idnits 2.17.1 draft-turner-ccmib-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 3 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (May 30, 2018) is 2156 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1' on line 5625 -- Looks like a reference, but probably isn't: '2' on line 5628 -- Looks like a reference, but probably isn't: '3' on line 5631 -- Looks like a reference, but probably isn't: '10' on line 5313 -- Looks like a reference, but probably isn't: '20' on line 5317 -- Looks like a reference, but probably isn't: '21' on line 5321 -- Looks like a reference, but probably isn't: '22' on line 5325 Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 8 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group S. Azoum 3 Internet-Draft E. Jones 4 Intended status: Standards Track L. Sun 5 Expires: December 1, 2018 SPAWAR Systems Center Pacific 6 M. Irani 7 J. Sun 8 Nathan Kunes, Inc. 9 R. Purvis 10 The MITRE Corporation 11 S. Turner 12 sn3rd 13 May 30, 2018 15 Common Cryptographic MIB (CCMIB) 16 draft-turner-ccmib-02 18 Abstract 20 This document defines a portion of the Management Information Base 21 (MIB) for use with network management protocols in the Internet 22 community. In particular, it describes managed objects used to 23 manage key management implementations including asymmetric keys, 24 symmetric keys, trust anchors, and cryptographic-related firmware. 26 Status of This Memo 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF). Note that other groups may also distribute 33 working documents as Internet-Drafts. The list of current Internet- 34 Drafts is at http://datatracker.ietf.org/drafts/current/. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 This Internet-Draft will expire on December 1, 2018. 43 Copyright Notice 45 Copyright (c) 2018 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents 50 (http://trustee.ietf.org/license-info) in effect on the date of 51 publication of this document. Please review these documents 52 carefully, as they describe your rights and restrictions with respect 53 to this document. Code Components extracted from this document must 54 include Simplified BSD License text as described in Section 4.e of 55 the Trust Legal Provisions and are provided without warranty as 56 described in the Simplified BSD License. 58 Table of Contents 60 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 61 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 62 3. The Internet-Standard Management Framework . . . . . . . . . 3 63 4. Structure of the MIB module . . . . . . . . . . . . . . . . . 3 64 5. Definition of the CC MIB module . . . . . . . . . . . . . . . 3 65 5.1. CC Assignments . . . . . . . . . . . . . . . . . . . . . 3 66 5.2. CC Feature Hierarchy . . . . . . . . . . . . . . . . . . 5 67 5.3. CC Device Info . . . . . . . . . . . . . . . . . . . . . 6 68 5.4. Firmware Management Information . . . . . . . . . . . . . 17 69 5.5. Key Management Information . . . . . . . . . . . . . . . 23 70 5.6. Key Transfer Pull . . . . . . . . . . . . . . . . . . . . 77 71 5.7. Key Transfer Push . . . . . . . . . . . . . . . . . . . . 93 72 5.8. Security Policy Information . . . . . . . . . . . . . . . 106 73 5.9. Secure Connection Information . . . . . . . . . . . . . . 113 74 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 121 75 7. Security Considerations . . . . . . . . . . . . . . . . . . . 121 76 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 121 77 8.1. Normative References . . . . . . . . . . . . . . . . . . 121 78 8.2. Informative References . . . . . . . . . . . . . . . . . 123 79 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 123 81 1. Introduction 83 RFC EDITOR: PLEASE REMOVE THE FOLLOWING PARAGRAPH PRIOR TO 84 PUBLICATION 86 The source for this draft is maintained in GitHub. Suggested changes 87 should be submitted as pull requests at 88 https://github.com/seanturner/draft-turner-ccmib. Instructions are 89 on that page as well. Editorial changes can be managed in GitHub. 91 This document defines a portion of the Management Information Base 92 (MIB) for use with network management protocols in the Internet 93 community. In particular, it describes managed objects used to 94 manage key management implementations including asymmetric keys, 95 symmetric keys, trust anchors, and cryptographic-related firmware. 97 2. Terminology 99 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 100 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 101 "OPTIONAL" in this document are to be interpreted as described in 102 [RFC2119]. 104 3. The Internet-Standard Management Framework 106 For a detailed overview of the documents that describe the current 107 Internet-Standard Management Framework, please refer to section 7 of 108 [RFC3410]. 110 Managed objects are accessed via a virtual information store, termed 111 the Management Information Base or MIB. MIB objects are generally 112 accessed through the Simple Network Management Protocol (SNMP). 113 Objects in the MIB are defined using the mechanisms defined in the 114 Structure of Management Information (SMI). This memo specifies a MIB 115 module that is compliant to the SMIv2, which is described in RFC 2578 116 [RFC2578], STD 58, RFC 2579 [RFC2579], and STD 58, RFC 2580 117 [RFC2580]. 119 4. Structure of the MIB module 121 5. Definition of the CC MIB module 123 5.1. CC Assignments 125 This MIB module makes reference to the following document: [RFC2578]. 127 CC-ASSIGNMENTS-MIB DEFINITIONS ::= BEGIN 129 IMPORTS 130 MODULE-IDENTITY, enterprises 131 FROM SNMPv2-SMI; -- RFC 2578 133 ccAssignmentsMIB MODULE-IDENTITY 134 LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 135 ORGANIZATION "IETF" 136 CONTACT-INFO 137 "Shadi Azoum 138 US Navy 139 email: shadi.azoum@navy.mil 141 Elliott Jones 142 US Navy 143 elliott.jones@navy.mil 144 Lily Sun 145 US Navy 146 lily.sun@navy.mil 148 Mike Irani 149 NKI Engineering 150 irani@nkiengineering.com 152 Jeffrey Sun 153 NKI Engineering 154 sunjeff@nkiengineering.com 156 Ray Purvis 157 MITRE 158 Email:rpurvis@mitre.org 160 Sean Turner 161 sn3rd 162 Email:sean@sn3rd.com" 163 DESCRIPTION 164 "This MIB defines the CC MIB tree hierarchical assignments 165 below it and acts as a reservation mechanism. 167 Copyright (c) 2017 IETF Trust and the persons 168 identified as authors of the code. All rights reserved. 170 Redistribution and use in source and binary forms, with 171 or without modification, is permitted pursuant to, and 172 subject to the license terms contained in, the Simplified 173 BSD License set forth in Section 4.c of the IETF Trust's 174 Legal Provisions Relating to IETF Documennts 175 (http://trustee.ietf.org/license-info). 177 This version of this MIB module is part of RFC xxxx; 178 see the RFC itself for full legal notices." 179 -- RFC Ed.: RFC-editor please fill in xxxx. 180 REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 181 DESCRIPTION "Initial Version. Published as RFC xxxx." 182 -- RFC Ed.: RFC-editor please fill in xxxx. 183 ::= { mib-2 TBD } 185 -- 186 -- Note: Current top-level OID assignments within the CC MIB tree: 187 -- mib-2.TBD : CC-ASSIGNMENTS-MIB (this MIB) 188 -- mib-2.TBD.1 : CC-FEATURE-HIERARCHY-MIB 190 END 192 5.2. CC Feature Hierarchy 194 This MIB module makes reference to the following document: [RFC2578]. 196 CC-FEATURE-HIERARCHY-MIB DEFINITIONS ::= BEGIN 198 IMPORTS 199 ccAssignmentsMIB 200 FROM CC-ASSIGNMENTS-MIB -- FROM {{cc-assign}} 201 MODULE-IDENTITY 202 FROM SNMPv2-SMI; -- FROM RFC 2578 204 ccFeatureHierarchyMIB MODULE-IDENTITY 205 LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 206 ORGANIZATION "IETF" 207 CONTACT-INFO 208 "Shadi Azoum 209 US Navy 210 email: shadi.azoum@navy.mil 212 Elliott Jones 213 US Navy 214 elliott.jones@navy.mil 216 Lily Sun 217 US Navy 218 lily.sun@navy.mil 220 Mike Irani 221 NKI Engineering 222 irani@nkiengineering.com 224 Jeffrey Sun 225 NKI Engineering 226 sunjeff@nkiengineering.com 228 Ray Purvis 229 MITRE 230 Email:rpurvis@mitre.org 232 Sean Turner 233 sn3rd 234 Email:sean@sn3rd.com" 235 DESCRIPTION 236 "This MIB defines the CC MIB features in hierarchical MIB 237 tree assignments. It acts as a reservation mechanism for 238 other MIB sets to be anchored below it. 240 Copyright (c) 2017 IETF Trust and the persons 241 identified as authors of the code. All rights reserved. 243 Redistribution and use in source and binary forms, with 244 or without modification, is permitted pursuant to, and 245 subject to the license terms contained in, the Simplified 246 BSD License set forth in Section 4.c of the IETF Trust's 247 Legal Provisions Relating to IETF Documents 248 (http://trustee.ietf.org/license-info). 250 This version of this MIB module is part of RFC xxxx; 251 see the RFC itself for full legal notices." 252 -- RFC Ed.: RFC-editor please fill in xxxx. 253 REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 254 DESCRIPTION "Initial Version. Published as RFC xxxx." 255 -- RFC Ed.: RFC-editor please fill in xxxx. 256 ::= { ccAssignmentsMIB 1 } 258 ccDeviceInfo OBJECT IDENTIFIER 259 ::= { ccFeatureHierarchyMIB 2 } 260 ccFirmwareManagement OBJECT IDENTIFIER 261 ::= { ccFeatureHierarchyMIB TBD } 262 ccKeyManagement OBJECT IDENTIFIER 263 ::= { ccFeatureHierarchyMIB 3 } 264 ccKeyTransferPull OBJECT IDENTIFIER 265 ::= { ccFeatureHierarchyMIB 4 } 266 ccKeyTransferPush OBJECT IDENTIFIER 267 ::= { ccFeatureHierarchyMIB 5 } 268 ccSecurePolicyInfo OBJECT IDENTIFIER 269 ::= { ccFeatureHierarchyMIB 6 } 270 ccSecureConnectionInfo OBJECT IDENTIFIER 271 ::= { ccFeatureHierarchyMIB 7 } 273 END 275 5.3. CC Device Info 277 This MIB module makes reference to the following documents: 278 [RFC1213], [RFC2578], [RFC2579], [RFC2580], [RFC3411], and [RFC3418]. 280 CC-DEVICE-INFO-MIB DEFINITIONS ::= BEGIN 282 IMPORTS 283 ccDeviceInfo 284 FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} 285 MODULE-COMPLIANCE, OBJECT-GROUP, 286 NOTIFICATION-GROUP 287 FROM SNMPv2-CONF -- FROM RFC 2580 289 OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, 290 MODULE-IDENTITY, TimeTicks 291 FROM SNMPv2-SMI -- FROM RFC 2578 292 SnmpAdminString 293 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411 294 DateAndTime, TruthValue, TimeStamp 295 FROM SNMPv2-TC; -- FROM RFC 2579 297 ccDeviceInfoMIB MODULE-IDENTITY 298 LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 299 ORGANIZATION "IETF" 300 CONTACT-INFO 301 "Shadi Azoum 302 US Navy 303 email: shadi.azoum@navy.mil 305 Elliott Jones 306 US Navy 307 elliott.jones@navy.mil 309 Lily Sun 310 US Navy 311 lily.sun@navy.mil 313 Mike Irani 314 NKI Engineering 315 irani@nkiengineering.com 317 Jeffrey Sun 318 NKI Engineering 319 sunjeff@nkiengineering.com 321 Ray Purvis 322 MITRE 323 Email:rpurvis@mitre.org 325 Sean Turner 326 sn3rd 327 Email:sean@sn3rd.com" 328 DESCRIPTION 329 "This MIB defines the CC MIB Device Information objects. 331 Copyright (c) 2017 IETF Trust and the persons 332 identified as authors of the code. All rights reserved. 334 Redistribution and use in source and binary forms, with 335 or without modification, is permitted pursuant to, and 336 subject to the license terms contained in, the Simplified 337 BSD License set forth in Section 4.c of the IETF Trust's 338 Legal Provisions Relating to IETF Documents 339 (http://trustee.ietf.org/license-info). 341 This version of this MIB module is part of RFC xxxx; 342 see the RFC itself for full legal notices." 343 -- RFC Ed.: RFC-editor please fill in xxxx. 344 REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 345 DESCRIPTION "Initial Version. Published as RFC xxxx." 346 -- RFC Ed.: RFC-editor please fill in xxxx. 347 ::= { ccDeviceInfo 1 } 349 -- ***************************************************************** 350 -- Device Information Segments 351 -- ***************************************************************** 353 cDeviceInfoConformance OBJECT IDENTIFIER 354 ::= { ccDeviceInfoMIB 1} 355 cDeviceComponentVersInfo OBJECT IDENTIFIER 356 ::= { ccDeviceInfoMIB 2} 357 cDeviceInfoScalars OBJECT IDENTIFIER 358 ::= { ccDeviceInfoMIB 5} 359 cDeviceInfoNotify OBJECT IDENTIFIER 360 ::= { ccDeviceInfoMIB 6} 362 -- ***************************************************************** 363 -- General Device Information Scalars 364 -- ***************************************************************** 366 cSystemDate OBJECT-TYPE 367 SYNTAX DateAndTime 368 MAX-ACCESS read-write 369 STATUS current 370 DESCRIPTION 371 "The host's notion of the local date and time of day. Note, 372 some implementations will not allow changing of this object 373 and will send an inconsistentValue error." 374 ::= { cDeviceInfoScalars 1 } 376 cSystemUpTime OBJECT-TYPE 377 SYNTAX TimeTicks 378 MAX-ACCESS read-only 379 STATUS current 380 DESCRIPTION 381 "The amount of time since this host was last initialized. 382 Note that this is different from sysUpTime in the SNMPv2-MIB 383 RFC 3418 because sysUpTime is the uptime of the network 384 management portion of the system." 386 ::= { cDeviceInfoScalars 2 } 388 cSystemInitialLoadParameters OBJECT-TYPE 389 SYNTAX SnmpAdminString (SIZE(0..128)) 390 MAX-ACCESS read-write 391 STATUS current 392 DESCRIPTION 393 "This object contains the parameters (e.g. a pathname and 394 parameter) supplied to the load device when requesting the 395 initial operating system configuration from that device. 396 Note that writing to this object just changes the 397 configuration that will be used the next time the operating 398 system is loaded and does not actually cause the reload to 399 occur." 400 ::= { cDeviceInfoScalars 3 } 402 cSecurityLevel OBJECT-TYPE 403 SYNTAX SnmpAdminString (SIZE(0..255)) 404 MAX-ACCESS read-write 405 STATUS current 406 DESCRIPTION 407 "The security level that this object is working at. 408 Different communities of interest may have different 409 conventions. The following values are defined and when used 410 by agents have specific meaning: UNCLASSIFIED, RESTRICTED, 411 CONFIDENTIAL, SECRET, TOP_SECRET." 412 ::= { cDeviceInfoScalars 4 } 414 cElectronicSerialNumber OBJECT-TYPE 415 SYNTAX OCTET STRING 416 MAX-ACCESS read-only 417 STATUS current 418 DESCRIPTION 419 "The Electronic Serial Number of the device. This may be the 420 chassis serial number or an internal serial number." 421 ::= { cDeviceInfoScalars 5 } 423 cLastChanged OBJECT-TYPE 424 SYNTAX TimeTicks 425 MAX-ACCESS read-only 426 STATUS current 427 DESCRIPTION 428 "The value of cSystemUpTime the last time any configurable 429 object within the MIBs supported by the device has been 430 modified, created, or deleted by either SNMP, agent, or 431 other management method (e.g. via an HMI). Managers can use 432 this object to ensure that no changes to any configuration 433 within the device have happened since the last time it 434 examined the device. A value of 0 indicates that no objects 435 have been changed since the agent initialized." 436 ::= { cDeviceInfoScalars 6 } 438 cResetDevice OBJECT-TYPE 439 SYNTAX TruthValue 440 MAX-ACCESS read-write 441 STATUS current 442 DESCRIPTION 443 "The indication of whether a device should be reset. Setting 444 this object to 'true' will perform a reset operation of the 445 device. This must not affect the state of any persistent 446 configuration data, zeroize any of the key material or erase 447 the audit log. When read this object should return false. 448 When set to false this object must not perform any operation 449 but should accept this as a valid SET operation." 450 ::= { cDeviceInfoScalars 7 } 452 cSanitizeDevice OBJECT-TYPE 453 SYNTAX TruthValue 454 MAX-ACCESS read-write 455 STATUS current 456 DESCRIPTION 457 "The indication of whether persistent data should be erased. 458 Setting this object to 'true' will erase all persistent data 459 and return the box to an uninitialized state. It will 460 zeroize all keying data, erase all persistent storage and 461 auditing information. Setting this object will certainly 462 render the device unreachable from distant managers since it 463 will be unconfigured. When read this object should return 464 false. When set to false this object must not perform any 465 operation but should accept this as a valid SET operation." 466 ::= { cDeviceInfoScalars 8 } 468 cRenderInoperable OBJECT-TYPE 469 SYNTAX TruthValue 470 MAX-ACCESS read-write 471 STATUS current 472 DESCRIPTION 473 "The indication of whether persistent data should be erased. 474 Setting this object to 'true' will erase all persistent data 475 and return the box to an uninitialized state. It will 476 zeroize all keying data, erase all persistent storage and 477 auditing information. In addition, when supported, the 478 device is expected to perform some internal function that 479 will make the box unusable without returning to the factory 480 or some equivalent. Setting this object will certainly 481 render the device unreachable from distant managers since it 482 will be unconfigured. When read this object should return 483 false. When set to false this object must not perform any 484 operation but should accept this as a valid SET operation." 485 ::= { cDeviceInfoScalars 9 } 487 cVendorName OBJECT-TYPE 488 SYNTAX OCTET STRING 489 MAX-ACCESS read-only 490 STATUS current 491 DESCRIPTION 492 "This object stores the device's vendor name and is intended 493 to be displayed and meaningful to the human operator (e.g. 494 Flinstones Inc). In other words, this object is not intended 495 to store the vendor's authoritative identification value 496 (i.e. sysObjectID RFC 1213)." 497 ::= { cDeviceInfoScalars 10 } 499 cModelIdentifier OBJECT-TYPE 500 SYNTAX OCTET STRING 501 MAX-ACCESS read-only 502 STATUS current 503 DESCRIPTION 504 "This object stores the device's model identifier. In 505 general, this would include the model name and model 506 number." 507 ::= { cDeviceInfoScalars 11 } 509 cHardwareVersionNumber OBJECT-TYPE 510 SYNTAX OCTET STRING 511 MAX-ACCESS read-only 512 STATUS current 513 DESCRIPTION 514 "This object stores the device's hardware version." 515 ::= { cDeviceInfoScalars 12 } 517 -- ***************************************************************** 518 -- Device Information Notifications 519 -- ***************************************************************** 521 cResetDeviceInitialized NOTIFICATION-TYPE 522 STATUS current 523 DESCRIPTION 524 "A notification from the device to the management station 525 indicating that the device is being reset due to a change in 526 the value of cResetDevice. This notification should be sent 527 before the device performs any other reset operations (such 528 as shutting down interfaces, etc.)" 529 ::= { cDeviceInfoNotify 3 } 531 cSanitizeDeviceInitialized NOTIFICATION-TYPE 532 STATUS current 533 DESCRIPTION 534 "A notification from the device to the management station 535 indicating that the device is being sanitized due to a 536 change in the value of cSanitizeDevice. This notification 537 should be sent before the device performs any other sanitize 538 operations (such as shutting down interfaces, etc.)" 539 ::= { cDeviceInfoNotify 4 } 541 cTamperEventIndicated NOTIFICATION-TYPE 542 STATUS current 543 DESCRIPTION 544 "A notification from the device to the management station 545 indicating that the device has detected a tamper event. This 546 notification should be sent before the device performs any 547 operations (such as shutting down interfaces, etc.)" 548 ::= { cDeviceInfoNotify 5 } 550 cDeviceComponentDisabled NOTIFICATION-TYPE 551 OBJECTS { 552 cDeviceComponentName, 553 cDeviceComponentVersion, 554 cDeviceComponentOpStatus 555 } 556 STATUS current 557 DESCRIPTION 558 "A notification from the device to the management station 559 indicating a component described in the 560 cDeviceComponentVersTable has been disabled." 561 ::= { cDeviceInfoNotify 9 } 563 cDeviceComponentEnabled NOTIFICATION-TYPE 564 OBJECTS { 565 cDeviceComponentName, 566 cDeviceComponentVersion 567 } 568 STATUS current 569 DESCRIPTION 570 "A notification from the device to the management station 571 indicating a component described in the 572 cDeviceComponentVersTable has been enabled." 573 ::= { cDeviceInfoNotify 10 } 575 -- ***************************************************************** 576 -- CC MIB cDeviceComponentVersTable 577 -- ***************************************************************** 578 cDeviceComponentVersTableCount OBJECT-TYPE 579 SYNTAX Unsigned32 580 MAX-ACCESS read-only 581 STATUS current 582 DESCRIPTION 583 "The number of rows in the cDeviceComponentVersTable." 584 ::= { cDeviceComponentVersInfo 1 } 586 cDeviceComponentVersTableLastChanged OBJECT-TYPE 587 SYNTAX TimeStamp 588 MAX-ACCESS read-only 589 STATUS current 590 DESCRIPTION 591 "The last time any entry in the table was modified, created, 592 or deleted by either SNMP, agent, or other management method 593 (e.g. via an HMI). Managers can use this object to ensure 594 that no changes to configuration of this table have happened 595 since the last time it examined the table. A value of 0 596 indicates that no entry has been changed since the agent 597 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 598 should be used to populate this column." 599 ::= { cDeviceComponentVersInfo 2 } 601 cDeviceComponentVersTable OBJECT-TYPE 602 SYNTAX SEQUENCE OF CDeviceComponentVersEntry 603 MAX-ACCESS not-accessible 604 STATUS current 605 DESCRIPTION 606 "The table containing a description of the specification 607 versions of components or specifications supported by the 608 ECU. Note that it is possible for multiple versions of a 609 given specification to be registered within the table." 610 ::= { cDeviceComponentVersInfo 3 } 612 cDeviceComponentVersEntry OBJECT-TYPE 613 SYNTAX CDeviceComponentVersEntry 614 MAX-ACCESS not-accessible 615 STATUS current 616 DESCRIPTION 617 "A row containing a module descriptive name and its version 618 that is supported by this device." 619 INDEX { cDeviceComponentName, cDeviceComponentVersion } 620 ::= { cDeviceComponentVersTable 1 } 622 cDeviceComponentVersEntry ::= SEQUENCE { 623 cDeviceComponentName SnmpAdminString, 624 cDeviceComponentVersion SnmpAdminString, 625 cDeviceComponentOpStatus INTEGER, 626 cDeviceComponentDescription OCTET STRING 627 } 629 cDeviceComponentName OBJECT-TYPE 630 SYNTAX SnmpAdminString (SIZE(1..32)) 631 MAX-ACCESS read-only 632 STATUS current 633 DESCRIPTION 634 "The module name or specification name. The string value to 635 be used in this field should be documented in the text of 636 the specification a given row is reporting information on. 638 Specification names beginning with a prefix of 'vendor-' are 639 reserved for private use by the vendor of the device. 641 The string 'device' (exact) is reserved for vendors to 642 register a software revision version of the device. 644 The string 'hardware' (exact) is reserved for vendors to 645 register a model number of the hardware of the device." 646 ::= { cDeviceComponentVersEntry 1 } 648 cDeviceComponentVersion OBJECT-TYPE 649 SYNTAX SnmpAdminString (SIZE(1..32)) 650 MAX-ACCESS read-only 651 STATUS current 652 DESCRIPTION 653 "The version of the specification or module name listed in 654 the cDeviceComponentName object field in this row. The 655 string value to be used in this field should be documented 656 in the text of a specification, of the device, or elsewhere. 657 If the cDeviceComponentName begins with a 'vendor-' prefix, 658 the format of this field is vendor specific." 659 ::= { cDeviceComponentVersEntry 2 } 661 cDeviceComponentOpStatus OBJECT-TYPE 662 SYNTAX INTEGER { up(1), notReady(2), 663 administrativelyDown(3) } 664 MAX-ACCESS read-write 665 STATUS current 666 DESCRIPTION 667 "The current operational state of the interface feature. 669 This row may be used to enable/disable components or modules 670 in the device, and some implementations may allow for 671 various versions of a component to be activated. Devices may 672 use this construct to roll back versions of a device 673 software, or to allow various software feature versions to 674 be installed. 676 Agents may reject the changing this object for certain rows. 677 An example of this is changing the operational status of a 678 row that describes the software the device and not a 679 particular feature. In this event, the agent should return 680 an inconsistentValue error." 681 ::= { cDeviceComponentVersEntry 3 } 683 cDeviceComponentDescription OBJECT-TYPE 684 SYNTAX OCTET STRING 685 MAX-ACCESS read-write 686 STATUS current 687 DESCRIPTION 688 "A description of the component. Agents may reject the 689 changing this object certain rows. In this event, the agent 690 should return an inconsistentValue error." 691 ::= { cDeviceComponentVersEntry 4 } 693 -- ***************************************************************** 694 -- Module Conformance Information 695 -- ***************************************************************** 697 cDeviceInfoCompliances OBJECT IDENTIFIER 698 ::= { cDeviceInfoConformance 1} 699 cDeviceInfoGroups OBJECT IDENTIFIER 700 ::= { cDeviceInfoConformance 2} 702 cDeviceInfoSystemCompliance MODULE-COMPLIANCE 703 STATUS current 704 DESCRIPTION 705 "Compliance levels for system information." 706 MODULE 707 MANDATORY-GROUPS { cDeviceInfoSystemGroup } 709 GROUP cDeviceInfoSystemNotifyGroup 710 DESCRIPTION 711 "This notification group is optional for implementation." 