdminString (SIZE(1..32)) 2694 MAX-ACCESS not-accessible 2695 STATUS current 2696 DESCRIPTION 2697 "The administrative name defining the set of Subject 2698 Alternative Names that are associated with the certificate. 2699 Multiple Subject Alternative Names may use the same 2700 administrative name, implying a group. It is the combination 2701 of cCertSubAltNameList and cCertSubAltNameListIndex that 2702 uniquely identifies each row or set of Subject Alternative 2703 Names." 2704 ::= { cCertSubAltNameTableEntry 1 } 2706 cCertSubAltNameListIndex OBJECT-TYPE 2707 SYNTAX Unsigned32 2708 MAX-ACCESS not-accessible 2709 STATUS current 2710 DESCRIPTION 2711 "A unique numeric index for rows, or sets of Subject 2712 Alternative Names, with the same cCertSubAltNameList value. 2713 This value, in combination with cCertSubAltNameList, 2714 uniquely identifies each row, or set of Subject Alternative 2715 Names." 2716 ::= { cCertSubAltNameTableEntry 2 } 2718 cCertSubAltNameType OBJECT-TYPE 2719 SYNTAX INTEGER { otherName(0), rfc822Name(1), dNSName(2), 2720 x400Address(3), directoryName(4), 2721 ediPartyName(5), 2722 uniformResourceIdentifier(6), ipAddress(7), 2723 registeredID(8) } 2724 MAX-ACCESS read-only 2725 STATUS current 2726 DESCRIPTION 2727 "The type of the Subject Alternative Name as defined in RFC 2728 5280, Section 4.2.1.6. Specifically, the value of this 2729 object determines the format of cCertSubAltNameValue1 and 2730 cCertSubAltNameValue2." 2731 ::= { cCertSubAltNameTableEntry 3 } 2733 cCertSubAltNameValue1 OBJECT-TYPE 2734 SYNTAX OCTET STRING 2735 MAX-ACCESS read-only 2736 STATUS current 2737 DESCRIPTION 2738 "The main value of the Subject Alternative Name. The format 2739 of the value must match its Type as defined in RFC 5280, 2740 Section 4.2.1.6. 2742 This column is the main value and is used for all 2743 cCertSubAltNameType types. For otherName(0), this column 2745 provides the value of the 'value' field. For 2746 ediPartyName(5), this column provides the value of the 2747 'partyName'. For all other types, this column provides the 2748 value as defined in RFC 5280, Section 4.2.1.6." 2749 ::= { cCertSubAltNameTableEntry 4 } 2751 cCertSubAltNameValue2 OBJECT-TYPE 2752 SYNTAX OCTET STRING 2753 MAX-ACCESS read-only 2754 STATUS current 2755 DESCRIPTION 2756 "This column is a supplement to the main value 2757 cCertSubAltNameValue1 and may only be used when the 2758 cCertSubAltNameType is either otherName(0) or 2759 ediPartyName(5). For otherName(0), this column provides the 2760 value of the 'type-id' as defined in RFC 5280, Section 2761 4.2.1.6. For ediPartyName(5), this column provides the value 2762 of the 'nameAssigner' as defined in RFC 5280, Section 2763 4.2.1.6. 2765 For all other values of cCertSubAltNameType or when the 2766 'nameAssigner' is not used for ediPartyName(5), this column 2767 will not exist. 2769 Note: Support for multiple otherName(0) or ediPartyName(5) 2770 alternate names is provided by allowing multiple rows of the 2771 same cCertSubAltNameType and cCertSubAltNameList but with a 2772 unique cCertSubAltNameListIndex." 2773 ::= { cCertSubAltNameTableEntry 5 } 2775 cCertSubAltNameRowStatus OBJECT-TYPE 2776 SYNTAX RowStatus 2777 MAX-ACCESS read-create 2778 STATUS current 2779 DESCRIPTION 2780 "The status of this row by which existing entries may be 2781 deleted from this table. 2783 At a minimum, implementations must support active and 2784 destroy management functions. Support for notInService and 2785 notReady management functions is optional. Implementations 2786 must not support createAndWait and createAndGo management 2787 functions for this object." 2789 ::= { cCertSubAltNameTableEntry 6 } 2791 -- ***************************************************************** 2792 -- CC MIB cCertPathCtrlsTable 2793 -- ***************************************************************** 2795 cCertPathCtrlsTableCount OBJECT-TYPE 2796 SYNTAX Unsigned32 2797 MAX-ACCESS read-only 2798 STATUS current 2799 DESCRIPTION 2800 "The number of rows in the cCertPathCtrlsTable." 2801 ::= { cCertPathCtrlsInfo 1 } 2803 cCertPathCtrlsTableLastChanged OBJECT-TYPE 2804 SYNTAX TimeStamp 2805 MAX-ACCESS read-only 2806 STATUS current 2807 DESCRIPTION 2808 "The last time any entry in the table was modified, created, 2809 or deleted by either SNMP, agent, or other management method 2810 (e.g. via an HMI). Managers can use this object to ensure 2811 that no changes to configuration of this table have happened 2812 since the last time it examined the table. A value of 0 2813 indicates that no entry has been changed since the agent 2814 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 2815 should be used to populate this column." 2816 ::= { cCertPathCtrlsInfo 2 } 2818 cCertPathCtrlsTable OBJECT-TYPE 2819 SYNTAX SEQUENCE OF CCertPathCtrlsEntry 2820 MAX-ACCESS not-accessible 2821 STATUS current 2822 DESCRIPTION 2823 "The table containing the controls and constraints applied 2824 to a certificate in order to process certificate trust paths." 2825 ::= { cCertPathCtrlsInfo 3 } 2827 cCertPathCtrlsEntry OBJECT-TYPE 2828 SYNTAX CCertPathCtrlsEntry 2829 MAX-ACCESS not-accessible 2830 STATUS current 2831 DESCRIPTION 2832 "A row containing information about certificate path 2833 controls and constraints." 2834 INDEX { cCertPathCtrlsKeyFingerprint } 2835 ::= { cCertPathCtrlsTable 1 } 2837 CCertPathCtrlsEntry ::= SEQUENCE { 2838 cCertPathCtrlsKeyFingerprint SnmpTLSFingerprint, 2839 cCertPathCtrlsCertificate RowPointer, 2840 cCertPathCtrlsCertPolicies OCTET STRING, 2841 cCertPathCtrlsPolicyMappings OCTET STRING, 2842 cCertPathCtrlsPolicyFlags BITS, 2843 cCertPathCtrlsNamesPermitted OCTET STRING, 2844 cCertPathCtrlsNamesExcluded OCTET STRING, 2845 cCertPathCtrlsMaxPathLength Unsigned32 2846 } 2848 cCertPathCtrlsKeyFingerprint OBJECT-TYPE 2849 SYNTAX SnmpTLSFingerprint 2850 MAX-ACCESS not-accessible 2851 STATUS current 2852 DESCRIPTION 2853 "Identifies a trust anchor in the cTrustAnchorTable or a 2854 certificate in the cAsymKeyTable. This column is the 2855 primary index to the cCertPathCtrlsTable." 2856 ::= {cCertPathCtrlsEntry 1} 2858 cCertPathCtrlsCertificate OBJECT-TYPE 2859 SYNTAX RowPointer 2860 MAX-ACCESS read-only 2861 STATUS current 2862 DESCRIPTION 2863 "Optional reference to an X.509 certificate defined in the 2864 cAsymKeyTable to assist with certification path development 2865 and validation." 2866 ::= { cCertPathCtrlsEntry 2 } 2868 cCertPathCtrlsCertPolicies OBJECT-TYPE 2869 SYNTAX OCTET STRING 2870 MAX-ACCESS read-only 2871 STATUS current 2872 DESCRIPTION 2873 "Indicates a grouping of one or more policies for this 2874 certificate. The value of this column corresponds to the 2875 cCertPolicyInformation column in the cCertPolicyTable. 2877 When this object does not apply for the key material, this 2878 column will not exist." 2879 ::= { cCertPathCtrlsEntry 3 } 2881 cCertPathCtrlsPolicyMappings OBJECT-TYPE 2882 SYNTAX OCTET STRING 2883 MAX-ACCESS read-only 2884 STATUS current 2885 DESCRIPTION 2886 "For a Certificate Authority (CA) certificate, this 2887 indicates a grouping of policy mappings between a 2888 certificate issuer CA domain policy and a domain policy of 2889 the subject certificate CA. The value of this column 2890 corresponds to the cPolicyMappingGroup column of the 2891 cPolicyMappingTable. 2893 For non-X.509 based key material, or when this object does 2894 not apply for the key material, this column will not exist." 2895 ::= { cCertPathCtrlsEntry 4 } 2897 cCertPathCtrlsPolicyFlags OBJECT-TYPE 2898 SYNTAX BITS { inhibitPolicyMapping(0), 2899 requireExplicitPolicy(1), 2900 inhibitAnyPolicy(2) } 2901 MAX-ACCESS read-only 2902 STATUS current 2903 DESCRIPTION 2904 "Optional certificate path policy flags consisting of the 2905 following: inhibitPolicyMapping, requireExplicitPolicy, and 2906 inhibitAnyPolicy. 2908 inhibitPolicyMapping: Indicates if policy mapping is allowed 2909 in the certification path. 2911 requireExplicitPolicy: Indicates if the certification path 2912 must be valid for at least one of the certificate policies 2913 in cCertPathCtrlsCertPolicies. 2915 inhibitAnyPolicy: Indicates whether the special anyPolicy 2916 policy identifier is considered an explicit match for other 2917 certificate policies. 2919 Bit value translation: 2920 1000 = inhibitPolicyMapping 2921 0100 = requireExplicitPolicy 2922 0010 = inhibitAnyPolicy" 2923 ::= { cCertPathCtrlsEntry 5 } 2925 cCertPathCtrlsNamesPermitted OBJECT-TYPE 2926 SYNTAX OCTET STRING 2927 MAX-ACCESS read-only 2928 STATUS current 2929 DESCRIPTION 2930 "Indicates a subtree of names that are permitted for 2931 certificate path validation. The value of this column 2932 corresponds to the cNameConstraintGenSubtree column in the 2933 cNameConstraintTable. 2935 When this object does not apply for the key material, this 2936 column will not exist." 2937 ::= { cCertPathCtrlsEntry 6 } 2939 cCertPathCtrlsNamesExcluded OBJECT-TYPE 2940 SYNTAX OCTET STRING 2941 MAX-ACCESS read-only 2942 STATUS current 2943 DESCRIPTION 2944 "Indicates a subtree of names that are excluded from 2945 certificate path validation, regardless of information 2946 appearing in the cCertPathCtrlsNamesPermitted subtree. The 2947 value of this column corresponds to the 2948 cNameConstraintGenSubtree column in the 2949 cNameConstraintTable. 2951 When this object does not apply for the key material, this 2952 column will not exist." 2953 ::= { cCertPathCtrlsEntry 7 } 2955 cCertPathCtrlsMaxPathLength OBJECT-TYPE 2956 SYNTAX Unsigned32 2957 MAX-ACCESS read-only 2958 STATUS current 2959 DESCRIPTION 2960 "Optional indication of the maximum number of 2961 non-self-issued intermediate certificates that may follow 2962 this certificate in a valid certification path." 2963 ::= { cCertPathCtrlsEntry 8 } 2965 -- ***************************************************************** 2966 -- CC MIB cCertPolicyTable 2967 -- ***************************************************************** 2969 cCertPolicyTableCount OBJECT-TYPE 2970 SYNTAX Unsigned32 2971 MAX-ACCESS read-only 2972 STATUS current 2973 DESCRIPTION 2974 "The number of rows in the cCertPolicyTable." 2975 ::= { cCertPolicyInfo 1 } 2977 cCertPolicyTableLastChanged OBJECT-TYPE 2978 SYNTAX TimeStamp 2979 MAX-ACCESS read-only 2980 STATUS current 2981 DESCRIPTION 2982 "The last time any entry in the table was modified, created, 2983 or deleted by either SNMP, agent, or other management method 2984 (e.g. via an HMI). Managers can use this object to ensure 2985 that no changes to configuration of this table have happened 2986 since the last time it examined the table. A value of 0 2987 indicates that no entry has been changed since the agent 2988 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 2989 should be used to populate this column." 2990 ::= { cCertPolicyInfo 2 } 2992 cCertPolicyTable OBJECT-TYPE 2993 SYNTAX SEQUENCE OF CCertPolicyEntry 2994 MAX-ACCESS not-accessible 2995 STATUS current 2996 DESCRIPTION 2997 "The table containing certificate policy information to be 2998 provided as input to the certificate path validation 2999 algorithm. For an end entity certificate, this information 3000 indicates under which policy this certificate has been 3001 issued and the purposes for which the certificate may be 3002 used. For a Certificate Authority (CA) certificate, this 3003 information limits the set of policies for certification 3004 paths that include this certificate." 3005 ::= { cCertPolicyInfo 3 } 3007 cCertPolicyEntry OBJECT-TYPE 3008 SYNTAX CCertPolicyEntry 3009 MAX-ACCESS not-accessible 3010 STATUS current 3011 DESCRIPTION 3012 "A row containing information about a certificate policy." 3013 INDEX { cCertPolicyInformation, cCertPolicyInformationIndex } 3014 ::= { cCertPolicyTable 1 } 3016 CCertPolicyEntry ::= SEQUENCE { 3017 cCertPolicyInformation OCTET STRING, 3018 cCertPolicyInformationIndex Unsigned32, 3019 cCertPolicyIdentifier OBJECT IDENTIFIER, 3020 cCertPolicyQualifierID INTEGER, 3021 cCertPolicyQualifier OCTET STRING 3022 } 3024 cCertPolicyInformation OBJECT-TYPE 3025 SYNTAX OCTET STRING (SIZE(1..255)) 3026 MAX-ACCESS not-accessible 3027 STATUS current 3028 DESCRIPTION 3029 "Identifies a grouping of policies that are applicable to a 3030 certificate. When used in conjunction with 3031 cCertPolicyInformationIndex, a unique policy and qualifier 3032 set is defined." 3033 ::= { cCertPolicyEntry 1 } 3035 cCertPolicyInformationIndex OBJECT-TYPE 3036 SYNTAX Unsigned32 3037 MAX-ACCESS not-accessible 3038 STATUS current 3039 DESCRIPTION 3040 "A numerical index that is unique for a specific 3041 cCertPolicyInformation value. This index allows multiple 3042 qualifiers to be defined for a particular policy. When used 3043 in conjunction with cCertPolicyInformation, a unique policy 3044 and qualifier set is defined." 3045 ::= { cCertPolicyEntry 2 } 3047 cCertPolicyIdentifier OBJECT-TYPE 3048 SYNTAX OBJECT IDENTIFIER 3049 MAX-ACCESS read-only 3050 STATUS current 3051 DESCRIPTION 3052 "For end entity certificates, this is an identifier for the 3053 policy under which the certificate has been issued. For 3054 Certificate Authority (CA) certificates, this is an 3055 identifier for a certification path policy that includes 3056 this certificate." 3057 ::= { cCertPolicyEntry 3 } 3059 cCertPolicyQualifierID OBJECT-TYPE 3060 SYNTAX INTEGER { cpsPointer(0), userNotice(1) } 3061 MAX-ACCESS read-only 3062 STATUS current 3063 DESCRIPTION 3064 "Indicates the type of qualifier per RFC 5280, 3065 Section 4.2.1.4." 3066 ::= { cCertPolicyEntry 4 } 3068 cCertPolicyQualifier OBJECT-TYPE 3069 SYNTAX OCTET STRING 3070 MAX-ACCESS read-only 3071 STATUS current 3072 DESCRIPTION 3073 "Qualifier information with type based on 3074 cCertPolicyQualifierID." 