idnits 2.17.00 (12 Aug 2021)
/tmp/idnits54205/draft-turner-ccmib-00.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
** There are 25 instances of too long lines in the document, the longest
one being 4 characters in excess of 72.
== There are 3 instances of lines with non-RFC6890-compliant IPv4 addresses
in the document. If these are example addresses, they should be changed.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
== Line 392 has weird spacing: '... octets cont...'
== Line 404 has weird spacing: '... octets cont...'
== Line 5638 has weird spacing: '...defined by th...'
-- The document date (June 30, 2016) is 2150 days in the past. Is this
intentional?
Checking references for intended status: Proposed Standard
----------------------------------------------------------------------------
(See RFCs 3967 and 4897 for information about using normative references
to lower-maturity documents in RFCs)
-- Looks like a reference, but probably isn't: '1' on line 5956
-- Looks like a reference, but probably isn't: '2' on line 5959
-- Looks like a reference, but probably isn't: '3' on line 5962
-- Looks like a reference, but probably isn't: '10' on line 5641
-- Looks like a reference, but probably isn't: '20' on line 5645
-- Looks like a reference, but probably isn't: '21' on line 5649
-- Looks like a reference, but probably isn't: '22' on line 5653
** Obsolete normative reference: RFC 2571 (Obsoleted by RFC 3411)
** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446)
-- Obsolete informational reference (is this intentional?): RFC 1907
(Obsoleted by RFC 3418)
Summary: 3 errors (**), 0 flaws (~~), 5 warnings (==), 9 comments (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 Network Working Group S. Azoum
3 Internet-Draft E. Jones
4 Intended status: Standards Track L. Sun
5 Expires: January 1, 2017 SPAWAR Systems Center Pacific
6 M. Irani
7 J. Sun
8 Nathan Kunes, Inc.
9 R. Purvis
10 The MITRE Corporation
11 S. Turner
12 sn3rd
13 June 30, 2016
15 Common Cryptographic MIB (CCMIB)
16 draft-turner-ccmib-00
18 Abstract
20 This document defines a portion of the Management Information Base
21 (MIB) for use with network management protocols in the Internet
22 community. In particular, it describes managed objects used to
23 manage key management implementations including asymmetric keys,
24 symmetric keys, trust anchors, and cryptographic-related firmware.
26 Status of This Memo
28 This Internet-Draft is submitted in full conformance with the
29 provisions of BCP 78 and BCP 79.
31 Internet-Drafts are working documents of the Internet Engineering
32 Task Force (IETF). Note that other groups may also distribute
33 working documents as Internet-Drafts. The list of current Internet-
34 Drafts is at http://datatracker.ietf.org/drafts/current/.
36 Internet-Drafts are draft documents valid for a maximum of six months
37 and may be updated, replaced, or obsoleted by other documents at any
38 time. It is inappropriate to use Internet-Drafts as reference
39 material or to cite them other than as "work in progress."
41 This Internet-Draft will expire on January 1, 2017.
43 Copyright Notice
45 Copyright (c) 2016 IETF Trust and the persons identified as the
46 document authors. All rights reserved.
48 This document is subject to BCP 78 and the IETF Trust's Legal
49 Provisions Relating to IETF Documents
50 (http://trustee.ietf.org/license-info) in effect on the date of
51 publication of this document. Please review these documents
52 carefully, as they describe your rights and restrictions with respect
53 to this document. Code Components extracted from this document must
54 include Simplified BSD License text as described in Section 4.e of
55 the Trust Legal Provisions and are provided without warranty as
56 described in the Simplified BSD License.
58 Table of Contents
60 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
61 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2
62 3. The Internet-Standard Management Framework . . . . . . . . . 3
63 4. Structure of the MIB module . . . . . . . . . . . . . . . . . 3
64 5. Definition of the CC MIB module . . . . . . . . . . . . . . . 3
65 5.1. CC Assignments [assign] . . . . . . . . . . . . . . . . 3
66 5.2. CC Feature Hierarchy . . . . . . . . . . . . . . . . . . 5
67 5.3. CC Textual Conventions . . . . . . . . . . . . . . . . . 6
68 5.4. CC Device Info . . . . . . . . . . . . . . . . . . . . . 11
69 5.5. Key Management Info . . . . . . . . . . . . . . . . . . . 30
70 5.6. Key Transfer Pull . . . . . . . . . . . . . . . . . . . . 84
71 5.7. Key Transfer Push . . . . . . . . . . . . . . . . . . . . 100
72 5.8. Security Policy Information . . . . . . . . . . . . . . . 113
73 5.9. Secure Connection Information . . . . . . . . . . . . . . 120
74 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 128
75 7. Security Considerations . . . . . . . . . . . . . . . . . . . 128
76 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 128
77 8.1. Normative References . . . . . . . . . . . . . . . . . . 128
78 8.2. Informative References . . . . . . . . . . . . . . . . . 130
79 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 130
81 1. Introduction
83 This document defines a portion of the Management Information Base
84 (MIB) for use with network management protocols in the Internet
85 community. In particular, it describes managed objects used to
86 manage key management implementations including asymmetric keys,
87 symmetric keys, trust anchors, and cryptographic-related firmware.
89 2. Terminology
91 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
92 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
93 "OPTIONAL" in this document are to be interpreted as described in
94 [RFC2119].
96 3. The Internet-Standard Management Framework
98 For a detailed overview of the documents that describe the current
99 Internet-Standard Management Framework, please refer to section 7 of
100 [RFC3410].
102 Managed objects are accessed via a virtual information store, termed
103 the Management Information Base or MIB. MIB objects are generally
104 accessed through the Simple Network Management Protocol (SNMP).
105 Objects in the MIB are defined using the mechanisms defined in the
106 Structure of Management Information (SMI). This memo specifies a MIB
107 module that is compliant to the SMIv2, which is described in
108 [RFC2578], [RFC2579], and [RFC2580].
110 As with all MIB modules, an attempt to SET or CREATE an object to
111 value that is not supported by the implementation will result in a
112 failure using a return code that indicates that the value is not
113 supported.