713 OBJECT cSystemInitialLoadParameters 714 MIN-ACCESS not-accessible 715 DESCRIPTION 716 "Implementation of this object is optional." 718 OBJECT cSecurityLevel 719 MIN-ACCESS not-accessible 720 DESCRIPTION 721 "Implementation of this object is optional." 722 cSanitizeDevice 723 MIN-ACCESS not-accessible 724 DESCRIPTION 725 "Implementation of this object is optional." 727 OBJECT cRenderInoperable 728 MIN-ACCESS not-accessible 729 DESCRIPTION 730 "Implementation of this object is optional." 731 ::= { cDeviceInfoCompliances 1 } 733 cDeviceInfoComponentCompliance MODULE-COMPLIANCE 734 STATUS current 735 DESCRIPTION 736 "Compliance levels for component information." 737 MODULE 738 MANDATORY-GROUPS { cDeviceInfoComponentGroup } 740 GROUP cDeviceInfoComponentNotifyGroup 741 DESCRIPTION 742 "This notification group is optional for implementation." 743 ::= { cDeviceInfoCompliances 2 } 745 cDeviceInfoSystemGroup OBJECT-GROUP 746 OBJECTS { 747 cSystemDate, 748 cSystemUpTime, 749 cSystemInitialLoadParameters, 750 cSecurityLevel, 751 cElectronicSerialNumber, 752 cLastChanged, 753 cResetDevice, 754 cSanitizeDevice, 755 cRenderInoperable, 756 cVendorName, 757 cModelIdentifier, 758 cHardwareVersionNumber 759 } 760 STATUS current 761 DESCRIPTION 762 "This group is composed of objects related to system 763 information." 764 ::= { cDeviceInfoGroups 1 } 766 cDeviceInfoComponentGroup OBJECT-GROUP 767 OBJECTS { 768 cDeviceComponentVersTableCount, 769 cDeviceComponentVersTableLastChanged, 770 cDeviceComponentName, 771 cDeviceComponentVersion, 772 cDeviceComponentOpStatus, 773 cDeviceComponentDescription 774 } 775 STATUS current 776 DESCRIPTION 777 "This group is composed of objects related to component 778 information." 779 ::= { cDeviceInfoGroups 2 } 781 cDeviceInfoSystemNotifyGroup NOTIFICATION-GROUP 782 NOTIFICATIONS { 783 cResetDeviceInitialized, 784 cSanitizeDeviceInitialized, 785 cTamperEventIndicated, 786 cSanitizeDeviceInitialized 787 } 788 STATUS current 789 DESCRIPTION 790 "This group is composed of notifications related to system 791 information." 792 ::= { cDeviceInfoGroups 5 } 794 cDeviceInfoComponentNotifyGroup NOTIFICATION-GROUP 795 NOTIFICATIONS { 796 cDeviceComponentDisabled, 797 cDeviceComponentEnabled 798 } 799 STATUS current 800 DESCRIPTION 801 "This group is composed of notifications related to 802 component information." 803 ::= { cDeviceInfoGroups 6 } 805 END 807 5.4. Firmware Management Information 809 This MIB module makes references to the following documents: 810 [RFC2578], [RFC2579], [RFC2580], and [RFC3411]. 812 CC-FIRMWARE-MANAGEMENT-MIB DEFINITIONS ::= BEGIN 814 IMPORTS 815 SnmpAdminString 816 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411 817 OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, 818 MODULE-IDENTITY 819 FROM SNMPv2-SMI -- FROM RFC 2578 820 TimeStamp, TruthValue, RowStatus 821 FROM SNMPv2-TC -- FROM RFC 2579 822 MODULE-COMPLIANCE, OBJECT-GROUP, 823 NOTIFICATION-GROUP 824 FROM SNMPv2-CONF; -- FROM RFC 2580 826 ccFirmwareManagementMIB MODULE-IDENTITY 827 LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 828 ORGANIZATION "IETF" 829 CONTACT-INFO 830 "Shadi Azoum 831 US Navy 832 email: shadi.azoum@navy.mil 834 Elliott Jones 835 US Navy 836 elliott.jones@navy.mil 838 Lily Sun 839 US Navy 840 lily.sun@navy.mil 842 Mike Irani 843 NKI Engineering 844 irani@nkiengineering.com 846 Jeffrey Sun 847 NKI Engineering 848 sunjeff@nkiengineering.com 850 Ray Purvis 851 MITRE 852 Email:rpurvis@mitre.org 854 Sean Turner 855 sn3rd 856 Email:sean@sn3rd.com" 857 DESCRIPTION 858 "This MIB defines the CC MIB Firmware Managment objects. 860 Copyright (c) 2017 IETF Trust and the persons 861 identified as authors of the code. All rights reserved. 863 Redistribution and use in source and binary forms, with 864 or without modification, is permitted pursuant to, and 865 subject to the license terms contained in, the Simplified 866 BSD License set forth in Section 4.c of the IETF Trust's 867 Legal Provisions Relating to IETF Documents 868 (http://trustee.ietf.org/license-info). 870 This version of this MIB module is part of RFC xxxx; 871 see the RFC itself for full legal notices." 872 -- RFC Ed.: RFC-editor please fill in xxxx. 873 REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 874 DESCRIPTION "Initial Version. Published as RFC xxxx." 875 -- RFC Ed.: RFC-editor please fill in xxxx. 876 ::= { ccFirmwareManagement 1 } 878 -- ***************************************************************** 879 -- Firmware Information Segments 880 -- ***************************************************************** 882 cFirmwareInfo OBJECT IDENTIFIER 883 ::= { ccFirmwareManagementMIB TBD } 884 cFirmwareInfoNoitify OBJECT IDENTIFIER 885 ::= { ccFirmwareManagementMIB TBD } 887 -- ***************************************************************** 888 -- Firmware Information Notifications 889 -- ***************************************************************** 891 cFirmwareInstallFailed NOTIFICATION-TYPE 892 STATUS current 893 DESCRIPTION 894 "A notification from the device to the management station 895 indicating a firmware install failed." 896 ::= { cFirmwareInfoNotify TBD } 898 cFirmwareInstallSuccess NOTIFICATION-TYPE 899 OBJECTS { 900 cFirmwareName, 901 cFirmwareVersion, 902 cFirmwareSource 903 } 904 STATUS current 905 DESCRIPTION 906 "A notification from the device to the management station 907 indicating a firmware install succeeded." 908 ::= { cFirmwareInfoNotify TBD } 910 -- ***************************************************************** 911 -- CC MIB cFirmwareInformationTable 912 -- ***************************************************************** 914 cFirmwareInformationTableCount OBJECT-TYPE 915 SYNTAX Unsigned32 916 MAX-ACCESS read-only 917 STATUS current 918 DESCRIPTION 919 "The number of rows in the cFirmwareInformationTable." 920 ::= { cFirmwareInfo 1 } 922 cFirmwareInformationTableLastChanged OBJECT-TYPE 923 SYNTAX TimeStamp 924 MAX-ACCESS read-only 925 STATUS current 926 DESCRIPTION 927 "The last time any entry in the table was modified, created, 928 or deleted by either SNMP, agent, or other management method 929 (e.g. via an HMI). Managers can use this object to ensure 930 that no changes to configuration of this table have happened 931 since the last time it examined the table. A value of 0 932 indicates that no entry has been changed since the agent 933 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 934 should be used to populate this column." 935 ::= { cFirmwareInfo 2 } 937 cFirmwareInformationTable OBJECT-TYPE 938 SYNTAX SEQUENCE OF CFirmwareInformationEntry 939 MAX-ACCESS not-accessible 940 STATUS current 941 DESCRIPTION 942 "A table that lists firmware versions available in the 943 device, along with their versions and type. This is used to 944 list currently loaded firmware versions of running firmware 945 and other available firmware versions in support of 946 returning to a previous version of the firmware." 947 ::= { cFirmwareInfo 3 } 949 cFirmwareInformationEntry OBJECT-TYPE 950 SYNTAX CFirmwareInformationEntry 951 MAX-ACCESS not-accessible 952 STATUS current 953 DESCRIPTION 954 "A row containing a firmware package name, version, and 955 source." 956 INDEX { cFirmwareName } 957 ::= { cFirmwareInformationTable 1 } 959 CFirmwareInformationEntry ::= SEQUENCE { 960 cFirmwareName OCTET STRING, 961 cFirmwareVersion SnmpAdminString, 962 cFirmwareSource SnmpAdminString, 963 cFirmwareRunning TruthValue, 964 cFirmwareRowStatus RowStatus 965 } 967 cFirmwareName OBJECT-TYPE 968 SYNTAX OCTET STRING (SIZE(1..255)) 969 MAX-ACCESS read-only 970 STATUS current 971 DESCRIPTION 972 "Unique identifier provided in the firmware package." 973 ::= { cFirmwareInformationEntry 1 } 975 cFirmwareVersion OBJECT-TYPE 976 SYNTAX SnmpAdminString (SIZE(1..255)) 977 MAX-ACCESS read-only 978 STATUS current 979 DESCRIPTION 980 "Version of firmware (provided in the package); for legacy 981 firmware packages, this column would be the empty string, 982 ''." 983 ::= { cFirmwareInformationEntry 2 } 985 cFirmwareSource OBJECT-TYPE 986 SYNTAX SnmpAdminString (SIZE(1..255)) 987 MAX-ACCESS read-only 988 STATUS current 989 DESCRIPTION 990 "This column is used by the implementation to describe how 991 the firmware was received. Agents may use any string which 992 adequately describes the interface such as 'USB' or 993 'DS-100.' Agents may also reference entries in the ifTable 994 when appropriate. If received using a Secure Object 995 Maagement System (SOMS) server, the exact URI that was used 996 to retrieve the firmware package would be configured in this 997 column." 998 ::= { cFirmwareInformationEntry 3 } 1000 cFirmwareRunning OBJECT-TYPE 1001 SYNTAX TruthValue 1002 MAX-ACCESS read-write 1003 STATUS current 1004 DESCRIPTION 1005 "Indicates if the firmware is currently running. Only one 1006 row in the table should have this object set to True at any 1007 given time. If this object is set from False to True, the 1008 agent must install the firmware, uninstall the previous 1009 running firmware and change the cFirmwareRunning object for 1010 the previous running firmware from True to False." 1011 ::= { cFirmwareInformationEntry 4 } 1013 cFirmwareRowStatus OBJECT-TYPE 1014 SYNTAX RowStatus 1015 MAX-ACCESS read-write 1016 STATUS current 1017 DESCRIPTION 1018 "The status of the row, by which old entries may be deleted 1019 from this table. At a minimum, implementations must support 1020 destroy management functions. Support for active and 1021 notReady management functions is optional." 1022 ::= { cFirmwareInformationEntry 5 } 1024 -- ***************************************************************** 1025 -- Module Conformance Information 1026 -- ***************************************************************** 1028 cFirmwareInfoCompliances OBJECT IDENTIFIER 1029 ::= { cFirmwareInfoConformance 1} 1030 cFirmwareInfoGroups OBJECT IDENTIFIER 1031 ::= { cFirmwareInfoConformance 2} 1033 cFirmwareInfoCompliance MODULE-COMPLIANCE 1034 STATUS current 1035 DESCRIPTION 1036 "Compliance levels for firmware information." 1037 MODULE 1038 MANDATORY-GROUPS { cFirmwareInfoGroup } 1039 GROUP cFirmwareInfoNotifyGroup 1040 DESCRIPTION 1041 "This notification group is optional for implementation." 1042 ::= { cDeviceInfoCompliances TBD } 1044 cFirmwareInfoGroup OBJECT-GROUP 1045 OBJECTS { 1046 cFirmwareInformationTableCount, 1047 cFirmwareInformationTableLastChanged, 1048 cFirmwareName, 1049 cFirmwareVersion, 1050 cFirmwareSource, 1051 cFirmwareRunning, 1052 cFirmwareRowStatus 1053 } 1054 STATUS current 1055 DESCRIPTION 1056 "This group is composed of objects related to firmware 1057 information." 1058 ::= { cFirmwareInfoGroups TBD } 1060 cFirmwareInfoNotifyGroup NOTIFICATION-GROUP 1061 NOTIFICATIONS { 1062 cFirmwareInstallFailed, 1063 cFirmwareInstallSuccess 1064 } 1065 STATUS current 1066 DESCRIPTION 1067 "This group is composed of notifications related to firmware 1068 information." 1069 ::= { cFirmwareInfoGroups TBD } 1071 END 1073 5.5. Key Management Information 1075 This MIB module makes references to the following documents: 1076 [RFC2578], [RFC2579], [RFC2580], [RFC3411], [RFC5280], [RFC5914], 1077 [RFC6030], and [RFC6353]. 1079 CC-KEY-MANAGEMENT-MIB DEFINITIONS ::= BEGIN 1081 IMPORTS 1082 ccKeyManagement 1083 FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} 1084 OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, 1085 MODULE-IDENTITY 1086 FROM SNMPv2-SMI -- FROM RFC 2578 1087 SnmpAdminString 1088 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411 1089 RowPointer, RowStatus, DateAndTime, 1090 TruthValue, TimeStamp 1091 FROM SNMPv2-TC -- FROM RFC 2579 1092 MODULE-COMPLIANCE, OBJECT-GROUP, 1093 NOTIFICATION-GROUP 1094 FROM SNMPv2-CONF -- FROM RFC 2580 1095 SnmpTLSFingerprint 1096 FROM SNMP-TLS-TM-MIB; -- FROM RFC 6353 1098 ccKeyManagementMIB MODULE-IDENTITY 1099 LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 1100 ORGANIZATION "IETF" 1101 CONTACT-INFO 1102 "Shadi Azoum 1103 US Navy 1104 email: shadi.azoum@navy.mil 1106 Elliott Jones 1107 US Navy 1108 elliott.jones@navy.mil 1110 Lily Sun 1111 US Navy 1112 lily.sun@navy.mil 1114 Mike Irani 1115 NKI Engineering 1116 irani@nkiengineering.com 1118 Jeffrey Sun 1119 NKI Engineering 1120 sunjeff@nkiengineering.com 1122 Ray Purvis 1123 MITRE 1124 Email:rpurvis@mitre.org 1126 Sean Turner 1127 sn3rd 1128 Email:sean@sn3rd.com" 1129 DESCRIPTION 1130 "This MIB defines the CC MIB Key Managment objects. 1132 Copyright (c) 2017 IETF Trust and the persons 1133 identified as authors of the code. All rights reserved. 1135 Redistribution and use in source and binary forms, with 1136 or without modification, is permitted pursuant to, and 1137 subject to the license terms contained in, the Simplified 1138 BSD License set forth in Section 4.c of the IETF Trust's 1139 Legal Provisions Relating to IETF Documents 1140 (http://trustee.ietf.org/license-info). 1142 This version of this MIB module is part of RFC xxxx; 1143 see the RFC itself for full legal notices." 1144 -- RFC Ed.: RFC-editor please fill in xxxx. 1145 REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 1146 DESCRIPTION "Initial Version. Published as RFC xxxx." 1147 -- RFC Ed.: RFC-editor please fill in xxxx. 1148 ::= { ccKeyManagement 1 } 1150 -- ***************************************************************** 1151 -- Key Management Information Segments 1152 -- ***************************************************************** 1154 cSymmetricKeyInfo OBJECT IDENTIFIER 1155 ::= { ccKeyManagementMIB 1 } 1156 cAsymKeyInfo OBJECT IDENTIFIER 1157 ::= { ccKeyManagementMIB 2 } 1158 cTrustAnchorInfo OBJECT IDENTIFIER 1159 ::= { ccKeyManagementMIB 3 } 1160 cCKLInfo OBJECT IDENTIFIER 1161 ::= { ccKeyManagementMIB 4 } 1162 cCDMStoreInfo OBJECT IDENTIFIER 1163 ::= { ccKeyManagementMIB 5 } 1164 cCertSubAltNameInfo OBJECT IDENTIFIER 1165 ::= { ccKeyManagementMIB 6 } 1166 cCertPathCtrlsInfo OBJECT IDENTIFIER 1167 ::= { ccKeyManagementMIB 7 } 1168 cCertPolicyInfo OBJECT IDENTIFIER 1169 ::= { ccKeyManagementMIB 8 } 1170 cPolicyMappingInfo OBJECT IDENTIFIER 1171 ::= { ccKeyManagementMIB 9 } 1172 cNameConstraintInfo OBJECT IDENTIFIER 1173 ::= { ccKeyManagementMIB 10 } 1174 cKeyManagementScalars OBJECT IDENTIFIER 1175 ::= { ccKeyManagementMIB 11 } 1176 cKeyManagementNotify OBJECT IDENTIFIER 1177 ::= { ccKeyManagementMIB 12 } 1178 cKeyManagementConformance OBJECT IDENTIFIER 1179 ::= { ccKeyManagementMIB 13 } 1181 -- ***************************************************************** 1182 -- Key Management Information Scalars 1183 -- ***************************************************************** 1185 cZeroizeAllKeys OBJECT-TYPE 1186 SYNTAX TruthValue 1187 MAX-ACCESS read-write 1188 STATUS current 1189 DESCRIPTION 1190 "Setting this object to 'true' removes all entries in key 1191 material tables and zeroizes key materials. It is applicable 1192 to symmetric keys, asymmetric keys, and Trust Anchors (TA). 1193 It must not modify any other information in the device such 1194 as the persistent storage or the audit log. When read this 1195 object should return false. If this object is set to the 1196 same value as the current value, the device must not perform 1197 any operation but should accept this as a valid SET 1198 operation. Note after being set to true, an agent should 1199 reset this object to false once it has zeroized all the keys 1200 stored in the device." 1201 ::= { cKeyManagementScalars 1 } 1203 cZeroizeSymmetricKeyTable OBJECT-TYPE 1204 SYNTAX TruthValue 1205 MAX-ACCESS read-write 1206 STATUS current 1207 DESCRIPTION 1208 "Setting this object to 'true' removes all entries in the 1209 cSymmetricKeyTablekey and zeroizes the associated key 1210 materials. This operation must not modify any other 1211 information in the device such as the persistent storage or 1212 the audit log. When read this object should return false. If 1213 this object is set to the same value as the current value, 1214 the device must not perform any operation but should accept 1215 this as a valid SET operation. Note after being set to true, 1216 an agent should reset this object to false once it has 1217 zeroized the specific key materials stored in the device." 1218 ::= { cKeyManagementScalars 2 } 1220 cZeroizeAsymKeyTable OBJECT-TYPE 1221 SYNTAX TruthValue 1222 MAX-ACCESS read-write 1223 STATUS current 1224 DESCRIPTION 1225 "Setting this object to 'true' removes all entries in the 1226 cAsymKeyTable, cCertSubAltNameTable, and zeroizes the 1227 associated key materials. This operation must not modify any 1228 other information in the device such as the persistent 1229 storage or the audit log. When read this object should 1230 return false. If this object is set to the same value as the 1231 current value, the device must not perform any operation but 1232 should accept this as a valid SET operation. Note after 1233 being set to true, an agent should reset this object to 1234 false once it has zeroized the specific key materials stored 1235 in the device." 1236 ::= { cKeyManagementScalars 3 } 1238 cZeroizeTrustAnchorTable OBJECT-TYPE 1239 SYNTAX TruthValue 1240 MAX-ACCESS read-write 1241 STATUS current 1242 DESCRIPTION 1243 "Setting this object to 'true' removes all entries in the 1244 cTrustAnchorTable. This operation must not modify any other 1245 information in the device such as the persistent storage or 1246 the audit log. When read this object should return false. If 1247 this object is set to the same value as the current value, 1248 the device must not perform any operation but should accept 1249 this as a valid SET operation. Note after being set to true, 1250 an agent should reset this object to false once it has 1251 zeroized the specific key materials stored in the device. 1253 Some implementations may restrict the deletion of Trust 1254 Anchors to specific protocols (e.g. TAMP)." 1255 ::= { cKeyManagementScalars 4 } 1257 cZeroizeCDMStoreTable OBJECT-TYPE 1258 SYNTAX TruthValue 1259 MAX-ACCESS read-write 1260 STATUS current 1261 DESCRIPTION 1262 "Setting this object to 'true' removes all entries in the 1263 cCDMStoreTable that are of type symkey, asymkey, and 1264 trustAnchor. This operation must not modify any other 1265 information in the device such as the persistent storage or 1266 the audit log. When read this object should return false. If 1267 this object is set to the same value as the current value, 1268 the device must not perform any operation but should accept 1269 this as a valid SET operation. Note after being set to true, 1270 an agent should reset this object to false once it has 1271 zeroized the specific key materials stored in the device." 1272 ::= { cKeyManagementScalars 5 } 1274 cKeyMaterialTableOID OBJECT-TYPE 1275 SYNTAX OBJECT IDENTIFIER 1276 MAX-ACCESS read-write 1277 STATUS current 1278 DESCRIPTION 1279 "The OID of the table for which (1) a successful or failed 1280 configuration occurred upon a key material load or (2) a key 1281 material has expired, will expire, or had its expiration 1282 date changed (3) a key material has been zeroized." 1283 ::= { cKeyManagementScalars 6 } 1285 cKeyMaterialFingerprint OBJECT-TYPE 1286 SYNTAX SnmpTLSFingerprint 1287 MAX-ACCESS accessible-for-notify 1288 STATUS current 1289 DESCRIPTION 1290 "The fingerprint of the key material to be transmitted in a 1291 notification." 1292 ::= { cKeyManagementScalars 7 } 1294 cSymKeyGlobalExpiryWarning OBJECT-TYPE 1295 SYNTAX Unsigned32 1296 UNITS "days" 1297 MAX-ACCESS read-write 1298 STATUS current 1299 DESCRIPTION 1300 "A global setting, indicating the number of days prior to 1301 the expiration date of a symmetric key (value of 1302 cSymKeyExpirationDate in the associated cSymmetricKeyTable 1303 entry) for which the cKeyMaterialExpiring notification will 1304 be transmitted. 1306 The value in this object is only used if no value exists for 1307 the associated cSymmetricKeyTable entry's 1308 cSymKeyExpiryWarning object." 1309 ::= { cKeyManagementScalars 8 } 1311 cAsymKeyGlobalExpiryWarning OBJECT-TYPE 1312 SYNTAX Unsigned32 1313 UNITS "days" 1314 MAX-ACCESS read-write 1315 STATUS current 1316 DESCRIPTION 1317 "A global setting, indicating the number of days prior to 1318 the expiration date of an asymmetric key (value of 1319 cAsymKeyExpirationDate in the associated cAsymKeyTable 1320 entry) for which the cKeyMaterialExpiring notification will 1321 be transmitted. 1323 The value in this object is only used if no value exists for 1324 the associated cAsymKeyTable entry's cAsymKeyExpiryWarning 1325 object." 1326 ::= { cKeyManagementScalars 9 } 1328 cGenerateKeyType OBJECT-TYPE 1329 SYNTAX INTEGER { x509v3(1), psk(2)} 1330 MAX-ACCESS read-write 1331 STATUS current 1332 DESCRIPTION 1333 "The type of key material to be generated 1335 [1] x509v3: X.509v3 certificate per RFC 5280. 1336 [2] Symmetric Pre-Shared Key." 1337 ::= { cKeyManagementScalars 10 } 1339 cGenerateKey OBJECT-TYPE 1340 SYNTAX TruthValue 1341 MAX-ACCESS read-write 1342 STATUS current 1343 DESCRIPTION 1344 "Setting this object to 'true' will force the generation of 1345 key material, based on the type of key material described in 1346 cGenerateKeyType. Post-generation, the agent must create an 1347 entry in the appropriate key material table that captures 1348 information on this key. 1350 Note after being set to true, an agent should reset this 1351 object to false once the key material has been generated and 1352 an entry created in the appropriate table." 1353 ::= { cKeyManagementScalars 11 } 1355 -- ***************************************************************** 1356 -- Key Management Notifications 1357 -- ***************************************************************** 1359 cKeyMaterialLoadSuccess NOTIFICATION-TYPE 1360 OBJECTS { cKeyMaterialTableOID } 1361 STATUS current 1362 DESCRIPTION 1363 "An attempt to load the device with key material, identified 1364 by the table identifier (e.g. cSymmetricKeyTable), has 1365 succeeded. This notification may be sent upon a single 1366 successful key material load or may be sent upon a series of 1367 successful single key material loads." 1368 ::= { cKeyManagementNotify 1 } 1370 cKeyMaterialLoadFail NOTIFICATION-TYPE 1371 OBJECTS { cKeyMaterialTableOID } 1372 STATUS current 1373 DESCRIPTION 1374 "An attempt to load the device with key material, identified 1375 by the table identifier (e.g. cSymmetricKeyTable), has 1376 failed." 1377 ::= { cKeyManagementNotify 2 } 1379 cKeyMaterialExpiring NOTIFICATION-TYPE 1380 OBJECTS { 1381 cKeyMaterialFingerprint, 1382 cKeyMaterialTableOID 1383 } 1384 STATUS current 1385 DESCRIPTION 1386 "Key Material, identified by Key Fingerprint and OID of the 1387 associated key material table, is about to expire. This 1388 notification is transmitted prior to the key material's 1389 configured expiration date 1390 (cSymKeyExpirationDate/cAsymKeyExpirationDate) as indicated 1391 by a global setting 1392 (cSymKeyGlobalExpiryWarning/cAsymKeyGlobalExpiryWarning) or 1393 the granular setting per key material table entry 1394 (cSymKeyExpiryWarning/cAsymKeyExpiryWarning) if configured." 1395 ::= { cKeyManagementNotify 3 } 1397 cKeyMaterialExpired NOTIFICATION-TYPE 1398 OBJECTS { 1399 cKeyMaterialFingerprint, 1400 cKeyMaterialTableOID 1401 } 1402 STATUS current 1403 DESCRIPTION 1404 "Key Material, identified by Key Fingerprint and OID of the 1405 associated key material table, has expired." 1406 ::= { cKeyManagementNotify 4 } 1408 cKeyMaterialExpirationChanged NOTIFICATION-TYPE 1409 OBJECTS { 1410 cKeyMaterialFingerprint, 1411 cKeyMaterialTableOID 1412 } 1413 STATUS current 1414 DESCRIPTION 1415 "The expiration date of Key Material, identified by Key 1416 Fingerprint and the OID of the associated key material 1417 table, has changed. This can happen by either the 1418 'Expiration' object in the table changing or by the device 1419 making a change due to some other automated security policy 1420 change such as automatically extending a key when no new key 1421 is available." 1422 ::= { cKeyManagementNotify 5 } 1424 cKeyMaterialZeroized NOTIFICATION-TYPE 1425 OBJECTS { 1426 cKeyMaterialFingerprint, 1427 cKeyMaterialTableOID 1428 } 1429 STATUS current 1430 DESCRIPTION 1431 "A key material, identified by fingerprint and OID of the 1432 associated key material table, has been securely deleted and 1433 zeroized. This notification is transmitted upon setting the 1434 Row Status object of the associated key material table entry 1435 to 'destroy', setting the cZeroizeAllKeys object to 'true', 1436 setting the cZeroizeSymmetricKeyTable object to 'true', 1437 setting the cZeroizeAsymKeyTable object to 'true', setting 1438 the cZeroizeTrustAnchorTable object to 'true', or setting 1439 the cZeroizeCDMStoreTable object to 'true'." 1441 ::= { cKeyManagementNotify 6 } 1443 cCKLLoadSuccess NOTIFICATION-TYPE 1444 OBJECTS { 1445 cCKLIndex, 1446 cCKLIssuer 1447 } 1448 STATUS current 1449 DESCRIPTION 1450 "An attempt to load the device with CKL, identified by 1451 cCKLIndex and cCKLIssuer (indexes to the cCKLTable), has 1452 succeeded." 1453 ::= { cKeyManagementNotify 7 } 1455 cCKLLoadFail NOTIFICATION-TYPE 1456 STATUS current 1457 DESCRIPTION 1458 "An attempt to load the device with CKL has failed." 