3075 ::= { cCertPolicyEntry 5 } 3077 -- ********************************************************************* 3078 -- CC MIB cPolicyMappingTable 3079 -- ********************************************************************* 3081 cPolicyMappingTableCount OBJECT-TYPE 3082 SYNTAX Unsigned32 3083 MAX-ACCESS read-only 3084 STATUS current 3085 DESCRIPTION 3086 "The number of rows in the cPolicyMappingTable." 3087 ::= { cPolicyMappingInfo 1 } 3089 cPolicyMappingTableLastChanged OBJECT-TYPE 3090 SYNTAX TimeStamp 3091 MAX-ACCESS read-only 3092 STATUS current 3093 DESCRIPTION 3094 "The last time any entry in the table was modified, created, 3095 or deleted by either SNMP, agent, or other management method 3097 (e.g. via an HMI). Managers can use this object to ensure 3098 that no changes to configuration of this table have happened 3099 since the last time it examined the table. A value of 0 3100 indicates that no entry has been changed since the agent 3101 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 3102 should be used to populate this column." 3103 ::= { cPolicyMappingInfo 2 } 3105 cPolicyMappingTable OBJECT-TYPE 3106 SYNTAX SEQUENCE OF CPolicyMappingEntry 3107 MAX-ACCESS not-accessible 3108 STATUS current 3109 DESCRIPTION 3110 "The table listing mappings between policies that a 3111 certificate issuing Certificate Authority (CA) considers as 3112 equivalent or comparable to the domain policies of the 3113 subject certificate CA." 3114 ::= { cPolicyMappingInfo 3 } 3116 cPolicyMappingEntry OBJECT-TYPE 3117 SYNTAX CPolicyMappingEntry 3118 MAX-ACCESS not-accessible 3119 STATUS current 3120 DESCRIPTION 3121 "A row containing a mapping between the domain policy of an 3122 issuing Certificate Authority (CA) and an equivalent domain 3123 policy of the subject certificate's CA." 3124 INDEX { cPolicyMappingGroup, cPolicyMappingIndex } 3125 ::= { cPolicyMappingTable 1 } 3127 CPolicyMappingEntry ::= SEQUENCE { 3128 cPolicyMappingGroup OCTET STRING, 3129 cPolicyMappingIndex Unsigned32, 3130 cPolicyMappingSubjectPolicy OBJECT IDENTIFIER, 3131 cPolicyMappingIssuerPolicy OBJECT IDENTIFIER 3132 } 3134 cPolicyMappingGroup OBJECT-TYPE 3135 SYNTAX OCTET STRING (SIZE(1..255)) 3136 MAX-ACCESS not-accessible 3137 STATUS current 3138 DESCRIPTION 3139 "Identifies a grouping of policy mappings that are 3140 applicable to a certificate. When used in conjunction with 3141 cPolicyMappingIndex, a unique policy mapping is defined." 3142 ::= { cPolicyMappingEntry 1 } 3144 cPolicyMappingIndex OBJECT-TYPE 3145 SYNTAX Unsigned32 3146 MAX-ACCESS not-accessible 3147 STATUS current 3148 DESCRIPTION 3149 "A numerical index that is unique for a specific 3150 cPolicyMappingGroup value. When used in conjunction with 3151 cPolicyMappingGroup, a unique policy mapping is defined." 3152 ::= { cPolicyMappingEntry 2 } 3154 cPolicyMappingSubjectPolicy OBJECT-TYPE 3155 SYNTAX OBJECT IDENTIFIER 3156 MAX-ACCESS read-only 3157 STATUS current 3158 DESCRIPTION 3159 "Indicates the subject Certificate Authority's domain 3160 policy." 3161 ::= { cPolicyMappingEntry 3 } 3163 cPolicyMappingIssuerPolicy OBJECT-TYPE 3164 SYNTAX OBJECT IDENTIFIER 3165 MAX-ACCESS read-only 3166 STATUS current 3167 DESCRIPTION 3168 "Indicates the issuer domain policy that the issuer 3169 Certificate Authority (CA) considers equivalent to the 3170 subject CA domain policy." 3171 ::= { cPolicyMappingEntry 4 } 3173 -- ********************************************************************* 3174 -- CC MIB cNameConstraintTable 3175 -- ********************************************************************* 3177 cNameConstraintTableCount OBJECT-TYPE 3178 SYNTAX Unsigned32 3179 MAX-ACCESS read-only 3180 STATUS current 3181 DESCRIPTION 3182 "The number of rows in the cNameConstraintTable." 3183 ::= { cNameConstraintInfo 1 } 3185 cNameConstraintTableLastChanged OBJECT-TYPE 3186 SYNTAX TimeStamp 3187 MAX-ACCESS read-only 3188 STATUS current 3189 DESCRIPTION 3190 "The last time any entry in the table was modified, created, 3191 or deleted by either SNMP, agent, or other management method 3192 (e.g. via an HMI). Managers can use this object to ensure 3193 that no changes to configuration of this table have happened 3194 since the last time it examined the table. A value of 0 3195 indicates that no entry has been changed since the agent 3196 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 3197 should be used to populate this column." 3198 ::= { cNameConstraintInfo 2 } 3200 cNameConstraintTable OBJECT-TYPE 3201 SYNTAX SEQUENCE OF CNameConstraintEntry 3202 MAX-ACCESS not-accessible 3203 STATUS current 3204 DESCRIPTION 3205 "The table listing designated name spaces within which 3206 subject names in subsequent certificates in a certification 3207 path can be stored." 3208 ::= { cNameConstraintInfo 3 } 3210 cNameConstraintEntry OBJECT-TYPE 3211 SYNTAX CNameConstraintEntry 3212 MAX-ACCESS not-accessible 3213 STATUS current 3214 DESCRIPTION 3215 "A row designating an entity's distinguished name to a name 3216 space." 3217 INDEX { cNameConstraintGenSubtree, cNameConstraintSubtreeIndex } 3218 ::= { cNameConstraintTable 1 } 3220 CNameConstraintEntry ::= SEQUENCE { 3221 cNameConstraintGenSubtree OCTET STRING, 3222 cNameConstraintSubtreeIndex Unsigned32, 3223 cNameConstraintBaseName SnmpAdminString 3224 } 3226 cNameConstraintGenSubtree OBJECT-TYPE 3227 SYNTAX OCTET STRING (SIZE(1..255)) 3228 MAX-ACCESS not-accessible 3229 STATUS current 3230 DESCRIPTION 3231 "Identifies a permitted or excluded name constraint subtree. 3232 When used with cNameConstraintSubtreeIndex, a unique subject 3233 name constraint entry is defined." 3234 ::= { cNameConstraintEntry 1 } 3236 cNameConstraintSubtreeIndex OBJECT-TYPE 3237 SYNTAX Unsigned32 3238 MAX-ACCESS not-accessible 3239 STATUS current 3240 DESCRIPTION 3241 "A numerical index used to specify a name constraint within 3242 a permitted or excluded name constraint subtree. When used 3243 with a specific value of cNameConstraintGenSubtree, a unique 3244 subject name constraint entry is defined." 3245 ::= { cNameConstraintEntry 2 } 3247 cNameConstraintBaseName OBJECT-TYPE 3248 SYNTAX SnmpAdminString 3249 MAX-ACCESS read-only 3250 STATUS current 3251 DESCRIPTION 3252 "The distinguished name of the subject that is permitted or 3253 excluded." 3254 ::= { cNameConstraintEntry 3 } 3256 -- ***************************************************************** 3257 -- Module Conformance Information 3258 -- ***************************************************************** 3260 cKeyManagementCompliances OBJECT IDENTIFIER 3261 ::= { cKeyManagementConformance 1} 3262 cKeyManagementGroups OBJECT IDENTIFIER 3263 ::= { cKeyManagementConformance 2} 3265 cKeyManSymKeyCompliance MODULE-COMPLIANCE 3266 STATUS current 3267 DESCRIPTION 3268 "Compliance levels for symmetric key information." 3270 MODULE 3271 MANDATORY-GROUPS { cKeyManSymKeyGroup } 3273 GROUP cKeyManSymKeyNotifyScalars 3274 DESCRIPTION 3275 "This symmetric key notification scalar group is optional 3276 for implementation." 3278 GROUP cKeyManSymKeyNotifyGroup 3279 DESCRIPTION 3280 "This notification group is optional for implementation." 3281 ::= { cKeyManagementCompliances 1 } 3283 cKeyManAsymKeyCompliance MODULE-COMPLIANCE 3284 STATUS current 3285 DESCRIPTION 3286 "Compliance levels for asymmetric key information." 3287 MODULE 3288 MANDATORY-GROUPS { cKeyManAsymKeyGroup } 3290 GROUP cKeyManCertSubAltNameGroup 3291 DESCRIPTION 3292 "Certificate Subject Alternative Name group is optional for 3293 implementation." 3295 GROUP cKeyManCertPathCtrlsGroup 3296 DESCRIPTION 3297 "Certificate Path Controls group is optional for 3298 implementation." 3300 GROUP cKeyManCertPolicyGroup 3301 DESCRIPTION 3302 "Certificate Policy group is optional for implementation." 3304 GROUP cKeyManPolicyMappingGroup 3305 DESCRIPTION 3306 "Policy Mapping group is optional for implementation." 3308 GROUP cKeyManNameConstraintGroup 3309 DESCRIPTION 3310 "Name Constraint group is optional for implementation." 3312 GROUP cKeyManTrustAnchorGroup 3313 DESCRIPTION 3314 "Trust Anchor group is optional for implementation." 3316 GROUP cKeyManAsymKeyNotifyScalars 3317 DESCRIPTION 3318 "This asymmetric key notification scalar group is optional 3319 for implementation." 3321 GROUP cKeyManAsymKeyNotifyGroup 3322 DESCRIPTION 3323 "This notification group is optional for implementation." 3325 GROUP cKeyManTrustAnchorNotifyGroup 3326 DESCRIPTION 3327 "This notification group is optional for implementation." 3329 OBJECT cCertPathCtrlsCertificate 3330 MIN-ACCESS not-accessible 3331 DESCRIPTION 3332 "Implementation of this object is optional." 3334 OBJECT cCertPathCtrlsPolicyFlags 3335 MIN-ACCESS not-accessible 3336 DESCRIPTION 3337 "Implementation of this object is optional." 3339 OBJECT cCertPathCtrlsMaxPathLength 3340 MIN-ACCESS not-accessible 3341 DESCRIPTION 3342 "Implementation of this object is optional." 3343 ::= { cKeyManagementCompliances 2 } 3345 cKeyManTrustAnchorCompliance MODULE-COMPLIANCE 3346 STATUS current 3347 DESCRIPTION 3348 "Compliance levels for trust anchor information." 3349 MODULE 3350 MANDATORY-GROUPS { cKeyManTrustAnchorGroup } 3352 GROUP cKeyManCertPathCtrlsGroup 3353 DESCRIPTION 3354 "Certificate Path Controls group is optional for 3355 implementation." 3357 GROUP cKeyManCertPolicyGroup 3358 DESCRIPTION 3359 "Certificate Policy group is optional for implementation." 3361 GROUP cKeyManPolicyMappingGroup 3362 DESCRIPTION 3363 "Policy Mapping group is optional for implementation." 3365 GROUP cKeyManNameConstraintGroup 3366 DESCRIPTION 3367 "Name Constraint group is optional for implementation." 3369 GROUP cKeyManTrustAnchorNotifyGroup 3370 DESCRIPTION 3371 "This notification group is optional for implementation." 3373 OBJECT cCertPathCtrlsCertificate 3374 MIN-ACCESS not-accessible 3375 DESCRIPTION 3376 "Implementation of this object is optional." 3378 OBJECT cCertPathCtrlsPolicyFlags 3379 MIN-ACCESS not-accessible 3380 DESCRIPTION 3381 "Implementation of this object is optional." 3383 OBJECT cCertPathCtrlsMaxPathLength 3384 MIN-ACCESS not-accessible 3385 DESCRIPTION 3386 "Implementation of this object is optional." 3387 ::= { cKeyManagementCompliances 3 } 3389 cKeyManCKLCompliance MODULE-COMPLIANCE 3390 STATUS current 3391 DESCRIPTION 3392 "Compliance levels for CKL information." 3393 MODULE 3394 MANDATORY-GROUPS { cKeyManCKLGroup } 3396 GROUP cKeyManCKLNotifyGroup 3397 DESCRIPTION 3398 "This notification group is optional for implementation." 3399 ::= { cKeyManagementCompliances 4 } 3401 cKeyManCDMStoreCompliance MODULE-COMPLIANCE 3402 STATUS current 3403 DESCRIPTION 3404 "Compliance levels for CDM Store information." 3405 MODULE 3406 MANDATORY-GROUPS { cKeyManCDMStoreGroup } 3408 GROUP cKeyManCDMStoreNotifyGroup 3409 DESCRIPTION 3410 "This notification group is optional for implementation." 3411 ::= { cKeyManagementCompliances 5 } 3413 cKeyManSymKeyGroup OBJECT-GROUP 3414 OBJECTS { 3415 cZeroizeAllKeys, 3416 cZeroizeSymmetricKeyTable, 3417 cSymmetricKeyTableCount, 3418 cSymmetricKeyTableLastChanged, 3419 cSymKeyUsage, 3420 cSymKeyID, 3421 cSymKeyIssuer, 3422 cSymKeyEffectiveDate, 3423 cSymKeyExpirationDate, 3424 cSymKeyExpiryWarning, 3425 cSymKeyNumberOfTransactions, 3426 cSymKeyFriendlyName, 3427 cSymKeyClassification, 3428 cSymKeySource, 3429 cSymKeyRowStatus 3430 } 3431 STATUS current 3432 DESCRIPTION 3433 "This group is composed of objects related to symmetric key 3434 information." 3435 ::= { cKeyManagementGroups 1 } 3437 cKeyManAsymKeyGroup OBJECT-GROUP 3438 OBJECTS { 3439 cZeroizeAllKeys, 3440 cZeroizeAsymKeyTable, 3441 cAsymKeyTableCount, 3442 cAsymKeyTableLastChanged, 3443 cAsymKeyFingerprint, 3444 cAsymKeyFriendlyName, 3445 cAsymKeySerialNumber, 3446 cAsymKeyIssuer, 3447 cAsymKeySignatureAlgorithm, 3448 cAsymKeyPublicKeyAlgorithm, 3449 cAsymKeyEffectiveDate, 3450 cAsymKeyExpirationDate, 3451 cAsymKeyExpiryWarning, 3452 cAsymKeySubject, 3453 cAsymKeySubjectType, 3454 cAsymKeyUsage, 3455 cAsymKeyClassification, 3456 cAsymKeySource, 3457 cAsymKeyRowStatus, 3458 cAsymKeyVersion, 3459 cAsymKeyRekey, 3460 cAsymKeyType 3461 } 3463 STATUS current 3464 DESCRIPTION 3465 "This group is composed of objects related to asymmetric key 3466 information." 3467 ::= { cKeyManagementGroups 2 } 3469 cKeyManCertSubAltNameGroup OBJECT-GROUP 3470 OBJECTS { 3471 cAsymKeySubjectAltName, 3472 cCertSubAltNameTableCount, 3473 cCertSubAltNameTableLastChanged, 3474 cCertSubAltNameType, 3475 cCertSubAltNameValue1, 3476 cCertSubAltNameValue2, 3477 cCertSubAltNameRowStatus 3478 } 3479 STATUS current 3480 DESCRIPTION 3481 "This group is composed of objects related to certificate 3482 subject alternative name information." 3483 ::= { cKeyManagementGroups 3 } 3485 cKeyManCertPathCtrlsGroup OBJECT-GROUP 3486 OBJECTS { 3487 cCertPathCtrlsTableCount, 3488 cCertPathCtrlsTableLastChanged, 3489 cCertPathCtrlsCertificate, 3490 cCertPathCtrlsPolicyFlags, 3491 cCertPathCtrlsMaxPathLength 3492 } 3493 STATUS current 3494 DESCRIPTION 3495 "This group is composed of objects related to certificate 3496 path controls information." 3497 ::= { cKeyManagementGroups 4 } 3499 cKeyManCertPolicyGroup OBJECT-GROUP 3500 OBJECTS { 3501 cCertPathCtrlsCertPolicies, 3502 cCertPolicyTableCount, 3503 cCertPolicyTableLastChanged, 3504 cCertPolicyIdentifier, 3505 cCertPolicyQualifierID, 3506 cCertPolicyQualifier 3507 } 3508 STATUS current 3509 DESCRIPTION 3510 "This group is composed of objects related to certificate 3511 policy information." 