115 4. Structure of the MIB module
117 5. Definition of the CC MIB module
119 5.1. CC Assignments [assign]
121 This MIB module makes reference to the following document: [RFC2578].
123 CC-ASSIGNMENTS-MIB DEFINITIONS ::= BEGIN
125 IMPORTS
126 MODULE-IDENTITY, enterprises
127 FROM SNMPv2-SMI; -- RFC 2578
129 ccAssignmentsMIB MODULE-IDENTITY
130 LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
131 ORGANIZATION "IETF"
132 CONTACT-INFO
133 "Shadi Azoum
134 US Navy
135 email: shadi.azoum@navy.mil
137 Elliott Jones
138 US Navy
139 elliott.jones@navy.mil
141 Lily Sun
142 US Navy
143 lily.sun@navy.mil
144 Mike Irani
145 NKI Engineering
146 irani@nkiengineering.com
148 Jeffrey Sun
149 NKI Engineering
150 sunjeff@nkiengineering.com
152 Ray Purvis
153 MITRE
154 Email:rpurvis@mitre.org
156 Sean Turner
157 sn3rd
158 Email:sean@sn3rd.com"
159 DESCRIPTION
160 "This MIB defines the CC MIB tree hierarchical assignments
161 below it and acts as a reservation mechanism.
163 Copyright (c) 2016 IETF Trust and the persons
164 identified as authors of the code. All rights reserved.
166 Redistribution and use in source and binary forms, with
167 or without modification, is permitted pursuant to, and
168 subject to the license terms contained in, the Simplified
169 BSD License set forth in Section 4.c of the IETF Trust's
170 Legal Provisions Relating to IETF Documennts
171 (http://trustee.ietf.org/license-info).
173 This version of this MIB module is part of RFC xxxx;
174 see the RFC itself for full legal notices."
175 -- RFC Ed.: RFC-editor please fill in xxxx.
176 REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
177 DESCRIPTION "Initial Version. Published as RFC xxxx."
178 -- RFC Ed.: RFC-editor please fill in xxxx.
179 ::= { mib-2 TBD }
181 --
182 -- Note: Current top-level OID assignments within the CC MIB tree:
183 -- mib-2.TBD : CC-ASSIGNMENTS-MIB (this MIB)
184 -- mib-2.TBD.1 : CC-FEATURE-HIERARCHY-MIB
186 END
188 5.2. CC Feature Hierarchy
190 This MIB module makes reference to the following document: [RFC2578].
192 CC-FEATURE-HIERARCHY-MIB DEFINITIONS ::= BEGIN
194 IMPORTS
195 ccAssignmentsMIB
196 FROM CC-ASSIGNMENTS-MIB -- FROM [assign]
197 MODULE-IDENTITY
198 FROM SNMPv2-SMI; -- FROM RFC 2578
200 ccFeatureHierarchyMIB MODULE-IDENTITY
201 LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
202 ORGANIZATION "IETF"
203 CONTACT-INFO
204 "Shadi Azoum
205 US Navy
206 email: shadi.azoum@navy.mil
208 Elliott Jones
209 US Navy
210 elliott.jones@navy.mil
212 Lily Sun
213 US Navy
214 lily.sun@navy.mil
216 Mike Irani
217 NKI Engineering
218 irani@nkiengineering.com
220 Jeffrey Sun
221 NKI Engineering
222 sunjeff@nkiengineering.com
224 Ray Purvis
225 MITRE
226 Email:rpurvis@mitre.org
228 Sean Turner
229 sn3rd
230 Email:sean@sn3rd.com"
231 DESCRIPTION
232 "This MIB defines the CC MIB tree hierarchical assignments
233 below it and acts as a reservation mechanism.
235 Copyright (c) 2016 IETF Trust and the persons
236 identified as authors of the code. All rights reserved.
238 Redistribution and use in source and binary forms, with
239 or without modification, is permitted pursuant to, and
240 subject to the license terms contained in, the Simplified
241 BSD License set forth in Section 4.c of the IETF Trust's
242 Legal Provisions Relating to IETF Documents
243 (http://trustee.ietf.org/license-info).
245 This version of this MIB module is part of RFC xxxx;
246 see the RFC itself for full legal notices."
247 -- RFC Ed.: RFC-editor please fill in xxxx.
248 REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
249 DESCRIPTION "Initial Version. Published as RFC xxxx."
250 -- RFC Ed.: RFC-editor please fill in xxxx.
251 ::= { ccAssignmentsMIB 1 }
253 ccTextualConventions OBJECT IDENTIFIER
254 ::= { ccFeatureHierarchyMIB 1 }
255 ccDeviceInfo OBJECT IDENTIFIER
256 ::= { ccFeatureHierarchyMIB 2 }
257 ccKeyManagement OBJECT IDENTIFIER
258 ::= { ccFeatureHierarchyMIB 3 }
259 ccKeyTransferPull OBJECT IDENTIFIER
260 ::= { ccFeatureHierarchyMIB 4 }
261 ccKeyTransferPush OBJECT IDENTIFIER
262 ::= { ccFeatureHierarchyMIB 5 }
263 ccSecurePolicyInfo OBJECT IDENTIFIER
264 ::= { ccFeatureHierarchyMIB 6 }
265 ccSecureConnectionInfo OBJECT IDENTIFIER
266 ::= { ccFeatureHierarchyMIB 7 }
268 END
270 5.3. CC Textual Conventions
272 This MIB module makes reference to following documents: Section 5.2,
273 [RFC2578], [RFC2579], [RFC5225], and [RFC5246].
275 CC-TEXTUAL-CONVENTIONS-MIB DEFINITIONS ::= BEGIN
277 IMPORTS
278 ccTextualConventions
279 FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}}
280 MODULE-IDENTITY, Integer32, Unsigned32
281 FROM SNMPv2-SMI -- FROM RFC 2578
282 TEXTUAL-CONVENTION
283 FROM SNMPv2-TC; -- FROM RFC 2579
285 ccTextualConventionMIB MODULE-IDENTITY
286 LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
287 ORGANIZATION "IETF"
288 CONTACT-INFO
289 "Shadi Azoum
290 US Navy
291 email: shadi.azoum@navy.mil
293 Elliott Jones
294 US Navy
295 elliott.jones@navy.mil
297 Lily Sun
298 US Navy
299 lily.sun@navy.mil
301 Mike Irani
302 NKI Engineering
303 irani@nkiengineering.com
305 Jeffrey Sun
306 NKI Engineering
307 sunjeff@nkiengineering.com
309 Ray Purvis
310 MITRE
311 Email:rpurvis@mitre.org
313 Sean Turner
314 sn3rd
315 Email:sean@sn3rd.com"
316 DESCRIPTION
317 "This MIB defines the CC MIB tree hierarchical assignments
318 below it and acts as a reservation mechanism.
320 Copyright (c) 2016 IETF Trust and the persons
321 identified as authors of the code. All rights reserved.