1459 ::= { cKeyManagementNotify 8 } 1461 cCDMAdded NOTIFICATION-TYPE 1462 OBJECTS { 1463 cCDMStoreIndex, 1464 cCDMStoreType 1465 } 1466 STATUS current 1467 DESCRIPTION 1468 "A new cryptographic device material (CDM) entry has been 1469 added to the cCDMStoreTable, as identified cCDMStoreIndex 1470 and cCDMStoreType." 1471 ::= { cKeyManagementNotify 9 } 1473 cCDMDeleted NOTIFICATION-TYPE 1474 OBJECTS { 1475 cCDMStoreIndex, 1476 cCDMStoreType, 1477 cCDMStoreFriendlyName 1478 } 1479 STATUS current 1480 DESCRIPTION 1481 "A cryptographic device material (CDM) entry has been 1482 deleted from the cCDMStoreTable, as identified 1483 cCDMStoreIndex, cCDMStoreType and cCDMStoreFriendlyName." 1484 ::= { cKeyManagementNotify 10 } 1486 cTrustAnchorAdded NOTIFICATION-TYPE 1487 OBJECTS { 1488 cTrustAnchorFingerprint, 1489 cTrustAnchorFormatType, 1490 cTrustAnchorUsageType 1491 } 1492 STATUS current 1493 DESCRIPTION 1494 "A trust anchor has been added to the cTrustAnchorTable, as 1495 identified by cTrustAnchorFingerprint, 1496 cTrustAnchorFormatType, and cTrustAnchorUsageType." 1497 ::= { cKeyManagementNotify 11 } 1499 cTrustAnchorUpdated NOTIFICATION-TYPE 1500 OBJECTS { 1501 cTrustAnchorFingerprint, 1502 cTrustAnchorFormatType, 1503 cTrustAnchorUsageType 1504 } 1505 STATUS current 1506 DESCRIPTION 1507 "A trust anchor has been updated in the cTrustAnchorTable, 1508 as identified by cTrustAnchorFingerprint, 1509 cTrustAnchorFormatType, and cTrustAnchorUsageType." 1510 ::= { cKeyManagementNotify 12 } 1512 cTrustAnchorRemoved NOTIFICATION-TYPE 1513 OBJECTS { 1514 cTrustAnchorFingerprint, 1515 cTrustAnchorFormatType, 1516 cTrustAnchorUsageType 1517 } 1518 STATUS current 1519 DESCRIPTION 1520 "A trust anchor has been removed from the cTrustAnchorTable, 1521 as identified by cTrustAnchorFingerprint, 1522 cTrustAnchorFormatType, and cTrustAnchorUsageType." 1523 ::= { cKeyManagementNotify 13 } 1525 -- ***************************************************************** 1526 -- CC MIB cSymmetricKeyTable 1527 -- ***************************************************************** 1529 cSymmetricKeyTableCount OBJECT-TYPE 1530 SYNTAX Unsigned32 1531 MAX-ACCESS read-only 1532 STATUS current 1533 DESCRIPTION 1534 "The number of rows in the cSymmetricKeyTable." 1535 ::= { cSymmetricKeyInfo 1 } 1537 cSymmetricKeyTableLastChanged OBJECT-TYPE 1538 SYNTAX TimeStamp 1539 MAX-ACCESS read-only 1540 STATUS current 1541 DESCRIPTION 1542 "The last time any entry in the table was modified, created, 1543 or deleted by either SNMP, agent, or other management method 1544 (e.g. via an HMI). Managers can use this object to ensure 1545 that no changes to configuration of this table have happened 1546 since the last time it examined the table. A value of 0 1547 indicates that no entry has been changed since the agent 1548 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 1549 should be used to populate this column." 1550 ::= { cSymmetricKeyInfo 2 } 1552 cSymmetricKeyTable OBJECT-TYPE 1553 SYNTAX SEQUENCE OF CSymmetricKeyEntry 1554 MAX-ACCESS not-accessible 1555 STATUS current 1556 DESCRIPTION 1557 "The table containing the various types of symmetric keys 1558 used by the device." 1559 ::= { cSymmetricKeyInfo 3 } 1561 cSymmetricKeyEntry OBJECT-TYPE 1562 SYNTAX CSymmetricKeyEntry 1563 MAX-ACCESS not-accessible 1564 STATUS current 1565 DESCRIPTION 1566 "A row containing information about a Symmetric Key." 1567 INDEX { cSymKeyFingerprint } 1568 ::= { cSymmetricKeyTable 1 } 1570 CSymmetricKeyEntry ::= SEQUENCE { 1571 cSymKeyFingerprint SnmpTLSFingerprint, 1572 cSymKeyUsage BITS, 1573 cSymKeyID OCTET STRING, 1574 cSymKeyIssuer OCTET STRING, 1575 cSymKeyEffectiveDate DateAndTime, 1576 cSymKeyExpirationDate DateAndTime, 1577 cSymKeyExpiryWarning Unsigned32, 1578 cSymKeyNumberOfTransactions Unsigned32, 1579 cSymKeyFriendlyName SnmpAdminString, 1580 cSymKeyClassification BITS, 1581 cSymKeySource OCTET STRING, 1582 cSymKeyRowStatus RowStatus 1583 } 1584 cSymKeyFingerprint OBJECT-TYPE 1585 SYNTAX SnmpTLSFingerprint 1586 MAX-ACCESS not-accessible 1587 STATUS current 1588 DESCRIPTION 1589 "An inherent identification of the symmetric key and the 1590 primary index to the cSymmetricKeyTable. 1592 This MIB does not provide any additional requirements on 1593 developing the fingerprint. Implementations are cautioned to 1594 develop the hash in a manner that does not compromise the 1595 security of the key material." 1596 ::= { cSymmetricKeyEntry 1 } 1598 cSymKeyUsage OBJECT-TYPE 1599 SYNTAX BITS { oneTimePassword(0), challengeResponse(1), 1600 unlock(2), encrypt(3), decrypt(4), 1601 integrity(5), verify(6), keyWrap(7), 1602 unwrap(8), derive(9), generate(10), 1603 sharedSecret(11) } 1604 MAX-ACCESS read-create 1605 STATUS current 1606 DESCRIPTION 1607 "The intended usage for the key: One Time Password (OTP), 1608 Challenge/Response (CR), Unlock, Encrypt, Decrypt, 1609 Integrity, Verify, KeyWrap, Unwrap, Derive, Generate, 1610 Shared Secret. 1611 From RFC 6030 section 5. 1613 OTP: The key is used for One Time Password (OTP) generation. 1615 CR: The key is used for Challenge/Response purposes. 1617 Unlock: The key is used for an inverse challenge response in 1618 the case where a user has locked the device by entering a 1619 wrong password too many times (for devices with password 1620 input capability). 1622 Encrypt: The key is used for data encryption purposes. 1624 Integrity: The key is used to generate a keyed message 1625 digest for data integrity or authentication purposes. 1627 Verify: The key is used to verify a keyed message digest for 1628 data integrity or authentication purposes (this is the 1629 opposite key usage of 'Integrity'). 1631 Decrypt: The key is used for data decryption purposes. 1633 KeyWrap: The key is used for key wrap purposes. 1635 Unwrap: The key is used for key unwrap purposes. 1637 Derive: The key is used with a key derivation function to 1638 derive a new key. 1640 Generate: The key is used to generate a new key based on a 1641 random number and the previous value of the key. 1643 Shared Secret: The key is used as a shared secret between 1644 entities. 1646 Bit value translation: 1647 1000 0000 0000 0000 = OneTimePassword 1648 0100 0000 0000 0000 = ChallengeResponse 1649 0010 0000 0000 0000 = Unlock 1650 0001 0000 0000 0000 = Encrypt 1651 0000 1000 0000 0000 = Decrypt 1652 0000 0100 0000 0000 = Integrity 1653 0000 0010 0000 0000 = Verify 1654 0000 0001 0000 0000 = KeyWrap 1655 0000 0000 1000 0000 = Unwrap 1656 0000 0000 0100 0000 = Derive 1657 0000 0000 0010 0000 = Generate 1658 0000 0000 0001 0000 = SharedSecret" 1659 ::= { cSymmetricKeyEntry 2 } 1661 cSymKeyID OBJECT-TYPE 1662 SYNTAX OCTET STRING (SIZE(1..255)) 1663 MAX-ACCESS read-create 1664 STATUS current 1665 DESCRIPTION 1666 "Represents a unique identifier assigned to this symmetric 1667 key. This would typically be an identifier inherent to the 1668 key material, such as a serial number or other form of 1669 identifier derived from a tag or other key wrapper. This 1670 object differs from cSymKeyFriendlyName which is a 1671 user-defined ID." 1672 ::= { cSymmetricKeyEntry 3 } 1674 cSymKeyIssuer OBJECT-TYPE 1675 SYNTAX OCTET STRING (SIZE(1..255)) 1676 MAX-ACCESS read-create 1677 STATUS current 1678 DESCRIPTION 1679 "Represents the name of the entity which issued the key. Use 1680 a distinguished name (DN) when one is available." 1682 ::= { cSymmetricKeyEntry 4 } 1684 cSymKeyEffectiveDate OBJECT-TYPE 1685 SYNTAX DateAndTime 1686 MAX-ACCESS read-create 1687 STATUS current 1688 DESCRIPTION 1689 "The effective date of the key." 1690 ::= { cSymmetricKeyEntry 5 } 1692 cSymKeyExpirationDate OBJECT-TYPE 1693 SYNTAX DateAndTime 1694 MAX-ACCESS read-create 1695 STATUS current 1696 DESCRIPTION 1697 "The expiration date of the key." 1698 ::= { cSymmetricKeyEntry 6 } 1700 cSymKeyExpiryWarning OBJECT-TYPE 1701 SYNTAX Unsigned32 1702 UNITS "days" 1703 MAX-ACCESS read-create 1704 STATUS current 1705 DESCRIPTION 1706 "The number of days prior to the expiration date of this key 1707 (cSymKeyExpirationDate) for which the cKeyMaterialExpiring 1708 notification will be transmitted. 1710 If configured, the scalar value of 1711 cSymKeyGlobalExpiryWarning will be ignored. The value of 1712 cSymKeyGlobalExpiryWarning will only be used if this column 1713 is not populated, populated with 0, or not implemented." 1714 ::= { cSymmetricKeyEntry 7 } 1716 cSymKeyNumberOfTransactions OBJECT-TYPE 1717 SYNTAX Unsigned32 1718 MAX-ACCESS read-create 1719 STATUS current 1720 DESCRIPTION 1721 "Indicates the maximum number of times a key can be used 1722 after having received it. If this column is not implemented, 1723 then there is no restriction regarding the number of times a 1724 key can be used. 1726 When this number is reached, implementations supporting this 1727 object should stop using this key and send a 1728 cKeyMaterialExpired notification." 1729 ::= { cSymmetricKeyEntry 8 } 1731 cSymKeyFriendlyName OBJECT-TYPE 1732 SYNTAX SnmpAdminString 1733 MAX-ACCESS read-create 1734 STATUS current 1735 DESCRIPTION 1736 "A human readable label of the key for easier reference. It 1737 is used only for helpful or informational purposes." 1738 ::= { cSymmetricKeyEntry 9 } 1740 cSymKeyClassification OBJECT-TYPE 1741 SYNTAX BITS { unclassified(0), restricted(1), 1742 confidential(2), secret(3), topSecret(4) } 1743 MAX-ACCESS read-create 1744 STATUS current 1745 DESCRIPTION 1746 "The classification of the key. 1747 Bit value translation: 1748 1000 0000 = unclassified 1749 0100 0000 = restricted 1750 0010 0000 = confidential 1751 0001 0000 = secret 1752 0000 1000 = topSecret 1753 This column does not exist for devices that do not have the 1754 concept of classification." 1755 ::= { cSymmetricKeyEntry 10 } 1757 cSymKeySource OBJECT-TYPE 1758 SYNTAX OCTET STRING (SIZE(1..255)) 1759 MAX-ACCESS read-create 1760 STATUS current 1761 DESCRIPTION 1762 "The source of the key material. This can be the URI of a 1763 key source entity. If the key was derived from a user-input 1764 password, the string should say PASSWORD. 1766 Keys developed by the device should contain the string 1767 DEVICE-GENERATED. If the key was filled locally then this 1768 column should begin with the word FILL followed by the fill 1769 protocol. If the source is unknown, this column should not 1770 be populated or be set to an empty string, ''." 1771 ::= { cSymmetricKeyEntry 11 } 1773 cSymKeyRowStatus OBJECT-TYPE 1774 SYNTAX RowStatus 1775 MAX-ACCESS read-create 1776 STATUS current 1777 DESCRIPTION 1778 "The status of this row by which existing entries may be 1779 deleted from this table. Setting this column to destroy is 1780 synonymous with zeroizing the key. Any reference(s) to this 1781 object, upon setting this RowStatus to destroy, should be 1782 destroyed as well. 1784 Upon populating this row, this column should automatically 1785 be set to notReady. Only after valid information has been 1786 entered by the manager, can the manager set this column to 1787 active. 1789 At a minimum, implementations must support active and 1790 destroy management functions. Implementations must support 1791 createAndWait and createAndGo management functions for this 1792 object if the symmetric key material can be manually entered 1793 by the manager." 1794 ::= { cSymmetricKeyEntry 12 } 1796 -- ***************************************************************** 1797 -- CC MIB cAsymKeyTable 1798 -- ***************************************************************** 1800 cAsymKeyTableCount OBJECT-TYPE 1801 SYNTAX Unsigned32 1802 MAX-ACCESS read-only 1803 STATUS current 1804 DESCRIPTION 1805 "The number of rows in the cAsymKeyTable." 1806 ::= { cAsymKeyInfo 1 } 1808 cAsymKeyTableLastChanged OBJECT-TYPE 1809 SYNTAX TimeStamp 1810 MAX-ACCESS read-only 1811 STATUS current 1812 DESCRIPTION 1813 "The last time any entry in the table was modified, created, 1814 or deleted by either SNMP, agent, or other management method 1815 (e.g. via an HMI). Managers can use this object to ensure 1816 that no changes to configuration of this table have happened 1817 since the last time it examined the table. A value of 0 1818 indicates that no entry has been changed since the agent 1819 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 1820 should be used to populate this column." 1821 ::= { cAsymKeyInfo 2 } 1823 cAsymKeyTable OBJECT-TYPE 1824 SYNTAX SEQUENCE OF CAsymKeyEntry 1825 MAX-ACCESS not-accessible 1826 STATUS current 1827 DESCRIPTION 1828 "The table containing the Asymmetric Key Material and 1829 Certificates used by the device. Enumeration values, when 1830 applicable follow the conventions in RFC 5280." 1831 ::= { cAsymKeyInfo 3 } 1833 cAsymKeyEntry OBJECT-TYPE 1834 SYNTAX CAsymKeyEntry 1835 MAX-ACCESS not-accessible 1836 STATUS current 1837 DESCRIPTION 1838 "A row containing information about an Asymmetric Key or 1839 Certificate." 1840 INDEX { cAsymKeyFingerprint } 1841 ::= { cAsymKeyTable 1 } 1843 CAsymKeyEntry ::= SEQUENCE { 1844 cAsymKeyFingerprint SnmpTLSFingerprint, 1845 cAsymKeyFriendlyName SnmpAdminString, 1846 cAsymKeySerialNumber OCTET STRING, 1847 cAsymKeyIssuer OCTET STRING, 1848 cAsymKeySignatureAlgorithm OCTET STRING, 1849 cAsymKeyPublicKeyAlgorithm OCTET STRING, 1850 cAsymKeyEffectiveDate DateAndTime, 1851 cAsymKeyExpirationDate DateAndTime, 1852 cAsymKeyExpiryWarning Unsigned32, 1853 cAsymKeySubject OCTET STRING, 1854 cAsymKeySubjectType BITS, 1855 cAsymKeySubjectAltName SnmpAdminString, 1856 cAsymKeyUsage BITS, 1857 cAsymKeyClassification BITS, 1858 cAsymKeySource OCTET STRING, 1859 cAsymKeyRowStatus RowStatus, 1860 cAsymKeyVersion INTEGER, 1861 cAsymKeyRekey TruthValue, 1862 cAsymKeyType OCTET STRING 1863 } 1865 cAsymKeyFingerprint OBJECT-TYPE 1866 SYNTAX SnmpTLSFingerprint 1867 MAX-ACCESS read-only 1868 STATUS current 1869 DESCRIPTION 1870 "An inherent identification of the asymmetric key and the 1871 primary index to the cAsymKeyTable." 1872 ::= { cAsymKeyEntry 1 } 1874 cAsymKeyFriendlyName OBJECT-TYPE 1875 SYNTAX SnmpAdminString 1876 MAX-ACCESS read-write 1877 STATUS current 1878 DESCRIPTION 1879 "A human readable label of the key for easier reference. It 1880 is used only for helpful or informational purposes." 1881 ::= { cAsymKeyEntry 2 } 1883 cAsymKeySerialNumber OBJECT-TYPE 1884 SYNTAX OCTET STRING (SIZE(1..255)) 1885 MAX-ACCESS read-only 1886 STATUS current 1887 DESCRIPTION 1888 "The unique positive integer assigned to the Asymmetric 1889 Key. For Public Key Certificate (PKC) this serial number is 1890 assigned by the Certification Authority (CA). The value is 1891 this column can be up to 20 bytes long per Section 1892 '4.1.2.2. Serial Number' of RFC 5280. Other types of Key 1893 Material may have different serial number format as defined 1894 by the issuer (e.g. a Key Material ID)." 1895 ::= { cAsymKeyEntry 3 } 1897 cAsymKeyIssuer OBJECT-TYPE 1898 SYNTAX OCTET STRING (SIZE(1..255)) 1899 MAX-ACCESS read-only 1900 STATUS current 1901 DESCRIPTION 1902 "The issuer of this key material. For Public Key 1903 Certificates, this is the distinguished name (DN) of the 1904 entity that has signed and issued the Public Key 1905 Certificate (PKC). Other issuers shall be defined by the 1906 class of device and will reference the Key Management 1907 System that delivers the key material for that device." 1908 ::= { cAsymKeyEntry 4 } 1910 cAsymKeySignatureAlgorithm OBJECT-TYPE 1911 SYNTAX OCTET STRING 1912 MAX-ACCESS read-only 1913 STATUS current 1914 DESCRIPTION 1915 "Signature algorithm used by a Certification Authority to 1916 sign this asymmetric key material (e.g. X.509 Certificate). 1917 If no signature/signature algorithm is provided/used, this 1918 column would not exist. 1920 Note, this is a free form OCTET STRING column, meaning 1921 implementations may utilize a standardized definition of 1922 string values or use a proprietary definition of string 1923 values for supported signature algorithms." 1924 ::= { cAsymKeyEntry 5 } 1926 cAsymKeyPublicKeyAlgorithm OBJECT-TYPE 1927 SYNTAX OCTET STRING 1928 MAX-ACCESS read-only 1929 STATUS current 1930 DESCRIPTION 1931 "Public key algorithm with which the public key is used (as 1932 associated with the asymmetric key material (e.g. X.509 1933 Certificate)). 1935 Note, this is a free form OCTET STRING column, meaning 1936 implementations may utilize a standardized definition of 1937 string values or use a proprietary definition of string 1938 values for supported public key algorithms." 1939 ::= { cAsymKeyEntry 6 } 1941 cAsymKeyEffectiveDate OBJECT-TYPE 1942 SYNTAX DateAndTime 1943 MAX-ACCESS read-write 1944 STATUS current 1945 DESCRIPTION 1946 "The date on which the validity period of the Asymmetric 1947 Key begins. This column must not exist when the key 1948 material does not have an inherent and associated effective 1949 date." 1950 ::= { cAsymKeyEntry 7 } 1952 cAsymKeyExpirationDate OBJECT-TYPE 1953 SYNTAX DateAndTime 1954 MAX-ACCESS read-write 1955 STATUS current 1956 DESCRIPTION 1957 "The date on which the validity period of the Asymmetric 1958 Key ends. This column must not exist when the key material 1959 does not have an inherent and associated expiration date." 1960 ::= { cAsymKeyEntry 8 } 1962 cAsymKeyExpiryWarning OBJECT-TYPE 1963 SYNTAX Unsigned32 1964 UNITS "days" 1965 MAX-ACCESS read-write 1966 STATUS current 1967 DESCRIPTION 1968 "The number of days prior to the expiration date of this 1969 key (cAsymKeyExpirationDate) for which the 1970 cKeyMaterialExpiring notification will be transmitted. 1972 If configured, the scalar value of 1973 cAsymKeyGlobalExpiryWarning will be ignored. The value of 1974 cAsymKeyGlobalExpiryWarning will only be used if this 1975 column is not populated, populated with 0, or not 1976 implemented." 1977 ::= { cAsymKeyEntry 9 } 1979 cAsymKeySubject OBJECT-TYPE 1980 SYNTAX OCTET STRING (SIZE(1..255)) 1981 MAX-ACCESS read-only 1982 STATUS current 1983 DESCRIPTION 1984 "The entity associated with this Asymmetric Key. 1986 For non-X.509 based key material, or when this object does 1987 not apply for the key material, this column will not 1988 exist." 1989 ::= { cAsymKeyEntry 10 } 1991 cAsymKeySubjectType OBJECT-TYPE 1992 SYNTAX BITS { other(0), certificationAuthority(1), 1993 crlIssuer(2) } 1994 MAX-ACCESS read-only 1995 STATUS current 1996 DESCRIPTION 1997 "Defines the type of subject based on the following 1998 choices. certificationAuthority(1) - When set to 1 1999 indicates that the subject (cAsymKeySubject) of the Public 2000 Key Certificate (PKC) is a Certification Authority (CA). 2001 crlIssuer(2) - When set to 1 indicates that the subject 2002 (cCertificateSubject) of the Public Key Certificate (PKC) 2003 is a Certificate Revocation List (CRL) issuer. 2004 Bit value translation: 2005 1000 0000 = other 2006 0100 0000 = certificationAuthority 2007 0010 0000 = crlIssuer 2008 For non-X.509 based key material, or when this object does 2009 not apply for the key material, this column will not 2010 exist." 2011 ::= { cAsymKeyEntry 11 } 2013 cAsymKeySubjectAltName OBJECT-TYPE 2014 SYNTAXSnmpAdminString (SIZE(1..32)) 2015 MAX-ACCESS read-write 2016 STATUS current 2017 DESCRIPTION 2018 "A reference string that points to a set of Certificate 2019 Subject Alternative Subject Names in the 2020 cCertSubAltNameTable. 2022 This column should contain an empty string if the 2023 Certificate has no associating Subject Alternative Names. 2025 For non-X.509 based key material, or when this object does 2026 not apply for the key material, this column will not 2027 exist." 2028 ::= { cAsymKeyEntry 12 } 2030 cAsymKeyUsage OBJECT-TYPE 2031 SYNTAX BITS { other(0), digitalSignature(1), 2032 nonRepudiation(2), keyEncipherment(3), 2033 dataEncipherment(4), keyAgreement(5), 2034 keyCertSign(6), cRLSign(7), encipherOnly(8), 2035 decipherOnly(9) } 2036 MAX-ACCESS read-write 2037 STATUS current 2038 DESCRIPTION 2039 "Provides the intended type of usage for the Asymmetric 2040 Key. The following types are supported (defined in Section 2041 4.2.1.3 Key Usage of RFC 5280 for PKC): 2042 other(0), digitalSignature(1), nonRepudiation(2), 2043 keyEncipherment(3), dataEncipherment(4), keyAgreement(5), 2044 keyCertSign(6), cRLSign(7), encipherOnly(8), and 2045 decipherOnly(9) 2046 Bit value translation: 2047 1000 0000 0000 0000 = other, 2048 0100 0000 0000 0000 = digitalSignature, 2049 0010 0000 0000 0000 = nonRepudiation, 2050 0001 0000 0000 0000 = keyEncipherment, 2051 0000 1000 0000 0000 = dataEncipherment, 2052 0000 0100 0000 0000 = keyAgreement, 2053 0000 0010 0000 0000 = keyCertSign, 2054 0000 0001 0000 0000 = cRLSign, 2055 0000 0000 1000 0000 = encipherOnly, 2056 0000 0000 0100 0000 = decipherOnly. 2057 Devices using asymmetric key material not adhering to RFC 2058 5280 (X.509 format) may still use an applicable value for 2059 the Usage, or may use 'other'." 2060 ::= { cAsymKeyEntry 13 } 2062 cAsymKeyClassification OBJECT-TYPE 2063 SYNTAX BITS { unclassified(0), restricted(1), 2064 confidential(2), secret(3), topSecret(4) } 2065 MAX-ACCESS read-only 2066 STATUS current 2067 DESCRIPTION 2068 "The supported classification level supported by the 2069 cAsymKeySubject used by this key material 2070 Bit value translation: 2071 1000 0000 = unclassified, 2072 0100 0000 = restricted, 2073 0010 0000 = confidential, 2074 0001 0000 = secret, 2075 0000 1000 = topSecret. 2077 This column does not exist for devices that do not have the 2078 concept of classification." 2079 ::= { cAsymKeyEntry 14 } 2081 cAsymKeySource OBJECT-TYPE 2082 SYNTAX OCTET STRING (SIZE(1..255)) 2083 MAX-ACCESS read-write 2084 STATUS current 2085 DESCRIPTION 2086 "The source of the key material. This can be the URI of a 2087 key source entity. Keys developed by the device should 2088 contain the string DEVICE-GENERATED. If the key was filled 2089 locally then this column should begin with the word FILL 2090 followed by the fill protocol. If the source is unknown, 2091 this column should be blank." 2092 ::= { cAsymKeyEntry 15 } 2094 cAsymKeyRowStatus OBJECT-TYPE 2095 SYNTAX RowStatus 2096 MAX-ACCESS read-write 2097 STATUS current 2098 DESCRIPTION 2099 "The status of this row by which existing entries may be 2100 deleted from this table. Deleting a row in this table will 2101 also delete analogous rows in the cCertSubAltNameTable that 2102 are referenced by the cAsymKeySubjectAltName. 2104 Setting this column to destroy is synonymous with zeroizing 2105 the key material. Any reference(s) to this object, upon 2106 setting this RowStatus to destroy, should be destroyed as 2108 well. At a minimum, implementations must support active and 2109 destroy management functions. Support for notInService and 2110 notReady management functions is optional. Implementations 2111 must not support createAndWait and createAndGo management 2112 functions for this object." 2113 ::= { cAsymKeyEntry 16 } 2115 cAsymKeyVersion OBJECT-TYPE 2116 SYNTAX INTEGER 2117 MAX-ACCESS read-only 2118 STATUS current 2119 DESCRIPTION 2120 "The version of the asymmetric key material. For example, 2121 X.509 Version 3 certificates would have a value of '2', as 2122 defined in RFC 5280 - Section 4.1.2.1. 2124 When this object does not apply for the key material, this 2125 column will not exist." 2126 ::= { cAsymKeyEntry 17 } 2128 cAsymKeyRekey OBJECT-TYPE 2129 SYNTAX TruthValue 2130 MAX-ACCESS read-create 2131 STATUS current 2132 DESCRIPTION 2133 "Setting this object to 'true' initates a rekey operation 2134 for the asymmetric key material. Note, additional 2135 configurations will likely be required based on the 2136 supported key management protocol. 2138 Note after being set to true, an agent should reset this 2139 object to false once the rekey operation has completed." 2140 ::= { cAsymKeyEntry 18 } 2142 cAsymKeyType OBJECT-TYPE 2143 SYNTAX OCTET STRING (SIZE(1..255)) 2144 MAX-ACCESS read-only 2145 STATUS current 2146 DESCRIPTION 2147 "This column describes the type of asymmetric key material. 2149 Note, this is a free form OCTET STRING column. 2150 Implementations are expected to utilize definition of string 2151 values that apply to their specific nomenclature supported. 2152 If no such nomenclature exists, this column should not be 2153 populated or be set to an empty string (i.e. '')." 2154 ::= { cAsymKeyEntry 19 } 2156 -- ***************************************************************** 2157 -- CC MIB cTrustAnchorTable 2158 -- ***************************************************************** 2160 cTrustAnchorTableCount OBJECT-TYPE 2161 SYNTAX Unsigned32 2162 MAX-ACCESS read-only 2163 STATUS current 2164 DESCRIPTION 2165 "The number of rows in the cTrustAnchorTable." 2166 ::= { cTrustAnchorInfo 1 } 2168 cTrustAnchorTableLastChanged OBJECT-TYPE 2169 SYNTAX TimeStamp 2170 MAX-ACCESS read-only 2171 STATUS current 2172 DESCRIPTION 2173 "The last time any entry in the table was modified, created, 2174 or deleted by either SNMP, agent, or other management method 2175 (e.g. via an HMI). Managers can use this object to ensure 2176 that no changes to configuration of this table have happened 2177 since the last time it examined the table. A value of 0 2178 indicates that no entry has been changed since the agent 2179 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 2180 should be used to populate this column." 