3512 ::= { cKeyManagementGroups 5 } 3514 cKeyManPolicyMappingGroup OBJECT-GROUP 3515 OBJECTS { 3516 cCertPathCtrlsPolicyMappings, 3517 cPolicyMappingTableCount, 3518 cPolicyMappingTableLastChanged, 3519 cPolicyMappingSubjectPolicy, 3520 cPolicyMappingIssuerPolicy 3521 } 3522 STATUS current 3523 DESCRIPTION 3524 "This group is composed of objects related to policy mapping 3525 information." 3526 ::= { cKeyManagementGroups 6 } 3528 cKeyManNameConstraintGroup OBJECT-GROUP 3529 OBJECTS { 3530 cCertPathCtrlsNamesPermitted, 3531 cCertPathCtrlsNamesExcluded, 3532 cNameConstraintTableCount, 3533 cNameConstraintTableLastChanged, 3534 cNameConstraintBaseName 3535 } 3536 STATUS current 3537 DESCRIPTION 3538 "This group is composed of objects related to name 3539 constraint information." 3540 ::= { cKeyManagementGroups 7 } 3542 cKeyManTrustAnchorGroup OBJECT-GROUP 3543 OBJECTS { 3544 cZeroizeAllKeys, 3545 cZeroizeTrustAnchorTable, 3546 cTrustAnchorTableCount, 3547 cTrustAnchorTableLastChanged, 3548 cTrustAnchorFingerprint, 3549 cTrustAnchorFormatType, 3550 cTrustAnchorName, 3551 cTrustAnchorUsageType, 3552 cTrustAnchorKeyIdentifier, 3553 cTrustAnchorPublicKeyAlgorithm, 3554 cTrustAnchorContingencyAvail, 3555 cTrustAnchorRowStatus 3556 } 3557 STATUS current 3558 DESCRIPTION 3559 "This group is composed of objects related to trust anchor 3560 information." 3561 ::= { cKeyManagementGroups 8 } 3563 cKeyManCKLGroup OBJECT-GROUP 3564 OBJECTS { 3565 cCKLTableCount, 3566 cCKLLastChanged, 3567 cCKLIndex, 3568 cCKLIssuer, 3569 cCKLSerialNumber, 3570 cCKLIssueDate, 3571 cCKLNextUpdate, 3572 cCKLRowStatus, 3573 cCKLVersion, 3574 cCKLLastUpdate 3575 } 3576 STATUS current 3577 DESCRIPTION 3578 "This group is composed of objects related to compromised 3579 key list information." 3580 ::= { cKeyManagementGroups 9 } 3582 cKeyManCDMStoreGroup OBJECT-GROUP 3583 OBJECTS { 3584 cZeroizeAllKeys, 3585 cZeroizeCDMStoreTable, 3586 cCDMStoreTableCount, 3587 cCDMStoreTableLastChanged, 3588 cCDMStoreIndex, 3589 cCDMStoreType, 3590 cCDMStoreSource, 3591 cCDMStoreID, 3592 cCDMStoreFriendlyName, 3593 cCDMStoreControl, 3594 cCDMStoreRowStatus 3595 } 3596 STATUS current 3597 DESCRIPTION 3598 "This group is composed of objects related to Crypto 3599 Device Material store information." 3600 ::= { cKeyManagementGroups 10 } 3602 cKeyManSymKeyNotifyScalars OBJECT-GROUP 3603 OBJECTS { 3604 cKeyMaterialTableOID, 3605 cKeyMaterialFingerprint, 3606 cSymKeyGlobalExpiryWarning 3608 } 3609 STATUS current 3610 DESCRIPTION 3611 "This group is composed of objects related to symmetric key 3612 notifications." 3613 ::= { cKeyManagementGroups 11 } 3615 cKeyManAsymKeyNotifyScalars OBJECT-GROUP 3616 OBJECTS { 3617 cKeyMaterialTableOID, 3618 cKeyMaterialFingerprint, 3619 cAsymKeyGlobalExpiryWarning 3620 } 3621 STATUS current 3622 DESCRIPTION 3623 "This group is composed of objects related to asymmetric key 3624 notifications." 3625 ::= { cKeyManagementGroups 12 } 3627 cKeyManSymKeyNotifyGroup NOTIFICATION-GROUP 3628 NOTIFICATIONS { 3629 cKeyMaterialLoadSuccess, 3630 cKeyMaterialLoadFail, 3631 cKeyMaterialExpiring, 3632 cKeyMaterialExpired, 3633 cKeyMaterialExpirationChanged, 3634 cKeyMaterialZeroized 3635 } 3636 STATUS current 3637 DESCRIPTION 3638 "This group is composed of notifications related to 3639 symmetric key information." 3640 ::= { cKeyManagementGroups 13 } 3642 cKeyManAsymKeyNotifyGroup NOTIFICATION-GROUP 3643 NOTIFICATIONS { 3644 cKeyMaterialLoadSuccess, 3645 cKeyMaterialLoadFail, 3646 cKeyMaterialExpiring, 3647 cKeyMaterialExpired, 3648 cKeyMaterialExpirationChanged, 3649 cKeyMaterialZeroized 3650 } 3651 STATUS current 3652 DESCRIPTION 3653 "This group is composed of notifications related to 3654 asymmetric key information." 3655 ::= { cKeyManagementGroups 14 } 3657 cKeyManTrustAnchorNotifyGroup NOTIFICATION-GROUP 3658 NOTIFICATIONS { 3659 cTrustAnchorAdded, 3660 cTrustAnchorUpdated, 3661 cTrustAnchorRemoved 3662 } 3663 STATUS current 3664 DESCRIPTION 3665 "This group is composed of notifications related to trust 3666 anchor information." 3667 ::= { cKeyManagementGroups 15 } 3669 cKeyManCKLNotifyGroup NOTIFICATION-GROUP 3670 NOTIFICATIONS { 3671 cCKLLoadSuccess, 3672 cCKLLoadFail 3673 } 3674 STATUS current 3675 DESCRIPTION 3676 "This group is composed of notifications related to 3677 compromised key list information." 3678 ::= { cKeyManagementGroups 16 } 3680 cKeyManCDMStoreNotifyGroup NOTIFICATION-GROUP 3681 NOTIFICATIONS { 3682 cCDMAdded, 3683 cCDMDeleted 3684 } 3685 STATUS current 3686 DESCRIPTION 3687 "This group is composed of notifications related to Crypto 3688 Device Material store information." 3689 ::= { cKeyManagementGroups 17 } 3691 END 3693 5.6. Key Transfer Pull 3695 This MIB module makes reference to the following documents: 3696 [RFC2571], [RFC2578], [RFC2579], and [RFC2580]. 3698 CC-KEY-TRANSFER-PULL-MIB DEFINITIONS ::= BEGIN 3700 IMPORTS 3701 ccKeyTransferPull 3702 FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} 3703 MODULE-COMPLIANCE, OBJECT-GROUP, 3704 NOTIFICATION-GROUP 3705 FROM SNMPv2-CONF -- FROM RFC 2580 3706 OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, 3707 MODULE-IDENTITY 3708 FROM SNMPv2-SMI -- FROM RFC 2578 3709 SnmpAdminString 3710 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571 3711 <<<<<<< HEAD 3712 RowStatus, TimeStamp 3713 ======= 3714 RowPointer, RowStatus, DateAndTime, 3715 TimeStamp 3716 >>>>>>> master 3717 FROM SNMPv2-TC; -- FROM RFC 2579 3719 ccKeyTransferPullMIB MODULE-IDENTITY 3720 LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 3721 ORGANIZATION "IETF" 3722 CONTACT-INFO 3723 "Shadi Azoum 3724 US Navy 3725 email: shadi.azoum@navy.mil 3727 Elliott Jones 3728 US Navy 3729 elliott.jones@navy.mil 3731 Lily Sun 3732 US Navy 3733 lily.sun@navy.mil 3735 Mike Irani 3736 NKI Engineering 3737 irani@nkiengineering.com 3739 Jeffrey Sun 3740 NKI Engineering 3741 sunjeff@nkiengineering.com 3743 Ray Purvis 3744 MITRE 3745 Email:rpurvis@mitre.org 3747 Sean Turner 3748 sn3rd 3749 Email:sean@sn3rd.com" 3750 DESCRIPTION 3751 "This MIB defines the CC MIB Key Transfer Pull objects. 3753 Copyright (c) 2016 IETF Trust and the persons 3754 identified as authors of the code. All rights reserved. 3756 Redistribution and use in source and binary forms, with 3757 or without modification, is permitted pursuant to, and 3758 subject to the license terms contained in, the Simplified 3759 BSD License set forth in Section 4.c of the IETF Trust's 3760 Legal Provisions Relating to IETF Documents 3761 (http://trustee.ietf.org/license-info). 3763 This version of this MIB module is part of RFC xxxx; 3764 see the RFC itself for full legal notices." 3765 -- RFC Ed.: RFC-editor please fill in xxxx. 3766 REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 3767 DESCRIPTION "Initial Version. Published as RFC xxxx." 3768 -- RFC Ed.: RFC-editor please fill in xxxx. 3769 ::= { 1 } 3771 -- ***************************************************************** 3772 -- Key Transfer Pull Information Segments 3773 -- ***************************************************************** 3775 cKeyTransferPullConformance OBJECT IDENTIFIER 3776 ::= { ccKeyTransferPullMIB 1 } 3777 cKeyTransferPullScalars OBJECT IDENTIFIER 3778 ::= { ccKeyTransferPullMIB 2 } 3779 cKeyTransferPullNotify OBJECT IDENTIFIER 3780 ::= { ccKeyTransferPullMIB 3 } 3781 cSOMSServerInfo OBJECT IDENTIFIER 3782 ::= { ccKeyTransferPullMIB 4 } 3783 cCDMDeliveryInfo OBJECT IDENTIFIER 3784 ::= { ccKeyTransferPullMIB 5 } 3786 -- ***************************************************************** 3787 -- Key Transfer Pull Scalars 3788 -- ***************************************************************** 3790 cSOMSServerRetryDelay OBJECT-TYPE 3791 SYNTAX Unsigned32 3792 MAX-ACCESS read-write 3793 STATUS current 3794 DESCRIPTION 3796 "The amount of time to wait after a download attempt to the 3797 Secure Object Management System (SOMS) server fails before 3798 attempting to retry the operation. Note, this scalar applies 3799 to the download of any type of item from the SOMS server 3800 (e.g. CDMs, PALs)." 3802 ::= { cKeyTransferPullScalars 1 } 3804 cSOMSServerRetryMaxAttempts OBJECT-TYPE 3805 SYNTAX Unsigned32 3806 MAX-ACCESS read-write 3807 STATUS current 3808 DESCRIPTION 3809 "The amount of retries attempted before the download attempt 3810 to the Secure Object Management System (SOMS) server is 3811 considered a failure. Note, this scalar applies to the 3812 download of any type of item from the SOMS server (e.g. CDMs, 3813 PALs)." 3814 ::= { cKeyTransferPullScalars 2 } 3816 cCDMPullRetrievalPriorities OBJECT-TYPE 3817 SYNTAX Unsigned32 3818 MAX-ACCESS read-write 3819 STATUS current 3820 DESCRIPTION 3821 "An indication of which cryptographic device materials 3822 (CDMs) to retrieve based on this value and a configured 3823 cCDMDeliveryPriority in a cCDMDeliveryTable entry. This 3824 value identifies an upper bound. A value of '5' for example, 3825 implies that only cCDMDeliveryTable entries with a 3826 cCDMDeliveryPriority value of '5' or less can be acted upon 3827 (i.e. retrieved). 3829 Different types of ECUs may have different values for this 3830 scalar. Bandwidth-limited ECUs, for example, may configure 3831 lower values for only retrieving high-priority CDMs. 3833 A value of 0, also a default value for this scalar, 3834 indicates that all cCDMDeliveryTable entries can be acted 3835 upon regardless of the configured cCDMDeliveryPriority value." 3836 DEFVAL {0} 3837 ::= { cKeyTransferPullScalars 3 } 3839 cPALDeliveryRequest OBJECT-TYPE 3840 SYNTAX INTEGER { readyForDownload(1), downloadAndParse(2), 3841 discard(3) } 3842 MAX-ACCESS read-write 3843 STATUS current 3844 DESCRIPTION 3845 "This scalar controls the server's PAL download process - 3846 server information is stored in the cSOMSServerTable. When 3847 read, it will return 'readyForDownload' if the last action 3848 succeeded. If the last action is in progress or failed, it 3849 will return the last requested action. 3851 The values which may be set depend on the current value of 3852 this object and the cPALDeliveryStatus object. 3854 In order to initiate a new download, this object must 3855 contain the value 'readyForDownload', and the 3856 cPALDeliveryStatus must contain the value 'complete'. At 3857 which point, setting this object to to 'downloadAndParse' 3858 initiates the PAL download process. Note, the 3859 cPALDeliveryStatus should transition to 'inProgress' at 3860 the device begins the PAL download process from the 3861 server(s) and URI(s) listed in the cSOMSServerTable (as 3862 ordered by the cSOMSServerPriority index). 3864 If the PAL download fails, the next highest priority URI 3865 will be tried, and so on. 3867 While a PAL download is in progress, or if the PAL 3868 download fails for all possible servers and URIs (indicated 3869 by a cPALDeliveryStatus value of 'downloadFailed'), this 3870 object will return an inconsistentValue error for any new 3871 value except 'discard' (which will cancel the current 3872 download). 3874 If the PAL download succeeded, the cPALDeliveryStatus value 3875 remains inProgress and the device attempts to parse the 3876 download immediately. During the parsing of the PAL, all 3877 new values will return inconsistentValue error (i.e. the 3878 parse process can not be aborted). If the parse fails, the 3879 cPALDeliveryStatus will transition to 'parseFailed', and 3880 this object must be set to 'discard' before a new PAL 3881 download is attempted." 3882 ::= { cKeyTransferPullScalars 4 } 3884 cPALDeliveryStatus OBJECT-TYPE 3885 SYNTAX INTEGER { complete(1), inProgress(2), 3886 downloadFailed(3), 3887 parseFailed(4) } 3888 MAX-ACCESS read-only 3889 STATUS current 3890 DESCRIPTION 3891 "This indicates the current state of a PAL download. 3893 'complete' indicates that the last requested 3894 cPALDeliveryRequest action was successful. 3896 'inProgress' indicates that a PAL download or PAL parse is 3897 underway. 3899 'downloadFailed' indicates that the last attempted PAL 3900 download failed. 3902 'parseFailed' indicates that the last attempted PAL parse 3903 failed. 3905 The relationship between this object and 3906 cPALDeliveryRequest is detailed in the following table. The 3907 table indicates values of cPALDeliveryRequest that are 3908 allowed depending on the current value of this object. 3910 cPALDeliveryRequest! cPALDeliveryStatus 3911 --------------------+-----------+----------+--------------+------------ 3912 ! ! complete !inProgress!downloadFailed!parseFailed! 3913 --------------------+-----------+----------+--------------+------------ 3914 ! readyForDownload ! allowed ! error ! error ! error ! 3915 --------------------+-----------+----------+--------------+------------ 3916 ! downloadAndParse ! allowed ! error ! error ! error ! 3917 --------------------+-----------+----------+--------------+------------ 3918 ! discard ! error ! allowed ! allowed ! allowed ! 3919 --------------------+-----------+----------+--------------+------------ 3921 As described cPALDeliveryRequest description, an 3922 inconsistentValue error is returned." 3923 DEFVAL {complete} 3924 ::= { cKeyTransferPullScalars 5 } 3926 -- ***************************************************************** 3927 -- Key Transfer Pull Notifications 3928 -- ***************************************************************** 3930 cPALPullReceiveSuccess NOTIFICATION-TYPE 3931 OBJECTS { cSOMSServerURI } 3932 STATUS current 3933 DESCRIPTION 3934 "An attempt to receive a Product Availablity List (PAL) has 3935 succeeded. The Secure Object Management System (SOMS) server 3936 URI is provided with this notification." 