323 Redistribution and use in source and binary forms, with
324 or without modification, is permitted pursuant to, and
325 subject to the license terms contained in, the Simplified
326 BSD License set forth in Section 4.c of the IETF Trust's
327 Legal Provisions Relating to IETF Documents
328 (http://trustee.ietf.org/license-info).
330 This version of this MIB module is part of RFC xxxx;
331 see the RFC itself for full legal notices."
332 -- RFC Ed.: RFC-editor please fill in xxxx.
334 REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
335 DESCRIPTION "Initial Version. Published as RFC xxxx."
336 -- RFC Ed.: RFC-editor please fill in xxxx.
337 ::= { ccTextualConventions 1 }
339 -- *****************************************************************
340 -- IP Address Textual Conventions
341 -- *****************************************************************
343 IPAddressType ::= TEXTUAL-CONVENTION
344 STATUS current
345 DESCRIPTION
346 "A value that represents a type of Internet address.
347 ipv4(1) An IPv4 address as defined by the
348 IPv4Address textual convention.
350 ipv6(2) An IPv6 address as defined by the
351 IPv6Address textual convention.
353 Implementations must ensure that IPAddressType objects
354 and any dependent objects (e.g. IPv4Address and IPv6Address
355 objects) are consistent. An inconsistentValue error must
356 be generated if an attempt to change an IPv4Address or
357 IPv6Address object would, for example, lead to an undefined
358 value. IPAddressType/IPv4Address and
359 IPAddressType/IPv6Address pairs must be changed together if
360 IPAddressType changes."
361 SYNTAX INTEGER { ipv4(1), ipv6(2) }
363 IPAddress ::= TEXTUAL-CONVENTION
364 STATUS current
365 DESCRIPTION
366 "Denotes a generic Internet address that is either IPv4 or
367 IPv6.
369 Every usage of the IPAddress textual convention is required
370 to specify the IPAddressType object which provides the
371 context. It is suggested that the IPAddressType object is
372 logically registered before the object(s) which use the
373 IPAddress textual convention if they appear in the same
374 logical row.
376 The value of an IPAddress object must always be consistent
377 with the value of the associated IPAddressType object.
378 Attempts to set an IPAddress object to a value which is
379 inconsistent with the associated IPAddressType must
380 fail with an inconsistentValue error.
382 See the IPv4Address and IPv6Address textual conventions for
383 more details."
384 SYNTAX OCTET STRING (SIZE(4|16))
386 IPv4Address ::= TEXTUAL-CONVENTION
387 DISPLAY-HINT "1d.1d.1d.1d"
388 STATUS current
389 DESCRIPTION
390 "Represents an IPv4 network address:
392 octets contents encoding
393 1-4 IPv4 address network-byte order
395 The corresponding IPAddressType value is ipv4(1)."
396 SYNTAX OCTET STRING (SIZE(4))
398 IPv6Address ::= TEXTUAL-CONVENTION
399 DISPLAY-HINT "2x:2x:2x:2x:2x:2x:2x:2x"
400 STATUS current
401 DESCRIPTION
402 "Represents an IPv6 network address:
404 octets contents encoding
405 1-16 IPv6 address network-byte order
407 The corresponding InetAddressType value is ipv6(2)."
408 SYNTAX OCTET STRING (SIZE(16))
410 PortNumber ::= TEXTUAL-CONVENTION
411 DISPLAY-HINT "d"
412 STATUS current
413 DESCRIPTION
414 "Represents a 16 bit port number of an Internet transport
415 layer protocol. Port numbers are assigned by IANA. A current
416 list of all assignments is available from
417 .
419 The value zero represents the ANY (wildcard) value. In
420 regards to a filter or rule, this means that any port number
421 satisfies the filter or rule."
422 SYNTAX Unsigned32 (0..65535)
424 ROHCCompressionProfiles ::= TEXTUAL-CONVENTION
425 STATUS current
426 DESCRIPTION
427 "A 16-bit field that conveys the compression profiles the
428 local or peer decompressor supports. Only ROHCv2 compression
429 profiles are used and they are defined using the following
430 bit setting scheme shown below. Note that the bit setting
431 scheme does not correspond to the compression profile values
432 defined in RFC 5225. It is purely used in the MIB to convey
433 the compression profiles the local or peer decompressor
434 supports.
436 (0) compressionProfile1: IP/UDP/RTP
437 (1) compressionProfile2: IP/UDP
438 (2) compressionProfile3: IP/ESP
439 (3) compressionProfile4: IP
440 (4) compressionProfile5: IP/UDP-Lite/RTP
441 (5) compressionProfile6: IP/UDP-Lite
442 (6-15) RESERVED"
444 SYNTAX BITS { compressionProfile1(0), compressionProfile2(1),
445 compressionProfile3(2), compressionProfile4(3),
446 compressionProfile5(4), compressionProfile6(5) }
448 ROHCModes ::= TEXTUAL-CONVENTION
449 STATUS current
450 DESCRIPTION
451 "An indication of whether RObust Header Compression (ROHC)
452 will be used in a Generic INE Secure Connection and how it
453 is being used. This textual convention is only applicable to
454 dynamic Secure Connections, where negotiation is required
455 for establishment.
457 [noROHC] = ROHC will not be used
458 [useROHCWithoutFeedback] = ROHC will be used and feedback
459 will not be sent on the Secure Connection
460 [useROHCWithFeedback] = ROHC will be used and feedback will
461 be sent on the Secure Connection
462 [rohcAcceptableWithoutFeedback] = ROHC will not be signaled
463 for use by this device as an initiator of the Secure
464 Connection; feedback will also not be sent on the Secure
465 Connection.
466 [rohcAcceptableWithFeedback] = ROHC will not be signaled for
467 use by this device as an initiator of the Secure
468 Connection; feedback will be sent on the Secure
469 Connection."
470 SYNTAX INTEGER { noROHC(1), useROHCWithoutFeedback(2),
471 useROHCWithFeedback(3),
472 rohcAcceptableWithoutFeedback(4),
473 rohcAcceptableWithFeedback(5) }
475 KeyFingerprint ::= TEXTUAL-CONVENTION
476 DISPLAY-HINT "1x:1x"
477 STATUS current
478 DESCRIPTION
479 "A fingerprint value that can be used to uniquely reference
480 key materials of potentially arbitrary length.