2181 ::= { cTrustAnchorInfo 2 } 2183 cTrustAnchorTable OBJECT-TYPE 2184 SYNTAX SEQUENCE OF CTrustAnchorEntry 2185 MAX-ACCESS not-accessible 2186 STATUS current 2187 DESCRIPTION 2188 "The table containing the Trust Anchors (TAs) in this 2189 device." 2190 ::= { cTrustAnchorInfo 3 } 2192 cTrustAnchorEntry OBJECT-TYPE 2193 SYNTAX CTrustAnchorEntry 2194 MAX-ACCESS not-accessible 2195 STATUS current 2196 DESCRIPTION 2197 "A row containing information about a Trust Anchor (TA) that 2198 has been loaded into the device." 2199 INDEX { cTrustAnchorFingerprint } 2200 ::= { cTrustAnchorTable 1 } 2202 CTrustAnchorEntry ::= SEQUENCE { 2203 cTrustAnchorFingerprint SnmpTLSFingerprint, 2204 cTrustAnchorFormatType INTEGER, 2205 cTrustAnchorName OCTET STRING, 2206 cTrustAnchorUsageType INTEGER, 2207 cTrustAnchorKeyIdentifier OCTET STRING, 2208 cTrustAnchorPublicKeyAlgorithm OCTET STRING, 2209 cTrustAnchorContingencyAvail TruthValue, 2210 cTrustAnchorRowStatus RowStatus 2211 } 2212 cTrustAnchorFingerprint OBJECT-TYPE 2213 SYNTAX SnmpTLSFingerprint 2214 MAX-ACCESS read-only 2215 STATUS current 2216 DESCRIPTION 2217 "An inherent identification of the trust anchor and the 2218 primary index to the cTrustAnchorTable." 2219 ::= { cTrustAnchorEntry 1 } 2221 cTrustAnchorFormatType OBJECT-TYPE 2222 SYNTAX INTEGER { x509v3(1), trustAnchorFormat(2), 2223 tbsCertificate(3) } 2224 MAX-ACCESS read-only 2225 STATUS current 2226 DESCRIPTION 2227 "The type/format of the trust anchor. 2229 [1] x509v3: X.509v3 certificate per RFC 5280. 2230 [2] trustAnchorFormat: Trust Anchor Format per RFC 5914. 2231 [3] tbsCertificate: To Be Signed Certificate per RFC 5280." 2232 ::= { cTrustAnchorEntry 2 } 2234 cTrustAnchorName OBJECT-TYPE 2235 SYNTAX OCTET STRING (SIZE(0..255)) 2236 MAX-ACCESS read-only 2237 STATUS current 2238 DESCRIPTION 2239 "The name of the Trust Anchor. When available, this is the 2240 X.500 distinguished name (DN) associated with the Trust 2241 Anchor (TA) used to construct and validate an X.509 2242 certification path. When the value of cTrustAnchorFormatType 2243 is 'trustAnchorFormat', this column is populated with the 2244 value from the taTitle field of the TrustAnchorInfo 2245 structure defined in RFC 5914, which is a human-readable 2246 name for the trust anchor. Otherwise, this column should be 2247 blank." 2248 ::= { cTrustAnchorEntry 3 } 2250 cTrustAnchorUsageType OBJECT-TYPE 2251 SYNTAX INTEGER { other(1), apex(2), management(3), 2252 identity(4), firmware(5), crl(6) } 2253 MAX-ACCESS read-only 2254 STATUS current 2255 DESCRIPTION 2256 "The usage type for the Trust Anchor (TA). Note, crl(6) also 2257 applies to compromised key lists." 2258 ::= { cTrustAnchorEntry 4 } 2260 cTrustAnchorKeyIdentifier OBJECT-TYPE 2261 SYNTAX OCTET STRING (SIZE(1..255)) 2262 MAX-ACCESS read-only 2263 STATUS current 2264 DESCRIPTION 2265 "The identifier of the Trust Anchor's (TA's) public key." 2266 ::= { cTrustAnchorEntry 5 } 2268 cTrustAnchorPublicKeyAlgorithm OBJECT-TYPE 2269 SYNTAX OCTET STRING 2270 MAX-ACCESS read-only 2271 STATUS current 2272 DESCRIPTION 2273 "Public key algorithm with which the public key is used (as 2274 associated with the trust anchor). 2276 Note, this is a free form OCTET STRING column, meaning 2277 implementations may utilize a standardized definition of 2278 string values or use a proprietary definition of string 2279 values for supported public key algorithms." 2280 ::= { cTrustAnchorEntry 6 } 2282 cTrustAnchorContingencyAvail OBJECT-TYPE 2283 SYNTAX TruthValue 2284 MAX-ACCESS read-only 2285 STATUS current 2286 DESCRIPTION 2287 "An indication of the availability of a contingency key for 2288 an Apex Trust Anchor. When set to 'True', a contingency key 2289 is available." 2290 ::= { cTrustAnchorEntry 7 } 2292 cTrustAnchorRowStatus OBJECT-TYPE 2293 SYNTAX RowStatus 2294 MAX-ACCESS read-write 2295 STATUS current 2296 DESCRIPTION 2297 "The status of this row by which existing entries may be 2298 deleted from this table. Setting this column to destroy is 2299 synonymous with zeroizing the Trust Anchor (TA). Any 2300 reference(s) to this object, upon setting this RowStatus to 2301 destroy, should be destroyed as well. 2303 At a minimum, implementations must support active and 2304 destroy management functions. Support for notInService and 2305 notReady management functions is optional. Implementations 2306 must not support createAndWait and createAndGo management 2307 functions for this object. 2309 Some implementations may restrict the deletion of Trust 2310 Anchors to specific protocols (e.g. TAMP)." 2311 ::= { cTrustAnchorEntry 8 } 2313 -- ***************************************************************** 2314 -- CC MIB cCKLTable 2315 -- ***************************************************************** 2317 cCKLTableCount OBJECT-TYPE 2318 SYNTAX Unsigned32 2319 MAX-ACCESS read-only 2320 STATUS current 2321 DESCRIPTION 2322 "The number of rows in the cCKLTable." 2323 ::= { cCKLInfo 1 } 2325 cCKLLastChanged OBJECT-TYPE 2326 SYNTAX TimeStamp 2327 MAX-ACCESS read-only 2328 STATUS current 2329 DESCRIPTION 2330 "The last time any entry in the table was modified, created, 2331 or deleted by either SNMP, agent, or other management method 2332 (e.g. via an HMI). Managers can use this object to ensure 2333 that no changes to configuration of this table have happened 2334 since the last time it examined the table. A value of 0 2335 indicates that no entry has been changed since the agent 2336 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 2337 should be used to populate this column." 2338 ::= { cCKLInfo 2 } 2340 cCKLTable OBJECT-TYPE 2341 SYNTAX SEQUENCE OF CCKLEntry 2342 MAX-ACCESS not-accessible 2343 STATUS current 2344 DESCRIPTION 2345 "The table containing the Compromised Key Lists and 2346 Certificate Revocation Lists (CRLS) used by the device. This 2347 table is used both for CRLs as defined in RFC 5280 and for 2348 other formats of revocation lists (such as Compromised Key 2349 Lists.)" 2350 ::= { cCKLInfo 3 } 2352 cCKLEntry OBJECT-TYPE 2353 SYNTAX CCKLEntry 2354 MAX-ACCESS not-accessible 2355 STATUS current 2356 DESCRIPTION 2357 "A row containing information about a Compromised Key List 2358 or Certificate Revocation List (CRL) used by the device." 2359 INDEX { cCKLIndex, cCKLIssuer } 2360 ::= { cCKLTable 1 } 2362 CCKLEntry ::= SEQUENCE { 2363 cCKLIndex Unsigned32, 2364 cCKLIssuer OCTET STRING, 2365 cCKLSerialNumber OCTET STRING, 2366 cCKLIssueDate DateAndTime, 2367 cCKLNextUpdate DateAndTime, 2368 cCKLRowStatus RowStatus, 2369 cCKLVersion INTEGER, 2370 cCKLLastUpdate DateAndTime 2371 } 2373 cCKLIndex OBJECT-TYPE 2374 SYNTAX Unsigned32 2375 MAX-ACCESS read-only 2376 STATUS current 2377 DESCRIPTION 2378 "An ID that uniquely identifies the Compromised Key List 2379 (CKL) in this table." 2380 ::= { cCKLEntry 1 } 2382 cCKLIssuer OBJECT-TYPE 2383 SYNTAX OCTET STRING (SIZE(0..255)) 2384 MAX-ACCESS read-only 2385 STATUS current 2386 DESCRIPTION 2387 "For devices adhering to RFC 5280 this is the X.500 2388 distinguished name (DN) of the entity that has signed and 2389 issued the Certificate Revocation List (CRL). 2391 Other CRL/CKL issuers may use proprietary naming conventions 2392 or formats. 2394 If the source is unknown, this column should not be 2395 populated or be set to an empty string, ''." 2396 ::= { cCKLEntry 2 } 2398 cCKLSerialNumber OBJECT-TYPE 2399 SYNTAX OCTET STRING (SIZE(0..255)) 2400 MAX-ACCESS read-only 2401 STATUS current 2402 DESCRIPTION 2403 "A Serial Number for this CRL or CKL. 2405 For CRLs adhering to RFC 5280, this will be a monotonically 2406 increasing sequence number for a given Certificate 2407 Revocation List (CRL) scope and CRL issuer. The CRL Number 2408 allows users to easily determine when a particular CKL/CRL 2409 supersedes another CKL/CRL." 2410 ::= { cCKLEntry 3 } 2412 cCKLIssueDate OBJECT-TYPE 2413 SYNTAX DateAndTime 2414 MAX-ACCESS read-only 2415 STATUS current 2416 DESCRIPTION 2417 "The issue date of this CRL/CKL." 2418 ::= { cCKLEntry 4 } 2420 cCKLNextUpdate OBJECT-TYPE 2421 SYNTAX DateAndTime 2422 MAX-ACCESS read-only 2423 STATUS current 2424 DESCRIPTION 2426 "The date by which the next CKL/CRL issued. The next CRL 2427 could be issued before the indicated date, but it will not 2428 be issued any later than the indicated date. 2430 If this value is unknown, this column should not be 2431 populated or be set to an empty string, ''." 2432 ::= { cCKLEntry 5 } 2434 cCKLRowStatus OBJECT-TYPE 2435 SYNTAX RowStatus 2436 MAX-ACCESS read-write 2437 STATUS current 2438 DESCRIPTION 2439 "The status of this row by which existing entries may be 2440 deleted from this table. 2442 At a minimum, implementations must support active and 2443 destroy management functions. Support for notInService and 2444 notReady management functions is optional. Implementations 2445 must not support createAndWait and createAndGo management 2446 functions for this object." 2447 ::= { cCKLEntry 6 } 2449 cCKLVersion OBJECT-TYPE 2450 SYNTAX INTEGER 2451 MAX-ACCESS read-only 2452 STATUS current 2453 DESCRIPTION 2454 "The version of the CKL/CRL. For example, X.509 Version 2 2455 CRLs would have a value of '1', as defined in RFC 5280 - 2456 Section 5.1.2.1. 2458 When this object does not apply for the CKL/CRL, this column 2459 will not exist." 2460 ::= { cCKLEntry 7 } 2462 cCKLLastUpdate OBJECT-TYPE 2463 SYNTAX DateAndTime 2464 MAX-ACCESS read-only 2465 STATUS current 2466 DESCRIPTION 2467 "The date this CKL/CRL was last updated." 2468 ::= { cCKLEntry 8 } 2470 -- ***************************************************************** 2471 -- CC MIB cCDMStoreTable 2472 -- ***************************************************************** 2474 cCDMStoreTableCount OBJECT-TYPE 2475 SYNTAX Unsigned32 2476 MAX-ACCESS read-only 2477 STATUS current 2478 DESCRIPTION 2479 "The number of rows in the cCDMStoreTable." 2480 ::= { cCDMStoreInfo 1 } 2482 cCDMStoreTableLastChanged OBJECT-TYPE 2483 SYNTAX TimeStamp 2484 MAX-ACCESS read-only 2485 STATUS current 2486 DESCRIPTION 2487 "The last time any entry in the table was modified, created, 2488 or deleted by either SNMP, agent, or other management method 2489 (e.g. via an HMI). Managers can use this object to ensure 2490 that no changes to configuration of this table have happened 2491 since the last time it examined the table. A value of 0 2492 indicates that no entry has been changed since the agent 2493 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 2494 should be used to populate this column." 2495 ::= { cCDMStoreInfo 2 } 2497 cCDMStoreTable OBJECT-TYPE 2498 SYNTAX SEQUENCE OF CCDMStoreEntry 2499 MAX-ACCESS not-accessible 2500 STATUS current 2501 DESCRIPTION 2502 "The table containing various types of stored Crypto Device 2503 Material (CDM) that are destined for this device and/or 2504 destined for another device. When sending CDM to a destined 2505 device, the cCDMTransferPkgLocatorRowPtr from the 2506 CC-KEY-TRANSFER-PUSH-MIB can be used to point to the rows in 2507 this table." 2508 ::= { cCDMStoreInfo 3 } 2510 cCDMStoreEntry OBJECT-TYPE 2511 SYNTAX CCDMStoreEntry 2512 MAX-ACCESS not-accessible 2513 STATUS current 2514 DESCRIPTION 2515 "A row containing information about stored Crypto Device 2516 Material (CDM)." 2517 INDEX { cCDMStoreIndex } 2518 ::= { cCDMStoreTable 1 } 2520 CCDMStoreEntry ::= SEQUENCE { 2521 cCDMStoreIndex Unsigned32, 2522 cCDMStoreType INTEGER, 2523 cCDMStoreSource SnmpAdminString, 2524 cCDMStoreID OCTET STRING, 2525 cCDMStoreFriendlyName SnmpAdminString, 2526 cCDMStoreControl INTEGER, 2527 cCDMStoreRowStatus RowStatus 2528 } 2530 cCDMStoreIndex OBJECT-TYPE 2531 SYNTAX Unsigned32 2532 MAX-ACCESS read-only 2533 STATUS current 2534 DESCRIPTION 2535 "A numeric index that identifies a unique location in this 2536 table." 2537 ::= { cCDMStoreEntry 1 } 2539 cCDMStoreType OBJECT-TYPE 2540 SYNTAX INTEGER { symKey(1), asymKey(2), trustAnchor(3), 2541 crl(4), ckl(5), firmware(6), 2542 storeAndForwardWrappedPkg(7) } 2543 MAX-ACCESS read-only 2544 STATUS current 2545 DESCRIPTION 2546 "The type of Crypto Device Material (CDM) populated in this 2547 row. 2549 (1) symKey - This row contains information about a stored 2550 symmetric key. 2551 (2) asymKey - This row contains information about a stored 2552 asymmetric key. 2553 (3) trustAnchor - This row contains information about a 2554 stored Trust Anchor (TA). 2555 (4) crl - This row contains information about a stored 2556 Certificate Revocation List (CRL). 2557 (5) ckl - This row contains information about a stored 2558 Compromised Key List (CKL). 2559 (6) firmware - This row contains information about stored 2560 firmware. 2561 (7) storeAndForwardWrappedPkg - This row contains 2562 information about a stored encrypted wrapped package, 2563 typically meant to be forwarded to another device." 2564 ::= { cCDMStoreEntry 2 } 2566 cCDMStoreSource OBJECT-TYPE 2567 SYNTAX SnmpAdminString 2568 MAX-ACCESS read-only 2569 STATUS current 2570 DESCRIPTION 2571 "An administrative name that identifies the source of this 2572 Crypto Device Material (CDM). This could be the URI used 2573 when downloaded from the Secure Object Management System 2574 (SOMS) server or a physical port designator for CDM 2575 downloaded via HMI." 2576 ::= { cCDMStoreEntry 3 } 2578 cCDMStoreID OBJECT-TYPE 2579 SYNTAX OCTET STRING (SIZE(1..255)) 2580 MAX-ACCESS read-write 2581 STATUS current 2582 DESCRIPTION 2583 "Represents a unique identifier assigned to this Crypto 2584 Device Material (CDM). This would typically be an identifier 2585 inherent to the CDM, such as a serial number or other form 2586 of identifier derived from a tag or other CDM wrapper. This 2587 object differs from cCDMStoreFriendlyName which is a 2588 user-defined ID." 2589 ::= { cCDMStoreEntry 4 } 2591 cCDMStoreFriendlyName OBJECT-TYPE 2592 SYNTAX SnmpAdminString 2593 MAX-ACCESS read-write 2594 STATUS current 2595 DESCRIPTION 2596 "A human readable label of this Crypto Device Material (CDM) 2597 for easier reference. It is used only for helpful or 2598 informational purposes." 2599 ::= { cCDMStoreEntry 5 } 2601 cCDMStoreControl OBJECT-TYPE 2602 SYNTAX INTEGER { readyForInstall(1), install(2), 2603 installAndDiscard(3) } 2604 MAX-ACCESS read-write 2605 STATUS current 2606 DESCRIPTION 2607 "A means to control what happens to the Crypto Device 2608 Material (CDM) stored in this table. 2609 (1) readyForInstall - The CDM is ready for installation. 2610 (2) install - The CDM will be installed in the appropriate 2611 table based on the cCDMStoreType. 2612 (3) installAndDiscard - The CDM will be installed in the 2613 appropriate table based on the cCDMStoreType and 2614 discarded from this table after the install operation is 2615 complete. 2617 Note, setting the cCDMStoreRowStatus object to 'destroy' 2618 will discard the CDM." 2619 ::= { cCDMStoreEntry 6 } 2621 cCDMStoreRowStatus OBJECT-TYPE 2622 SYNTAX RowStatus 2623 MAX-ACCESS read-write 2624 STATUS current 2625 DESCRIPTION 2626 "The status of this row by which existing entries may be 2627 deleted from this table. 2629 At a minimum, implementations must support active and 2630 destroy management functions. Support for notInService and 2631 notReady management functions is optional. Implementations 2632 must not support createAndWait and createAndGo management 2633 functions for this object." 2634 ::= { cCDMStoreEntry 7 } 2636 -- ***************************************************************** 2637 -- CC MIB cCertSubAltNameTable 2638 -- ***************************************************************** 2640 cCertSubAltNameTableCount OBJECT-TYPE 2641 SYNTAX Unsigned32 2642 MAX-ACCESS read-only 2643 STATUS current 2644 DESCRIPTION 2645 "The number of rows in the cCertSubAltNameTable." 2646 ::= { cCertSubAltNameInfo 1 } 2648 cCertSubAltNameTableLastChanged OBJECT-TYPE 2649 SYNTAX TimeStamp 2650 MAX-ACCESS read-only 2651 STATUS current 2652 DESCRIPTION 2653 "The last time any entry in the table was modified, created, 2654 or deleted by either SNMP, agent, or other management method 2655 (e.g. via an HMI). Managers can use this object to ensure 2656 that no changes to configuration of this table have happened 2657 since the last time it examined the table. A value of 0 2658 indicates that no entry has been changed since the agent 2659 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 2660 should be used to populate this column." 2661 ::= { cCertSubAltNameInfo 2 } 2663 cCertSubAltNameTable OBJECT-TYPE 2664 SYNTAX SEQUENCE OF CCertSubAltNameTableEntry 2665 MAX-ACCESS not-accessible 2666 STATUS current 2667 DESCRIPTION 2668 "The table containing a list of Subject Alternative Names 2669 associated with the certificate." 2670 ::= { cCertSubAltNameInfo 3 } 2672 cCertSubAltNameTableEntry OBJECT-TYPE 2673 SYNTAX CCertSubAltNameTableEntry 2674 MAX-ACCESS not-accessible 2675 STATUS current 2676 DESCRIPTION 2677 "A row containing information about a Subject Alternative 2678 Name and its type." 2679 INDEX { cCertSubAltNameList, cCertSubAltNameListIndex } 2680 ::= { cCertSubAltNameTable 1 } 2682 CCertSubAltNameTableEntry ::= SEQUENCE { 2683 cCertSubAltNameList SnmpAdminString, 2684 cCertSubAltNameListIndex Unsigned32, 2685 cCertSubAltNameType INTEGER, 2686 cCertSubAltNameValue1 OCTET STRING, 2687 cCertSubAltNameValue2 OCTET STRING, 2688 cCertSubAltNameRowStatus RowStatus 2689 } 2691 cCertSubAltNameList OBJECT-TYPE 2692 SYNTAX SnmpAdminString (SIZE(1..32)) 2693 MAX-ACCESS not-accessible 2694 STATUS current 2695 DESCRIPTION 2696 "The administrative name defining the set of Subject 2697 Alternative Names that are associated with the certificate. 2698 Multiple Subject Alternative Names may use the same 2699 administrative name, implying a group. It is the combination 2700 of cCertSubAltNameList and cCertSubAltNameListIndex that 2701 uniquely identifies each row or set of Subject Alternative 2702 Names." 2703 ::= { cCertSubAltNameTableEntry 1 } 2705 cCertSubAltNameListIndex OBJECT-TYPE 2706 SYNTAX Unsigned32 2707 MAX-ACCESS not-accessible 2708 STATUS current 2709 DESCRIPTION 2710 "A unique numeric index for rows, or sets of Subject 2711 Alternative Names, with the same cCertSubAltNameList value. 2712 This value, in combination with cCertSubAltNameList, 2713 uniquely identifies each row, or set of Subject Alternative 2714 Names." 2715 ::= { cCertSubAltNameTableEntry 2 } 2717 cCertSubAltNameType OBJECT-TYPE 2718 SYNTAX INTEGER { otherName(0), rfc822Name(1), dNSName(2), 2719 x400Address(3), directoryName(4), 2720 ediPartyName(5), 2721 uniformResourceIdentifier(6), ipAddress(7), 2722 registeredID(8) } 2723 MAX-ACCESS read-only 2724 STATUS current 2725 DESCRIPTION 2726 "The type of the Subject Alternative Name as defined in RFC 2727 5280, Section 4.2.1.6. Specifically, the value of this 2728 object determines the format of cCertSubAltNameValue1 and 2729 cCertSubAltNameValue2." 2730 ::= { cCertSubAltNameTableEntry 3 } 2732 cCertSubAltNameValue1 OBJECT-TYPE 2733 SYNTAX OCTET STRING 2734 MAX-ACCESS read-only 2735 STATUS current 2736 DESCRIPTION 2737 "The main value of the Subject Alternative Name. The format 2738 of the value must match its Type as defined in RFC 5280, 2739 Section 4.2.1.6. 2741 This column is the main value and is used for all 2742 cCertSubAltNameType types. For otherName(0), this column 2744 provides the value of the 'value' field. For 2745 ediPartyName(5), this column provides the value of the 2746 'partyName'. For all other types, this column provides the 2747 value as defined in RFC 5280, Section 4.2.1.6." 2748 ::= { cCertSubAltNameTableEntry 4 } 2750 cCertSubAltNameValue2 OBJECT-TYPE 2751 SYNTAX OCTET STRING 2752 MAX-ACCESS read-only 2753 STATUS current 2754 DESCRIPTION 2755 "This column is a supplement to the main value 2756 cCertSubAltNameValue1 and may only be used when the 2757 cCertSubAltNameType is either otherName(0) or 2758 ediPartyName(5). For otherName(0), this column provides the 2759 value of the 'type-id' as defined in RFC 5280, Section 2760 4.2.1.6. For ediPartyName(5), this column provides the value 2761 of the 'nameAssigner' as defined in RFC 5280, Section 2762 4.2.1.6. 2764 For all other values of cCertSubAltNameType or when the 2765 'nameAssigner' is not used for ediPartyName(5), this column 2766 will not exist. 2768 Note: Support for multiple otherName(0) or ediPartyName(5) 2769 alternate names is provided by allowing multiple rows of the 2770 same cCertSubAltNameType and cCertSubAltNameList but with a 2771 unique cCertSubAltNameListIndex." 2772 ::= { cCertSubAltNameTableEntry 5 } 2774 cCertSubAltNameRowStatus OBJECT-TYPE 2775 SYNTAX RowStatus 2776 MAX-ACCESS read-create 2777 STATUS current 2778 DESCRIPTION 2779 "The status of this row by which existing entries may be 2780 deleted from this table. 2782 At a minimum, implementations must support active and 2783 destroy management functions. Support for notInService and 2784 notReady management functions is optional. Implementations 2785 must not support createAndWait and createAndGo management 2786 functions for this object." 2788 ::= { cCertSubAltNameTableEntry 6 } 2790 -- ***************************************************************** 2791 -- CC MIB cCertPathCtrlsTable 2792 -- ***************************************************************** 2794 cCertPathCtrlsTableCount OBJECT-TYPE 2795 SYNTAX Unsigned32 2796 MAX-ACCESS read-only 2797 STATUS current 2798 DESCRIPTION 2799 "The number of rows in the cCertPathCtrlsTable." 2800 ::= { cCertPathCtrlsInfo 1 } 2802 cCertPathCtrlsTableLastChanged OBJECT-TYPE 2803 SYNTAX TimeStamp 2804 MAX-ACCESS read-only 2805 STATUS current 2806 DESCRIPTION 2807 "The last time any entry in the table was modified, created, 2808 or deleted by either SNMP, agent, or other management method 2809 (e.g. via an HMI). Managers can use this object to ensure 2810 that no changes to configuration of this table have happened 2811 since the last time it examined the table. A value of 0 2812 indicates that no entry has been changed since the agent 2813 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 2814 should be used to populate this column." 2815 ::= { cCertPathCtrlsInfo 2 } 2817 cCertPathCtrlsTable OBJECT-TYPE 2818 SYNTAX SEQUENCE OF CCertPathCtrlsEntry 2819 MAX-ACCESS not-accessible 2820 STATUS current 2821 DESCRIPTION 2822 "The table containing the controls and constraints applied 2823 to a certificate in order to process certificate trust 2824 paths." 2825 ::= { cCertPathCtrlsInfo 3 } 2827 cCertPathCtrlsEntry OBJECT-TYPE 2828 SYNTAX CCertPathCtrlsEntry 2829 MAX-ACCESS not-accessible 2830 STATUS current 2831 DESCRIPTION 2832 "A row containing information about certificate path 2833 controls and constraints." 2834 INDEX { cCertPathCtrlsKeyFingerprint } 2835 ::= { cCertPathCtrlsTable 1 } 2837 CCertPathCtrlsEntry ::= SEQUENCE { 2838 cCertPathCtrlsKeyFingerprint SnmpTLSFingerprint, 2839 cCertPathCtrlsCertificate RowPointer, 2840 cCertPathCtrlsCertPolicies OCTET STRING, 2841 cCertPathCtrlsPolicyMappings OCTET STRING, 2842 cCertPathCtrlsPolicyFlags BITS, 2843 cCertPathCtrlsNamesPermitted OCTET STRING, 2844 cCertPathCtrlsNamesExcluded OCTET STRING, 2845 cCertPathCtrlsMaxPathLength Unsigned32 2846 } 2848 cCertPathCtrlsKeyFingerprint OBJECT-TYPE 2849 SYNTAX SnmpTLSFingerprint 2850 MAX-ACCESS not-accessible 2851 STATUS current 2852 DESCRIPTION 2853 "Identifies a trust anchor in the cTrustAnchorTable or a 2854 certificate in the cAsymKeyTable. This column is the 2855 primary index to the cCertPathCtrlsTable." 2856 ::= {cCertPathCtrlsEntry 1} 2858 cCertPathCtrlsCertificate OBJECT-TYPE 2859 SYNTAX RowPointer 2860 MAX-ACCESS read-only 2861 STATUS current 2862 DESCRIPTION 2863 "Optional reference to an X.509 certificate defined in the 2864 cAsymKeyTable to assist with certification path development 2865 and validation." 2866 ::= { cCertPathCtrlsEntry 2 } 2868 cCertPathCtrlsCertPolicies OBJECT-TYPE 2869 SYNTAX OCTET STRING 2870 MAX-ACCESS read-only 2871 STATUS current 2872 DESCRIPTION 2873 "Indicates a grouping of one or more policies for this 2874 certificate. The value of this column corresponds to the 2875 cCertPolicyInformation column in the cCertPolicyTable. 2877 When this object does not apply for the key material, this 2878 column will not exist." 2879 ::= { cCertPathCtrlsEntry 3 } 2881 cCertPathCtrlsPolicyMappings OBJECT-TYPE 2882 SYNTAX OCTET STRING 2883 MAX-ACCESS read-only 2884 STATUS current 2885 DESCRIPTION 2886 "For a Certificate Authority (CA) certificate, this 2887 indicates a grouping of policy mappings between a 2888 certificate issuer CA domain policy and a domain policy of 2889 the subject certificate CA. The value of this column 2890 corresponds to the cPolicyMappingGroup column of the 2891 cPolicyMappingTable. 2893 For non-X.509 based key material, or when this object does 2894 not apply for the key material, this column will not exist." 2895 ::= { cCertPathCtrlsEntry 4 } 2897 cCertPathCtrlsPolicyFlags OBJECT-TYPE 2898 SYNTAX BITS { inhibitPolicyMapping(0), 2899 requireExplicitPolicy(1), 2900 inhibitAnyPolicy(2) } 2901 MAX-ACCESS read-only 2902 STATUS current 2903 DESCRIPTION 2904 "Optional certificate path policy flags consisting of the 2905 following: inhibitPolicyMapping, requireExplicitPolicy, and 2906 inhibitAnyPolicy. 