3937 ::= { cKeyTransferPullNotify 1 } 3939 cPALPullReceiveFailed NOTIFICATION-TYPE 3940 OBJECTS { 3941 cSOMSServerURI, 3942 cPALDeliveryStatus 3943 } 3944 STATUS current 3945 DESCRIPTION 3946 "An attempt to receive a Product Availability List (PAL) 3947 has failed. The Secure Object Management System (SOMS) 3948 server URI and PAL Delivery Status are provided with this 3949 notification. Note, the expected values for the PAL 3950 Delivery Status are: 'downloadFailed' and 'parseFailed'." 3951 ::= { cKeyTransferPullNotify 2 } 3953 cCDMPullReceiveSuccess NOTIFICATION-TYPE 3954 OBJECTS { 3955 cCDMType, 3956 cCDMURI 3957 } 3958 STATUS current 3959 DESCRIPTION 3961 "An attempt to receive a cryptographic device material (CDM) 3962 has succeeded. The CDM Type and CDM URI are provided with 3963 this notification." 3964 ::= { cKeyTransferPullNotify 3 } 3966 cCDMPullReceiveFailed NOTIFICATION-TYPE 3967 OBJECTS { 3968 cCDMType, 3969 cCDMURI 3970 } 3971 STATUS current 3972 DESCRIPTION 3973 "An attempt to receive a cryptographic device material (CDM) 3974 has failed. The CDM Type and CDM URI are provided with this 3975 notification." 3976 ::= { cKeyTransferPullNotify 4 } 3978 -- ***************************************************************** 3979 -- CC MIB cSOMSServerTable 3980 -- ***************************************************************** 3982 cSOMSServerTableCount OBJECT-TYPE 3983 SYNTAX Unsigned32 3984 MAX-ACCESS read-only 3985 STATUS current 3986 DESCRIPTION 3987 "The number of rows in the cSOMSServerTable" 3988 ::= { cSOMSServerInfo 1 } 3990 cSOMSServerTableLastChanged OBJECT-TYPE 3991 SYNTAX TimeStamp 3992 MAX-ACCESS read-only 3993 STATUS current 3994 DESCRIPTION 3995 "The last time any entry in the table was modified, created, 3996 or deleted by either SNMP, agent, or other management method 3997 (e.g. via an HMI). Managers can use this object to ensure 3998 that no changes to configuration of this table have happened 3999 since the last time it examined the table. A value of 0 4000 indicates that no entry has been changed since the agent 4001 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 4002 should be used to populate this column." 4003 ::= { cSOMSServerInfo 2 } 4005 cSOMSServerTable OBJECT-TYPE 4006 SYNTAX SEQUENCE OF CSOMSServerEntry 4007 MAX-ACCESS not-accessible 4008 STATUS current 4009 DESCRIPTION 4010 "The table containing a list of servers that will be queried 4011 for available cryptographic device materials (CDMs), such as 4012 keys and firmware packages. This table is also used to 4013 obtain the Product Avaialability List (PAL), which is a list 4014 detailing available CDMs and their associated location for 4015 obtainment." 4016 ::= { cSOMSServerInfo 3 } 4018 cSOMSServerEntry OBJECT-TYPE 4019 SYNTAX CSOMSServerEntry 4020 MAX-ACCESS not-accessible 4021 STATUS current 4022 DESCRIPTION 4023 "A row containing information about a server that has 4024 available PALs/CDMs for download." 4025 INDEX { cSOMSServerPriority } 4026 ::= { cSOMSServerTable 1 } 4028 CSOMSServerEntry ::= SEQUENCE { 4029 cSOMSServerPriority Unsigned32, 4030 cSOMSServerURI OCTET STRING, 4031 cSOMSServerAdditionalInfo SnmpAdminString, 4032 cSOMSServerRowStatus RowStatus 4033 } 4035 cSOMSServerPriority OBJECT-TYPE 4036 SYNTAX Unsigned32 4037 MAX-ACCESS not-accessible 4038 STATUS current 4039 DESCRIPTION 4040 "A unique numeric index that identifies a server that has 4041 available PALs/CDMs for download. This index also provides 4042 server prioritization functionality - lower values have a 4044 higher priority. For example, the server with the lowest 4045 value will be the first server for PAL/CDM downloads. In 4046 the event of failure, the next lowest value server will be 4047 tried, and so on. 4049 This column is the sole index to the cSOMSServerTable." 4050 ::= { cSOMSServerEntry 1 } 4052 cSOMSServerURI OBJECT-TYPE 4053 SYNTAX OCTET STRING (SIZE(1..255)) 4054 MAX-ACCESS read-create 4055 STATUS current 4056 DESCRIPTION 4057 "The location of the server that has available PALs/CDMs 4058 for download. The value in this column is represented as a 4059 URI. 4061 Note, download of a PAL will typically result in the 4062 population of new CDM entries in the cCDMDeliveryTable." 4063 ::= { cSOMSServerEntry 2 } 4065 cSOMSServerAdditionalInfo OBJECT-TYPE 4066 SYNTAX SnmpAdminString 4067 MAX-ACCESS read-create 4068 STATUS current 4069 DESCRIPTION 4070 "Additional information about the SOMS server. This 4071 information is manually configured by the manager both at or 4072 after row creation." 4073 ::= { cSOMSServerEntry 3 } 4075 cSOMSServerRowStatus OBJECT-TYPE 4076 SYNTAX RowStatus 4077 MAX-ACCESS read-create 4078 STATUS current 4079 DESCRIPTION 4080 "The status of the row, by which new entries may be created 4081 or old entries deleted from this table. 4083 Entries created within this table may not become active 4084 unless all read-create columns in this column have valid 4085 values, as detailed by each individual column's description. 4087 At a minimum, implementations must support createAndGo, 4088 active, and destroy management functions. Support for 4089 createAndWait, notInService, and notReady management 4090 functions is optional." 4091 ::= { cSOMSServerEntry 4 } 4093 -- ***************************************************************** 4094 -- CC MIB cCDMDeliveryTable 4095 -- ***************************************************************** 4097 cCDMDeliveryTableCount OBJECT-TYPE 4098 SYNTAX Unsigned32 4099 MAX-ACCESS read-only 4100 STATUS current 4101 DESCRIPTION 4102 "The number of rows in the cCDMDeliveryTable" 4103 ::= { cCDMDeliveryInfo 1 } 4105 cCDMDeliveryTableLastChanged OBJECT-TYPE 4106 SYNTAX TimeStamp 4107 MAX-ACCESS read-only 4108 STATUS current 4109 DESCRIPTION 4110 "The last time any entry in the table was modified, created, 4111 or deleted by either SNMP, agent, or other management method 4112 (e.g. via an HMI). Managers can use this object to ensure 4113 that no changes to configuration of this table have happened 4114 since the last time it examined the table. A value of 0 4115 indicates that no entry has been changed since the agent 4116 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 4117 should be used to populate this column." 4118 ::= { cCDMDeliveryInfo 2 } 4120 cCDMDeliveryTable OBJECT-TYPE 4121 SYNTAX SEQUENCE OF CCDMDeliveryEntry 4122 MAX-ACCESS not-accessible 4123 STATUS current 4124 DESCRIPTION 4125 "The table storing information about cryptographic device 4126 materials (CDMs) that are ready/available for retrieval. 4127 Entries in this table are typically automatically configured 4128 by the device after a server query. Entries can also be 4129 manually configured by a manager if the location of the CDM 4130 is predetermined." 4131 ::= { cCDMDeliveryInfo 3 } 4133 cCDMDeliveryEntry OBJECT-TYPE 4134 SYNTAX CCDMDeliveryEntry 4135 MAX-ACCESS not-accessible 4136 STATUS current 4137 DESCRIPTION 4138 "A row containing information about a specific cryptographic 4139 device material (CDM) available for download." 4140 INDEX { cCDMType, cCDMURI } 4141 ::= { cCDMDeliveryTable 1 } 4143 CCDMDeliveryEntry ::= SEQUENCE { 4144 cCDMType INTEGER, 4145 cCDMURI OCTET STRING, 4146 cCDMPackageSize Unsigned32, 4147 cCDMAdditionalInfo SnmpAdminString, 4148 cCDMLastDownloadDate OCTET STRING, 4149 cCDMDeliveryPriority Unsigned32, 4150 cCDMDeliveryRequest INTEGER, 4151 cCDMDeliveryStatus INTEGER, 4152 cCDMDeliveryRowStatus RowStatus 4153 } 4155 cCDMType OBJECT-TYPE 4156 SYNTAX INTEGER { notification(1), symmetricKey(2), 4157 asymmetricKey(3), certificate(4), 4158 cklOrCrl(5), firmware(6) } 4159 MAX-ACCESS read-only 4160 STATUS current 4161 DESCRIPTION 4162 "The type of the cryptographic device material (CDM) that 4163 can be retrieved from a CDM server: 4165 [notification] = CDM is a notification providing 4166 status/information for a particular 4167 (other) CDM 4168 [symmetricKey] = CDM is a symmetric key 4169 [asymmetricKey] = CDM is a non-certificate asymmetric key 4170 [certificate] = CDM is a certificate 4171 [cklOrCrl] = CDM is a compromised key list or 4172 certificate revocation list 4173 [firmware] = CDM is a firmware package." 4174 ::= { cCDMDeliveryEntry 1 } 4176 cCDMURI OBJECT-TYPE 4177 SYNTAX OCTET STRING (SIZE(1..255)) 4178 MAX-ACCESS read-only 4179 STATUS current 4180 DESCRIPTION 4181 "The location of the cryptographic device material (CDM), 4182 represented in a URI format. Because of its type, the 4183 associated URI of the CDM Server can easily be derived. 4185 This column is typically populated by an agent upon querying 4186 a SOMS Server (e.g. downloading and parsing a Product 4187 Availability List (PAL) from a SOMS Server (entry in the 4188 cSOMSServerTable)). However, a manager can also configure an 4189 entry in this table with predetermined knowledge of the CDM 4190 location." 4191 ::= { cCDMDeliveryEntry 2 } 4193 cCDMPackageSize OBJECT-TYPE 4194 SYNTAX Unsigned32 4195 UNITS "bytes" 4196 MAX-ACCESS read-only 4197 STATUS current 4198 DESCRIPTION 4199 "The package size, in bytes, of the cryptographic device 4200 material (CDM). This information is retrieved from a 4201 Product Availability List (PAL) or a server's product 4202 availability response following a query. This column 4203 does not apply to notifications found in PALs." 4204 ::= { cCDMDeliveryEntry 3 } 4206 cCDMAdditionalInfo OBJECT-TYPE 4207 SYNTAX SnmpAdminString 4208 MAX-ACCESS read-create 4209 STATUS current 4210 DESCRIPTION 4211 "Additional information about the cryptographic device 4212 material (CDM). This information can be retrieved from the 4213 downloaded Product Availability List (PAL) or manually 4214 configured by the manager both at or after row creation." 4215 ::= { cCDMDeliveryEntry 4 } 4217 cCDMLastDownloadDate OBJECT-TYPE 4218 SYNTAX OCTET STRING (SIZE(14)) 4219 MAX-ACCESS read-only 4220 STATUS current 4221 DESCRIPTION 4222 "This is a 14 character field that will be populated with 4223 the following values depending on the state of the download 4224 and the CDM type. 4225 1. The date and time (expressed as Generalized Time) when 4226 the device last successfully downloaded the CDM from the 4227 CDM Server. The format follows: 'yyyymmddhhmmss' where 4228 'yyyy' - year 4229 'mm' - month (first 'mm's from left to right) 4230 'dd' - day 4231 'hh' - hour 4232 'mm' - minutes (second 'mm's from left to right) 4233 'ss' - seconds 4235 2. All zero characters for the following cases. 4236 a. No indication that device has successfully downloaded 4237 the CDM. 4238 b. The cCDMType is a notification." 4239 ::= { cCDMDeliveryEntry 5 } 4241 cCDMDeliveryPriority OBJECT-TYPE 4242 SYNTAX Unsigned32 4243 MAX-ACCESS read-create 4244 STATUS current 4245 DESCRIPTION 4246 "A configurable priority value on the cryptographic device 4247 material (CDM). This column is a means to allow certain key 4248 products to be downloaded before others. Lower values have a 4249 higher priority (e.g. a value of 1 will be processed before 4250 a value of 2)." 4251 ::= { cCDMDeliveryEntry 6 } 4253 cCDMDeliveryRequest OBJECT-TYPE 4254 SYNTAX INTEGER { downloadAndInstall(1), downloadAndStore(2), 4255 discard(3) } 4256 MAX-ACCESS read-create 4257 STATUS current 4258 DESCRIPTION 4259 "This object signals the local device to perform actions on 4260 the available cryptographic device materials (CDMs) from a 4261 CDM server. The following types of actions are supported: 4263 [downloadAndInstall] = Initiates a download of a CDM. After 4264 a successful download, the CDM will be installed for local 4265 consumption and an entry is to be configured in the 4266 appropriate MIB table based on cCDMType: 4268 cCDMType | MIB Table Destination 4269 ------------------------------------- 4270 (1) notification | N/A 4271 (2) symmetricKey | cSymmetricKeyTable 4272 (3) asymmetricKey | cAsymKeyTable 4273 (4) certificate | cAsymKeyTable 4274 (5) cklOrCrl | cCKLTable 4275 (6) firmware | cFirmwareInformationTable 4277 [downloadAndStore] = Initiates a download of the CDM. After 4278 a successful download, an entry is created in the 4279 cCDMStoreTable to store the CDM. 4281 [discard] = Stops the current CDM delivery request and 4282 discards the CDM if potentially downloaded; this reverts the 4283 current value of the cCDMDeliveryStatus to 'complete'. If 4284 entries are created in the aforementioned tables for the 4285 install and store operations, these newly configured entries 4286 will be removed. 4288 The enumeration value of 'downloadAndStore' does not apply 4289 when cCDMType is set to 'notification'. 'downloadAndInstall' 4290 is used for a cCDMType of 'notification'. 4292 If this column is configured to any value except 'discard' 4293 while the value of cCDMDeliveryStatus is any value except 4294 'complete', the SNMP set operation must result in an 4295 inconsistentValue exception. The same applies if 'discard' 4296 is configured while the value cCDMDeliveryStatus is 4297 'complete'." 4298 ::= { cCDMDeliveryEntry 7 } 4300 cCDMDeliveryStatus OBJECT-TYPE 4301 SYNTAX INTEGER { complete(1), inProgress(2), 4302 downloadFailed(3), installFailed(4), 4303 storeFailed(5) } 4304 MAX-ACCESS read-only 4305 STATUS current 4306 DESCRIPTION 4307 "The status of the cryptographic device material (CDM) 4308 delivery operation. The following status values are 4309 supported: 4311 [complete] = The default state where the local device is 4312 ready to start a delivery request for the CDM. Between 4313 requests this state can only be reached after successful 4314 operations or if cCDMDeliveryRequest is set to 'discard' 4315 during an operation. 4317 [inProgress] = This state is reached when the device is 4318 either currently performing a download of the CDM or 4319 configuring appropriate MIB tables conveying installation or 4320 storage of key material. 