482 A KeyFingerprint value is composed of a 1-octet hashing
483 algorithm identifier followed by the fingerprint value. The
484 octet value encoded is taken from the IANA TLS HashAlgorithm
485 Registry RFC 5246. The remaining 19 octets are filled using
486 the results of the hashing algorithm on the raw key material
487 and inherent tagging information, truncated to 19 octets.
488 With public key certificates, for example, a hash of the
489 entire structure truncated to 19 octets is used.
491 If no tagging information is available, the text 'NO_TAG'
492 (without quotes) will be used as input."
493 REFERENCE "RFC 5246: The Transport Layer
494 Security (TLS) Protocol Version 1.2
495 http://www.iana.org/assignments/tls-parameters/"
496 SYNTAX OCTET STRING (SIZE(20))
498 END
500 5.4. CC Device Info
502 This MIB module makes reference to the following documents:
503 [RFC1213], [RFC1907], [RFC2571], [RFC2578], [RFC2579], and [RFC2580].
505 CC-DEVICE-INFO-MIB DEFINITIONS ::= BEGIN
507 IMPORTS
508 ccDeviceInfo
509 FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}}
510 MODULE-COMPLIANCE, OBJECT-GROUP,
511 NOTIFICATION-GROUP
512 FROM SNMPv2-CONF -- FROM RFC 2580
513 OBJECT-TYPE, Unsigned32, Integer32,
514 NOTIFICATION-TYPE, Counter64, MODULE-IDENTITY,
515 TimeTicks
516 FROM SNMPv2-SMI -- FROM RFC 2578
517 SnmpAdminString
518 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571
519 RowPointer, RowStatus, DateAndTime, TruthValue,
520 TEXTUAL-CONVENTION, TimeStamp
521 FROM SNMPv2-TC; -- FROM RFC 2579
523 ccDeviceInfoMIB MODULE-IDENTITY
524 "Shadi Azoum
525 US Navy
526 email: shadi.azoum@navy.mil
528 Elliott Jones
529 US Navy
530 elliott.jones@navy.mil
532 Lily Sun
533 US Navy
534 lily.sun@navy.mil
536 Mike Irani
537 NKI Engineering
538 irani@nkiengineering.com
540 Jeffrey Sun
541 NKI Engineering
542 sunjeff@nkiengineering.com
544 Ray Purvis
545 MITRE
546 Email:rpurvis@mitre.org
548 Sean Turner
549 sn3rd
550 Email:sean@sn3rd.com"
551 DESCRIPTION
552 "This MIB defines the CC MIB tree hierarchical assignments
553 below it and acts as a reservation mechanism.
555 Copyright (c) 2016 IETF Trust and the persons
556 identified as authors of the code. All rights reserved.
558 Redistribution and use in source and binary forms, with
559 or without modification, is permitted pursuant to, and
560 subject to the license terms contained in, the Simplified
561 BSD License set forth in Section 4.c of the IETF Trust's
562 Legal Provisions Relating to IETF Documents
563 (http://trustee.ietf.org/license-info).
565 This version of this MIB module is part of RFC xxxx;
566 see the RFC itself for full legal notices."
567 -- RFC Ed.: RFC-editor please fill in xxxx.
568 REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
569 DESCRIPTION "Initial Version. Published as RFC xxxx."
570 -- RFC Ed.: RFC-editor please fill in xxxx.
571 ::= { ccDeviceInfo 1 }
573 -- *****************************************************************
574 -- Device Info Information Segments
575 -- *****************************************************************
577 cDeviceInfoConformance OBJECT IDENTIFIER
578 ::= { ccDeviceInfoMIB 1}
579 cDeviceComponentVersInfo OBJECT IDENTIFIER
580 ::= { ccDeviceInfoMIB 2}
581 cBatteryInfo OBJECT IDENTIFIER
582 ::= { ccDeviceInfoMIB 3}
583 cFirmwareInfo OBJECT IDENTIFIER
584 ::= { ccDeviceInfoMIB 4}
585 cDeviceInfoScalars OBJECT IDENTIFIER
586 ::= { ccDeviceInfoMIB 5}
587 cDeviceInfoNotify OBJECT IDENTIFIER
588 ::= { ccDeviceInfoMIB 6}
590 -- *****************************************************************
591 -- General Device Info Scalars
592 -- *****************************************************************
594 cSystemDate OBJECT-TYPE
595 SYNTAX DateAndTime
596 MAX-ACCESS read-write
597 STATUS current
598 DESCRIPTION
599 "The host's notion of the local date and time of day. Note,
600 some implementations will not allow changing of this object
601 and will send an inconsistentValue error."
602 ::= { cDeviceInfoScalars 1 }
604 cSystemUpTime OBJECT-TYPE
605 SYNTAX TimeTicks
606 MAX-ACCESS read-only
607 STATUS current
608 DESCRIPTION
609 "The amount of time since this host was last initialized.
610 Note that this is different from sysUpTime in the SNMPv2-MIB
611 RFC 1907 because sysUpTime is the uptime of the network
612 management portion of the system."
613 ::= { cDeviceInfoScalars 2 }
615 cSystemInitialLoadParameters OBJECT-TYPE
616 SYNTAX SnmpAdminString (SIZE(0..128))
617 MAX-ACCESS read-write
618 STATUS current
619 DESCRIPTION
620 "This object contains the parameters (e.g. a pathname and
621 parameter) supplied to the load device when requesting the
622 initial operating system configuration from that device.
623 Note that writing to this object just changes the
624 configuration that will be used the next time the operating
625 system is loaded and does not actually cause the reload to
626 occur."
627 ::= { cDeviceInfoScalars 3 }
629 cSecurityLevel OBJECT-TYPE
630 SYNTAX SnmpAdminString (SIZE(0..255))
631 MAX-ACCESS read-write
632 STATUS current
633 DESCRIPTION
634 "The security level that this object is working at.
635 Different communities of interest may have different
636 conventions. The following values are defined and when used
637 by agents have specific meaning: UNCLASSIFIED, RESTRICTED,
638 CONFIDENTIAL, SECRET, TOP_SECRET."
639 ::= { cDeviceInfoScalars 4 }
641 cElectronicSerialNumber OBJECT-TYPE
642 SYNTAX OCTET STRING
643 MAX-ACCESS read-only
644 STATUS current
645 DESCRIPTION
646 "The Electronic Serial Number of the device. This may be the
647 chassis serial number or an internal serial number."