2908 inhibitPolicyMapping: Indicates if policy mapping is allowed 2909 in the certification path. 2911 requireExplicitPolicy: Indicates if the certification path 2912 must be valid for at least one of the certificate policies 2913 in cCertPathCtrlsCertPolicies. 2915 inhibitAnyPolicy: Indicates whether the special anyPolicy 2916 policy identifier is considered an explicit match for other 2917 certificate policies. 2919 Bit value translation: 2920 1000 = inhibitPolicyMapping 2921 0100 = requireExplicitPolicy 2922 0010 = inhibitAnyPolicy" 2923 ::= { cCertPathCtrlsEntry 5 } 2925 cCertPathCtrlsNamesPermitted OBJECT-TYPE 2926 SYNTAX OCTET STRING 2927 MAX-ACCESS read-only 2928 STATUS current 2929 DESCRIPTION 2930 "Indicates a subtree of names that are permitted for 2931 certificate path validation. The value of this column 2932 corresponds to the cNameConstraintGenSubtree column in the 2933 cNameConstraintTable. 2935 When this object does not apply for the key material, this 2936 column will not exist." 2937 ::= { cCertPathCtrlsEntry 6 } 2939 cCertPathCtrlsNamesExcluded OBJECT-TYPE 2940 SYNTAX OCTET STRING 2941 MAX-ACCESS read-only 2942 STATUS current 2943 DESCRIPTION 2944 "Indicates a subtree of names that are excluded from 2945 certificate path validation, regardless of information 2946 appearing in the cCertPathCtrlsNamesPermitted subtree. The 2947 value of this column corresponds to the 2948 cNameConstraintGenSubtree column in the 2949 cNameConstraintTable. 2951 When this object does not apply for the key material, this 2952 column will not exist." 2953 ::= { cCertPathCtrlsEntry 7 } 2955 cCertPathCtrlsMaxPathLength OBJECT-TYPE 2956 SYNTAX Unsigned32 2957 MAX-ACCESS read-only 2958 STATUS current 2959 DESCRIPTION 2960 "Optional indication of the maximum number of 2961 non-self-issued intermediate certificates that may follow 2962 this certificate in a valid certification path." 2963 ::= { cCertPathCtrlsEntry 8 } 2965 -- ***************************************************************** 2966 -- CC MIB cCertPolicyTable 2967 -- ***************************************************************** 2969 cCertPolicyTableCount OBJECT-TYPE 2970 SYNTAX Unsigned32 2971 MAX-ACCESS read-only 2972 STATUS current 2973 DESCRIPTION 2974 "The number of rows in the cCertPolicyTable." 2975 ::= { cCertPolicyInfo 1 } 2977 cCertPolicyTableLastChanged OBJECT-TYPE 2978 SYNTAX TimeStamp 2979 MAX-ACCESS read-only 2980 STATUS current 2981 DESCRIPTION 2982 "The last time any entry in the table was modified, created, 2983 or deleted by either SNMP, agent, or other management method 2984 (e.g. via an HMI). Managers can use this object to ensure 2985 that no changes to configuration of this table have happened 2986 since the last time it examined the table. A value of 0 2987 indicates that no entry has been changed since the agent 2988 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 2989 should be used to populate this column." 2990 ::= { cCertPolicyInfo 2 } 2992 cCertPolicyTable OBJECT-TYPE 2993 SYNTAX SEQUENCE OF CCertPolicyEntry 2994 MAX-ACCESS not-accessible 2995 STATUS current 2996 DESCRIPTION 2997 "The table containing certificate policy information to be 2998 provided as input to the certificate path validation 2999 algorithm. For an end entity certificate, this information 3000 indicates under which policy this certificate has been 3001 issued and the purposes for which the certificate may be 3002 used. For a Certificate Authority (CA) certificate, this 3003 information limits the set of policies for certification 3004 paths that include this certificate." 3005 ::= { cCertPolicyInfo 3 } 3007 cCertPolicyEntry OBJECT-TYPE 3008 SYNTAX CCertPolicyEntry 3009 MAX-ACCESS not-accessible 3010 STATUS current 3011 DESCRIPTION 3012 "A row containing information about a certificate policy." 3013 INDEX { cCertPolicyInformation, cCertPolicyInformationIndex } 3014 ::= { cCertPolicyTable 1 } 3016 CCertPolicyEntry ::= SEQUENCE { 3017 cCertPolicyInformation OCTET STRING, 3018 cCertPolicyInformationIndex Unsigned32, 3019 cCertPolicyIdentifier OBJECT IDENTIFIER, 3020 cCertPolicyQualifierID INTEGER, 3021 cCertPolicyQualifier OCTET STRING 3022 } 3024 cCertPolicyInformation OBJECT-TYPE 3025 SYNTAX OCTET STRING (SIZE(1..255)) 3026 MAX-ACCESS not-accessible 3027 STATUS current 3028 DESCRIPTION 3029 "Identifies a grouping of policies that are applicable to a 3030 certificate. When used in conjunction with 3031 cCertPolicyInformationIndex, a unique policy and qualifier 3032 set is defined." 3033 ::= { cCertPolicyEntry 1 } 3035 cCertPolicyInformationIndex OBJECT-TYPE 3036 SYNTAX Unsigned32 3037 MAX-ACCESS not-accessible 3038 STATUS current 3039 DESCRIPTION 3040 "A numerical index that is unique for a specific 3041 cCertPolicyInformation value. This index allows multiple 3042 qualifiers to be defined for a particular policy. When used 3043 in conjunction with cCertPolicyInformation, a unique policy 3044 and qualifier set is defined." 3045 ::= { cCertPolicyEntry 2 } 3047 cCertPolicyIdentifier OBJECT-TYPE 3048 SYNTAX OBJECT IDENTIFIER 3049 MAX-ACCESS read-only 3050 STATUS current 3051 DESCRIPTION 3052 "For end entity certificates, this is an identifier for the 3053 policy under which the certificate has been issued. For 3054 Certificate Authority (CA) certificates, this is an 3055 identifier for a certification path policy that includes 3056 this certificate." 3057 ::= { cCertPolicyEntry 3 } 3059 cCertPolicyQualifierID OBJECT-TYPE 3060 SYNTAX INTEGER { cpsPointer(0), userNotice(1) } 3061 MAX-ACCESS read-only 3062 STATUS current 3063 DESCRIPTION 3064 "Indicates the type of qualifier per RFC 5280, 3065 Section 4.2.1.4." 3066 ::= { cCertPolicyEntry 4 } 3068 cCertPolicyQualifier OBJECT-TYPE 3069 SYNTAX OCTET STRING 3070 MAX-ACCESS read-only 3071 STATUS current 3072 DESCRIPTION 3073 "Qualifier information with type based on 3074 cCertPolicyQualifierID." 3075 ::= { cCertPolicyEntry 5 } 3077 -- ***************************************************************** 3078 -- CC MIB cPolicyMappingTable 3079 -- ***************************************************************** 3081 cPolicyMappingTableCount OBJECT-TYPE 3082 SYNTAX Unsigned32 3083 MAX-ACCESS read-only 3084 STATUS current 3085 DESCRIPTION 3086 "The number of rows in the cPolicyMappingTable." 3087 ::= { cPolicyMappingInfo 1 } 3089 cPolicyMappingTableLastChanged OBJECT-TYPE 3090 SYNTAX TimeStamp 3091 MAX-ACCESS read-only 3092 STATUS current 3093 DESCRIPTION 3094 "The last time any entry in the table was modified, created, 3095 or deleted by either SNMP, agent, or other management method 3097 (e.g. via an HMI). Managers can use this object to ensure 3098 that no changes to configuration of this table have happened 3099 since the last time it examined the table. A value of 0 3100 indicates that no entry has been changed since the agent 3101 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 3102 should be used to populate this column." 3103 ::= { cPolicyMappingInfo 2 } 3105 cPolicyMappingTable OBJECT-TYPE 3106 SYNTAX SEQUENCE OF CPolicyMappingEntry 3107 MAX-ACCESS not-accessible 3108 STATUS current 3109 DESCRIPTION 3110 "The table listing mappings between policies that a 3111 certificate issuing Certificate Authority (CA) considers as 3112 equivalent or comparable to the domain policies of the 3113 subject certificate CA." 3114 ::= { cPolicyMappingInfo 3 } 3116 cPolicyMappingEntry OBJECT-TYPE 3117 SYNTAX CPolicyMappingEntry 3118 MAX-ACCESS not-accessible 3119 STATUS current 3120 DESCRIPTION 3121 "A row containing a mapping between the domain policy of an 3122 issuing Certificate Authority (CA) and an equivalent domain 3123 policy of the subject certificate's CA." 3124 INDEX { cPolicyMappingGroup, cPolicyMappingIndex } 3125 ::= { cPolicyMappingTable 1 } 3127 CPolicyMappingEntry ::= SEQUENCE { 3128 cPolicyMappingGroup OCTET STRING, 3129 cPolicyMappingIndex Unsigned32, 3130 cPolicyMappingSubjectPolicy OBJECT IDENTIFIER, 3131 cPolicyMappingIssuerPolicy OBJECT IDENTIFIER 3132 } 3134 cPolicyMappingGroup OBJECT-TYPE 3135 SYNTAX OCTET STRING (SIZE(1..255)) 3136 MAX-ACCESS not-accessible 3137 STATUS current 3138 DESCRIPTION 3139 "Identifies a grouping of policy mappings that are 3140 applicable to a certificate. When used in conjunction with 3141 cPolicyMappingIndex, a unique policy mapping is defined." 3142 ::= { cPolicyMappingEntry 1 } 3144 cPolicyMappingIndex OBJECT-TYPE 3145 SYNTAX Unsigned32 3146 MAX-ACCESS not-accessible 3147 STATUS current 3148 DESCRIPTION 3149 "A numerical index that is unique for a specific 3150 cPolicyMappingGroup value. When used in conjunction with 3151 cPolicyMappingGroup, a unique policy mapping is defined." 3152 ::= { cPolicyMappingEntry 2 } 3154 cPolicyMappingSubjectPolicy OBJECT-TYPE 3155 SYNTAX OBJECT IDENTIFIER 3156 MAX-ACCESS read-only 3157 STATUS current 3158 DESCRIPTION 3159 "Indicates the subject Certificate Authority's domain 3160 policy." 3161 ::= { cPolicyMappingEntry 3 } 3163 cPolicyMappingIssuerPolicy OBJECT-TYPE 3164 SYNTAX OBJECT IDENTIFIER 3165 MAX-ACCESS read-only 3166 STATUS current 3167 DESCRIPTION 3168 "Indicates the issuer domain policy that the issuer 3169 Certificate Authority (CA) considers equivalent to the 3170 subject CA domain policy." 3171 ::= { cPolicyMappingEntry 4 } 3173 -- ***************************************************************** 3174 -- CC MIB cNameConstraintTable 3175 -- ***************************************************************** 3177 cNameConstraintTableCount OBJECT-TYPE 3178 SYNTAX Unsigned32 3179 MAX-ACCESS read-only 3180 STATUS current 3181 DESCRIPTION 3182 "The number of rows in the cNameConstraintTable." 3183 ::= { cNameConstraintInfo 1 } 3185 cNameConstraintTableLastChanged OBJECT-TYPE 3186 SYNTAX TimeStamp 3187 MAX-ACCESS read-only 3188 STATUS current 3189 DESCRIPTION 3190 "The last time any entry in the table was modified, created, 3191 or deleted by either SNMP, agent, or other management method 3192 (e.g. via an HMI). Managers can use this object to ensure 3193 that no changes to configuration of this table have happened 3194 since the last time it examined the table. A value of 0 3195 indicates that no entry has been changed since the agent 3196 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 3197 should be used to populate this column." 3198 ::= { cNameConstraintInfo 2 } 3200 cNameConstraintTable OBJECT-TYPE 3201 SYNTAX SEQUENCE OF CNameConstraintEntry 3202 MAX-ACCESS not-accessible 3203 STATUS current 3204 DESCRIPTION 3205 "The table listing designated name spaces within which 3206 subject names in subsequent certificates in a certification 3207 path can be stored." 3208 ::= { cNameConstraintInfo 3 } 3210 cNameConstraintEntry OBJECT-TYPE 3211 SYNTAX CNameConstraintEntry 3212 MAX-ACCESS not-accessible 3213 STATUS current 3214 DESCRIPTION 3215 "A row designating an entity's distinguished name to a name 3216 space." 3217 INDEX { cNameConstraintGenSubtree, 3218 cNameConstraintSubtreeIndex } 3219 ::= { cNameConstraintTable 1 } 3221 CNameConstraintEntry ::= SEQUENCE { 3222 cNameConstraintGenSubtree OCTET STRING, 3223 cNameConstraintSubtreeIndex Unsigned32, 3224 cNameConstraintBaseName SnmpAdminString 3225 } 3227 cNameConstraintGenSubtree OBJECT-TYPE 3228 SYNTAX OCTET STRING (SIZE(1..255)) 3229 MAX-ACCESS not-accessible 3230 STATUS current 3231 DESCRIPTION 3232 "Identifies a permitted or excluded name constraint subtree. 3233 When used with cNameConstraintSubtreeIndex, a unique subject 3234 name constraint entry is defined." 3235 ::= { cNameConstraintEntry 1 } 3237 cNameConstraintSubtreeIndex OBJECT-TYPE 3238 SYNTAX Unsigned32 3239 MAX-ACCESS not-accessible 3240 STATUS current 3241 DESCRIPTION 3242 "A numerical index used to specify a name constraint within 3243 a permitted or excluded name constraint subtree. When used 3244 with a specific value of cNameConstraintGenSubtree, a unique 3245 subject name constraint entry is defined." 3246 ::= { cNameConstraintEntry 2 } 3248 cNameConstraintBaseName OBJECT-TYPE 3249 SYNTAX SnmpAdminString 3250 MAX-ACCESS read-only 3251 STATUS current 3252 DESCRIPTION 3253 "The distinguished name of the subject that is permitted or 3254 excluded." 3255 ::= { cNameConstraintEntry 3 } 3257 -- ***************************************************************** 3258 -- Module Conformance Information 3259 -- ***************************************************************** 3261 cKeyManagementCompliances OBJECT IDENTIFIER 3262 ::= { cKeyManagementConformance 1} 3263 cKeyManagementGroups OBJECT IDENTIFIER 3264 ::= { cKeyManagementConformance 2} 3266 cKeyManSymKeyCompliance MODULE-COMPLIANCE 3267 STATUS current 3268 DESCRIPTION 3269 "Compliance levels for symmetric key information." 3270 MODULE 3271 MANDATORY-GROUPS { cKeyManSymKeyGroup } 3273 GROUP cKeyManSymKeyNotifyScalars 3274 DESCRIPTION 3275 "This symmetric key notification scalar group is optional 3276 for implementation." 3278 GROUP cKeyManSymKeyNotifyGroup 3279 DESCRIPTION 3280 "This notification group is optional for implementation." 3281 ::= { cKeyManagementCompliances 1 } 3283 cKeyManAsymKeyCompliance MODULE-COMPLIANCE 3284 STATUS current 3285 DESCRIPTION 3286 "Compliance levels for asymmetric key information." 3287 MODULE 3288 MANDATORY-GROUPS { cKeyManAsymKeyGroup } 3290 GROUP cKeyManCertSubAltNameGroup 3291 DESCRIPTION 3292 "Certificate Subject Alternative Name group is optional for 3293 implementation." 3295 GROUP cKeyManCertPathCtrlsGroup 3296 DESCRIPTION 3297 "Certificate Path Controls group is optional for 3298 implementation." 3300 GROUP cKeyManCertPolicyGroup 3301 DESCRIPTION 3302 "Certificate Policy group is optional for implementation." 3304 GROUP cKeyManPolicyMappingGroup 3305 DESCRIPTION 3306 "Policy Mapping group is optional for implementation." 3308 GROUP cKeyManNameConstraintGroup 3309 DESCRIPTION 3310 "Name Constraint group is optional for implementation." 3312 GROUP cKeyManTrustAnchorGroup 3313 DESCRIPTION 3314 "Trust Anchor group is optional for implementation." 3316 GROUP cKeyManAsymKeyNotifyScalars 3317 DESCRIPTION 3318 "This asymmetric key notification scalar group is optional 3319 for implementation." 3321 GROUP cKeyManAsymKeyNotifyGroup 3322 DESCRIPTION 3323 "This notification group is optional for implementation." 3325 GROUP cKeyManTrustAnchorNotifyGroup 3326 DESCRIPTION 3327 "This notification group is optional for implementation." 3329 OBJECT cCertPathCtrlsCertificate 3330 MIN-ACCESS not-accessible 3331 DESCRIPTION 3332 "Implementation of this object is optional." 3334 OBJECT cCertPathCtrlsPolicyFlags 3335 MIN-ACCESS not-accessible 3336 DESCRIPTION 3337 "Implementation of this object is optional." 3339 OBJECT cCertPathCtrlsMaxPathLength 3340 MIN-ACCESS not-accessible 3341 DESCRIPTION 3342 "Implementation of this object is optional." 3343 ::= { cKeyManagementCompliances 2 } 3345 cKeyManTrustAnchorCompliance MODULE-COMPLIANCE 3346 STATUS current 3347 DESCRIPTION 3348 "Compliance levels for trust anchor information." 3349 MODULE 3350 MANDATORY-GROUPS { cKeyManTrustAnchorGroup } 3352 GROUP cKeyManCertPathCtrlsGroup 3353 DESCRIPTION 3354 "Certificate Path Controls group is optional for 3355 implementation." 3357 GROUP cKeyManCertPolicyGroup 3358 DESCRIPTION 3359 "Certificate Policy group is optional for implementation." 3361 GROUP cKeyManPolicyMappingGroup 3362 DESCRIPTION 3363 "Policy Mapping group is optional for implementation." 3365 GROUP cKeyManNameConstraintGroup 3366 DESCRIPTION 3367 "Name Constraint group is optional for implementation." 3369 GROUP cKeyManTrustAnchorNotifyGroup 3370 DESCRIPTION 3371 "This notification group is optional for implementation." 3373 OBJECT cCertPathCtrlsCertificate 3374 MIN-ACCESS not-accessible 3375 DESCRIPTION 3376 "Implementation of this object is optional." 3378 OBJECT cCertPathCtrlsPolicyFlags 3379 MIN-ACCESS not-accessible 3380 DESCRIPTION 3381 "Implementation of this object is optional." 3383 OBJECT cCertPathCtrlsMaxPathLength 3384 MIN-ACCESS not-accessible 3385 DESCRIPTION 3386 "Implementation of this object is optional." 3387 ::= { cKeyManagementCompliances 3 } 3389 cKeyManCKLCompliance MODULE-COMPLIANCE 3390 STATUS current 3391 DESCRIPTION 3392 "Compliance levels for CKL information." 3393 MODULE 3394 MANDATORY-GROUPS { cKeyManCKLGroup } 3396 GROUP cKeyManCKLNotifyGroup 3397 DESCRIPTION 3398 "This notification group is optional for implementation." 3399 ::= { cKeyManagementCompliances 4 } 3401 cKeyManCDMStoreCompliance MODULE-COMPLIANCE 3402 STATUS current 3403 DESCRIPTION 3404 "Compliance levels for CDM Store information." 3405 MODULE 3406 MANDATORY-GROUPS { cKeyManCDMStoreGroup } 3408 GROUP cKeyManCDMStoreNotifyGroup 3409 DESCRIPTION 3410 "This notification group is optional for implementation." 3411 ::= { cKeyManagementCompliances 5 } 3413 cKeyManSymKeyGroup OBJECT-GROUP 3414 OBJECTS { 3415 cZeroizeAllKeys, 3416 cZeroizeSymmetricKeyTable, 3417 cSymmetricKeyTableCount, 3418 cSymmetricKeyTableLastChanged, 3419 cSymKeyUsage, 3420 cSymKeyID, 3421 cSymKeyIssuer, 3422 cSymKeyEffectiveDate, 3423 cSymKeyExpirationDate, 3424 cSymKeyExpiryWarning, 3425 cSymKeyNumberOfTransactions, 3426 cSymKeyFriendlyName, 3427 cSymKeyClassification, 3428 cSymKeySource, 3429 cSymKeyRowStatus 3430 } 3431 STATUS current 3432 DESCRIPTION 3433 "This group is composed of objects related to symmetric key 3434 information." 3435 ::= { cKeyManagementGroups 1 } 3437 cKeyManAsymKeyGroup OBJECT-GROUP 3438 OBJECTS { 3439 cZeroizeAllKeys, 3440 cZeroizeAsymKeyTable, 3441 cAsymKeyTableCount, 3442 cAsymKeyTableLastChanged, 3443 cAsymKeyFingerprint, 3444 cAsymKeyFriendlyName, 3445 cAsymKeySerialNumber, 3446 cAsymKeyIssuer, 3447 cAsymKeySignatureAlgorithm, 3448 cAsymKeyPublicKeyAlgorithm, 3449 cAsymKeyEffectiveDate, 3450 cAsymKeyExpirationDate, 3451 cAsymKeyExpiryWarning, 3452 cAsymKeySubject, 3453 cAsymKeySubjectType, 3454 cAsymKeyUsage, 3455 cAsymKeyClassification, 3456 cAsymKeySource, 3457 cAsymKeyRowStatus, 3458 cAsymKeyVersion, 3459 cAsymKeyRekey, 3460 cAsymKeyType 3462 } 3463 STATUS current 3464 DESCRIPTION 3465 "This group is composed of objects related to asymmetric key 3466 information." 3467 ::= { cKeyManagementGroups 2 } 3469 cKeyManCertSubAltNameGroup OBJECT-GROUP 3470 OBJECTS { 3471 cAsymKeySubjectAltName, 3472 cCertSubAltNameTableCount, 3473 cCertSubAltNameTableLastChanged, 3474 cCertSubAltNameType, 3475 cCertSubAltNameValue1, 3476 cCertSubAltNameValue2, 3477 cCertSubAltNameRowStatus 3478 } 3479 STATUS current 3480 DESCRIPTION 3481 "This group is composed of objects related to certificate 3482 subject alternative name information." 3483 ::= { cKeyManagementGroups 3 } 3485 cKeyManCertPathCtrlsGroup OBJECT-GROUP 3486 OBJECTS { 3487 cCertPathCtrlsTableCount, 3488 cCertPathCtrlsTableLastChanged, 3489 cCertPathCtrlsCertificate, 3490 cCertPathCtrlsPolicyFlags, 3491 cCertPathCtrlsMaxPathLength 3492 } 3493 STATUS current 3494 DESCRIPTION 3495 "This group is composed of objects related to certificate 3496 path controls information." 3497 ::= { cKeyManagementGroups 4 } 3499 cKeyManCertPolicyGroup OBJECT-GROUP 3500 OBJECTS { 3501 cCertPathCtrlsCertPolicies, 3502 cCertPolicyTableCount, 3503 cCertPolicyTableLastChanged, 3504 cCertPolicyIdentifier, 3505 cCertPolicyQualifierID, 3506 cCertPolicyQualifier 3507 } 3508 STATUS current 3509 DESCRIPTION 3510 "This group is composed of objects related to certificate 3511 policy information." 3512 ::= { cKeyManagementGroups 5 } 3514 cKeyManPolicyMappingGroup OBJECT-GROUP 3515 OBJECTS { 3516 cCertPathCtrlsPolicyMappings, 3517 cPolicyMappingTableCount, 3518 cPolicyMappingTableLastChanged, 3519 cPolicyMappingSubjectPolicy, 3520 cPolicyMappingIssuerPolicy 3521 } 3522 STATUS current 3523 DESCRIPTION 3524 "This group is composed of objects related to policy mapping 3525 information." 3526 ::= { cKeyManagementGroups 6 } 3528 cKeyManNameConstraintGroup OBJECT-GROUP 3529 OBJECTS { 3530 cCertPathCtrlsNamesPermitted, 3531 cCertPathCtrlsNamesExcluded, 3532 cNameConstraintTableCount, 3533 cNameConstraintTableLastChanged, 3534 cNameConstraintBaseName 3535 } 3536 STATUS current 3537 DESCRIPTION 3538 "This group is composed of objects related to name 3539 constraint information." 3540 ::= { cKeyManagementGroups 7 } 3542 cKeyManTrustAnchorGroup OBJECT-GROUP 3543 OBJECTS { 3544 cZeroizeAllKeys, 3545 cZeroizeTrustAnchorTable, 3546 cTrustAnchorTableCount, 3547 cTrustAnchorTableLastChanged, 3548 cTrustAnchorFingerprint, 3549 cTrustAnchorFormatType, 3550 cTrustAnchorName, 3551 cTrustAnchorUsageType, 3552 cTrustAnchorKeyIdentifier, 3553 cTrustAnchorPublicKeyAlgorithm, 3554 cTrustAnchorContingencyAvail, 3555 cTrustAnchorRowStatus 3556 } 3557 STATUS current 3558 DESCRIPTION 3559 "This group is composed of objects related to trust anchor 3560 information." 3561 ::= { cKeyManagementGroups 8 } 3563 cKeyManCKLGroup OBJECT-GROUP 3564 OBJECTS { 3565 cCKLTableCount, 3566 cCKLLastChanged, 3567 cCKLIndex, 3568 cCKLIssuer, 3569 cCKLSerialNumber, 3570 cCKLIssueDate, 3571 cCKLNextUpdate, 3572 cCKLRowStatus, 3573 cCKLVersion, 3574 cCKLLastUpdate 3575 } 3576 STATUS current 3577 DESCRIPTION 3578 "This group is composed of objects related to compromised 3579 key list information." 3580 ::= { cKeyManagementGroups 9 } 3582 cKeyManCDMStoreGroup OBJECT-GROUP 3583 OBJECTS { 3584 cZeroizeAllKeys, 3585 cZeroizeCDMStoreTable, 3586 cCDMStoreTableCount, 3587 cCDMStoreTableLastChanged, 3588 cCDMStoreIndex, 3589 cCDMStoreType, 3590 cCDMStoreSource, 3591 cCDMStoreID, 3592 cCDMStoreFriendlyName, 3593 cCDMStoreControl, 3594 cCDMStoreRowStatus 3595 } 3596 STATUS current 3597 DESCRIPTION 3598 "This group is composed of objects related to Crypto 3599 Device Material store information." 3600 ::= { cKeyManagementGroups 10 } 3602 cKeyManSymKeyNotifyScalars OBJECT-GROUP 3603 OBJECTS { 3604 cKeyMaterialTableOID, 3605 cKeyMaterialFingerprint, 3606 cSymKeyGlobalExpiryWarning 3607 } 3608 STATUS current 3609 DESCRIPTION 3610 "This group is composed of objects related to symmetric key 3611 notifications." 3612 ::= { cKeyManagementGroups 11 } 3614 cKeyManAsymKeyNotifyScalars OBJECT-GROUP 3615 OBJECTS { 3616 cKeyMaterialTableOID, 3617 cKeyMaterialFingerprint, 3618 cAsymKeyGlobalExpiryWarning 3619 } 3620 STATUS current 3621 DESCRIPTION 3622 "This group is composed of objects related to asymmetric key 3623 notifications." 3624 ::= { cKeyManagementGroups 12 } 3626 cKeyManSymKeyNotifyGroup NOTIFICATION-GROUP 3627 NOTIFICATIONS { 3628 cKeyMaterialLoadSuccess, 3629 cKeyMaterialLoadFail, 3630 cKeyMaterialExpiring, 3631 cKeyMaterialExpired, 3632 cKeyMaterialExpirationChanged, 3633 cKeyMaterialZeroized 3634 } 3635 STATUS current 3636 DESCRIPTION 3637 "This group is composed of notifications related to 3638 symmetric key information." 3639 ::= { cKeyManagementGroups 13 } 3641 cKeyManAsymKeyNotifyGroup NOTIFICATION-GROUP 3642 NOTIFICATIONS { 3643 cKeyMaterialLoadSuccess, 3644 cKeyMaterialLoadFail, 3645 cKeyMaterialExpiring, 3646 cKeyMaterialExpired, 3647 cKeyMaterialExpirationChanged, 3648 cKeyMaterialZeroized 3649 } 3650 STATUS current 3651 DESCRIPTION 3652 "This group is composed of notifications related to 3653 asymmetric key information." 3655 ::= { cKeyManagementGroups 14 } 3657 cKeyManTrustAnchorNotifyGroup NOTIFICATION-GROUP 3658 NOTIFICATIONS { 3659 cTrustAnchorAdded, 3660 cTrustAnchorUpdated, 3661 cTrustAnchorRemoved 3662 } 3663 STATUS current 3664 DESCRIPTION 3665 "This group is composed of notifications related to trust 3666 anchor information." 3667 ::= { cKeyManagementGroups 15 } 3669 cKeyManCKLNotifyGroup NOTIFICATION-GROUP 3670 NOTIFICATIONS { 3671 cCKLLoadSuccess, 3672 cCKLLoadFail 3673 } 3674 STATUS current 3675 DESCRIPTION 3676 "This group is composed of notifications related to 3677 compromised key list information." 3678 ::= { cKeyManagementGroups 16 } 3680 cKeyManCDMStoreNotifyGroup NOTIFICATION-GROUP 3681 NOTIFICATIONS { 3682 cCDMAdded, 3683 cCDMDeleted 3684 } 3685 STATUS current 3686 DESCRIPTION 3687 "This group is composed of notifications related to Crypto 3688 Device Material store information." 3689 ::= { cKeyManagementGroups 17 } 3691 END 3693 5.6. Key Transfer Pull 3695 This MIB module makes reference to the following documents: 3696 [RFC2578], [RFC2579], [RFC2580], and [RFC3411]. 3698 CC-KEY-TRANSFER-PULL-MIB DEFINITIONS ::= BEGIN 3700 IMPORTS 3701 ccKeyTransferPull 3702 FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} 3704 MODULE-COMPLIANCE, OBJECT-GROUP, 3705 NOTIFICATION-GROUP 3706 FROM SNMPv2-CONF -- FROM RFC 2580 3707 OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, 3708 MODULE-IDENTITY 3709 FROM SNMPv2-SMI -- FROM RFC 2578 3710 SnmpAdminString 3711 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411 3712 RowStatus, TimeStamp 3713 FROM SNMPv2-TC; -- FROM RFC 2579 3715 ccKeyTransferPullMIB MODULE-IDENTITY 3716 LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 3717 ORGANIZATION "IETF" 3718 CONTACT-INFO 3719 "Shadi Azoum 3720 US Navy 3721 email: shadi.azoum@navy.mil 3723 Elliott Jones 3724 US Navy 3725 elliott.jones@navy.mil 3727 Lily Sun 3728 US Navy 3729 lily.sun@navy.mil 3731 Mike Irani 3732 NKI Engineering 3733 irani@nkiengineering.com 3735 Jeffrey Sun 3736 NKI Engineering 3737 sunjeff@nkiengineering.com 3739 Ray Purvis 3740 MITRE 3741 Email:rpurvis@mitre.org 3743 Sean Turner 3744 sn3rd 3745 Email:sean@sn3rd.com" 3746 DESCRIPTION 3747 "This MIB defines the CC MIB Key Transfer Pull objects. 