4322 [downloadFailed] = This state is reached after a failure 4323 occurs during a download of a CDM when cCDMDeliveryRequest 4324 was configured to either 'downloadAndStore' or 4325 'downloadAndInstall'. 4327 [installFailed] = This state is reached after a failure 4328 occurs during the install of the downloaded CDM when 4329 cCDMDeliveryRequest was configured to 'downloadAndInstall'. 4331 [storeFailed] = This state is reached after a failure 4332 occurs during the store of the downloaded CDM when 4333 cCDMDeliveryRequest was configured to 'downloadAndStore'." 4334 ::= { cCDMDeliveryEntry 8 } 4336 cCDMDeliveryRowStatus OBJECT-TYPE 4337 SYNTAX RowStatus 4338 MAX-ACCESS read-create 4339 STATUS current 4340 DESCRIPTION 4341 "The status of the row, by which new entries may be created 4342 or old entries deleted from this table. 4344 Entries created within this table may not become active 4345 unless all read-create columns in this column have valid 4346 values, as detailed by each individual column's description. 4348 At a minimum, implementations must support createAndGo, 4349 active, and destroy management functions. Support for 4350 createAndWait, notInService, and notReady management 4351 functions is optional." 4352 ::= { cCDMDeliveryEntry 9 } 4354 -- ***************************************************************** 4355 -- Module Conformance Information 4356 -- ***************************************************************** 4358 cKeyTransferPullCompliances OBJECT IDENTIFIER 4359 ::= { cKeyTransferPullConformance 1} 4360 cKeyTransferPullGroups OBJECT IDENTIFIER 4361 ::= { cKeyTransferPullConformance 2} 4363 cKeyTransferPullCompliance MODULE-COMPLIANCE 4364 STATUS current 4365 DESCRIPTION 4366 "Compliance levels for key transfer pull information." 4367 MODULE 4368 MANDATORY-GROUPS { 4369 cKeyTransferPullServerGroup, 4370 cKeyTransferPullDeliveryGroup 4371 } 4373 GROUP cKeyTransferPullDeliveryNotifyGroup 4374 DESCRIPTION 4375 "This notification group is optional for implementation." 4377 OBJECT cCDMDeliveryRequest 4378 SYNTAX INTEGER { downloadAndInstall(1), discard(3) } 4379 DESCRIPTION 4380 "Implementation of this enumeration value(s) is mandatory - 4381 enumeration values not listed here are optional." 4383 OBJECT cCDMDeliveryStatus 4384 SYNTAX INTEGER { complete(1), inProgress(2), downloadFailed(3), 4385 installFailed(4) } 4386 DESCRIPTION 4387 "Implementation of this enumeration value(s) is mandatory - 4388 enumeration values not listed here are optional." 4389 ::= { cKeyTransferPullCompliances 1 } 4391 cKeyTransferPullServerGroup OBJECT-GROUP 4392 OBJECTS { 4393 cSOMSServerRetryDelay, 4394 cSOMSServerRetryMaxAttempts, 4395 cSOMSServerTableCount, 4396 cSOMSServerTableLastChanged, 4397 cSOMSServerURI, 4398 cSOMSServerAdditionalInfo, 4399 cSOMSServerRowStatus 4400 } 4401 STATUS current 4402 DESCRIPTION 4403 "This group is composed of objects related to server 4404 information." 4405 ::= { cKeyTransferPullGroups 1 } 4407 cKeyTransferPullDeliveryGroup OBJECT-GROUP 4408 OBJECTS { 4409 cCDMPullRetrievalPriorities, 4410 cPALDeliveryRequest, 4411 cPALDeliveryStatus, 4412 cCDMDeliveryTableCount, 4413 cCDMDeliveryTableLastChanged, 4414 cCDMDeliveryTableLastChanged, 4415 cCDMType, 4416 cCDMURI, 4417 cCDMPackageSize, 4418 cCDMAdditionalInfo, 4419 cPALastDownloadDate, 4420 cCDMDeliveryPriority, 4421 cCDMDeliveryRequest, 4422 cCDMDeliveryStatus, 4423 cCDMDeliveryRowStatus 4424 } 4425 STATUS current 4426 DESCRIPTION 4427 "This group is composed of objects related to delivery 4428 information." 4429 ::= { cKeyTransferPullGroups 2 } 4431 cKeyTransferPullDeliveryNotifyGroup NOTIFICATION-GROUP 4432 NOTIFICATIONS { 4433 cPALPullReceiveSuccess, 4434 cPALPullReceiveFailed, 4435 cCDMPullReceiveSuccess, 4436 cCDMPullReceiveFailed 4437 } 4438 STATUS current 4439 DESCRIPTION 4440 "This group is composed of notifications related to delivery 4441 information." 4442 ::= { cKeyTransferPullGroups 3 } 4444 END 4446 5.7. Key Transfer Push 4448 This MIB module makes reference to following documents: [RFC2571], 4449 [RFC2578], [RFC2579], [RFC2580]. 4451 CC-KEY-TRANSFER-PUSH-MIB DEFINITIONS ::= BEGIN 4453 IMPORTS 4454 ccKeyTransferPush 4455 FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} 4456 OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, 4457 MODULE-IDENTITY 4458 FROM SNMPv2-SMI -- FROM RFC 2578 4459 SnmpAdminString 4460 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571 4461 RowPointer, RowStatus, DateAndTime, 4462 TimeStamp 4463 FROM SNMPv2-TC -- FROM RFC 2579 4464 MODULE-COMPLIANCE, OBJECT-GROUP, 4465 NOTIFICATION-GROUP 4466 FROM SNMPv2-CONF; -- FROM RFC 2580 4468 ccKeyTransferPushMIB MODULE-IDENTITY 4469 LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 4470 ORGANIZATION "IETF" 4471 CONTACT-INFO 4472 "Shadi Azoum 4473 US Navy 4474 email: shadi.azoum@navy.mil 4475 Elliott Jones 4476 US Navy 4477 elliott.jones@navy.mil 4479 Lily Sun 4480 US Navy 4481 lily.sun@navy.mil 4483 Mike Irani 4484 NKI Engineering 4485 irani@nkiengineering.com 4487 Jeffrey Sun 4488 NKI Engineering 4489 sunjeff@nkiengineering.com 4491 Ray Purvis 4492 MITRE 4493 Email:rpurvis@mitre.org 4495 Sean Turner 4496 sn3rd 4497 Email:sean@sn3rd.com" 4498 DESCRIPTION 4499 "This MIB defines the CC MIB Key Transfer Push object. 4501 Copyright (c) 2016 IETF Trust and the persons 4502 identified as authors of the code. All rights reserved. 4504 Redistribution and use in source and binary forms, with 4505 or without modification, is permitted pursuant to, and 4506 subject to the license terms contained in, the Simplified 4507 BSD License set forth in Section 4.c of the IETF Trust's 4508 Legal Provisions Relating to IETF Documents 4509 (http://trustee.ietf.org/license-info). 4511 This version of this MIB module is part of RFC xxxx; 4512 see the RFC itself for full legal notices." 4513 -- RFC Ed.: RFC-editor please fill in xxxx. 4514 REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 4515 DESCRIPTION "Initial Version. Published as RFC xxxx." 4516 -- RFC Ed.: RFC-editor please fill in xxxx. 4517 ::= { ccKeyTransferPush 1 } 4519 -- ***************************************************************** 4520 -- Key Transfer Push Information Segments 4521 -- ***************************************************************** 4522 cCDMPushDestInfo OBJECT IDENTIFIER 4523 ::= { ccKeyTransferPushMIB 1 } 4524 cCDMTransferPkgInfo OBJECT IDENTIFIER 4525 ::= { ccKeyTransferPushMIB 2 } 4526 cCDMPushSrcInfo OBJECT IDENTIFIER 4527 ::= { ccKeyTransferPushMIB 3 } 4528 cKeyTransferPushScalars OBJECT IDENTIFIER 4529 ::= { ccKeyTransferPushMIB 4 } 4530 cKeyTransferPushNotify OBJECT IDENTIFIER 4531 ::= { ccKeyTransferPushMIB 5 } 4532 cKeyTransferPushConformance OBJECT IDENTIFIER 4533 ::= { ccKeyTransferPushMIB 6 } 4535 -- ***************************************************************** 4536 -- Key Transfer Push Scalars 4537 -- ***************************************************************** 4539 cCDMTransferDelay OBJECT-TYPE 4540 SYNTAX Unsigned32 4541 MAX-ACCESS read-write 4542 STATUS current 4543 DESCRIPTION 4544 "The number of seconds to wait after a Cryptographic Device 4545 Material (CDM) transfer attempt initiated by the sender 4546 fails before attempting to retry the operation." 4547 ::= { cKeyTransferPushScalars 1 } 4549 cCDMTransferMaxAttempts OBJECT-TYPE 4550 SYNTAX Unsigned32 4551 MAX-ACCESS read-write 4552 STATUS current 4553 DESCRIPTION 4554 "The amount of retries attempted before giving up on a 4555 device due to consecutive Cryptographic Device Material 4556 (CDM) transfer failures." 4557 ::= { cKeyTransferPushScalars 2 } 4559 -- ***************************************************************** 4560 -- Key Transfer Push Notifications 4561 -- ***************************************************************** 4563 cCDMPushSendSuccess NOTIFICATION-TYPE 4564 OBJECTS { 4565 cCDMPushDestAddressLocationType, 4566 cCDMPushDestAddressLocation, 4567 cCDMPushDestTransferType, 4568 cCDMPushDestPackageSelection 4569 } 4571 STATUS current 4572 DESCRIPTION 4573 "An attempt to send CDM, identified by CDM push transfer 4574 information (cCDMPushDestTable row data), has succeeded." 4575 ::= { cKeyTransferPushNotify 1 } 4577 cCDMPushReceiveSuccess NOTIFICATION-TYPE 4578 OBJECTS { 4579 cCDMPushSrcAddrLocationType, 4580 cCDMPushSrcAddrLocation, 4581 cCDMPushSrcTransferType 4582 } 4583 STATUS current 4584 DESCRIPTION 4585 "An attempt to receive key material, identified by CDM push 4586 transfer information (cCDMPushSrcTable row data), has 4587 succeeded." 4588 ::= { cKeyTransferPushNotify 2 } 4590 cCDMPushReceiveFail NOTIFICATION-TYPE 4591 OBJECTS { 4592 cCDMPushSrcAddrLocationType, 4593 cCDMPushSrcAddrLocation, 4594 cCDMPushSrcTransferType 4595 } 4596 STATUS current 4597 DESCRIPTION 4598 "An attempt to receive key material via a Push operation, 4599 identified by the Sender Address and Transfer Type has 4600 failed." 4601 ::= { cKeyTransferPushNotify 3 } 4603 cCDMPushSendFail NOTIFICATION-TYPE 4604 OBJECTS { 4605 cCDMPushDestAddressLocationType, 4606 cCDMPushDestAddressLocation, 4607 cCDMPushDestTransferType, 4608 cCDMPushDestPackageSelection 4609 } 4610 STATUS current 4611 DESCRIPTION 4612 "An attempt to send key material, identified by the 4613 Recipient Address and Transfer Type, has failed." 4614 ::= { cKeyTransferPushNotify 4 } 4616 -- ***************************************************************** 4617 -- CC MIB cCDMPushDestTable 4618 -- ***************************************************************** 4619 cCDMPushDestTableCount OBJECT-TYPE 4620 SYNTAX Unsigned32 4621 MAX-ACCESS read-only 4622 STATUS current 4623 DESCRIPTION 4624 "The number of rows in the cCDMPushDestTable" 4625 ::= { cCDMPushDestInfo 1 } 4627 cCDMPushDestTableLastChanged OBJECT-TYPE 4628 SYNTAX TimeStamp 4629 MAX-ACCESS read-only 4630 STATUS current 4631 DESCRIPTION 4632 "The last time any entry in the table was modified, created, 4633 or deleted by either SNMP, agent, or other management method 4634 (e.g. via an HMI). Managers can use this object to ensure 4635 that no changes to configuration of this table have happened 4636 since the last time it examined the table. A value of 0 4637 indicates that no entry has been changed since the agent 4638 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 4639 should be used to populate this column." 4640 ::= { cCDMPushDestInfo 2 } 4642 cCDMPushDestTable OBJECT-TYPE 4643 SYNTAX SEQUENCE OF CCDMPushDestEntry 4644 MAX-ACCESS not-accessible 4645 STATUS current 4646 DESCRIPTION 4647 "The table that provides the necessary information a sender 4648 needs to initiate a Cryptographic Device Material (CDM) send 4649 to a receiving device." 4650 ::= { cCDMPushDestInfo 3 } 4652 cCDMPushDestEntry OBJECT-TYPE 4653 SYNTAX CCDMPushDestEntry 4654 MAX-ACCESS not-accessible 4655 STATUS current 4656 DESCRIPTION 4657 "A row containing information for a Cryptographic Device 4658 Material (CDM) transfer to a receiving device." 4659 INDEX { cCDMPushDestIndex } 4660 ::= { cCDMPushDestTable 1 } 4662 CCDMPushDestEntry ::= SEQUENCE { 4663 cCDMPushDestIndex Unsigned32, 4664 cCDMPushDestTransferType INTEGER, 4665 cCDMPushDestAddressLocationType INTEGER, 4666 cCDMPushDestAddressLocation OCTET STRING, 4667 cCDMPushDestTransferTime DateAndTime, 4668 cCDMPushDestPackageSelection SnmpAdminString, 4669 cCDMPushDestRowStatus RowStatus 4670 } 4672 cCDMPushDestIndex OBJECT-TYPE 4673 SYNTAX Unsigned32 4674 MAX-ACCESS not-accessible 4675 STATUS current 4676 DESCRIPTION 4677 "A numeric index that identifies a unique location in this 4678 table." 4679 ::= { cCDMPushDestEntry 1 } 4681 cCDMPushDestTransferType OBJECT-TYPE 4682 SYNTAX INTEGER { ipsec(1), tls(2) } 4683 MAX-ACCESS read-create 4684 STATUS current 4685 DESCRIPTION 4686 "The transfer mechanism or protocol used by the sender to 4687 execute the Cryptographic Device Material (CDM) transfer: 4688 ipsec(1), tls(2): 4689 ipsec - Internet Protocol Security (IPsec) 4690 tls - Transport Layer Security (TLS)" 4691 ::= { cCDMPushDestEntry 2 } 4693 cCDMPushDestAddressLocationType OBJECT-TYPE 4694 SYNTAX INTEGER { ipv4(1), ipv6(2), uri(3), other(4) } 4695 MAX-ACCESS read-create 4696 STATUS current 4697 DESCRIPTION 4698 "Enumeration indicating the type of address location." 4699 ::= { cCDMPushDestEntry 3 } 4701 cCDMPushDestAddressLocation OBJECT-TYPE 4702 SYNTAX OCTET STRING 4703 MAX-ACCESS read-create 4704 STATUS current 4705 DESCRIPTION 4706 "Location of the receiver. The syntax allows a URI or an IP 4707 address to be configured." 4708 ::= { cCDMPushDestEntry 4 } 4710 cCDMPushDestTransferTime OBJECT-TYPE 4711 SYNTAX DateAndTime 4712 MAX-ACCESS read-create 4713 STATUS current 4714 DESCRIPTION 4715 "A valid date and time value populated in this object will 4716 automatically initiate the transfer at the value specified. 4718 To initiate an immediate transfer the following 4719 configuration is used: '0' for the year field, '1' for the 4720 month field, '1' for the day field, '-' for the direction 4721 from UTC field, and '0' for all other fields. This 4722 configuration is displayed as '0-1-1,00:00:00.0,-0:0'. Note 4723 that if the timezone fields are not used then the displayed 4724 value is as follows: '0-1-1,00:00:00.0'. The timezone 4725 fields are the direction from UTC, hours from UTC, and 4726 minutes from UTC." 4727 ::= { cCDMPushDestEntry 5 } 4729 cCDMPushDestPackageSelection OBJECT-TYPE 4730 SYNTAX SnmpAdminString 4731 MAX-ACCESS read-create 4732 STATUS current 4733 DESCRIPTION 4734 "A reference string that points to the key material(s) to 4735 transfer. This column may reference one entry (e.g. an entry 4736 in the cCDMStoreTable) or multiple entries (e.g. multiple 4737 entries in the cCDMTransferPkgTable). This object defines 4738 all the items in the package that will be sent." 4739 ::= { cCDMPushDestEntry 6 } 4741 cCDMPushDestRowStatus OBJECT-TYPE 4742 SYNTAX RowStatus 4743 MAX-ACCESS read-create 4744 STATUS current 4745 DESCRIPTION 4746 "The status of the row, by which new entries may be created 4747 or old entries deleted from this table. 