648 ::= { cDeviceInfoScalars 5 }
650 cLastChanged OBJECT-TYPE
651 SYNTAX TimeTicks
652 MAX-ACCESS read-only
653 STATUS current
654 DESCRIPTION
655 "The value of cSystemUpTime the last time any configurable
656 object within the MIBs supported by the device has been
657 modified, created, or deleted by either SNMP, agent, or other
658 management method (e.g. via an HMI). Managers can use this
659 object to ensure that no changes to any configuration within the
660 device have happened since the last time it examined the device.
661 A value of 0 indicates that no objects have been changed since
662 the agent initialized."
663 ::= { cDeviceInfoScalars 6 }
665 cResetDevice OBJECT-TYPE
666 SYNTAX TruthValue
667 MAX-ACCESS read-write
668 STATUS current
669 DESCRIPTION
670 "The indication of whether a device should be reset. Setting
671 this object to 'true' will perform a reset operation of the
672 device. This must not affect the state of any persistent
673 configuration data, zeroize any of the key material or erase
674 the audit log. When read this object should return false.
675 When set to false this object must not perform any operation
676 but should accept this as a valid SET operation."
677 ::= { cDeviceInfoScalars 7 }
679 cSanitizeDevice OBJECT-TYPE
680 SYNTAX TruthValue
681 MAX-ACCESS read-write
682 STATUS current
683 DESCRIPTION
684 "The indication of whether persistent data should be erased.
685 Setting this object to 'true' will erase all persistent data
686 and return the box to an uninitialized state. It will
687 zeroize all keying data, erase all persistent storage and
688 auditing information. Setting this object will certainly
689 render the device unreachable from distant managers since it
690 will be unconfigured. When read this object should return
691 false. When set to false this object must not perform any
692 operation but should accept this as a valid SET operation."
693 ::= { cDeviceInfoScalars 8 }
695 cRenderInoperable OBJECT-TYPE
696 SYNTAX TruthValue
697 MAX-ACCESS read-write
698 STATUS current
699 DESCRIPTION
700 "The indication of whether persistent data should be erased.
701 Setting this object to 'true' will erase all persistent data
702 and return the box to an uninitialized state. It will
703 zeroize all keying data, erase all persistent storage and
704 auditing information. In addition, when supported, the
705 device is expected to perform some internal function that
706 will make the box unusable without returning to the factory
707 or some equivalent. Setting this object will certainly
708 render the device unreachable from distant managers since it
709 will be unconfigured. When read this object should return
710 false. When set to false this object must not perform any
711 operation but should accept this as a valid SET operation."
712 ::= { cDeviceInfoScalars 9 }
714 cVendorName OBJECT-TYPE
715 SYNTAX OCTET STRING
716 MAX-ACCESS read-only
717 STATUS current
718 DESCRIPTION
719 "This object stores the device's vendor name and is intended
720 to be displayed and meaningful to the human operator (e.g.
721 Flinstones Inc). In other words, this object is not intended
722 to store the vendor's authoritative identification value
723 (i.e. sysObjectID RFC 1213)."
724 ::= { cDeviceInfoScalars 10 }
726 cModelIdentifier OBJECT-TYPE
727 SYNTAX OCTET STRING
728 MAX-ACCESS read-only
729 STATUS current
730 DESCRIPTION
731 "This object stores the device's model identifier. In
732 general, this would include the model name and model
733 number."
734 ::= { cDeviceInfoScalars 11 }
736 cHardwareVersionNumber OBJECT-TYPE
737 SYNTAX OCTET STRING
738 MAX-ACCESS read-only
739 STATUS current
740 DESCRIPTION
741 "This object stores the device's hardware version."
742 ::= { cDeviceInfoScalars 12 }
744 -- *****************************************************************
745 -- Device Info Notifications
746 -- *****************************************************************
748 cFirmwareInstallFailed NOTIFICATION-TYPE
749 STATUS current
750 DESCRIPTION
751 "A notification from the device to the management station
752 indicating a firmware install failed."
753 ::= { cDeviceInfoNotify 1 }
755 cFirmwareInstallSuccess NOTIFICATION-TYPE
756 OBJECTS {
757 cFirmwareName,
758 cFirmwareVersion,
759 cFirmwareSource
760 }
761 STATUS current
762 DESCRIPTION
763 "A notification from the device to the management station
764 indicating a firmware install succeeded."
766 ::= { cDeviceInfoNotify 2 }
768 cResetDeviceInitialized NOTIFICATION-TYPE
769 STATUS current
770 DESCRIPTION
771 "A notification from the device to the management station
772 indicating that the device is being reset due to a change in
773 the value of cResetDevice. This notification should be sent
774 before the device performs any other reset operations (such
775 as shutting down interfaces, etc.)"
776 ::= { cDeviceInfoNotify 3 }
778 cSanitizeDeviceInitialized NOTIFICATION-TYPE
779 STATUS current
780 DESCRIPTION
781 "A notification from the device to the management station
782 indicating that the device is being sanitized due to a
783 change in the value of cSanitizeDevice. This notification
784 should be sent before the device performs any other sanitize
785 operations (such as shutting down interfaces, etc.)"
786 ::= { cDeviceInfoNotify 4 }
788 cTamperEventIndicated NOTIFICATION-TYPE
789 STATUS current
790 DESCRIPTION
791 "A notification from the device to the management station
792 indicating that the device has detected a tamper event. This
793 notification should be sent before the device performs any
794 operations (such as shutting down interfaces, etc.)"
795 ::= { cDeviceInfoNotify 5 }
797 cBatteryLow NOTIFICATION-TYPE
798 OBJECTS {
799 cBatteryType,
800 cBatteryOpStatus,
801 cBatteryLowThreshold
802 }
803 STATUS current
804 DESCRIPTION
805 "A notification from the device to the management station
806 indicating a battery has reached the threshold at which a
807 battery warning is indicated."
808 ::= { cDeviceInfoNotify 6 }
810 cBatteryRequiresReplacement NOTIFICATION-TYPE
811 OBJECTS {
812 cBatteryType,
813 cBatteryOpStatus
815 }
816 STATUS current
817 DESCRIPTION
818 "A notification from the device to the management station
819 indicating a battery should be charged or changed
820 immediately."
821 ::= { cDeviceInfoNotify 7 }
823 cDeviceOnBattery NOTIFICATION-TYPE
824 OBJECTS {
825 cBatteryType,
826 cBatteryOpStatus
827 }
828 STATUS current
829 DESCRIPTION
830 "A notification from the device to the management station
831 indicating the device is on battery power. This notification
832 is sent when the device is no longer connected to an
833 external power source and is operating using a battery for
834 main power."