3749 Copyright (c) 2017 IETF Trust and the persons 3750 identified as authors of the code. All rights reserved. 3752 Redistribution and use in source and binary forms, with 3753 or without modification, is permitted pursuant to, and 3754 subject to the license terms contained in, the Simplified 3755 BSD License set forth in Section 4.c of the IETF Trust's 3756 Legal Provisions Relating to IETF Documents 3757 (http://trustee.ietf.org/license-info). 3759 This version of this MIB module is part of RFC xxxx; 3760 see the RFC itself for full legal notices." 3761 -- RFC Ed.: RFC-editor please fill in xxxx. 3762 REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 3763 DESCRIPTION "Initial Version. Published as RFC xxxx." 3764 -- RFC Ed.: RFC-editor please fill in xxxx. 3765 ::= { 1 } 3767 -- ***************************************************************** 3768 -- Key Transfer Pull Information Segments 3769 -- ***************************************************************** 3771 cKeyTransferPullConformance OBJECT IDENTIFIER 3772 ::= { ccKeyTransferPullMIB 1 } 3773 cKeyTransferPullScalars OBJECT IDENTIFIER 3774 ::= { ccKeyTransferPullMIB 2 } 3775 cKeyTransferPullNotify OBJECT IDENTIFIER 3776 ::= { ccKeyTransferPullMIB 3 } 3777 cSOMSServerInfo OBJECT IDENTIFIER 3778 ::= { ccKeyTransferPullMIB 4 } 3779 cCDMDeliveryInfo OBJECT IDENTIFIER 3780 ::= { ccKeyTransferPullMIB 5 } 3782 -- ***************************************************************** 3783 -- Key Transfer Pull Scalars 3784 -- ***************************************************************** 3786 cSOMSServerRetryDelay OBJECT-TYPE 3787 SYNTAX Unsigned32 3788 MAX-ACCESS read-write 3789 STATUS current 3790 DESCRIPTION 3791 "The amount of time to wait after a download attempt to the 3792 Secure Object Management System (SOMS) server fails before 3793 attempting to retry the operation. Note, this scalar applies 3794 to the download of any type of item from the SOMS server 3795 (e.g. CDMs, PALs)." 3796 ::= { cKeyTransferPullScalars 1 } 3798 cSOMSServerRetryMaxAttempts OBJECT-TYPE 3799 SYNTAX Unsigned32 3800 MAX-ACCESS read-write 3801 STATUS current 3802 DESCRIPTION 3803 "The amount of retries attempted before the download attempt 3804 to the Secure Object Management System (SOMS) server is 3805 considered a failure. Note, this scalar applies to the 3806 download of any type of item from the SOMS server (e.g. 3807 CDMs, PALs)." 3808 ::= { cKeyTransferPullScalars 2 } 3810 cCDMPullRetrievalPriorities OBJECT-TYPE 3811 SYNTAX Unsigned32 3812 MAX-ACCESS read-write 3813 STATUS current 3814 DESCRIPTION 3815 "An indication of which cryptographic device materials 3816 (CDMs) to retrieve based on this value and a configured 3817 cCDMDeliveryPriority in a cCDMDeliveryTable entry. This 3818 value identifies an upper bound. A value of '5' for example, 3819 implies that only cCDMDeliveryTable entries with a 3820 cCDMDeliveryPriority value of '5' or less can be acted upon 3821 (i.e. retrieved). 3823 Different types of ECUs may have different values for this 3824 scalar. Bandwidth-limited ECUs, for example, may configure 3825 lower values for only retrieving high-priority CDMs. 3827 A value of 0, also a default value for this scalar, 3828 indicates that all cCDMDeliveryTable entries can be acted 3829 upon regardless of the configured cCDMDeliveryPriority 3830 value." 3831 DEFVAL {0} 3832 ::= { cKeyTransferPullScalars 3 } 3834 cPALDeliveryRequest OBJECT-TYPE 3835 SYNTAX INTEGER { readyForDownload(1), downloadAndParse(2), 3836 discard(3) } 3837 MAX-ACCESS read-write 3838 STATUS current 3839 DESCRIPTION 3840 "This scalar controls the server's PAL download process - 3841 server information is stored in the cSOMSServerTable. When 3842 read, it will return 'readyForDownload' if the last action 3843 succeeded. If the last action is in progress or failed, it 3844 will return the last requested action. 3846 The values which may be set depend on the current value of 3847 this object and the cPALDeliveryStatus object. 3849 In order to initiate a new download, this object must 3850 contain the value 'readyForDownload', and the 3851 cPALDeliveryStatus must contain the value 'complete'. At 3852 which point, setting this object to to 'downloadAndParse' 3853 initiates the PAL download process. Note, the 3854 cPALDeliveryStatus should transition to 'inProgress' at 3855 the device begins the PAL download process from the 3856 server(s) and URI(s) listed in the cSOMSServerTable (as 3857 ordered by the cSOMSServerPriority index). 3859 If the PAL download fails, the next highest priority URI 3860 will be tried, and so on. 3862 While a PAL download is in progress, or if the PAL 3863 download fails for all possible servers and URIs (indicated 3864 by a cPALDeliveryStatus value of 'downloadFailed'), this 3865 object will return an inconsistentValue error for any new 3866 value except 'discard' (which will cancel the current 3867 download). 3869 If the PAL download succeeded, the cPALDeliveryStatus value 3870 remains inProgress and the device attempts to parse the 3871 download immediately. During the parsing of the PAL, all 3872 new values will return inconsistentValue error (i.e. the 3873 parse process can not be aborted). If the parse fails, the 3874 cPALDeliveryStatus will transition to 'parseFailed', and 3875 this object must be set to 'discard' before a new PAL 3876 download is attempted." 3877 ::= { cKeyTransferPullScalars 4 } 3879 cPALDeliveryStatus OBJECT-TYPE 3880 SYNTAX INTEGER { complete(1), inProgress(2), 3881 downloadFailed(3), 3882 parseFailed(4) } 3883 MAX-ACCESS read-only 3884 STATUS current 3885 DESCRIPTION 3886 "This indicates the current state of a PAL download. 3888 'complete' indicates that the last requested 3889 cPALDeliveryRequest action was successful. 3891 'inProgress' indicates that a PAL download or PAL parse is 3892 underway. 3894 'downloadFailed' indicates that the last attempted PAL 3895 download failed. 3897 'parseFailed' indicates that the last attempted PAL parse 3898 failed. 3900 The relationship between this object and 3901 cPALDeliveryRequest is detailed in the following table. The 3902 table indicates values of cPALDeliveryRequest that are 3903 allowed depending on the current value of this object. 3905 cPALDeliveryRequest! cPALDeliveryStatus 3906 --------------------+-----------+----------+--------------+------------ 3907 ! ! complete !inProgress!downloadFailed!parseFailed! 3908 --------------------+-----------+----------+--------------+------------ 3909 ! readyForDownload ! allowed ! error ! error ! error ! 3910 --------------------+-----------+----------+--------------+------------ 3911 ! downloadAndParse ! allowed ! error ! error ! error ! 3912 --------------------+-----------+----------+--------------+------------ 3913 ! discard ! error ! allowed ! allowed ! allowed ! 3914 --------------------+-----------+----------+--------------+------------ 3916 As described cPALDeliveryRequest description, an 3917 inconsistentValue error is returned." 3918 DEFVAL {complete} 3919 ::= { cKeyTransferPullScalars 5 } 3921 -- ***************************************************************** 3922 -- Key Transfer Pull Notifications 3923 -- ***************************************************************** 3925 cPALPullReceiveSuccess NOTIFICATION-TYPE 3926 OBJECTS { cSOMSServerURI } 3927 STATUS current 3928 DESCRIPTION 3929 "An attempt to receive a Product Availablity List (PAL) has 3930 succeeded. The Secure Object Management System (SOMS) server 3931 URI is provided with this notification." 3932 ::= { cKeyTransferPullNotify 1 } 3934 cPALPullReceiveFailed NOTIFICATION-TYPE 3935 OBJECTS { 3936 cSOMSServerURI, 3937 cPALDeliveryStatus 3938 } 3939 STATUS current 3940 DESCRIPTION 3941 "An attempt to receive a Product Availability List (PAL) 3942 has failed. The Secure Object Management System (SOMS) 3943 server URI and PAL Delivery Status are provided with this 3944 notification. Note, the expected values for the PAL 3945 Delivery Status are: 'downloadFailed' and 'parseFailed'." 3946 ::= { cKeyTransferPullNotify 2 } 3948 cCDMPullReceiveSuccess NOTIFICATION-TYPE 3949 OBJECTS { 3950 cCDMType, 3951 cCDMURI 3952 } 3953 STATUS current 3954 DESCRIPTION 3956 "An attempt to receive a cryptographic device material (CDM) 3957 has succeeded. The CDM Type and CDM URI are provided with 3958 this notification." 3959 ::= { cKeyTransferPullNotify 3 } 3961 cCDMPullReceiveFailed NOTIFICATION-TYPE 3962 OBJECTS { 3963 cCDMType, 3964 cCDMURI 3965 } 3966 STATUS current 3967 DESCRIPTION 3968 "An attempt to receive a cryptographic device material (CDM) 3969 has failed. The CDM Type and CDM URI are provided with this 3970 notification." 3971 ::= { cKeyTransferPullNotify 4 } 3973 -- ***************************************************************** 3974 -- CC MIB cSOMSServerTable 3975 -- ***************************************************************** 3977 cSOMSServerTableCount OBJECT-TYPE 3978 SYNTAX Unsigned32 3979 MAX-ACCESS read-only 3980 STATUS current 3981 DESCRIPTION 3982 "The number of rows in the cSOMSServerTable" 3983 ::= { cSOMSServerInfo 1 } 3985 cSOMSServerTableLastChanged OBJECT-TYPE 3986 SYNTAX TimeStamp 3987 MAX-ACCESS read-only 3988 STATUS current 3989 DESCRIPTION 3990 "The last time any entry in the table was modified, created, 3991 or deleted by either SNMP, agent, or other management method 3992 (e.g. via an HMI). Managers can use this object to ensure 3993 that no changes to configuration of this table have happened 3994 since the last time it examined the table. A value of 0 3995 indicates that no entry has been changed since the agent 3996 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 3997 should be used to populate this column." 3998 ::= { cSOMSServerInfo 2 } 4000 cSOMSServerTable OBJECT-TYPE 4001 SYNTAX SEQUENCE OF CSOMSServerEntry 4002 MAX-ACCESS not-accessible 4003 STATUS current 4004 DESCRIPTION 4005 "The table containing a list of servers that will be queried 4006 for available cryptographic device materials (CDMs), such as 4007 keys and firmware packages. This table is also used to 4008 obtain the Product Avaialability List (PAL), which is a list 4009 detailing available CDMs and their associated location for 4010 obtainment." 4011 ::= { cSOMSServerInfo 3 } 4013 cSOMSServerEntry OBJECT-TYPE 4014 SYNTAX CSOMSServerEntry 4015 MAX-ACCESS not-accessible 4016 STATUS current 4017 DESCRIPTION 4018 "A row containing information about a server that has 4019 available PALs/CDMs for download." 4020 INDEX { cSOMSServerPriority } 4021 ::= { cSOMSServerTable 1 } 4023 CSOMSServerEntry ::= SEQUENCE { 4024 cSOMSServerPriority Unsigned32, 4025 cSOMSServerURI OCTET STRING, 4026 cSOMSServerAdditionalInfo SnmpAdminString, 4027 cSOMSServerRowStatus RowStatus 4028 } 4030 cSOMSServerPriority OBJECT-TYPE 4031 SYNTAX Unsigned32 4032 MAX-ACCESS not-accessible 4033 STATUS current 4034 DESCRIPTION 4035 "A unique numeric index that identifies a server that has 4036 available PALs/CDMs for download. This index also provides 4037 server prioritization functionality - lower values have a 4039 higher priority. For example, the server with the lowest 4040 value will be the first server for PAL/CDM downloads. In 4041 the event of failure, the next lowest value server will be 4042 tried, and so on. 4044 This column is the sole index to the cSOMSServerTable." 4045 ::= { cSOMSServerEntry 1 } 4047 cSOMSServerURI OBJECT-TYPE 4048 SYNTAX OCTET STRING (SIZE(1..255)) 4049 MAX-ACCESS read-create 4050 STATUS current 4051 DESCRIPTION 4052 "The location of the server that has available PALs/CDMs 4053 for download. The value in this column is represented as a 4054 URI. 4056 Note, download of a PAL will typically result in the 4057 population of new CDM entries in the cCDMDeliveryTable." 4058 ::= { cSOMSServerEntry 2 } 4060 cSOMSServerAdditionalInfo OBJECT-TYPE 4061 SYNTAX SnmpAdminString 4062 MAX-ACCESS read-create 4063 STATUS current 4064 DESCRIPTION 4065 "Additional information about the SOMS server. This 4066 information is manually configured by the manager both at or 4067 after row creation." 4068 ::= { cSOMSServerEntry 3 } 4070 cSOMSServerRowStatus OBJECT-TYPE 4071 SYNTAX RowStatus 4072 MAX-ACCESS read-create 4073 STATUS current 4074 DESCRIPTION 4075 "The status of the row, by which new entries may be created 4076 or old entries deleted from this table. 4078 Entries created within this table may not become active 4079 unless all read-create columns in this column have valid 4080 values, as detailed by each individual column's description. 4082 At a minimum, implementations must support createAndGo, 4083 active, and destroy management functions. Support for 4084 createAndWait, notInService, and notReady management 4085 functions is optional." 4086 ::= { cSOMSServerEntry 4 } 4088 -- ***************************************************************** 4089 -- CC MIB cCDMDeliveryTable 4090 -- ***************************************************************** 4092 cCDMDeliveryTableCount OBJECT-TYPE 4093 SYNTAX Unsigned32 4094 MAX-ACCESS read-only 4095 STATUS current 4096 DESCRIPTION 4097 "The number of rows in the cCDMDeliveryTable" 4098 ::= { cCDMDeliveryInfo 1 } 4100 cCDMDeliveryTableLastChanged OBJECT-TYPE 4101 SYNTAX TimeStamp 4102 MAX-ACCESS read-only 4103 STATUS current 4104 DESCRIPTION 4105 "The last time any entry in the table was modified, created, 4106 or deleted by either SNMP, agent, or other management method 4107 (e.g. via an HMI). Managers can use this object to ensure 4108 that no changes to configuration of this table have happened 4109 since the last time it examined the table. A value of 0 4110 indicates that no entry has been changed since the agent 4111 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 4112 should be used to populate this column." 4113 ::= { cCDMDeliveryInfo 2 } 4115 cCDMDeliveryTable OBJECT-TYPE 4116 SYNTAX SEQUENCE OF CCDMDeliveryEntry 4117 MAX-ACCESS not-accessible 4118 STATUS current 4119 DESCRIPTION 4120 "The table storing information about cryptographic device 4121 materials (CDMs) that are ready/available for retrieval. 4122 Entries in this table are typically automatically configured 4123 by the device after a server query. Entries can also be 4124 manually configured by a manager if the location of the CDM 4125 is predetermined." 4126 ::= { cCDMDeliveryInfo 3 } 4128 cCDMDeliveryEntry OBJECT-TYPE 4129 SYNTAX CCDMDeliveryEntry 4130 MAX-ACCESS not-accessible 4131 STATUS current 4132 DESCRIPTION 4133 "A row containing information about a specific cryptographic 4134 device material (CDM) available for download." 4135 INDEX { cCDMType, cCDMURI } 4136 ::= { cCDMDeliveryTable 1 } 4138 CCDMDeliveryEntry ::= SEQUENCE { 4139 cCDMType INTEGER, 4140 cCDMURI OCTET STRING, 4141 cCDMPackageSize Unsigned32, 4142 cCDMAdditionalInfo SnmpAdminString, 4143 cCDMLastDownloadDate OCTET STRING, 4144 cCDMDeliveryPriority Unsigned32, 4145 cCDMDeliveryRequest INTEGER, 4146 cCDMDeliveryStatus INTEGER, 4147 cCDMDeliveryRowStatus RowStatus 4148 } 4150 cCDMType OBJECT-TYPE 4151 SYNTAX INTEGER { notification(1), symmetricKey(2), 4152 asymmetricKey(3), certificate(4), 4153 cklOrCrl(5), firmware(6) } 4154 MAX-ACCESS read-only 4155 STATUS current 4156 DESCRIPTION 4157 "The type of the cryptographic device material (CDM) that 4158 can be retrieved from a CDM server: 4160 [notification] = CDM is a notification providing 4161 status/information for a particular 4162 (other) CDM 4163 [symmetricKey] = CDM is a symmetric key 4164 [asymmetricKey] = CDM is a non-certificate asymmetric key 4165 [certificate] = CDM is a certificate 4166 [cklOrCrl] = CDM is a compromised key list or 4167 certificate revocation list 4168 [firmware] = CDM is a firmware package." 4169 ::= { cCDMDeliveryEntry 1 } 4171 cCDMURI OBJECT-TYPE 4172 SYNTAX OCTET STRING (SIZE(1..255)) 4173 MAX-ACCESS read-only 4174 STATUS current 4175 DESCRIPTION 4176 "The location of the cryptographic device material (CDM), 4177 represented in a URI format. Because of its type, the 4178 associated URI of the CDM Server can easily be derived. 4180 This column is typically populated by an agent upon querying 4181 a SOMS Server (e.g. downloading and parsing a Product 4182 Availability List (PAL) from a SOMS Server (entry in the 4183 cSOMSServerTable)). However, a manager can also configure an 4184 entry in this table with predetermined knowledge of the CDM 4185 location." 4186 ::= { cCDMDeliveryEntry 2 } 4188 cCDMPackageSize OBJECT-TYPE 4189 SYNTAX Unsigned32 4190 UNITS "bytes" 4191 MAX-ACCESS read-only 4192 STATUS current 4193 DESCRIPTION 4194 "The package size, in bytes, of the cryptographic device 4195 material (CDM). This information is retrieved from a 4196 Product Availability List (PAL) or a server's product 4197 availability response following a query. This column 4198 does not apply to notifications found in PALs." 4199 ::= { cCDMDeliveryEntry 3 } 4201 cCDMAdditionalInfo OBJECT-TYPE 4202 SYNTAX SnmpAdminString 4203 MAX-ACCESS read-create 4204 STATUS current 4205 DESCRIPTION 4206 "Additional information about the cryptographic device 4207 material (CDM). This information can be retrieved from the 4208 downloaded Product Availability List (PAL) or manually 4209 configured by the manager both at or after row creation." 4210 ::= { cCDMDeliveryEntry 4 } 4212 cCDMLastDownloadDate OBJECT-TYPE 4213 SYNTAX OCTET STRING (SIZE(14)) 4214 MAX-ACCESS read-only 4215 STATUS current 4216 DESCRIPTION 4217 "This is a 14 character field that will be populated with 4218 the following values depending on the state of the download 4219 and the CDM type. 4220 1. The date and time (expressed as Generalized Time) when 4221 the device last successfully downloaded the CDM from the 4222 CDM Server. The format follows: 'yyyymmddhhmmss' where 4223 'yyyy' - year 4224 'mm' - month (first 'mm's from left to right) 4225 'dd' - day 4226 'hh' - hour 4227 'mm' - minutes (second 'mm's from left to right) 4228 'ss' - seconds 4230 2. All zero characters for the following cases. 4231 a. No indication that device has successfully downloaded 4232 the CDM. 4233 b. The cCDMType is a notification." 4234 ::= { cCDMDeliveryEntry 5 } 4236 cCDMDeliveryPriority OBJECT-TYPE 4237 SYNTAX Unsigned32 4238 MAX-ACCESS read-create 4239 STATUS current 4240 DESCRIPTION 4241 "A configurable priority value on the cryptographic device 4242 material (CDM). This column is a means to allow certain key 4243 products to be downloaded before others. Lower values have a 4244 higher priority (e.g. a value of 1 will be processed before 4245 a value of 2)." 4246 ::= { cCDMDeliveryEntry 6 } 4248 cCDMDeliveryRequest OBJECT-TYPE 4249 SYNTAX INTEGER { downloadAndInstall(1), downloadAndStore(2), 4250 discard(3) } 4251 MAX-ACCESS read-create 4252 STATUS current 4253 DESCRIPTION 4254 "This object signals the local device to perform actions on 4255 the available cryptographic device materials (CDMs) from a 4256 CDM server. The following types of actions are supported: 4258 [downloadAndInstall] = Initiates a download of a CDM. After 4259 a successful download, the CDM will be installed for local 4260 consumption and an entry is to be configured in the 4261 appropriate MIB table based on cCDMType: 4263 cCDMType | MIB Table Destination 4264 ------------------------------------- 4265 (1) notification | N/A 4266 (2) symmetricKey | cSymmetricKeyTable 4267 (3) asymmetricKey | cAsymKeyTable 4268 (4) certificate | cAsymKeyTable 4269 (5) cklOrCrl | cCKLTable 4270 (6) firmware | cFirmwareInformationTable 4272 [downloadAndStore] = Initiates a download of the CDM. After 4273 a successful download, an entry is created in the 4274 cCDMStoreTable to store the CDM. 4276 [discard] = Stops the current CDM delivery request and 4277 discards the CDM if potentially downloaded; this reverts the 4278 current value of the cCDMDeliveryStatus to 'complete'. If 4279 entries are created in the aforementioned tables for the 4280 install and store operations, these newly configured entries 4281 will be removed. 4283 The enumeration value of 'downloadAndStore' does not apply 4284 when cCDMType is set to 'notification'. 'downloadAndInstall' 4285 is used for a cCDMType of 'notification'. 4287 If this column is configured to any value except 'discard' 4288 while the value of cCDMDeliveryStatus is any value except 4289 'complete', the SNMP set operation must result in an 4290 inconsistentValue exception. The same applies if 'discard' 4291 is configured while the value cCDMDeliveryStatus is 4292 'complete'." 4293 ::= { cCDMDeliveryEntry 7 } 4295 cCDMDeliveryStatus OBJECT-TYPE 4296 SYNTAX INTEGER { complete(1), inProgress(2), 4297 downloadFailed(3), installFailed(4), 4298 storeFailed(5) } 4299 MAX-ACCESS read-only 4300 STATUS current 4301 DESCRIPTION 4302 "The status of the cryptographic device material (CDM) 4303 delivery operation. The following status values are 4304 supported: 4306 [complete] = The default state where the local device is 4307 ready to start a delivery request for the CDM. Between 4308 requests this state can only be reached after successful 4309 operations or if cCDMDeliveryRequest is set to 'discard' 4310 during an operation. 4312 [inProgress] = This state is reached when the device is 4313 either currently performing a download of the CDM or 4314 configuring appropriate MIB tables conveying installation or 4315 storage of key material. 4317 [downloadFailed] = This state is reached after a failure 4318 occurs during a download of a CDM when cCDMDeliveryRequest 4319 was configured to either 'downloadAndStore' or 4320 'downloadAndInstall'. 4322 [installFailed] = This state is reached after a failure 4323 occurs during the install of the downloaded CDM when 4324 cCDMDeliveryRequest was configured to 'downloadAndInstall'. 4326 [storeFailed] = This state is reached after a failure 4327 occurs during the store of the downloaded CDM when 4328 cCDMDeliveryRequest was configured to 'downloadAndStore'." 4329 ::= { cCDMDeliveryEntry 8 } 4331 cCDMDeliveryRowStatus OBJECT-TYPE 4332 SYNTAX RowStatus 4333 MAX-ACCESS read-create 4334 STATUS current 4335 DESCRIPTION 4336 "The status of the row, by which new entries may be created 4337 or old entries deleted from this table. 4339 Entries created within this table may not become active 4340 unless all read-create columns in this column have valid 4341 values, as detailed by each individual column's description. 4343 At a minimum, implementations must support createAndGo, 4344 active, and destroy management functions. Support for 4345 createAndWait, notInService, and notReady management 4346 functions is optional." 4347 ::= { cCDMDeliveryEntry 9 } 4349 -- ***************************************************************** 4350 -- Module Conformance Information 4351 -- ***************************************************************** 4353 cKeyTransferPullCompliances OBJECT IDENTIFIER 4354 ::= { cKeyTransferPullConformance 1} 4355 cKeyTransferPullGroups OBJECT IDENTIFIER 4356 ::= { cKeyTransferPullConformance 2} 4358 cKeyTransferPullCompliance MODULE-COMPLIANCE 4359 STATUS current 4360 DESCRIPTION 4361 "Compliance levels for key transfer pull information." 4362 MODULE 4363 MANDATORY-GROUPS { 4364 cKeyTransferPullServerGroup, 4365 cKeyTransferPullDeliveryGroup 4366 } 4368 GROUP cKeyTransferPullDeliveryNotifyGroup 4369 DESCRIPTION 4370 "This notification group is optional for implementation." 4372 OBJECT cCDMDeliveryRequest 4373 SYNTAX INTEGER { downloadAndInstall(1), discard(3) } 4374 DESCRIPTION 4375 "Implementation of this enumeration value(s) is mandatory - 4376 enumeration values not listed here are optional." 4378 OBJECT cCDMDeliveryStatus 4379 SYNTAX INTEGER { complete(1), inProgress(2), downloadFailed(3), 4380 installFailed(4) } 4381 DESCRIPTION 4382 "Implementation of this enumeration value(s) is mandatory - 4383 enumeration values not listed here are optional." 4384 ::= { cKeyTransferPullCompliances 1 } 4386 cKeyTransferPullServerGroup OBJECT-GROUP 4387 OBJECTS { 4388 cSOMSServerRetryDelay, 4389 cSOMSServerRetryMaxAttempts, 4390 cSOMSServerTableCount, 4391 cSOMSServerTableLastChanged, 4392 cSOMSServerURI, 4393 cSOMSServerAdditionalInfo, 4394 cSOMSServerRowStatus 4395 } 4396 STATUS current 4397 DESCRIPTION 4398 "This group is composed of objects related to server 4399 information." 4400 ::= { cKeyTransferPullGroups 1 } 4402 cKeyTransferPullDeliveryGroup OBJECT-GROUP 4403 OBJECTS { 4404 cCDMPullRetrievalPriorities, 4405 cPALDeliveryRequest, 4406 cPALDeliveryStatus, 4407 cCDMDeliveryTableCount, 4408 cCDMDeliveryTableLastChanged, 4409 cCDMDeliveryTableLastChanged, 4410 cCDMType, 4411 cCDMURI, 4412 cCDMPackageSize, 4413 cCDMAdditionalInfo, 4414 cPALastDownloadDate, 4415 cCDMDeliveryPriority, 4416 cCDMDeliveryRequest, 4417 cCDMDeliveryStatus, 4418 cCDMDeliveryRowStatus 4419 } 4420 STATUS current 4421 DESCRIPTION 4422 "This group is composed of objects related to delivery 4423 information." 4425 ::= { cKeyTransferPullGroups 2 } 4427 cKeyTransferPullDeliveryNotifyGroup NOTIFICATION-GROUP 4428 NOTIFICATIONS { 4429 cPALPullReceiveSuccess, 4430 cPALPullReceiveFailed, 4431 cCDMPullReceiveSuccess, 4432 cCDMPullReceiveFailed 4433 } 4434 STATUS current 4435 DESCRIPTION 4436 "This group is composed of notifications related to delivery 4437 information." 