4749 Entries created within this table may not become active 4750 unless all read-create columns in this column have valid 4751 values, as detailed by each individual column's description. 4753 At a minimum, implementations must support createAndGo, 4754 active, and destroy management functions. Support for 4755 createAndWait, notInService, and notReady management 4756 functions is optional." 4757 ::= { cCDMPushDestEntry 7 } 4759 -- ***************************************************************** 4760 -- CC MIB cCDMTransferPkgTable 4761 -- ***************************************************************** 4762 cCDMTransferPkgTableCount OBJECT-TYPE 4763 SYNTAX Unsigned32 4764 MAX-ACCESS read-only 4765 STATUS current 4766 DESCRIPTION 4767 "The number of rows in the cCDMTransferPkgTable." 4768 ::= { cCDMTransferPkgInfo 1 } 4770 cCDMTransferPkgTableLastChanged OBJECT-TYPE 4771 SYNTAX TimeStamp 4772 MAX-ACCESS read-only 4773 STATUS current 4774 DESCRIPTION 4775 "The last time any entry in the table was modified, created, 4776 or deleted by either SNMP, agent, or other management method 4777 (e.g. via an HMI). Managers can use this object to ensure 4778 that no changes to configuration of this table have happened 4779 since the last time it examined the table. A value of 0 4780 indicates that no entry has been changed since the agent 4781 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 4782 should be used to populate this column." 4783 ::= { cCDMTransferPkgInfo 2 } 4785 cCDMTransferPkgTable OBJECT-TYPE 4786 SYNTAX SEQUENCE OF CCDMTransferPkgEntry 4787 MAX-ACCESS not-accessible 4788 STATUS current 4789 DESCRIPTION 4790 "The table for configuring single or multiple Cryptographic 4791 Device Material (CDM) in a package that can be transferred 4792 on a send operation. Entries in this table are referenced by 4793 the cCDMPushDestPackageSelection column." 4794 ::= { cCDMTransferPkgInfo 3 } 4796 cCDMTransferPkgEntry OBJECT-TYPE 4797 SYNTAX CCDMTransferPkgEntry 4798 MAX-ACCESS not-accessible 4799 STATUS current 4800 DESCRIPTION 4801 "A row containing information about a package used on a send 4802 operation." 4803 INDEX { cCDMTransferPkgLabel, cCDMTransferPkgIndex } 4804 ::= { cCDMTransferPkgTable 1 } 4806 CCDMTransferPkgEntry ::= SEQUENCE { 4807 cCDMTransferPkgLabel SnmpAdminString, 4808 cCDMTransferPkgIndex Unsigned32, 4809 cCDMTransferPkgLocatorRowPtr RowPointer, 4810 cCDMTransferPkgRowStatus RowStatus 4811 } 4813 cCDMTransferPkgLabel OBJECT-TYPE 4814 SYNTAX SnmpAdminString 4815 MAX-ACCESS not-accessible 4816 STATUS current 4817 DESCRIPTION 4818 "An administrative name that identifies a package within 4819 this table. cCDMTransferPkgLabel and cCDMTransferPkgIndex 4820 serve as indexes of this table." 4821 ::= { cCDMTransferPkgEntry 1 } 4823 cCDMTransferPkgIndex OBJECT-TYPE 4824 SYNTAX Unsigned32 4825 MAX-ACCESS not-accessible 4826 STATUS current 4827 DESCRIPTION 4828 "An administrative way of creating a unique row within this 4829 table. This value shows the position of a given item within 4830 this package designated by cCDMTransferPkgLabel. 4831 cCDMTransferPkgLabel and cCDMTransferPkgIndex serve as 4832 indexes of this table." 4833 ::= { cCDMTransferPkgEntry 2 } 4835 cCDMTransferPkgLocatorRowPtr OBJECT-TYPE 4836 SYNTAX RowPointer 4837 MAX-ACCESS read-create 4838 STATUS current 4839 DESCRIPTION 4840 "A RowPointer that points to a unique entry in the table 4841 containing the necessary Cryptographic Device Material (CDM) 4842 for transfer. For example, referencing a key in the 4843 cSymmetricKeyTable, the value in this column contains the 4844 pointer to the appropriate row in the cSymmetricKeyTable." 4845 ::= { cCDMTransferPkgEntry 3 } 4847 cCDMTransferPkgRowStatus OBJECT-TYPE 4848 SYNTAX RowStatus 4849 MAX-ACCESS read-create 4850 STATUS current 4851 DESCRIPTION 4852 "The status of the row, by which new entries may be created 4853 or old entries deleted from this table. 4855 Entries created within this table may not become active 4856 unless all read-create columns in this column have valid 4857 values, as detailed by each individual column's description. 4859 At a minimum, implementations must support createAndGo, 4860 active, and destroy management functions. Support for 4861 createAndWait, notInService, and notReady management 4862 functions is optional." 4863 ::= { cCDMTransferPkgEntry 4 } 4865 -- ***************************************************************** 4866 -- CC MIB cCDMPushSrcTable 4867 -- ***************************************************************** 4869 cCDMPushSrcTableCount OBJECT-TYPE 4870 SYNTAX Unsigned32 4871 MAX-ACCESS read-only 4872 STATUS current 4873 DESCRIPTION 4874 "The number of rows in the cCDMPushSrcTable" 4875 ::= { cCDMPushSrcInfo 1 } 4877 cCDMPushSrcTableLastChanged OBJECT-TYPE 4878 SYNTAX TimeStamp 4879 MAX-ACCESS read-only 4880 STATUS current 4881 DESCRIPTION 4882 "The last time any entry in the table was modified, created, 4883 or deleted by either SNMP, agent, or other management method 4884 (e.g. via an HMI). Managers can use this object to ensure 4885 that no changes to configuration of this table have happened 4886 since the last time it examined the table. A value of 0 4887 indicates that no entry has been changed since the agent 4888 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 4889 should be used to populate this column." 4890 ::= { cCDMPushSrcInfo 2 } 4892 cCDMPushSrcTable OBJECT-TYPE 4893 SYNTAX SEQUENCE OF CCDMPushSrcEntry 4894 MAX-ACCESS not-accessible 4895 STATUS current 4896 DESCRIPTION 4897 "This table provides the list of authorized senders that 4898 this receiving device will accept Cryptographic Device 4899 Material (CDM) transfers from. Servers for the 4900 cSOMSServerTable are not listed in this table since this 4901 table is specific for the Push Model." 4902 ::= { cCDMPushSrcInfo 3 } 4904 cCDMPushSrcEntry OBJECT-TYPE 4905 SYNTAX CCDMPushSrcEntry 4906 MAX-ACCESS not-accessible 4907 STATUS current 4908 DESCRIPTION 4909 "A row containing information about an authorized sender 4910 that this receiving device will accept." 4911 INDEX { cCDMPushSrcSenderName, cCDMPushSrcTransferType } 4912 ::= { cCDMPushSrcTable 1 } 4914 CCDMPushSrcEntry ::= SEQUENCE { 4915 cCDMPushSrcSenderName SnmpAdminString, 4916 cCDMPushSrcTransferType INTEGER, 4917 cCDMPushSrcAddrLocationType INTEGER, 4918 cCDMPushSrcAddrLocation OCTET STRING, 4919 cCDMPushSrcRowStatus RowStatus 4920 } 4922 cCDMPushSrcSenderName OBJECT-TYPE 4923 SYNTAX SnmpAdminString 4924 MAX-ACCESS not-accessible 4925 STATUS current 4926 DESCRIPTION 4927 "An administrative string for an authorized sender. 4928 cCDMPushSrcSenderName and cCDMPushSrcTransferType serve as 4929 indexes of this table." 4930 ::= { cCDMPushSrcEntry 1 } 4932 cCDMPushSrcTransferType OBJECT-TYPE 4933 SYNTAX INTEGER { ipsec(1), tls(2), other(3) } 4934 MAX-ACCESS read-only 4935 STATUS current 4936 DESCRIPTION 4937 "Analogous to cCDMPushDestTransferType. The transfer 4938 mechanism or protocol used by the receiver to receive the 4939 Cryptographic Device Material (CDM) transfer. 4941 ipsec - Internet Protocol Security (IPsec) 4942 tls - Transport Layer Security (TLS) 4943 other - used for device specific transfer mechanisms 4945 cCDMPushSrcSenderName and cCDMPushSrcTransferType serve as 4946 indexes of this table." 4947 ::= { cCDMPushSrcEntry 2 } 4949 cCDMPushSrcAddrLocationType OBJECT-TYPE 4950 SYNTAX INTEGER { ipv4(1), ipv6(2), uri(3), other(4) } 4951 MAX-ACCESS read-create 4952 STATUS current 4953 DESCRIPTION 4954 "Enumeration indicating the type of address location 4955 (values: ipv4, ipv6 or uri)." 4956 ::= { cCDMPushSrcEntry 3 } 4958 cCDMPushSrcAddrLocation OBJECT-TYPE 4959 SYNTAX OCTET STRING 4960 MAX-ACCESS read-create 4961 STATUS current 4962 DESCRIPTION 4963 "Location of the authorized sender." 4964 ::= { cCDMPushSrcEntry 4 } 4966 cCDMPushSrcRowStatus OBJECT-TYPE 4967 SYNTAX RowStatus 4968 MAX-ACCESS read-create 4969 STATUS current 4970 DESCRIPTION 4971 "The status of the row, by which new entries may be created 4972 or old entries deleted from this table. 4974 Entries created within this table may not become active 4975 unless all read-create columns in this column have valid 4976 values, as detailed by each individual column's description. 4978 At a minimum, implementations must support createAndGo, 4979 active, and destroy management functions. Support for 4980 createAndWait, notInService, and notReady management 4981 functions is optional." 4982 ::= { cCDMPushSrcEntry 5 } 4984 -- ***************************************************************** 4985 -- Module Conformance Information 4986 -- ***************************************************************** 4988 cKeyTransferPushCompliances OBJECT IDENTIFIER 4989 ::= { cKeyTransferPushConformance 1} 4990 cKeyTransferPushGroups OBJECT IDENTIFIER 4991 ::= { cKeyTransferPushConformance 2} 4993 cKeyTransferPushSenderCompliance MODULE-COMPLIANCE 4994 STATUS current 4995 DESCRIPTION 4996 "Compliance levels for sender information." 4997 MODULE 4998 MANDATORY-GROUPS { cKeyTransferPushSenderGroup } 5000 GROUP cKeyTransferPushSenderNotifyGroup 5001 DESCRIPTION 5002 "This notification group is optional for implementation." 5004 OBJECT cCDMTransferDelay 5005 MIN-ACCESS not-accessible 5006 DESCRIPTION 5007 "Implementation of this object is optional." 5009 OBJECT cCDMTransferMaxAttempts 5010 MIN-ACCESS not-accessible 5011 DESCRIPTION 5012 "Implementation of this object is optional." 5013 ::= { cKeyTransferPushCompliances 1 } 5015 cKeyTransferPushReceiverCompliance MODULE-COMPLIANCE 5016 STATUS current 5017 DESCRIPTION 5018 "Compliance levels for receiver information." 5019 MODULE 5020 MANDATORY-GROUPS { cKeyTransferPushReceiverGroup } 5022 GROUP cKeyTransferPushReceiverNotifyGroup 5023 DESCRIPTION 5024 "This notification group is optional for implementation." 5025 ::= { cKeyTransferPushCompliances 2 } 5027 cKeyTransferPushSenderGroup OBJECT-GROUP 5028 OBJECTS { 5029 cCDMTransferDelay, 5030 cCDMTransferMaxAttempts, 5031 cCDMPushDestTableCount, 5032 cCDMPushDestTableLastChanged, 5033 cCDMPushDestTransferType, 5034 cCDMPushDestAddressLocationType, 5035 cCDMPushDestAddressLocation, 5036 cCDMPushDestTransferTime, 5037 cCDMPushDestPackageSelection, 5038 cCDMPushDestRowStatus, 5039 cCDMTransferPkgTableCount, 5040 cCDMTransferPkgTableLastChanged, 5041 cCDMTransferPkgLocatorRowPtr, 5042 cCDMTransferPkgRowStatus 5043 } 5044 STATUS current 5045 DESCRIPTION 5046 "This group is composed of objects related to sender 5047 information." 5048 ::= { cKeyTransferPushGroups 1 } 5050 cKeyTransferPushReceiverGroup OBJECT-GROUP 5051 OBJECTS { 5052 cCDMPushSrcTableCount, 5053 cCDMPushSrcTableLastChanged, 5054 cCDMPushSrcTransferType, 5055 cCDMPushSrcAddrLocationType, 5056 cCDMPushSrcAddrLocation, 5057 cCDMPushSrcRowStatus 5058 } 5059 STATUS current 5060 DESCRIPTION 5061 "This group is composed of objects related to receiver 5062 information." 5063 ::= { cKeyTransferPushGroups 2 } 5065 cKeyTransferPushSenderNotifyGroup NOTIFICATION-GROUP 5066 NOTIFICATIONS { 5067 cCDMPushSendSuccess, 5068 cCDMPushSendFail 5069 } 5070 STATUS current 5071 DESCRIPTION 5072 "This group is composed of notifications related to sender 5073 information." 5074 ::= { cKeyTransferPushGroups 3 } 5076 cKeyTransferPushReceiverNotifyGroup NOTIFICATION-GROUP 5077 NOTIFICATIONS { 5078 cCDMPushReceiveSuccess, 5079 cCDMPushReceiveFail 5080 } 5081 STATUS current 5082 DESCRIPTION 5083 "This group is composed of notifications related to receiver 5084 information." 5085 ::= { cKeyTransferPushGroups 4 } 5087 END 5089 5.8. Security Policy Information 5091 This module makes reference to: Section 5.2, [RFC2571], [RFC2578], 5092 [RFC2579], and [RFC2580]. 5094 CC-SECURE-POLICY-INFO-MIB DEFINITIONS ::= BEGIN 5096 IMPORTS 5097 ccSecurePolicyInfo 5098 FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} 5099 OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, 5100 MODULE-IDENTITY 5101 FROM SNMPv2-SMI -- FROM RFC 2578 5102 MODULE-COMPLIANCE, OBJECT-GROUP, 5103 NOTIFICATION-GROUP 5104 FROM SNMPv2-CONF -- FROM RFC 2580 5105 <<<<<<< HEAD 5106 ======= 5107 SnmpAdminString 5108 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571 5109 >>>>>>> master 5110 RowStatus, DateAndTime, TimeStamp 5111 FROM SNMPv2-TC; -- FROM RFC 2579 5113 ccSecurePolicyInfoMIB MODULE-IDENTITY 5114 LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 5115 ORGANIZATION "IETF" 5116 CONTACT-INFO 5117 "Shadi Azoum 5118 US Navy 5119 email: shadi.azoum@navy.mil 5121 Elliott Jones 5122 US Navy 5123 elliott.jones@navy.mil 5125 Lily Sun 5126 US Navy 5127 lily.sun@navy.mil 5129 Mike Irani 5130 NKI Engineering 5131 irani@nkiengineering.com 5133 Jeffrey Sun 5134 NKI Engineering 5135 sunjeff@nkiengineering.com 5137 Ray Purvis 5138 MITRE 5139 Email:rpurvis@mitre.org 5141 Sean Turner 5142 sn3rd 5143 Email:sean@sn3rd.com" 5144 DESCRIPTION 5145 "This MIB defines the CC MIB Security Policy Information 5146 objects. 5148 Copyright (c) 2016 IETF Trust and the persons 5149 identified as authors of the code. All rights reserved. 5151 Redistribution and use in source and binary forms, with 5152 or without modification, is permitted pursuant to, and 5153 subject to the license terms contained in, the Simplified 5154 BSD License set forth in Section 4.c of the IETF Trust's 5155 Legal Provisions Relating to IETF Documents 5156 (http://trustee.ietf.org/license-info). 