835 ::= { cDeviceInfoNotify 8 }
837 cDeviceComponentDisabled NOTIFICATION-TYPE
838 OBJECTS {
839 cDeviceComponentName,
840 cDeviceComponentVersion,
841 cDeviceComponentOpStatus
842 }
843 STATUS current
844 DESCRIPTION
845 "A notification from the device to the management station
846 indicating a component described in the
847 cDeviceComponentVersTable has been disabled."
848 ::= { cDeviceInfoNotify 9 }
850 cDeviceComponentEnabled NOTIFICATION-TYPE
851 OBJECTS {
852 cDeviceComponentName,
853 cDeviceComponentVersion
854 }
855 STATUS current
856 DESCRIPTION
857 "A notification from the device to the management station
858 indicating a component described in the
859 cDeviceComponentVersTable has been enabled."
860 ::= { cDeviceInfoNotify 10 }
862 -- *****************************************************************
863 -- CC MIB cDeviceComponentVersTable
864 -- *****************************************************************
866 cDeviceComponentVersTableCount OBJECT-TYPE
867 SYNTAX Unsigned32
868 MAX-ACCESS read-only
869 STATUS current
870 DESCRIPTION
871 "The number of rows in the cDeviceComponentVersTable."
872 ::= { cDeviceComponentVersInfo 1 }
874 cDeviceComponentVersTableLastChanged OBJECT-TYPE
875 SYNTAX TimeStamp
876 MAX-ACCESS read-only
877 STATUS current
878 DESCRIPTION
879 "The last time any entry in the table was modified, created,
880 or deleted by either SNMP, agent, or other management method
881 (e.g. via an HMI). Managers can use this object to ensure
882 that no changes to configuration of this table have happened
883 since the last time it examined the table. A value of 0
884 indicates that no entry has been changed since the agent
885 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
886 should be used to populate this column."
887 ::= { cDeviceComponentVersInfo 2 }
889 cDeviceComponentVersTable OBJECT-TYPE
890 SYNTAX SEQUENCE OF CDeviceComponentVersEntry
891 MAX-ACCESS not-accessible
892 STATUS current
893 DESCRIPTION
894 "The table containing a description of the specification
895 versions of components or specifications supported by the
896 ECU. Note that it is possible for multiple versions of a
897 given specification to be registered within the table."
898 ::= { cDeviceComponentVersInfo 3 }
900 cDeviceComponentVersEntry OBJECT-TYPE
901 SYNTAX CDeviceComponentVersEntry
902 MAX-ACCESS not-accessible
903 STATUS current
904 DESCRIPTION
905 "A row containing a module descriptive name and its version
906 that is supported by this device."
907 INDEX { cDeviceComponentName, cDeviceComponentVersion }
908 ::= { cDeviceComponentVersTable 1 }
910 cDeviceComponentVersEntry ::= SEQUENCE {
911 cDeviceComponentName SnmpAdminString,
912 cDeviceComponentVersion SnmpAdminString,
913 cDeviceComponentOpStatus INTEGER,
914 cDeviceComponentDescription OCTET STRING
915 }
917 cDeviceComponentName OBJECT-TYPE
918 SYNTAX SnmpAdminString (SIZE(1..32))
919 MAX-ACCESS read-only
920 STATUS current
921 DESCRIPTION
922 "The module name or specification name. The string value to
923 be used in this field should be documented in the text of
924 the specification a given row is reporting information on.
926 Specification names beginning with a prefix of 'vendor-' are
927 reserved for private use by the vendor of the device.
929 The string 'device' (exact) is reserved for vendors to
930 register a software revision version of the device.
932 The string 'hardware' (exact) is reserved for vendors to
933 register a model number of the hardware of the device."
934 ::= { cDeviceComponentVersEntry 1 }
936 cDeviceComponentVersion OBJECT-TYPE
937 SYNTAX SnmpAdminString (SIZE(1..32))
938 MAX-ACCESS read-only
939 STATUS current
940 DESCRIPTION
941 "The version of the specification or module name listed in
942 the cDeviceComponentName object field in this row. The
943 string value to be used in this field should be documented
944 in the text of a specification, of the device, or elsewhere.
945 If the cDeviceComponentName begins with a 'vendor-' prefix,
946 the format of this field is vendor specific."
947 ::= { cDeviceComponentVersEntry 2 }
949 cDeviceComponentOpStatus OBJECT-TYPE
950 SYNTAX INTEGER { up(1), notReady(2),
951 administrativelyDown(3) }
952 MAX-ACCESS read-write
953 STATUS current
954 DESCRIPTION
955 "The current operational state of the interface feature.
957 This row may be used to enable/disable components or modules
958 in the device, and some implementations may allow for
959 various versions of a component to be activated. Devices may
960 use this construct to roll back versions of a device
961 software, or to allow various software feature versions to
962 be installed.
964 Agents may reject the changing this object for certain rows.
965 An example of this is changing the operational status of a
966 row that describes the software the device and not a
967 particular feature. In this event, the agent should return
968 an inconsistentValue error."
969 ::= { cDeviceComponentVersEntry 3 }
971 cDeviceComponentDescription OBJECT-TYPE
972 SYNTAX OCTET STRING
973 MAX-ACCESS read-write
974 STATUS current
975 DESCRIPTION
976 "A description of the component. Agents may reject the
977 changing this object certain rows. In this event, the agent
978 should return an inconsistentValue error."
979 ::= { cDeviceComponentVersEntry 4 }
981 -- *****************************************************************
982 -- CC MIB cBatteryInfoTable
983 -- *****************************************************************
985 cBatteryInfoTableCount OBJECT-TYPE
986 SYNTAX Unsigned32
987 MAX-ACCESS read-only
988 STATUS current
989 DESCRIPTION
990 "The number of rows in the cBatteryInfoTable."
991 ::= { cBatteryInfo 1 }
993 cBatteryInfoTableLastChanged OBJECT-TYPE
994 SYNTAX TimeStamp
995 MAX-ACCESS read-only
996 STATUS current
997 DESCRIPTION
998 "The last time any entry in the table was modified, created,
999 or deleted by either SNMP, agent, or other management method
1000 (e.g. via an HMI). Managers can use this object to ensure
1001 that no changes to configuration of this table have happened
1002 since the last time it examined the table. A value of 0
1003 indicates that no entry CC-DEVICE-INFO-MIB cSystemUpTime
1004 should be used to populate this column."