4438 ::= { cKeyTransferPullGroups 3 } 4440 END 4442 5.7. Key Transfer Push 4444 This MIB module makes reference to following documents: [RFC2578], 4445 [RFC2579], [RFC2580], and [RFC3411]. 4447 CC-KEY-TRANSFER-PUSH-MIB DEFINITIONS ::= BEGIN 4449 IMPORTS 4450 ccKeyTransferPush 4451 FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} 4452 OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, 4453 MODULE-IDENTITY 4454 FROM SNMPv2-SMI -- FROM RFC 2578 4455 SnmpAdminString 4456 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411 4457 RowPointer, RowStatus, DateAndTime, 4458 TimeStamp 4459 FROM SNMPv2-TC -- FROM RFC 2579 4460 MODULE-COMPLIANCE, OBJECT-GROUP, 4461 NOTIFICATION-GROUP 4462 FROM SNMPv2-CONF; -- FROM RFC 2580 4464 ccKeyTransferPushMIB MODULE-IDENTITY 4465 LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 4466 ORGANIZATION "IETF" 4467 CONTACT-INFO 4468 "Shadi Azoum 4469 US Navy 4470 email: shadi.azoum@navy.mil 4472 Elliott Jones 4473 US Navy 4474 elliott.jones@navy.mil 4476 Lily Sun 4477 US Navy 4478 lily.sun@navy.mil 4480 Mike Irani 4481 NKI Engineering 4482 irani@nkiengineering.com 4484 Jeffrey Sun 4485 NKI Engineering 4486 sunjeff@nkiengineering.com 4488 Ray Purvis 4489 MITRE 4490 Email:rpurvis@mitre.org 4492 Sean Turner 4493 sn3rd 4494 Email:sean@sn3rd.com" 4495 DESCRIPTION 4496 "This MIB defines the CC MIB Key Transfer Push object. 4498 Copyright (c) 2017 IETF Trust and the persons 4499 identified as authors of the code. All rights reserved. 4501 Redistribution and use in source and binary forms, with 4502 or without modification, is permitted pursuant to, and 4503 subject to the license terms contained in, the Simplified 4504 BSD License set forth in Section 4.c of the IETF Trust's 4505 Legal Provisions Relating to IETF Documents 4506 (http://trustee.ietf.org/license-info). 4508 This version of this MIB module is part of RFC xxxx; 4509 see the RFC itself for full legal notices." 4510 -- RFC Ed.: RFC-editor please fill in xxxx. 4511 REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 4512 DESCRIPTION "Initial Version. Published as RFC xxxx." 4513 -- RFC Ed.: RFC-editor please fill in xxxx. 4514 ::= { ccKeyTransferPush 1 } 4516 -- ***************************************************************** 4517 -- Key Transfer Push Information Segments 4518 -- ***************************************************************** 4520 cCDMPushDestInfo OBJECT IDENTIFIER 4521 ::= { ccKeyTransferPushMIB 1 } 4522 cCDMTransferPkgInfo OBJECT IDENTIFIER 4523 ::= { ccKeyTransferPushMIB 2 } 4524 cCDMPushSrcInfo OBJECT IDENTIFIER 4525 ::= { ccKeyTransferPushMIB 3 } 4526 cKeyTransferPushScalars OBJECT IDENTIFIER 4527 ::= { ccKeyTransferPushMIB 4 } 4528 cKeyTransferPushNotify OBJECT IDENTIFIER 4529 ::= { ccKeyTransferPushMIB 5 } 4530 cKeyTransferPushConformance OBJECT IDENTIFIER 4531 ::= { ccKeyTransferPushMIB 6 } 4533 -- ***************************************************************** 4534 -- Key Transfer Push Scalars 4535 -- ***************************************************************** 4537 cCDMTransferDelay OBJECT-TYPE 4538 SYNTAX Unsigned32 4539 MAX-ACCESS read-write 4540 STATUS current 4541 DESCRIPTION 4542 "The number of seconds to wait after a Cryptographic Device 4543 Material (CDM) transfer attempt initiated by the sender 4544 fails before attempting to retry the operation." 4545 ::= { cKeyTransferPushScalars 1 } 4547 cCDMTransferMaxAttempts OBJECT-TYPE 4548 SYNTAX Unsigned32 4549 MAX-ACCESS read-write 4550 STATUS current 4551 DESCRIPTION 4552 "The amount of retries attempted before giving up on a 4553 device due to consecutive Cryptographic Device Material 4554 (CDM) transfer failures." 4555 ::= { cKeyTransferPushScalars 2 } 4557 -- ***************************************************************** 4558 -- Key Transfer Push Notifications 4559 -- ***************************************************************** 4561 cCDMPushSendSuccess NOTIFICATION-TYPE 4562 OBJECTS { 4563 cCDMPushDestAddressLocationType, 4564 cCDMPushDestAddressLocation, 4565 cCDMPushDestTransferType, 4566 cCDMPushDestPackageSelection 4567 } 4568 STATUS current 4569 DESCRIPTION 4570 "An attempt to send CDM, identified by CDM push transfer 4571 information (cCDMPushDestTable row data), has succeeded." 4572 ::= { cKeyTransferPushNotify 1 } 4574 cCDMPushReceiveSuccess NOTIFICATION-TYPE 4575 OBJECTS { 4576 cCDMPushSrcAddrLocationType, 4577 cCDMPushSrcAddrLocation, 4578 cCDMPushSrcTransferType 4579 } 4580 STATUS current 4581 DESCRIPTION 4582 "An attempt to receive key material, identified by CDM push 4583 transfer information (cCDMPushSrcTable row data), has 4584 succeeded." 4585 ::= { cKeyTransferPushNotify 2 } 4587 cCDMPushReceiveFail NOTIFICATION-TYPE 4588 OBJECTS { 4589 cCDMPushSrcAddrLocationType, 4590 cCDMPushSrcAddrLocation, 4591 cCDMPushSrcTransferType 4592 } 4593 STATUS current 4594 DESCRIPTION 4595 "An attempt to receive key material via a Push operation, 4596 identified by the Sender Address and Transfer Type has 4597 failed." 4598 ::= { cKeyTransferPushNotify 3 } 4600 cCDMPushSendFail NOTIFICATION-TYPE 4601 OBJECTS { 4602 cCDMPushDestAddressLocationType, 4603 cCDMPushDestAddressLocation, 4604 cCDMPushDestTransferType, 4605 cCDMPushDestPackageSelection 4606 } 4607 STATUS current 4608 DESCRIPTION 4609 "An attempt to send key material, identified by the 4610 Recipient Address and Transfer Type, has failed." 4611 ::= { cKeyTransferPushNotify 4 } 4613 -- ***************************************************************** 4614 -- CC MIB cCDMPushDestTable 4615 -- ***************************************************************** 4616 cCDMPushDestTableCount OBJECT-TYPE 4617 SYNTAX Unsigned32 4618 MAX-ACCESS read-only 4619 STATUS current 4620 DESCRIPTION 4621 "The number of rows in the cCDMPushDestTable" 4622 ::= { cCDMPushDestInfo 1 } 4624 cCDMPushDestTableLastChanged OBJECT-TYPE 4625 SYNTAX TimeStamp 4626 MAX-ACCESS read-only 4627 STATUS current 4628 DESCRIPTION 4629 "The last time any entry in the table was modified, created, 4630 or deleted by either SNMP, agent, or other management method 4631 (e.g. via an HMI). Managers can use this object to ensure 4632 that no changes to configuration of this table have happened 4633 since the last time it examined the table. A value of 0 4634 indicates that no entry has been changed since the agent 4635 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 4636 should be used to populate this column." 4637 ::= { cCDMPushDestInfo 2 } 4639 cCDMPushDestTable OBJECT-TYPE 4640 SYNTAX SEQUENCE OF CCDMPushDestEntry 4641 MAX-ACCESS not-accessible 4642 STATUS current 4643 DESCRIPTION 4644 "The table that provides the necessary information a sender 4645 needs to initiate a Cryptographic Device Material (CDM) send 4646 to a receiving device." 4647 ::= { cCDMPushDestInfo 3 } 4649 cCDMPushDestEntry OBJECT-TYPE 4650 SYNTAX CCDMPushDestEntry 4651 MAX-ACCESS not-accessible 4652 STATUS current 4653 DESCRIPTION 4654 "A row containing information for a Cryptographic Device 4655 Material (CDM) transfer to a receiving device." 4656 INDEX { cCDMPushDestIndex } 4657 ::= { cCDMPushDestTable 1 } 4659 CCDMPushDestEntry ::= SEQUENCE { 4660 cCDMPushDestIndex Unsigned32, 4661 cCDMPushDestTransferType INTEGER, 4662 cCDMPushDestAddressLocationType INTEGER, 4663 cCDMPushDestAddressLocation OCTET STRING, 4664 cCDMPushDestTransferTime DateAndTime, 4665 cCDMPushDestPackageSelection SnmpAdminString, 4666 cCDMPushDestRowStatus RowStatus 4667 } 4669 cCDMPushDestIndex OBJECT-TYPE 4670 SYNTAX Unsigned32 4671 MAX-ACCESS not-accessible 4672 STATUS current 4673 DESCRIPTION 4674 "A numeric index that identifies a unique location in this 4675 table." 4676 ::= { cCDMPushDestEntry 1 } 4678 cCDMPushDestTransferType OBJECT-TYPE 4679 SYNTAX INTEGER { ipsec(1), tls(2) } 4680 MAX-ACCESS read-create 4681 STATUS current 4682 DESCRIPTION 4683 "The transfer mechanism or protocol used by the sender to 4684 execute the Cryptographic Device Material (CDM) transfer: 4685 ipsec(1), tls(2): 4686 ipsec - Internet Protocol Security (IPsec) 4687 tls - Transport Layer Security (TLS)" 4688 ::= { cCDMPushDestEntry 2 } 4690 cCDMPushDestAddressLocationType OBJECT-TYPE 4691 SYNTAX INTEGER { ipv4(1), ipv6(2), uri(3), other(4) } 4692 MAX-ACCESS read-create 4693 STATUS current 4694 DESCRIPTION 4695 "Enumeration indicating the type of address location." 4696 ::= { cCDMPushDestEntry 3 } 4698 cCDMPushDestAddressLocation OBJECT-TYPE 4699 SYNTAX OCTET STRING 4700 MAX-ACCESS read-create 4701 STATUS current 4702 DESCRIPTION 4703 "Location of the receiver. The syntax allows a URI or an IP 4704 address to be configured." 4705 ::= { cCDMPushDestEntry 4 } 4707 cCDMPushDestTransferTime OBJECT-TYPE 4708 SYNTAX DateAndTime 4709 MAX-ACCESS read-create 4710 STATUS current 4711 DESCRIPTION 4712 "A valid date and time value populated in this object will 4713 automatically initiate the transfer at the value specified. 4715 To initiate an immediate transfer the following 4716 configuration is used: '0' for the year field, '1' for the 4717 month field, '1' for the day field, '-' for the direction 4718 from UTC field, and '0' for all other fields. This 4719 configuration is displayed as '0-1-1,00:00:00.0,-0:0'. Note 4720 that if the timezone fields are not used then the displayed 4721 value is as follows: '0-1-1,00:00:00.0'. The timezone 4722 fields are the direction from UTC, hours from UTC, and 4723 minutes from UTC." 4724 ::= { cCDMPushDestEntry 5 } 4726 cCDMPushDestPackageSelection OBJECT-TYPE 4727 SYNTAX SnmpAdminString 4728 MAX-ACCESS read-create 4729 STATUS current 4730 DESCRIPTION 4731 "A reference string that points to the key material(s) to 4732 transfer. This column may reference one entry (e.g. an entry 4733 in the cCDMStoreTable) or multiple entries (e.g. multiple 4734 entries in the cCDMTransferPkgTable). This object defines 4735 all the items in the package that will be sent." 4736 ::= { cCDMPushDestEntry 6 } 4738 cCDMPushDestRowStatus OBJECT-TYPE 4739 SYNTAX RowStatus 4740 MAX-ACCESS read-create 4741 STATUS current 4742 DESCRIPTION 4743 "The status of the row, by which new entries may be created 4744 or old entries deleted from this table. 4746 Entries created within this table may not become active 4747 unless all read-create columns in this column have valid 4748 values, as detailed by each individual column's description. 4750 At a minimum, implementations must support createAndGo, 4751 active, and destroy management functions. Support for 4752 createAndWait, notInService, and notReady management 4753 functions is optional." 4754 ::= { cCDMPushDestEntry 7 } 4756 -- ***************************************************************** 4757 -- CC MIB cCDMTransferPkgTable 4758 -- ***************************************************************** 4759 cCDMTransferPkgTableCount OBJECT-TYPE 4760 SYNTAX Unsigned32 4761 MAX-ACCESS read-only 4762 STATUS current 4763 DESCRIPTION 4764 "The number of rows in the cCDMTransferPkgTable." 4765 ::= { cCDMTransferPkgInfo 1 } 4767 cCDMTransferPkgTableLastChanged OBJECT-TYPE 4768 SYNTAX TimeStamp 4769 MAX-ACCESS read-only 4770 STATUS current 4771 DESCRIPTION 4772 "The last time any entry in the table was modified, created, 4773 or deleted by either SNMP, agent, or other management method 4774 (e.g. via an HMI). Managers can use this object to ensure 4775 that no changes to configuration of this table have happened 4776 since the last time it examined the table. A value of 0 4777 indicates that no entry has been changed since the agent 4778 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 4779 should be used to populate this column." 4780 ::= { cCDMTransferPkgInfo 2 } 4782 cCDMTransferPkgTable OBJECT-TYPE 4783 SYNTAX SEQUENCE OF CCDMTransferPkgEntry 4784 MAX-ACCESS not-accessible 4785 STATUS current 4786 DESCRIPTION 4787 "The table for configuring single or multiple Cryptographic 4788 Device Material (CDM) in a package that can be transferred 4789 on a send operation. Entries in this table are referenced by 4790 the cCDMPushDestPackageSelection column." 4791 ::= { cCDMTransferPkgInfo 3 } 4793 cCDMTransferPkgEntry OBJECT-TYPE 4794 SYNTAX CCDMTransferPkgEntry 4795 MAX-ACCESS not-accessible 4796 STATUS current 4797 DESCRIPTION 4798 "A row containing information about a package used on a send 4799 operation." 4800 INDEX { cCDMTransferPkgLabel, cCDMTransferPkgIndex } 4801 ::= { cCDMTransferPkgTable 1 } 4803 CCDMTransferPkgEntry ::= SEQUENCE { 4804 cCDMTransferPkgLabel SnmpAdminString, 4805 cCDMTransferPkgIndex Unsigned32, 4806 cCDMTransferPkgLocatorRowPtr RowPointer, 4807 cCDMTransferPkgRowStatus RowStatus 4808 } 4810 cCDMTransferPkgLabel OBJECT-TYPE 4811 SYNTAX SnmpAdminString 4812 MAX-ACCESS not-accessible 4813 STATUS current 4814 DESCRIPTION 4815 "An administrative name that identifies a package within 4816 this table. cCDMTransferPkgLabel and cCDMTransferPkgIndex 4817 serve as indexes of this table." 4818 ::= { cCDMTransferPkgEntry 1 } 4820 cCDMTransferPkgIndex OBJECT-TYPE 4821 SYNTAX Unsigned32 4822 MAX-ACCESS not-accessible 4823 STATUS current 4824 DESCRIPTION 4825 "An administrative way of creating a unique row within this 4826 table. This value shows the position of a given item within 4827 this package designated by cCDMTransferPkgLabel. 4828 cCDMTransferPkgLabel and cCDMTransferPkgIndex serve as 4829 indexes of this table." 4830 ::= { cCDMTransferPkgEntry 2 } 4832 cCDMTransferPkgLocatorRowPtr OBJECT-TYPE 4833 SYNTAX RowPointer 4834 MAX-ACCESS read-create 4835 STATUS current 4836 DESCRIPTION 4837 "A RowPointer that points to a unique entry in the table 4838 containing the necessary Cryptographic Device Material (CDM) 4839 for transfer. For example, referencing a key in the 4840 cSymmetricKeyTable, the value in this column contains the 4841 pointer to the appropriate row in the cSymmetricKeyTable." 4842 ::= { cCDMTransferPkgEntry 3 } 4844 cCDMTransferPkgRowStatus OBJECT-TYPE 4845 SYNTAX RowStatus 4846 MAX-ACCESS read-create 4847 STATUS current 4848 DESCRIPTION 4849 "The status of the row, by which new entries may be created 4850 or old entries deleted from this table. 4852 Entries created within this table may not become active 4853 unless all read-create columns in this column have valid 4854 values, as detailed by each individual column's description. 4856 At a minimum, implementations must support createAndGo, 4857 active, and destroy management functions. Support for 4858 createAndWait, notInService, and notReady management 4859 functions is optional." 4860 ::= { cCDMTransferPkgEntry 4 } 4862 -- ***************************************************************** 4863 -- CC MIB cCDMPushSrcTable 4864 -- ***************************************************************** 4866 cCDMPushSrcTableCount OBJECT-TYPE 4867 SYNTAX Unsigned32 4868 MAX-ACCESS read-only 4869 STATUS current 4870 DESCRIPTION 4871 "The number of rows in the cCDMPushSrcTable" 4872 ::= { cCDMPushSrcInfo 1 } 4874 cCDMPushSrcTableLastChanged OBJECT-TYPE 4875 SYNTAX TimeStamp 4876 MAX-ACCESS read-only 4877 STATUS current 4878 DESCRIPTION 4879 "The last time any entry in the table was modified, created, 4880 or deleted by either SNMP, agent, or other management method 4881 (e.g. via an HMI). Managers can use this object to ensure 4882 that no changes to configuration of this table have happened 4883 since the last time it examined the table. A value of 0 4884 indicates that no entry has been changed since the agent 4885 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 4886 should be used to populate this column." 4887 ::= { cCDMPushSrcInfo 2 } 4889 cCDMPushSrcTable OBJECT-TYPE 4890 SYNTAX SEQUENCE OF CCDMPushSrcEntry 4891 MAX-ACCESS not-accessible 4892 STATUS current 4893 DESCRIPTION 4894 "This table provides the list of authorized senders that 4895 this receiving device will accept Cryptographic Device 4896 Material (CDM) transfers from. Servers for the 4897 cSOMSServerTable are not listed in this table since this 4898 table is specific for the Push Model." 4899 ::= { cCDMPushSrcInfo 3 } 4901 cCDMPushSrcEntry OBJECT-TYPE 4902 SYNTAX CCDMPushSrcEntry 4903 MAX-ACCESS not-accessible 4904 STATUS current 4905 DESCRIPTION 4906 "A row containing information about an authorized sender 4907 that this receiving device will accept." 4908 INDEX { cCDMPushSrcSenderName, cCDMPushSrcTransferType } 4909 ::= { cCDMPushSrcTable 1 } 4911 CCDMPushSrcEntry ::= SEQUENCE { 4912 cCDMPushSrcSenderName SnmpAdminString, 4913 cCDMPushSrcTransferType INTEGER, 4914 cCDMPushSrcAddrLocationType INTEGER, 4915 cCDMPushSrcAddrLocation OCTET STRING, 4916 cCDMPushSrcRowStatus RowStatus 4917 } 4919 cCDMPushSrcSenderName OBJECT-TYPE 4920 SYNTAX SnmpAdminString 4921 MAX-ACCESS not-accessible 4922 STATUS current 4923 DESCRIPTION 4924 "An administrative string for an authorized sender. 4925 cCDMPushSrcSenderName and cCDMPushSrcTransferType serve as 4926 indexes of this table." 4927 ::= { cCDMPushSrcEntry 1 } 4929 cCDMPushSrcTransferType OBJECT-TYPE 4930 SYNTAX INTEGER { ipsec(1), tls(2), other(3) } 4931 MAX-ACCESS read-only 4932 STATUS current 4933 DESCRIPTION 4934 "Analogous to cCDMPushDestTransferType. The transfer 4935 mechanism or protocol used by the receiver to receive the 4936 Cryptographic Device Material (CDM) transfer. 4938 ipsec - Internet Protocol Security (IPsec) 4939 tls - Transport Layer Security (TLS) 4940 other - used for device specific transfer mechanisms 4942 cCDMPushSrcSenderName and cCDMPushSrcTransferType serve as 4943 indexes of this table." 4944 ::= { cCDMPushSrcEntry 2 } 4946 cCDMPushSrcAddrLocationType OBJECT-TYPE 4947 SYNTAX INTEGER { ipv4(1), ipv6(2), uri(3), other(4) } 4948 MAX-ACCESS read-create 4949 STATUS current 4950 DESCRIPTION 4951 "Enumeration indicating the type of address location 4952 (values: ipv4, ipv6 or uri)." 4953 ::= { cCDMPushSrcEntry 3 } 4955 cCDMPushSrcAddrLocation OBJECT-TYPE 4956 SYNTAX OCTET STRING 4957 MAX-ACCESS read-create 4958 STATUS current 4959 DESCRIPTION 4960 "Location of the authorized sender." 4961 ::= { cCDMPushSrcEntry 4 } 4963 cCDMPushSrcRowStatus OBJECT-TYPE 4964 SYNTAX RowStatus 4965 MAX-ACCESS read-create 4966 STATUS current 4967 DESCRIPTION 4968 "The status of the row, by which new entries may be created 4969 or old entries deleted from this table. 4971 Entries created within this table may not become active 4972 unless all read-create columns in this column have valid 4973 values, as detailed by each individual column's description. 4975 At a minimum, implementations must support createAndGo, 4976 active, and destroy management functions. Support for 4977 createAndWait, notInService, and notReady management 4978 functions is optional." 4979 ::= { cCDMPushSrcEntry 5 } 4981 -- ***************************************************************** 4982 -- Module Conformance Information 4983 -- ***************************************************************** 4985 cKeyTransferPushCompliances OBJECT IDENTIFIER 4986 ::= { cKeyTransferPushConformance 1} 4987 cKeyTransferPushGroups OBJECT IDENTIFIER 4988 ::= { cKeyTransferPushConformance 2} 4990 cKeyTransferPushSenderCompliance MODULE-COMPLIANCE 4991 STATUS current 4992 DESCRIPTION 4993 "Compliance levels for sender information." 4994 MODULE 4995 MANDATORY-GROUPS { cKeyTransferPushSenderGroup } 4997 GROUP cKeyTransferPushSenderNotifyGroup 4998 DESCRIPTION 4999 "This notification group is optional for implementation." 5001 OBJECT cCDMTransferDelay 5002 MIN-ACCESS not-accessible 5003 DESCRIPTION 5004 "Implementation of this object is optional." 5006 OBJECT cCDMTransferMaxAttempts 5007 MIN-ACCESS not-accessible 5008 DESCRIPTION 5009 "Implementation of this object is optional." 5010 ::= { cKeyTransferPushCompliances 1 } 5012 cKeyTransferPushReceiverCompliance MODULE-COMPLIANCE 5013 STATUS current 5014 DESCRIPTION 5015 "Compliance levels for receiver information." 5016 MODULE 5017 MANDATORY-GROUPS { cKeyTransferPushReceiverGroup } 5019 GROUP cKeyTransferPushReceiverNotifyGroup 5020 DESCRIPTION 5021 "This notification group is optional for implementation." 5022 ::= { cKeyTransferPushCompliances 2 } 5024 cKeyTransferPushSenderGroup OBJECT-GROUP 5025 OBJECTS { 5026 cCDMTransferDelay, 5027 cCDMTransferMaxAttempts, 5028 cCDMPushDestTableCount, 5029 cCDMPushDestTableLastChanged, 5030 cCDMPushDestTransferType, 5031 cCDMPushDestAddressLocationType, 5032 cCDMPushDestAddressLocation, 5033 cCDMPushDestTransferTime, 5034 cCDMPushDestPackageSelection, 5035 cCDMPushDestRowStatus, 5036 cCDMTransferPkgTableCount, 5037 cCDMTransferPkgTableLastChanged, 5038 cCDMTransferPkgLocatorRowPtr, 5039 cCDMTransferPkgRowStatus 5040 } 5041 STATUS current 5042 DESCRIPTION 5043 "This group is composed of objects related to sender 5044 information." 5045 ::= { cKeyTransferPushGroups 1 } 5047 cKeyTransferPushReceiverGroup OBJECT-GROUP 5048 OBJECTS { 5049 cCDMPushSrcTableCount, 5050 cCDMPushSrcTableLastChanged, 5051 cCDMPushSrcTransferType, 5052 cCDMPushSrcAddrLocationType, 5053 cCDMPushSrcAddrLocation, 5054 cCDMPushSrcRowStatus 5055 } 5056 STATUS current 5057 DESCRIPTION 5058 "This group is composed of objects related to receiver 5059 information." 5060 ::= { cKeyTransferPushGroups 2 } 5062 cKeyTransferPushSenderNotifyGroup NOTIFICATION-GROUP 5063 NOTIFICATIONS { 5064 cCDMPushSendSuccess, 5065 cCDMPushSendFail 5066 } 5067 STATUS current 5068 DESCRIPTION 5069 "This group is composed of notifications related to sender 5070 information." 5071 ::= { cKeyTransferPushGroups 3 } 5073 cKeyTransferPushReceiverNotifyGroup NOTIFICATION-GROUP 5074 NOTIFICATIONS { 5075 cCDMPushReceiveSuccess, 5076 cCDMPushReceiveFail 5077 } 5078 STATUS current 5079 DESCRIPTION 5080 "This group is composed of notifications related to receiver 5081 information." 5082 ::= { cKeyTransferPushGroups 4 } 5084 END 5086 5.8. Security Policy Information 5088 This module makes reference to: Section 5.2, [RFC2578], [RFC2579], 5089 [RFC2580], and {RFC3411}}. 5091 CC-SECURE-POLICY-INFO-MIB DEFINITIONS ::= BEGIN 5093 IMPORTS 5094 ccSecurePolicyInfo 5095 FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} 5096 OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, 5097 MODULE-IDENTITY 5098 FROM SNMPv2-SMI -- FROM RFC 2578 5099 MODULE-COMPLIANCE, OBJECT-GROUP, 5100 NOTIFICATION-GROUP 5101 FROM SNMPv2-CONF -- FROM RFC 2580 5102 SnmpAdminString 5103 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411 5104 RowStatus, TimeStamp 5105 FROM SNMPv2-TC; -- FROM RFC 2579 5107 ccSecurePolicyInfoMIB MODULE-IDENTITY 5108 LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 5109 ORGANIZATION "IETF" 5110 CONTACT-INFO 5111 "Shadi Azoum 5112 US Navy 5113 email: shadi.azoum@navy.mil 5115 Elliott Jones 5116 US Navy 5117 elliott.jones@navy.mil 5119 Lily Sun 5120 US Navy 5121 lily.sun@navy.mil 5123 Mike Irani 5124 NKI Engineering 5125 irani@nkiengineering.com 5127 Jeffrey Sun 5128 NKI Engineering 5129 sunjeff@nkiengineering.com 5131 Ray Purvis 5132 MITRE 5133 Email:rpurvis@mitre.org 5135 Sean Turner 5136 sn3rd 5137 Email:sean@sn3rd.com" 5138 DESCRIPTION 5139 "This MIB defines the CC MIB Security Policy Information 5140 objects. 5142 Copyright (c) 2017 IETF Trust and the persons 5143 identified as authors of the code. All rights reserved. 5145 Redistribution and use in source and binary forms, with 5146 or without modification, is permitted pursuant to, and 5147 subject to the license terms contained in, the Simplified 5148 BSD License set forth in Section 4.c of the IETF Trust's 5149 Legal Provisions Relating to IETF Documents 5150 (http://trustee.ietf.org/license-info). 5152 This version of this MIB module is part of RFC xxxx; 5153 see the RFC itself for full legal notices." 5154 -- RFC Ed.: RFC-editor please fill in xxxx. 5155 REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 5156 DESCRIPTION "Initial Version. Published as RFC xxxx." 5157 -- RFC Ed.: RFC-editor please fill in xxxx. 5158 ::= { ccSecurePolicyInfo 1 } 5160 -- ***************************************************************** 5161 -- Secure Policy Info Information Segments 5162 -- ***************************************************************** 5164 cSecurePolicyConformance OBJECT IDENTIFIER 5165 ::= { ccSecurePolicyInfoMIB 1 } 5166 cSecPolicyRuleInfo OBJECT IDENTIFIER 5167 ::= { ccSecurePolicyInfoMIB 2 } 5168 cSecurePolicyInfoScalars OBJECT IDENTIFIER 5169 ::= { ccSecurePolicyInfoMIB 3 } 5170 cSecurePolicyInfoNotify OBJECT IDENTIFIER 5171 ::= { ccSecurePolicyInfoMIB 4 } 5173 -- ***************************************************************** 5174 -- Secure Policy Info Scalars 5175 -- ***************************************************************** 5177 -- ***************************************************************** 5178 -- Secure Policy Info Notifications 5179 -- ***************************************************************** 5181 cSecPolicyChanged NOTIFICATION-TYPE 5182 OBJECTS { 5183 cSecPolicyRulePriorityID, 5184 cSecPolicyRuleDescription 5185 } 5186 STATUS current 5187 DESCRIPTION 5188 "A notification indicating that an existent Security Policy 5189 entry in the cSecPolicyRuleTable in has changed." 5190 ::= { cSecurePolicyInfoNotify 1 } 5192 -- ***************************************************************** 5193 -- CC MIB cSecPolicyRuleTable 5194 -- ***************************************************************** 5196 cSecPolicyRuleTableCount OBJECT-TYPE 5197 SYNTAX Unsigned32 5198 MAX-ACCESS read-only 5199 STATUS current 5200 DESCRIPTION 5201 "The number of rows in the cSecPolicyRuleTable." 