5158 This version of this MIB module is part of RFC xxxx; 5159 see the RFC itself for full legal notices." 5160 -- RFC Ed.: RFC-editor please fill in xxxx. 5161 REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 5162 DESCRIPTION "Initial Version. Published as RFC xxxx." 5163 -- RFC Ed.: RFC-editor please fill in xxxx. 5164 ::= { ccSecurePolicyInfo 1 } 5166 -- ***************************************************************** 5167 -- Secure Policy Info Information Segments 5168 -- ***************************************************************** 5170 cSecurePolicyConformance OBJECT IDENTIFIER 5171 ::= { ccSecurePolicyInfoMIB 1 } 5172 cSecPolicyRuleInfo OBJECT IDENTIFIER 5173 ::= { ccSecurePolicyInfoMIB 2 } 5174 cSecurePolicyInfoScalars OBJECT IDENTIFIER 5175 ::= { ccSecurePolicyInfoMIB 3 } 5176 cSecurePolicyInfoNotify OBJECT IDENTIFIER 5177 ::= { ccSecurePolicyInfoMIB 4 } 5179 -- ***************************************************************** 5180 -- Secure Policy Info Scalars 5181 -- ***************************************************************** 5183 -- ***************************************************************** 5184 -- Secure Policy Info Notifications 5185 -- ***************************************************************** 5187 cSecPolicyChanged NOTIFICATION-TYPE 5188 OBJECTS { 5189 cSecPolicyRulePriorityID, 5190 cSecPolicyRuleDescription 5191 } 5192 STATUS current 5193 DESCRIPTION 5194 "A notification indicating that an existent Security Policy 5195 entry in the cSecPolicyRuleTable in has changed." 5197 ::= { cSecurePolicyInfoNotify 1 } 5199 -- ***************************************************************** 5200 -- CC MIB cSecPolicyRuleTable 5201 -- ***************************************************************** 5203 cSecPolicyRuleTableCount OBJECT-TYPE 5204 SYNTAX Unsigned32 5205 MAX-ACCESS read-only 5206 STATUS current 5207 DESCRIPTION 5208 "The number of rows in the cSecPolicyRuleTable." 5209 ::= { cSecPolicyRuleInfo 1 } 5211 cSecPolicyRuleTableLastChanged OBJECT-TYPE 5212 SYNTAX TimeStamp 5213 MAX-ACCESS read-only 5214 STATUS current 5215 DESCRIPTION 5216 "The last time any entry in the table was modified, created, 5217 or deleted by either SNMP, agent, or other management method 5218 (e.g. via an HMI). Managers can use this object to ensure 5219 that no changes to configuration of this table have happened 5220 since the last time it examined the table. A value of 0 5221 indicates that no entry has been changed since the agent 5222 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 5223 should be used to populate this column." 5224 ::= { cSecPolicyRuleInfo 2 } 5226 cSecPolicyRuleTable OBJECT-TYPE 5227 SYNTAX SEQUENCE OF CSecPolicyRuleEntry 5228 MAX-ACCESS not-accessible 5229 STATUS current 5230 DESCRIPTION 5231 "The cSecPolicyRuleTable stores the Security Policy Rules 5232 that are compared against inbound and outbound data traffic 5233 flow. These Security Policy Rules define the actions (e.g. 5234 protect, bypass, discard) on how the data traffic flow should 5235 be treated." 5236 ::= { cSecPolicyRuleInfo 3 } 5238 cSecPolicyRuleEntry OBJECT-TYPE 5239 SYNTAX CSecPolicyRuleEntry 5240 MAX-ACCESS not-accessible 5241 STATUS current 5242 DESCRIPTION 5243 "A row containing general information about a Security 5244 Policy rule." 5246 INDEX { cSecPolicyRulePriorityID } 5247 ::= { cSecPolicyRuleTable 1 } 5249 CSecPolicyRuleEntry ::= SEQUENCE { 5250 cSecPolicyRulePriorityID Unsigned32, 5251 cSecPolicyRuleDescription OCTET STRING, 5252 cSecPolicyRuleType INTEGER, 5253 cSecPolicyRuleFilterReference SnmpAdminString, 5254 cSecPolicyRuleAction INTEGER, 5255 cSecPolicyRuleRowStatus RowStatus 5256 } 5258 cSecPolicyRulePriorityID OBJECT-TYPE 5259 SYNTAX Unsigned32 5260 MAX-ACCESS read-only 5261 STATUS current 5262 DESCRIPTION 5263 "Local unique index that identifies the priority at which 5264 this Security Policy rule is applied. Lower values have a 5265 higher priority (e.g. a value of 1 will be processed before 5266 a value of 2). This column is the primary index to the 5267 cSecPolicyRuleTable." 5268 ::= { cSecPolicyRuleEntry 1 } 5270 cSecPolicyRuleDescription OBJECT-TYPE 5271 SYNTAX OCTET STRING 5272 MAX-ACCESS read-create 5273 STATUS current 5274 DESCRIPTION 5275 "An administrative string describing the Security Policy 5276 rule. Note, this is a free form OCTET STRING that provides 5277 the user a store for any form of description/documentation 5278 for the given entry." 5279 ::= { cSecPolicyRuleEntry 2 } 5281 cSecPolicyRuleType OBJECT-TYPE 5282 SYNTAX INTEGER { ipsec(1), tls(2) } 5283 MAX-ACCESS read-create 5284 STATUS current 5285 DESCRIPTION 5286 "Optional column that defines the related protocol type of 5287 the Security Policy rule. Depending on this column's set 5288 value, entries will vary in respect to which other 5289 columns/tables (if at all) must be populated to fully 5290 configure the Security Policy rule." 5291 ::= { cSecPolicyRuleEntry 3 } 5293 cSecPolicyRuleFilterReference OBJECT-TYPE 5294 SYNTAX SnmpAdminString 5295 MAX-ACCESS read-create 5296 STATUS current 5297 DESCRIPTION 5298 "A string that references the associated filter for the 5299 Security Policy rule. Data traffic flow (inbound/outbound) 5300 comparison against the associated filter provide the basis 5301 in which a Security Policy rule is applied to the given data 5302 traffic flow." 5303 ::= { cSecPolicyRuleEntry 4 } 5305 cSecPolicyRuleAction OBJECT-TYPE 5306 SYNTAX INTEGER { protect(1), bypass(10), discard(20), 5307 discardInbound(21), discardOutbound(22) } 5308 MAX-ACCESS read-create 5309 STATUS current 5310 DESCRIPTION 5311 "This object indicates what action the ECU should take on 5312 matching a data traffic flow against a filter (as defined by 5313 cSecPolicyRuleFilterReference). The value of this column can 5314 take one of four enumeration values. 5316 [1] protect: The 'protect' enumeration value indicates that 5317 the data traffic flow should be protected by a Secure 5318 Connection with attributes defined by the associated filter 5319 (cSecPolicyRuleFilterReference). 5321 [10] bypass: The 'bypass' enumeration value indicates that 5322 the data traffic flow should be bypassed with no 5323 cryptographic protection/services provided. 5325 [20] discard: The 'discard enumeration value indicates that 5326 the data traffic flow, agnostic of their direction, should 5327 be discarded. 5329 [21] discardInbound: The 'discardInbound' enumeration value 5330 indicates that an inbound data traffic flow should be 5331 discarded. 5333 [22] discardOutbound: The 'discardOutbound' enumeration 5334 value indicates that an outbound data traffic flow should be 5335 discarded. 5337 Implementations that do not support the 'discardInbound' and 5338 'discardOutbound' enumeration values should return a 5339 wrongValue exception during a SET to the cSecPolicyRuleAction 5340 object. 5342 A valid enumeration value must be specified in order for 5343 cSecPolicyRuleRowStatus to be 'active'." 5344 ::= { cSecPolicyRuleEntry 5 } 5346 cSecPolicyRuleRowStatus OBJECT-TYPE 5347 SYNTAX RowStatus 5348 MAX-ACCESS read-create 5349 STATUS current 5350 DESCRIPTION 5351 "The status of the row, by which new entries may be created, 5352 or old entries deleted from this table. 5354 Entries created within this table may not become active 5355 unless all read-create columns in this table have valid 5356 values, as detailed by each individual column's description. 5358 At a minimum, implementations must support createAndGo and 5359 destroy management functions. Support for createAndWait, 5360 active, notInService, and notReady management functions is 5361 optional." 5362 ::= { cSecPolicyRuleEntry 6 } 5364 -- ***************************************************************** 5365 -- Module Conformance Information 5366 -- ***************************************************************** 5368 cSecurePolicyCompliances OBJECT IDENTIFIER 5369 ::= { cSecurePolicyConformance 1 } 5370 cSecurePolicyGroups OBJECT IDENTIFIER 5371 ::= { cSecurePolicyConformance 2 } 5373 cSecurePolicyCompliance MODULE-COMPLIANCE 5374 STATUS current 5375 DESCRIPTION 5376 "Compliance levels for secure policy information." 5377 MODULE 5378 MANDATORY-GROUPS { cSecurePolicyGroup } 5380 GROUP cSecurePolicyNotifyGroup 5381 DESCRIPTION 5382 "This notification group is optional for implementation." 5383 ::= { cSecurePolicyCompliances 1 } 5385 cSecurePolicyGroup OBJECT-GROUP 5386 OBJECTS { 5387 cSecPolicyRuleTableCount, 5388 cSecPolicyRuleTableLastChanged, 5389 cSecPolicyRulePriorityID, 5390 cSecPolicyRuleDescription, 5391 cSecPolicyRuleType, 5392 cSecPolicyRuleFilterReference, 5393 cSecPolicyRuleAction, 5394 cSecPolicyRuleRowStatus 5395 } 5396 STATUS current 5397 DESCRIPTION 5398 "This group is composed of objects related to secure policy 5399 information." 5400 ::= { cSecurePolicyGroups 1 } 5402 cSecurePolicyNotifyGroup NOTIFICATION-GROUP 5403 NOTIFICATIONS { 5404 cSecPolicyChanged 5405 } 5406 STATUS current 5407 DESCRIPTION 5408 "This group is composed of notifications related to secure 5409 policy information." 5410 ::= { cSecurePolicyGroups 2 } 5412 END 5414 5.9. Secure Connection Information 5416 This module makes reference to: Section 5.2, [RFC2571], [RFC2578], 5417 [RFC2579], and [RFC2580], [RFC4303]. 5419 CC-SECURE-CONNECTION-INFO-MIB DEFINITIONS ::= BEGIN 5421 IMPORTS 5422 ccSecureConnectionInfo 5423 FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} 5424 OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, 5425 MODULE-IDENTITY 5426 FROM SNMPv2-SMI -- FROM RFC 2578 5427 MODULE-COMPLIANCE, OBJECT-GROUP, 5428 NOTIFICATION-GROUP 5429 FROM SNMPv2-CONF -- FROM RFC 2580 5430 SnmpAdminString 5431 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571 5432 RowStatus, DateAndTime, TimeStamp 5433 FROM SNMPv2-TC; -- FROM RFC 2579 5435 ccSecureConnectionInfoMIB MODULE-IDENTITY 5436 LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 5437 ORGANIZATION "IETF" 5438 CONTACT-INFO 5439 "Shadi Azoum 5440 US Navy 5441 email: shadi.azoum@navy.mil 5443 Elliott Jones 5444 US Navy 5445 elliott.jones@navy.mil 5447 Lily Sun 5448 US Navy 5449 lily.sun@navy.mil 5451 Mike Irani 5452 NKI Engineering 5453 irani@nkiengineering.com 5455 Jeffrey Sun 5456 NKI Engineering 5457 sunjeff@nkiengineering.com 5459 Ray Purvis 5460 MITRE 5461 Email:rpurvis@mitre.org 5463 Sean Turner 5464 sn3rd 5465 Email:sean@sn3rd.com" 5466 DESCRIPTION 5467 "This MIB defines the CC MIB Secure Connection Information 5468 objects. 5470 Copyright (c) 2016 IETF Trust and the persons 5471 identified as authors of the code. All rights reserved. 5473 Redistribution and use in source and binary forms, with 5474 or without modification, is permitted pursuant to, and 5475 subject to the license terms contained in, the Simplified 5476 BSD License set forth in Section 4.c of the IETF Trust's 5477 Legal Provisions Relating to IETF Documents 5478 (http://trustee.ietf.org/license-info). 5480 This version of this MIB module is part of RFC xxxx; 5481 see the RFC itself for full legal notices." 5482 -- RFC Ed.: RFC-editor please fill in xxxx. 5483 REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 5484 DESCRIPTION "Initial Version. Published as RFC xxxx." 5485 -- RFC Ed.: RFC-editor please fill in xxxx. 5487 ::= { ccSecureConnectionInfo 1 } 5489 -- ***************************************************************** 5490 -- Secure Connection Info Information Segments 5491 -- ***************************************************************** 5493 cSecureConnectionConformance OBJECT IDENTIFIER 5494 ::= { ccSecureConnectionInfoMIB 1 } 5495 cSecureConnectionInfo OBJECT IDENTIFIER 5496 ::= { ccSecureConnectionInfoMIB 2 } 5497 cSecureConnectionInfoScalars OBJECT IDENTIFIER 5498 ::= { ccSecureConnectionInfoMIB 3 } 5499 cSecureConnectionInfoNotify OBJECT IDENTIFIER 5500 ::= { ccSecureConnectionInfoMIB 4 } 5502 -- ***************************************************************** 5503 -- Secure Connection Info Scalars 5504 -- ***************************************************************** 5506 -- ***************************************************************** 5507 -- Secure Connection Info Notifications 5508 -- ***************************************************************** 5510 cSecConnectionEstablished NOTIFICATION-TYPE 5511 OBJECTS { cSecConTableID } 5512 STATUS current 5513 DESCRIPTION 5514 "A notification indicating that a new Secure Connection was 5515 successfully established." 5516 ::= { cSecureConnectionInfoNotify 1 } 5518 cSecConnectionDeleted NOTIFICATION-TYPE 5519 OBJECTS { cSecConTableID } 5520 STATUS current 5521 DESCRIPTION 5522 "A notification indicating that an existent Secure 5523 Connection was successfully deleted." 5524 ::= { cSecureConnectionInfoNotify 2 } 5526 -- ********************************************************************* 5527 -- CC MIB cSecConTable 5528 -- ********************************************************************* 5530 cSecConTableCount OBJECT-TYPE 5531 SYNTAX Unsigned32 5532 MAX-ACCESS read-only 5533 STATUS current 5534 DESCRIPTION 5535 "The number of rows in the cSecConTable." 5536 ::= { cSecureConnectionInfo 1 } 5538 cSecConTableLastChanged OBJECT-TYPE 5539 SYNTAX TimeStamp 5540 MAX-ACCESS read-only 5541 STATUS current 5542 DESCRIPTION 5543 "The last time any entry in the table was modified, created, 5544 or deleted by either SNMP, agent, or other management method 5545 (e.g. via an HMI). Managers can use this object to ensure 5546 that no changes to configuration of this table have happened 5547 since the last time it examined the table. A value of 0 5548 indicates that no entry has been changed since the agent 5549 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 5550 should be used to populate this column." 