1005 ::= { cBatteryInfo 2 }
1007 cBatteryInfoTable OBJECT-TYPE
1008 SYNTAX SEQUENCE OF CBatteryInfoEntry
1009 MAX-ACCESS not-accessible
1010 STATUS current
1011 DESCRIPTION
1012 "The table containing information on each of the batteries
1013 installed in the device."
1014 ::= { cBatteryInfo 3 }
1016 cBatteryInfoEntry OBJECT-TYPE
1017 SYNTAX CBatteryInfoEntry
1018 MAX-ACCESS not-accessible
1019 STATUS current
1020 DESCRIPTION
1021 "A row continuing information on a specific battery. If a
1022 device cannot return status of a battery it should not
1023 create a row in this table for that battery."
1024 INDEX { cBatteryIndex }
1025 ::= { cBatteryInfoTable 1 }
1027 CBatteryInfoEntry ::= SEQUENCE {
1028 cBatteryIndex Unsigned32,
1029 cBatteryType INTEGER,
1030 cBatteryOpStatus INTEGER,
1031 cBatteryLowThreshold Integer32
1032 }
1034 cBatteryIndex OBJECT-TYPE
1035 SYNTAX Unsigned32
1036 MAX-ACCESS not-accessible
1037 STATUS current
1038 DESCRIPTION
1039 "A numerical index used to identify the battery. This value
1040 uniquely identifies a battery on this device. The value
1041 should be persistent for a given battery, but management
1042 stations should not depend on it as it may not be possible
1043 for some devices to retain identical indexes (especially
1044 across reboots)."
1045 ::= { cBatteryInfoEntry 1 }
1047 cBatteryType OBJECT-TYPE
1048 SYNTAX INTEGER { other(1), main(2), clock(3), security(4) }
1049 MAX-ACCESS read-only
1050 STATUS current
1051 DESCRIPTION
1052 "The type of battery. Other(1) describes a battery which is
1053 not otherwise defined here. Main(2) batteries are used for
1054 operation of the device when not connected to a power
1055 source. Clock(3) is used to describe batteries which cannot
1056 provide main power to the device but maintain clock or other
1057 persistent data. Security(4) is used for batteries which
1058 perform specific security functions or which may render the
1059 device inoperable when the battery is depleted. If a battery
1060 is used for both clock and security, Security should be
1061 returned."
1062 ::= { cBatteryInfoEntry 2 }
1064 cBatteryOpStatus OBJECT-TYPE
1065 SYNTAX INTEGER { unknown(1), batteryNormal(2),
1066 batteryLow(3), batteryDepleted(4),
1067 batteryMissing(5) }
1068 MAX-ACCESS read-only
1069 STATUS current
1070 DESCRIPTION
1071 "Indication of the status of the battery."
1072 ::= {cBatteryInfoEntry 3}
1074 cBatteryLowThreshold OBJECT-TYPE
1075 SYNTAX Integer32 (0..100)
1076 MAX-ACCESS read-write
1077 STATUS current
1078 DESCRIPTION
1079 "The percentage of capacity at which the cBatteryLow
1080 notification will be generated. A value of zero indicates
1081 that the notification should never be sent for this battery.
1082 This object should not be implemented if the device will
1083 detect a low battery, but the actual percentage is not
1084 measurable. This object only needs be writable for
1085 implementations that support modification of the warning
1086 level percentage."
1087 ::= { cBatteryInfoEntry 4 }
1089 -- *****************************************************************
1090 -- CC MIB cFirmwareInformationTable
1091 -- *****************************************************************
1093 cFirmwareInformationTableCount OBJECT-TYPE
1094 SYNTAX Unsigned32
1095 MAX-ACCESS read-only
1096 STATUS current
1097 DESCRIPTION
1098 "The number of rows in the cFirmwareInformationTable."
1099 ::= { cFirmwareInfo 1 }
1101 cFirmwareInformationTableLastChanged OBJECT-TYPE
1102 SYNTAX TimeStamp
1103 MAX-ACCESS read-only
1104 STATUS current
1105 DESCRIPTION
1106 "The last time any entry in the table was modified, created,
1107 or deleted by either SNMP, agent, or other management method
1108 (e.g. via an HMI). Managers can use this object to ensure
1109 that no changes to configuration of this table have happened
1110 since the last time it examined the table. A value of 0
1111 indicates that no entry has been changed since the agent
1112 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
1113 should be used to populate this column."
1114 ::= { cFirmwareInfo 2 }
1116 cFirmwareInformationTable OBJECT-TYPE
1117 SYNTAX SEQUENCE OF CFirmwareInformationEntry
1118 MAX-ACCESS not-accessible
1119 STATUS current
1120 DESCRIPTION
1121 "A table that lists firmware versions available in the
1122 device, along with their versions and type. This is used to
1123 list currently loaded firmware versions of running firmware
1124 and other available firmware versions in support of
1125 returning to a previous version of the firmware."
1126 ::= { cFirmwareInfo 3 }
1128 cFirmwareInformationEntry OBJECT-TYPE
1129 SYNTAX CFirmwareInformationEntry
1130 MAX-ACCESS not-accessible
1131 STATUS current
1132 DESCRIPTION
1133 "A row containing a firmware package name, version, and
1134 source."
1135 INDEX { cFirmwareName }
1136 ::= { cFirmwareInformationTable 1 }
1138 CFirmwareInformationEntry ::= SEQUENCE {
1139 cFirmwareName OCTET STRING,
1140 cFirmwareVersion SnmpAdminString,
1141 cFirmwareSource SnmpAdminString,
1142 cFirmwareRunning TruthValue,
1143 cFirmwareRowStatus RowStatus
1144 }
1146 cFirmwareName OBJECT-TYPE
1147 SYNTAX OCTET STRING (SIZE(1..255))
1148 MAX-ACCESS read-only
1149 STATUS current
1150 DESCRIPTION
1151 "Unique identifier provided in the firmware package."
1152 ::= { cFirmwareInformationEntry 1 }
1154 cFirmwareVersion OBJECT-TYPE
1155 SYNTAX SnmpAdminString (SIZE(1..255))
1156 MAX-ACCESS read-only
1157 STATUS current
1158 DESCRIPTION
1159 "Version of firmware (provided in the package); for legacy
1160 firmware packages, this column would be the empty string,
1161 ''."