5202 ::= { cSecPolicyRuleInfo 1 } 5204 cSecPolicyRuleTableLastChanged OBJECT-TYPE 5205 SYNTAX TimeStamp 5206 MAX-ACCESS read-only 5207 STATUS current 5208 DESCRIPTION 5209 "The last time any entry in the table was modified, created, 5210 or deleted by either SNMP, agent, or other management method 5211 (e.g. via an HMI). Managers can use this object to ensure 5212 that no changes to configuration of this table have happened 5213 since the last time it examined the table. A value of 0 5214 indicates that no entry has been changed since the agent 5215 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 5216 should be used to populate this column." 5217 ::= { cSecPolicyRuleInfo 2 } 5219 cSecPolicyRuleTable OBJECT-TYPE 5220 SYNTAX SEQUENCE OF CSecPolicyRuleEntry 5221 MAX-ACCESS not-accessible 5222 STATUS current 5223 DESCRIPTION 5224 "The cSecPolicyRuleTable stores the Security Policy Rules 5225 that are compared against inbound and outbound data traffic 5226 flow. These Security Policy Rules define the actions (e.g. 5227 protect, bypass, discard) on how the data traffic flow 5228 should be treated." 5229 ::= { cSecPolicyRuleInfo 3 } 5231 cSecPolicyRuleEntry OBJECT-TYPE 5232 SYNTAX CSecPolicyRuleEntry 5233 MAX-ACCESS not-accessible 5234 STATUS current 5235 DESCRIPTION 5236 "A row containing general information about a Security 5237 Policy rule." 5238 INDEX { cSecPolicyRulePriorityID } 5239 ::= { cSecPolicyRuleTable 1 } 5241 CSecPolicyRuleEntry ::= SEQUENCE { 5242 cSecPolicyRulePriorityID Unsigned32, 5243 cSecPolicyRuleDescription OCTET STRING, 5244 cSecPolicyRuleType INTEGER, 5245 cSecPolicyRuleFilterReference SnmpAdminString, 5246 cSecPolicyRuleAction INTEGER, 5247 cSecPolicyRuleRowStatus RowStatus 5248 } 5250 cSecPolicyRulePriorityID OBJECT-TYPE 5251 SYNTAX Unsigned32 5252 MAX-ACCESS read-only 5253 STATUS current 5254 DESCRIPTION 5255 "Local unique index that identifies the priority at which 5256 this Security Policy rule is applied. Lower values have a 5257 higher priority (e.g. a value of 1 will be processed before 5258 a value of 2). This column is the primary index to the 5259 cSecPolicyRuleTable." 5260 ::= { cSecPolicyRuleEntry 1 } 5262 cSecPolicyRuleDescription OBJECT-TYPE 5263 SYNTAX OCTET STRING 5264 MAX-ACCESS read-create 5265 STATUS current 5266 DESCRIPTION 5267 "An administrative string describing the Security Policy 5268 rule. Note, this is a free form OCTET STRING that provides 5269 the user a store for any form of description/documentation 5270 for the given entry." 5271 ::= { cSecPolicyRuleEntry 2 } 5273 cSecPolicyRuleType OBJECT-TYPE 5274 SYNTAX INTEGER { ipsec(1), tls(2) } 5275 MAX-ACCESS read-create 5276 STATUS current 5277 DESCRIPTION 5278 "Optional column that defines the related protocol type of 5279 the Security Policy rule. Depending on this column's set 5280 value, entries will vary in respect to which other 5281 columns/tables (if at all) must be populated to fully 5282 configure the Security Policy rule." 5283 ::= { cSecPolicyRuleEntry 3 } 5285 cSecPolicyRuleFilterReference OBJECT-TYPE 5286 SYNTAX SnmpAdminString 5287 MAX-ACCESS read-create 5288 STATUS current 5289 DESCRIPTION 5290 "A string that references the associated filter for the 5291 Security Policy rule. Data traffic flow (inbound/outbound) 5292 comparison against the associated filter provide the basis 5293 in which a Security Policy rule is applied to the given data 5294 traffic flow." 5295 ::= { cSecPolicyRuleEntry 4 } 5297 cSecPolicyRuleAction OBJECT-TYPE 5298 SYNTAX INTEGER { protect(1), bypass(10), discard(20), 5299 discardInbound(21), discardOutbound(22) } 5300 MAX-ACCESS read-create 5301 STATUS current 5302 DESCRIPTION 5303 "This object indicates what action the ECU should take on 5304 matching a data traffic flow against a filter (as defined by 5305 cSecPolicyRuleFilterReference). The value of this column can 5306 take one of four enumeration values. 5308 [1] protect: The 'protect' enumeration value indicates that 5309 the data traffic flow should be protected by a Secure 5310 Connection with attributes defined by the associated filter 5311 (cSecPolicyRuleFilterReference). 5313 [10] bypass: The 'bypass' enumeration value indicates that 5314 the data traffic flow should be bypassed with no 5315 cryptographic protection/services provided. 5317 [20] discard: The 'discard enumeration value indicates that 5318 the data traffic flow, agnostic of their direction, should 5319 be discarded. 5321 [21] discardInbound: The 'discardInbound' enumeration value 5322 indicates that an inbound data traffic flow should be 5323 discarded. 5325 [22] discardOutbound: The 'discardOutbound' enumeration 5326 value indicates that an outbound data traffic flow should be 5327 discarded. 5329 Implementations that do not support the 'discardInbound' and 5330 'discardOutbound' enumeration values should return a 5331 wrongValue exception during a SET to the 5332 cSecPolicyRuleAction object. 5334 A valid enumeration value must be specified in order for 5335 cSecPolicyRuleRowStatus to be 'active'." 5336 ::= { cSecPolicyRuleEntry 5 } 5338 cSecPolicyRuleRowStatus OBJECT-TYPE 5339 SYNTAX RowStatus 5340 MAX-ACCESS read-create 5341 STATUS current 5342 DESCRIPTION 5343 "The status of the row, by which new entries may be created, 5344 or old entries deleted from this table. 5346 Entries created within this table may not become active 5347 unless all read-create columns in this table have valid 5348 values, as detailed by each individual column's description. 5350 At a minimum, implementations must support createAndGo and 5351 destroy management functions. Support for createAndWait, 5352 active, notInService, and notReady management functions is 5353 optional." 5354 ::= { cSecPolicyRuleEntry 6 } 5356 -- ***************************************************************** 5357 -- Module Conformance Information 5358 -- ***************************************************************** 5360 cSecurePolicyCompliances OBJECT IDENTIFIER 5361 ::= { cSecurePolicyConformance 1 } 5362 cSecurePolicyGroups OBJECT IDENTIFIER 5363 ::= { cSecurePolicyConformance 2 } 5365 cSecurePolicyCompliance MODULE-COMPLIANCE 5366 STATUS current 5367 DESCRIPTION 5368 "Compliance levels for secure policy information." 5369 MODULE 5370 MANDATORY-GROUPS { cSecurePolicyGroup } 5372 GROUP cSecurePolicyNotifyGroup 5373 DESCRIPTION 5374 "This notification group is optional for implementation." 5375 ::= { cSecurePolicyCompliances 1 } 5377 cSecurePolicyGroup OBJECT-GROUP 5378 OBJECTS { 5379 cSecPolicyRuleTableCount, 5380 cSecPolicyRuleTableLastChanged, 5381 cSecPolicyRulePriorityID, 5382 cSecPolicyRuleDescription, 5383 cSecPolicyRuleType, 5384 cSecPolicyRuleFilterReference, 5385 cSecPolicyRuleAction, 5386 cSecPolicyRuleRowStatus 5387 } 5388 STATUS current 5389 DESCRIPTION 5390 "This group is composed of objects related to secure policy 5391 information." 5392 ::= { cSecurePolicyGroups 1 } 5394 cSecurePolicyNotifyGroup NOTIFICATION-GROUP 5395 NOTIFICATIONS { 5396 cSecPolicyChanged 5397 } 5398 STATUS current 5399 DESCRIPTION 5400 "This group is composed of notifications related to secure 5401 policy information." 5402 ::= { cSecurePolicyGroups 2 } 5404 END 5406 5.9. Secure Connection Information 5408 This module makes reference to: Section 5.2, [RFC2578], [RFC2579], 5409 [RFC2580], [RFC3411], and [RFC4303]. 5411 CC-SECURE-CONNECTION-INFO-MIB DEFINITIONS ::= BEGIN 5413 IMPORTS 5414 ccSecureConnectionInfo 5415 FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} 5416 OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, 5417 MODULE-IDENTITY 5418 FROM SNMPv2-SMI -- FROM RFC 2578 5419 MODULE-COMPLIANCE, OBJECT-GROUP, 5420 NOTIFICATION-GROUP 5421 FROM SNMPv2-CONF -- FROM RFC 2580 5422 SnmpAdminString 5423 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411 5424 RowStatus, DateAndTime, TimeStamp 5425 FROM SNMPv2-TC; -- FROM RFC 2579 5427 ccSecureConnectionInfoMIB MODULE-IDENTITY 5428 LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 5429 ORGANIZATION "IETF" 5430 CONTACT-INFO 5431 "Shadi Azoum 5432 US Navy 5433 email: shadi.azoum@navy.mil 5434 Elliott Jones 5435 US Navy 5436 elliott.jones@navy.mil 5438 Lily Sun 5439 US Navy 5440 lily.sun@navy.mil 5442 Mike Irani 5443 NKI Engineering 5444 irani@nkiengineering.com 5446 Jeffrey Sun 5447 NKI Engineering 5448 sunjeff@nkiengineering.com 5450 Ray Purvis 5451 MITRE 5452 Email:rpurvis@mitre.org 5454 Sean Turner 5455 sn3rd 5456 Email:sean@sn3rd.com" 5457 DESCRIPTION 5458 "This MIB defines the CC MIB Secure Connection Information 5459 objects. 5461 Copyright (c) 2017 IETF Trust and the persons 5462 identified as authors of the code. All rights reserved. 5464 Redistribution and use in source and binary forms, with 5465 or without modification, is permitted pursuant to, and 5466 subject to the license terms contained in, the Simplified 5467 BSD License set forth in Section 4.c of the IETF Trust's 5468 Legal Provisions Relating to IETF Documents 5469 (http://trustee.ietf.org/license-info). 5471 This version of this MIB module is part of RFC xxxx; 5472 see the RFC itself for full legal notices." 5473 -- RFC Ed.: RFC-editor please fill in xxxx. 5474 REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU 5475 DESCRIPTION "Initial Version. Published as RFC xxxx." 5476 -- RFC Ed.: RFC-editor please fill in xxxx. 5477 ::= { ccSecureConnectionInfo 1 } 5479 -- ***************************************************************** 5480 -- Secure Connection Info Information Segments 5481 -- ***************************************************************** 5482 cSecureConnectionConformance OBJECT IDENTIFIER 5483 ::= { ccSecureConnectionInfoMIB 1 } 5484 cSecureConnectionInfo OBJECT IDENTIFIER 5485 ::= { ccSecureConnectionInfoMIB 2 } 5486 cSecureConnectionInfoScalars OBJECT IDENTIFIER 5487 ::= { ccSecureConnectionInfoMIB 3 } 5488 cSecureConnectionInfoNotify OBJECT IDENTIFIER 5489 ::= { ccSecureConnectionInfoMIB 4 } 5491 -- ***************************************************************** 5492 -- Secure Connection Info Scalars 5493 -- ***************************************************************** 5495 -- ***************************************************************** 5496 -- Secure Connection Info Notifications 5497 -- ***************************************************************** 5499 cSecConnectionEstablished NOTIFICATION-TYPE 5500 OBJECTS { cSecConTableID } 5501 STATUS current 5502 DESCRIPTION 5503 "A notification indicating that a new Secure Connection was 5504 successfully established." 5505 ::= { cSecureConnectionInfoNotify 1 } 5507 cSecConnectionDeleted NOTIFICATION-TYPE 5508 OBJECTS { cSecConTableID } 5509 STATUS current 5510 DESCRIPTION 5511 "A notification indicating that an existent Secure 5512 Connection was successfully deleted." 5513 ::= { cSecureConnectionInfoNotify 2 } 5515 -- ***************************************************************** 5516 -- CC MIB cSecConTable 5517 -- ***************************************************************** 5519 cSecConTableCount OBJECT-TYPE 5520 SYNTAX Unsigned32 5521 MAX-ACCESS read-only 5522 STATUS current 5523 DESCRIPTION 5524 "The number of rows in the cSecConTable." 5525 ::= { cSecureConnectionInfo 1 } 5527 cSecConTableLastChanged OBJECT-TYPE 5528 SYNTAX TimeStamp 5529 MAX-ACCESS read-only 5530 STATUS current 5531 DESCRIPTION 5532 "The last time any entry in the table was modified, created, 5533 or deleted by either SNMP, agent, or other management method 5534 (e.g. via an HMI). Managers can use this object to ensure 5535 that no changes to configuration of this table have happened 5536 since the last time it examined the table. A value of 0 5537 indicates that no entry has been changed since the agent 5538 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 5539 should be used to populate this column." 5540 ::= { cSecureConnectionInfo 2 } 5542 cSecConTable OBJECT-TYPE 5543 SYNTAX SEQUENCE OF CSecConEntry 5544 MAX-ACCESS not-accessible 5545 STATUS current 5546 DESCRIPTION 5547 "The cSecConTable stores general Secure Connection 5548 (active/inactive) information associated with the ECU. This 5549 table provides the base/common information for Secure 5550 Connections." 5551 ::= { cSecureConnectionInfo 3 } 5553 cSecConEntry OBJECT-TYPE 5554 SYNTAX CSecConEntry 5555 MAX-ACCESS not-accessible 5556 STATUS current 5557 DESCRIPTION 5558 "A row containing general information about an 5559 active/inactive Secure Connection." 5560 INDEX { cSecConTableID } 5561 ::= { cSecConTable 1 } 5563 CSecConEntry ::= SEQUENCE { 5564 cSecConTableID Unsigned32, 5565 cSecConType OCTET STRING, 5566 cSecConDataPlaneID OCTET STRING, 5567 cSecConDirection INTEGER, 5568 cSecConKeyReference OCTET STRING, 5569 cSecConCryptographicSuite OCTET STRING, 5570 cSecConEstablishmentTime DateAndTime, 5571 cSecConStatus OCTET STRING, 5572 cSecConRowStatus RowStatus 5573 } 5575 cSecConTableID OBJECT-TYPE 5576 SYNTAX Unsigned32 5577 MAX-ACCESS read-only 5578 STATUS current 5579 DESCRIPTION 5580 "Local unique index that identifies a Secure Connection. 5581 This column is the primary index to the cSecConTable." 5582 ::= { cSecConEntry 1 } 5584 cSecConType OBJECT-TYPE 5585 SYNTAX OCTET STRING 5586 MAX-ACCESS read-create 5587 STATUS current 5588 DESCRIPTION 5589 "Optional column that defines the related protocol type of 5590 the Secure Connection. Depending on this column's populated 5591 value, entries will vary in respect to which other 5592 columns/tables (if at all) are applicable to the Secure 5593 Connection. Example of values for this column are: 'ipsec' 5594 for Internet Protocol Security secure connections and 'tls' 5595 for Transport Layer Security/Secure Socket Layer secure 5596 connections." 5597 ::= { cSecConEntry 2 } 5599 cSecConDataPlaneID OBJECT-TYPE 5600 SYNTAX OCTET STRING 5601 MAX-ACCESS read-create 5602 STATUS current 5603 DESCRIPTION 5604 "The unique identifier associated with the Secure 5605 Connection, based on the Secure Connection protocol. 5607 Note, this is a free form OCTET STRING column where 5608 meaningful values/format are defined per Secure Connection 5609 protocol type basis. For instance, in an IPsec context (i.e. 5610 cSecConType value is set to 'ipsec'), this column would 5611 store the Security Parameter Index (SPI) for a given 5612 Encapsulating Security Payload Version 3 Security 5613 Association (RFC 4303 - Section 2.1.)." 5614 ::= { cSecConEntry 3 } 5616 cSecConDirection OBJECT-TYPE 5617 SYNTAX INTEGER { inbound(1), outbound(2), 5618 bidirectional(3) } 5619 MAX-ACCESS read-create 5620 STATUS current 5621 DESCRIPTION 5622 "The data plane traffic flow direction for the Secure 5623 Connection. 5625 [1] inbound: data plane traffic flow is incoming on the 5626 Secure Connection. 5628 [2] outbound: data plane traffic flow is outgoing on the 5629 Secure Connection. 5631 [3] bidirectional: data plane traffic flow is incoming and 5632 outgoing on the Secure Connection." 5633 ::= { cSecConEntry 4 } 5635 cSecConKeyReference OBJECT-TYPE 5636 SYNTAX OCTET STRING (SIZE(0..255)) 5637 MAX-ACCESS read-create 5638 STATUS current 5639 DESCRIPTION 5640 "Administrative string that references key material 5641 associated with the Secure Connection. This column 5642 references an entry (via table index value) in a key-related 5643 table in the CC-KEY-MANAGEMENT-MIB. 5645 If there is no appropriate value to populate with, this 5646 column would be populated with an empty string, ''." 5647 ::= { cSecConEntry 5 } 5649 cSecConCryptographicSuite OBJECT-TYPE 5650 SYNTAX OCTET STRING 5651 MAX-ACCESS read-create 5652 STATUS current 5653 DESCRIPTION 5654 "The set of cryptographic attributes (e.g. Encryption 5655 Algorithm, Integrity Algorithm) respective to the Secure 5656 Connection. Note, this is a free form OCTET STRING column, 5657 meaning implementations may utilize a standardized 5658 definition of string values that describe a set of 5659 cryptographic suites or use a proprietary definition of 5660 string values for supported cryptographic suites." 5661 ::= { cSecConEntry 6 } 5663 cSecConEstablishmentTime OBJECT-TYPE 5664 SYNTAX DateAndTime 5665 MAX-ACCESS read-create 5666 STATUS current 5667 DESCRIPTION 5668 "The local date and time when the Secure Connection was or 5669 will be established. The value in this column may be 5670 manually set to a date and time prior to the effective date 5671 of the key material (if associated) as referenced by the 5672 cSecConKeyReference column. If this column value is not 5673 manually configured with a date and time then the value will 5674 be automatically populated with the current cSystemDate 5675 value in respect to when the cSecConRowStatus column is 5676 first set to Active. 5678 Note, implementations may treat this column as an alpha date 5679 for the Secure Connection, and thus ascertain other Secure 5680 Connection-related values based on this time." 5681 ::= { cSecConEntry 7 } 5683 cSecConStatus OBJECT-TYPE 5684 SYNTAX OCTET STRING 5685 MAX-ACCESS read-create 5686 STATUS current 5687 DESCRIPTION 5688 "Column that provides the current status of the Secure 5689 Connection. Note, this is a free form OCTET STRING column 5690 where meaningful values are defined per Secure Connection 5691 protocol type basis (i.e. as defined by the cSecConType 5692 value) or per implementation basis. 5694 If there is no appropriate value to populate with, this 5695 column would be populated with an empty string, ''." 5696 ::= { cSecConEntry 8 } 5698 cSecConRowStatus OBJECT-TYPE 5699 SYNTAX RowStatus 5700 MAX-ACCESS read-create 5701 STATUS current 5702 DESCRIPTION 5703 "The status of the row, by which new entries may be created, 5704 or old entries deleted from this table. 5706 Entries created within this table may not become active 5707 unless all read-create columns in this table have valid 5708 values, as detailed by each individual column's description. 5710 The set of RowStatus enumerations that must be supported is 5711 dependent on the type of secure connection. At a minimum, 5712 implementations must support createAndGo and destroy if the 5713 secure connection can be created and destroyed by the 5714 manager. Implementations must support active and 5715 notInService if the secure connection can be 5716 enabled/disabled by the manager." 5717 ::= { cSecConEntry 9 } 5719 -- ***************************************************************** 5720 -- Module Conformance Information 5721 -- ***************************************************************** 5723 cSecureConnectionCompliances OBJECT IDENTIFIER 5724 ::= { cSecureConnectionConformance 1} 5725 cSecureConnectionGroups OBJECT IDENTIFIER 5726 ::= { cSecureConnectionConformance 2} 5728 cSecureConnectionCompliance MODULE-COMPLIANCE 5729 STATUS current 5730 DESCRIPTION 5731 "Compliance levels for secure connection information." 5732 MODULE 5733 MANDATORY-GROUPS { cSecureConnectionGroup } 5735 GROUP cSecureConnectionNotifyGroup 5736 DESCRIPTION 5737 "This notification group is optional for implementation." 5739 OBJECT cSecConType 5740 MIN-ACCESS not-accessible 5741 DESCRIPTION 5742 "Implementation of this object is optional." 5743 ::= { cSecureConnectionCompliances 1 } 5745 cSecureConnectionGroup OBJECT-GROUP 5746 OBJECTS { 5747 cSecConTableCount, 5748 cSecConTableLastChanged, 5749 cSecConTableID, 5750 cSecConType, 5751 cSecConDataPlaneID, 5752 cSecConDirection, 5753 cSecConKeyReference, 5754 cSecConCryptographicSuite, 5755 cSecConEstablishmentTime, 5756 cSecConStatus, 5757 cSecConRowStatus 5758 } 5759 STATUS current 5760 DESCRIPTION 5761 "This group is composed of objects related to secure 5762 connection information." 5763 ::= { cSecureConnectionGroups 1 } 5765 cSecureConnectionNotifyGroup NOTIFICATION-GROUP 5766 NOTIFICATIONS { 5767 cSecConnectionEstablished, 5768 cSecConnectionDeleted 5770 } 5771 STATUS current 5772 DESCRIPTION 5773 "This group is composed of notifications related to secure 5774 connection information." 5775 ::= { cSecureConnectionGroups 2 } 5777 END 5779 6. IANA Considerations 5781 7. Security Considerations 5783 SNMP versions prior to SNMPv3 did not include adequate security. 5784 Even if the network itself is secure (for example by using IPsec), 5785 there is no control as to who on the secure network is allowed to 5786 access and GET/SET (read/change/create/delete) the objects in this 5787 MIB module. 5789 Implementations SHOULD provide the security features described by the 5790 SNMPv3 framework (see [RFC3410]), and implementations claiming 5791 compliance to the SNMPv3 standard MUST include full support for 5792 authentication and privacy via the User-based Security Model (USM) 5793 [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations 5794 MAY also provide support for the Transport Security Model (TSM) 5795 [RFC5591] in combination with a secure transport such as SSH 5796 [RFC5592] or TLS/DTLS [RFC6353]. 5798 Further, deployment of SNMP versions prior to SNMPv3 is NOT 5799 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 5800 enable cryptographic security. It is then a customer/operator 5801 responsibility to ensure that the SNMP entity giving access to an 5802 instance of this MIB module is properly configured to give access to 5803 the objects only to those principals (users) that have legitimate 5804 rights to indeed GET or SET (change/create/delete) them. 5806 8. References 5808 8.1. Normative References 5810 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 5811 Requirement Levels", BCP 14, RFC 2119, 5812 DOI 10.17487/RFC2119, March 1997, . 5815 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 5816 Schoenwaelder, Ed., "Structure of Management Information 5817 Version 2 (SMIv2)", STD 58, RFC 2578, 5818 DOI 10.17487/RFC2578, April 1999, . 5821 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 5822 Schoenwaelder, Ed., "Textual Conventions for SMIv2", 5823 STD 58, RFC 2579, DOI 10.17487/RFC2579, April 1999, 5824 . 5826 [RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J. 5827 Schoenwaelder, Ed., "Conformance Statements for SMIv2", 5828 STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999, 5829 . 5831 [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An 5832 Architecture for Describing Simple Network Management 5833 Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, 5834 DOI 10.17487/RFC3411, December 2002, . 5837 [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model 5838 (USM) for version 3 of the Simple Network Management 5839 Protocol (SNMPv3)", STD 62, RFC 3414, 5840 DOI 10.17487/RFC3414, December 2002, . 5843 [RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The 5844 Advanced Encryption Standard (AES) Cipher Algorithm in the 5845 SNMP User-based Security Model", RFC 3826, 5846 DOI 10.17487/RFC3826, June 2004, . 5849 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 5850 Housley, R., and W. Polk, "Internet X.509 Public Key 5851 Infrastructure Certificate and Certificate Revocation List 5852 (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, 5853 . 5855 [RFC5591] Harrington, D. and W. Hardaker, "Transport Security Model 5856 for the Simple Network Management Protocol (SNMP)", 5857 STD 78, RFC 5591, DOI 10.17487/RFC5591, June 2009, 5858 . 5860 [RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure 5861 Shell Transport Model for the Simple Network Management 5862 Protocol (SNMP)", RFC 5592, DOI 10.17487/RFC5592, June 5863 2009, . 5865 [RFC5914] Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor 5866 Format", RFC 5914, DOI 10.17487/RFC5914, June 2010, 5867 . 5869 [RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric 5870 Key Container (PSKC)", RFC 6030, DOI 10.17487/RFC6030, 5871 October 2010, . 5873 [RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport 5874 Model for the Simple Network Management Protocol (SNMP)", 5875 STD 78, RFC 6353, DOI 10.17487/RFC6353, July 2011, 5876 . 5878 8.2. Informative References 5880 [RFC1213] McCloghrie, K. and M. Rose, "Management Information Base 5881 for Network Management of TCP/IP-based internets: MIB-II", 5882 STD 17, RFC 1213, DOI 10.17487/RFC1213, March 1991, 5883 . 5885 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 5886 "Introduction and Applicability Statements for Internet- 5887 Standard Management Framework", RFC 3410, 5888 DOI 10.17487/RFC3410, December 2002, . 5891 [RFC3418] Presuhn, R., Ed., "Management Information Base (MIB) for 5892 the Simple Network Management Protocol (SNMP)", STD 62, 5893 RFC 3418, DOI 10.17487/RFC3418, December 2002, 5894 . 5896 [RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", 5897 RFC 4303, DOI 10.17487/RFC4303, December 2005, 5898 . 5900 Authors' Addresses 5902 Shadi Azoum 5903 SPAWAR Systems Center Pacific 5905 Email: shadi.azoum@navy.mil 5906 Elliott Jones 5907 SPAWAR Systems Center Pacific 5909 Email: elliott.jones@navy.mil 5911 Lily Sun 5912 SPAWAR Systems Center Pacific 5914 Email: lily.sun@navy.mil 5916 Mike Irani 5917 Nathan Kunes, Inc. 5919 Email: irani@nkiengineering.com 5921 Jeffrey Sun 5922 Nathan Kunes, Inc. 5924 Email: sunjeff@nkiengineering.com 5926 Ray Purvis 5927 The MITRE Corporation 5929 Email: rpurvis@mitre.org 5931 Sean Turner 5932 sn3rd 5934 Email: sean@sn3rd.com