5551 ::= { cSecureConnectionInfo 2 } 5553 cSecConTable OBJECT-TYPE 5554 SYNTAX SEQUENCE OF CSecConEntry 5555 MAX-ACCESS not-accessible 5556 STATUS current 5557 DESCRIPTION 5558 "The cSecConTable stores general Secure Connection 5559 (active/inactive) information associated with the ECU. This 5560 table provides the base/common information for Secure 5561 Connections." 5562 ::= { cSecureConnectionInfo 3 } 5564 cSecConEntry OBJECT-TYPE 5565 SYNTAX CSecConEntry 5566 MAX-ACCESS not-accessible 5567 STATUS current 5568 DESCRIPTION 5569 "A row containing general information about an 5570 active/inactive Secure Connection." 5571 INDEX { cSecConTableID } 5572 ::= { cSecConTable 1 } 5574 CSecConEntry ::= SEQUENCE { 5575 cSecConTableID Unsigned32, 5576 cSecConType OCTET STRING, 5577 cSecConDataPlaneID OCTET STRING, 5578 cSecConDirection INTEGER, 5579 cSecConKeyReference OCTET STRING, 5580 cSecConCryptographicSuite OCTET STRING, 5581 cSecConEstablishmentTime DateAndTime, 5582 cSecConStatus OCTET STRING, 5583 cSecConRowStatus RowStatus 5584 } 5586 cSecConTableID OBJECT-TYPE 5587 SYNTAX Unsigned32 5588 MAX-ACCESS read-only 5589 STATUS current 5590 DESCRIPTION 5591 "Local unique index that identifies a Secure Connection. 5592 This column is the primary index to the cSecConTable." 5593 ::= { cSecConEntry 1 } 5595 cSecConType OBJECT-TYPE 5596 SYNTAX OCTET STRING 5597 MAX-ACCESS read-create 5598 STATUS current 5599 DESCRIPTION 5600 "Optional column that defines the related protocol type of 5601 the Secure Connection. Depending on this column's populated 5602 value, entries will vary in respect to which other 5603 columns/tables (if at all) are applicable to the Secure 5604 Connection. Example of values for this column are: 'ipsec' 5605 for Internet Protocol Security secure connections and 'tls' 5606 for Transport Layer Security/Secure Socket Layer secure 5607 connections." 5608 ::= { cSecConEntry 2 } 5610 cSecConDataPlaneID OBJECT-TYPE 5611 SYNTAX OCTET STRING 5612 MAX-ACCESS read-create 5613 STATUS current 5614 DESCRIPTION 5615 "The unique identifier associated with the Secure 5616 Connection, based on the Secure Connection protocol. 5618 Note, this is a free form OCTET STRING column where 5619 meaningful values/format are defined per Secure Connection 5620 protocol type basis. For instance, in an IPsec context (i.e. 5621 cSecConType value is set to 'ipsec'), this column would 5622 store the Security Parameter Index (SPI) for a given 5623 Encapsulating Security Payload Version 3 Security 5624 Association (RFC 4303 - Section 2.1.)." 5625 ::= { cSecConEntry 3 } 5627 cSecConDirection OBJECT-TYPE 5628 SYNTAX INTEGER { inbound(1), outbound(2), 5629 bidirectional(3) } 5631 MAX-ACCESS read-create 5632 STATUS current 5633 DESCRIPTION 5634 "The data plane traffic flow direction for the Secure 5635 Connection. 5637 [1] inbound: data plane traffic flow is incoming on the 5638 Secure Connection. 5640 [2] outbound: data plane traffic flow is outgoing on the 5641 Secure Connection. 5643 [3] bidirectional: data plane traffic flow is incoming and 5644 outgoing on the Secure Connection." 5645 ::= { cSecConEntry 4 } 5647 cSecConKeyReference OBJECT-TYPE 5648 SYNTAX OCTET STRING (SIZE(0..255)) 5649 MAX-ACCESS read-create 5650 STATUS current 5651 DESCRIPTION 5652 "Administrative string that references key material 5653 associated with the Secure Connection. This column 5654 references an entry (via table index value) in a key-related 5655 table in the CC-KEY-MANAGEMENT-MIB. 5657 If there is no appropriate value to populate with, this 5658 column would be populated with an empty string, ''." 5659 ::= { cSecConEntry 5 } 5661 cSecConCryptographicSuite OBJECT-TYPE 5662 SYNTAX OCTET STRING 5663 MAX-ACCESS read-create 5664 STATUS current 5665 DESCRIPTION 5666 "The set of cryptographic attributes (e.g. Encryption 5667 Algorithm, Integrity Algorithm) respective to the Secure 5668 Connection. Note, this is a free form OCTET STRING column, 5669 meaning implementations may utilize a standardized 5670 definition of string values that describe a set of 5671 cryptographic suites or use a proprietary definition of 5672 string values for supported cryptographic suites." 5673 ::= { cSecConEntry 6 } 5675 cSecConEstablishmentTime OBJECT-TYPE 5676 SYNTAX DateAndTime 5677 MAX-ACCESS read-create 5678 STATUS current 5679 DESCRIPTION 5680 "The local date and time when the Secure Connection was or 5681 will be established. The value in this column may be 5682 manually set to a date and time prior to the effective date 5683 of the key material (if associated) as referenced by the 5684 cSecConKeyReference column. If this column value is not 5685 manually configured with a date and time then the value will 5686 be automatically populated with the current cSystemDate 5687 value in respect to when the cSecConRowStatus column is 5688 first set to Active. 5690 Note, implementations may treat this column as an alpha date 5691 for the Secure Connection, and thus ascertain other Secure 5692 Connection-related values based on this time." 5693 ::= { cSecConEntry 7 } 5695 cSecConStatus OBJECT-TYPE 5696 SYNTAX OCTET STRING 5697 MAX-ACCESS read-create 5698 STATUS current 5699 DESCRIPTION 5700 "Column that provides the current status of the Secure 5701 Connection. Note, this is a free form OCTET STRING column 5702 where meaningful values are defined per Secure Connection 5703 protocol type basis (i.e. as defined by the cSecConType 5704 value) or per implementation basis. 5706 If there is no appropriate value to populate with, this 5707 column would be populated with an empty string, ''." 5708 ::= { cSecConEntry 8 } 5710 cSecConRowStatus OBJECT-TYPE 5711 SYNTAX RowStatus 5712 MAX-ACCESS read-create 5713 STATUS current 5714 DESCRIPTION 5715 "The status of the row, by which new entries may be created, 5716 or old entries deleted from this table. 5718 Entries created within this table may not become active 5719 unless all read-create columns in this table have valid 5720 values, as detailed by each individual column's description. 5722 The set of RowStatus enumerations that must be supported is 5723 dependent on the type of secure connection. At a minimum, 5724 implementations must support createAndGo and destroy if the 5725 secure connection can be created and destroyed by the 5726 manager. Implementations must support active and 5727 notInService if the secure connection can be 5728 enabled/disabled by the manager." 5729 ::= { cSecConEntry 9 } 5731 -- ********************************************************************* 5732 -- Module Conformance Information 5733 -- ********************************************************************* 5735 cSecureConnectionCompliances OBJECT IDENTIFIER 5736 ::= { cSecureConnectionConformance 1} 5737 cSecureConnectionGroups OBJECT IDENTIFIER 5738 ::= { cSecureConnectionConformance 2} 5740 cSecureConnectionCompliance MODULE-COMPLIANCE 5741 STATUS current 5742 DESCRIPTION 5743 "Compliance levels for secure connection information." 5744 MODULE 5745 MANDATORY-GROUPS { cSecureConnectionGroup } 5747 GROUP cSecureConnectionNotifyGroup 5748 DESCRIPTION 5749 "This notification group is optional for implementation." 5751 OBJECT cSecConType 5752 MIN-ACCESS not-accessible 5753 DESCRIPTION 5754 "Implementation of this object is optional." 5755 ::= { cSecureConnectionCompliances 1 } 5757 cSecureConnectionGroup OBJECT-GROUP 5758 OBJECTS { 5759 cSecConTableCount, 5760 cSecConTableLastChanged, 5761 cSecConTableID, 5762 cSecConType, 5763 cSecConDataPlaneID, 5764 cSecConDirection, 5765 cSecConKeyReference, 5766 cSecConCryptographicSuite, 5767 cSecConEstablishmentTime, 5768 cSecConStatus, 5769 cSecConRowStatus 5770 } 5771 STATUS current 5772 DESCRIPTION 5773 "This group is composed of objects related to secure 5774 connection information." 5776 ::= { cSecureConnectionGroups 1 } 5778 cSecureConnectionNotifyGroup NOTIFICATION-GROUP 5779 NOTIFICATIONS { 5780 cSecConnectionEstablished, 5781 cSecConnectionDeleted 5782 } 5783 STATUS current 5784 DESCRIPTION 5785 "This group is composed of notifications related to secure 5786 connection information." 5787 ::= { cSecureConnectionGroups 2 } 5789 END 5791 6. IANA Considerations 5793 7. Security Considerations 5795 SNMP versions prior to SNMPv3 did not include adequate security. 5796 Even if the network itself is secure (for example by using IPsec), 5797 there is no control as to who on the secure network is allowed to 5798 access and GET/SET (read/change/create/delete) the objects in this 5799 MIB module. 5801 Implementations SHOULD provide the security features described by the 5802 SNMPv3 framework (see [RFC3410]), and implementations claiming 5803 compliance to the SNMPv3 standard MUST include full support for 5804 authentication and privacy via the User-based Security Model (USM) 5805 [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations 5806 MAY also provide support for the Transport Security Model (TSM) 5807 [RFC5591] in combination with a secure transport such as SSH 5808 [RFC5592] or TLS/DTLS {RFC6353}. 5810 Further, deployment of SNMP versions prior to SNMPv3 is NOT 5811 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 5812 enable cryptographic security. It is then a customer/operator 5813 responsibility to ensure that the SNMP entity giving access to an 5814 instance of this MIB module is properly configured to give access to 5815 the objects only to those principals (users) that have legitimate 5816 rights to indeed GET or SET (change/create/delete) them. 5818 8. References 5819 8.1. Normative References 5821 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 5822 Requirement Levels", BCP 14, RFC 2119, 5823 DOI 10.17487/RFC2119, March 1997, 5824 . 5826 [RFC2571] Wijnen, B., Harrington, D., and R. Presuhn, "An 5827 Architecture for Describing SNMP Management Frameworks", 5828 RFC 2571, DOI 10.17487/RFC2571, April 1999, 5829 . 5831 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 5832 Schoenwaelder, Ed., "Structure of Management Information 5833 Version 2 (SMIv2)", STD 58, RFC 2578, 5834 DOI 10.17487/RFC2578, April 1999, 5835 . 5837 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 5838 Schoenwaelder, Ed., "Textual Conventions for SMIv2", 5839 STD 58, RFC 2579, DOI 10.17487/RFC2579, April 1999, 5840 . 5842 [RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J. 5843 Schoenwaelder, Ed., "Conformance Statements for SMIv2", 5844 STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999, 5845 . 5847 [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model 5848 (USM) for version 3 of the Simple Network Management 5849 Protocol (SNMPv3)", STD 62, RFC 3414, 5850 DOI 10.17487/RFC3414, December 2002, 5851 . 5853 [RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The 5854 Advanced Encryption Standard (AES) Cipher Algorithm in the 5855 SNMP User-based Security Model", RFC 3826, 5856 DOI 10.17487/RFC3826, June 2004, 5857 . 5859 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 5860 (TLS) Protocol Version 1.2", RFC 5246, 5861 DOI 10.17487/RFC5246, August 2008, 5862 . 5864 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 5865 Housley, R., and W. Polk, "Internet X.509 Public Key 5866 Infrastructure Certificate and Certificate Revocation List 5867 (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, 5868 . 5870 [RFC5591] Harrington, D. and W. Hardaker, "Transport Security Model 5871 for the Simple Network Management Protocol (SNMP)", 5872 STD 78, RFC 5591, DOI 10.17487/RFC5591, June 2009, 5873 . 5875 [RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure 5876 Shell Transport Model for the Simple Network Management 5877 Protocol (SNMP)", RFC 5592, DOI 10.17487/RFC5592, June 5878 2009, . 5880 [RFC5914] Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor 5881 Format", RFC 5914, DOI 10.17487/RFC5914, June 2010, 5882 . 5884 [RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric 5885 Key Container (PSKC)", RFC 6030, DOI 10.17487/RFC6030, 5886 October 2010, . 5888 [RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport 5889 Model for the Simple Network Management Protocol (SNMP)", 5890 STD 78, RFC 6353, DOI 10.17487/RFC6353, July 2011, 5891 . 5893 8.2. Informative References 5895 [RFC1213] McCloghrie, K. and M. Rose, "Management Information Base 5896 for Network Management of TCP/IP-based internets: MIB-II", 5897 STD 17, RFC 1213, DOI 10.17487/RFC1213, March 1991, 5898 . 5900 [RFC1907] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 5901 "Management Information Base for Version 2 of the Simple 5902 Network Management Protocol (SNMPv2)", RFC 1907, 5903 DOI 10.17487/RFC1907, January 1996, 5904 . 5906 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 5907 "Introduction and Applicability Statements for Internet- 5908 Standard Management Framework", RFC 3410, 5909 DOI 10.17487/RFC3410, December 2002, 5910 . 5912 [RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", 5913 RFC 4303, DOI 10.17487/RFC4303, December 2005, 5914 . 5916 Authors' Addresses 5918 Shadi Azoum 5919 SPAWAR Systems Center Pacific 5921 Email: shadi.azoum@navy.mil 5923 Elliott Jones 5924 SPAWAR Systems Center Pacific 5926 Email: elliott.jones@navy.mil 5928 Lily Sun 5929 SPAWAR Systems Center Pacific 5931 Email: lily.sun@navy.mil 5933 Mike Irani 5934 Nathan Kunes, Inc. 5936 Email: irani@nkiengineering.com 5938 Jeffrey Sun 5939 Nathan Kunes, Inc. 5941 Email: sunjeff@nkiengineering.com 5943 Ray Purvis 5944 The MITRE Corporation 5946 Email: rpurvis@mitre.org 5948 Sean Turner 5949 sn3rd 5951 Email: sean@sn3rd.com