1162 ::= { cFirmwareInformationEntry 2 }
1164 cFirmwareSource OBJECT-TYPE
1165 SYNTAX SnmpAdminString (SIZE(1..255))
1166 MAX-ACCESS read-only
1167 STATUS current
1168 DESCRIPTION
1169 "This column is used by the implementation to describe how
1170 the firmware was received. Agents may use any string which
1171 adequately describes the interface such as 'USB' or
1172 'DS-100.' Agents may also reference entries in the ifTable
1173 when appropriate. If received using a Cryptographic Device
1174 Material (CDM) server, the exact URI that was used to
1175 retrieve the firmware package would be configured in this
1176 column."
1177 ::= { cFirmwareInformationEntry 3 }
1179 cFirmwareRunning OBJECT-TYPE
1180 SYNTAX TruthValue
1181 MAX-ACCESS read-write
1182 STATUS current
1183 DESCRIPTION
1184 "Indicates if the firmware is currently running. Only one
1185 row in the table should have this object set to True at any
1186 given time. If this object is set from False to True, the
1187 agent must install the firmware, uninstall the previous
1188 running firmware and change the cFirmwareRunning object for
1189 the previous running firmware from True to False."
1190 ::= { cFirmwareInformationEntry 4 }
1192 cFirmwareRowStatus OBJECT-TYPE
1193 SYNTAX RowStatus
1194 MAX-ACCESS read-write
1195 STATUS current
1196 DESCRIPTION
1197 "The status of the row, by which old entries may be deleted
1198 from this table. At a minimum, implementations must support
1199 destroy management functions. Support for active and
1200 notReady management functions is optional."
1201 ::= { cFirmwareInformationEntry 5 }
1203 -- *****************************************************************
1204 -- Module Conformance Information
1205 -- *****************************************************************
1207 cDeviceInfoCompliances OBJECT IDENTIFIER
1208 ::= { cDeviceInfoConformance 1}
1209 cDeviceInfoGroups OBJECT IDENTIFIER
1210 ::= { cDeviceInfoConformance 2}
1212 cDeviceInfoSystemCompliance MODULE-COMPLIANCE
1213 STATUS current
1214 DESCRIPTION
1215 "Compliance levels for system information."
1216 MODULE
1217 MANDATORY-GROUPS { cDeviceInfoSystemGroup }
1219 GROUP cDeviceInfoSystemNotifyGroup
1220 DESCRIPTION
1221 "This notification group is optional for implementation."
1223 OBJECT cSystemInitialLoadParameters
1224 MIN-ACCESS not-accessible
1225 DESCRIPTION
1226 "Implementation of this object is optional."
1228 OBJECT cSecurityLevel
1229 MIN-ACCESS not-accessible
1230 DESCRIPTION
1231 "Implementation of this object is optional."
1233 cSanitizeDevice
1234 MIN-ACCESS not-accessible
1235 DESCRIPTION
1236 "Implementation of this object is optional."
1238 OBJECT cRenderInoperable
1239 MIN-ACCESS not-accessible
1240 DESCRIPTION
1241 "Implementation of this object is optional."
1242 ::= { cDeviceInfoCompliances 1 }
1244 cDeviceInfoComponentCompliance MODULE-COMPLIANCE
1245 STATUS current
1246 DESCRIPTION
1247 "Compliance levels for component information."
1248 MODULE
1249 MANDATORY-GROUPS { cDeviceInfoComponentGroup }
1251 GROUP cDeviceInfoComponentNotifyGroup
1252 DESCRIPTION
1253 "This notification group is optional for implementation."
1254 ::= { cDeviceInfoCompliances 2 }
1256 cDeviceInfoBatteryCompliance MODULE-COMPLIANCE
1257 STATUS current
1258 DESCRIPTION
1259 "Compliance levels for battery information."
1260 MODULE
1261 MANDATORY-GROUPS { cDeviceInfoBatteryGroup }
1263 GROUP cDeviceInfoBatteryNotifyGroup
1264 DESCRIPTION
1265 "This notification group is optional for implementation."
1267 OBJECT cBatteryLowThreshold
1268 MIN-ACCESS not-accessible
1269 DESCRIPTION
1270 "Implementation of this object is optional."
1271 ::= { cDeviceInfoCompliances 3 }
1273 cDeviceInfoFirmwareCompliance MODULE-COMPLIANCE
1274 STATUS current
1275 DESCRIPTION
1276 "Compliance levels for firmware information."
1277 MODULE
1278 MANDATORY-GROUPS { cDeviceInfoFirmwareGroup }
1279 GROUP cDeviceInfoFirmwareNotifyGroup
1280 DESCRIPTION
1281 "This notification group is optional for implementation."
1282 ::= { cDeviceInfoCompliances 4 }
1284 cDeviceInfoSystemGroup OBJECT-GROUP
1285 OBJECTS {
1286 cSystemDate,
1287 cSystemUpTime,
1288 cSystemInitialLoadParameters,
1289 cSecurityLevel,
1290 cElectronicSerialNumber,
1291 cLastChanged,
1292 cResetDevice,
1293 cSanitizeDevice,
1294 cRenderInoperable,
1295 cVendorName,
1296 cModelIdentifier,
1297 cHardwareVersionNumber
1298 }
1299 STATUS current
1300 DESCRIPTION
1301 "This group is composed of objects related to system
1302 information."
1303 ::= { cDeviceInfoGroups 1 }
1305 cDeviceInfoComponentGroup OBJECT-GROUP
1306 OBJECTS {
1307 cDeviceComponentVersTableCount,
1308 cDeviceComponentVersTableLastChanged,
1309 cDeviceComponentName,
1310 cDeviceComponentVersion,
1311 cDeviceComponentOpStatus,
1312 cDeviceComponentDescription
1313 }
1314 STATUS current
1315 DESCRIPTION
1316 "This group is composed of objects related to component
1317 information."
1318 ::= { cDeviceInfoGroups 2 }
1320 cDeviceInfoBatteryGroup OBJECT-GROUP
1321 OBJECTS {
1322 cBatteryInfoTableCount,
1323 cBatteryInfoTableLastChanged,
1324 cBatteryType,
1325 cBatteryOpStatus,
1326 cBatteryLowThreshold
1327 }
1328 STATUS current
1329 DESCRIPTION
1330 "This group is composed of objects related to battery
1331 information."
1332 ::= { cDeviceInfoGroups 3 }
1334 cDeviceInfoFirmwareGroup OBJECT-GROUP
1335 OBJECTS {
1336 cFirmwareInformationTableCount,
1337 cFirmwareInformationTableLastChanged,
1338 cFirmwareName,
1339 cFirmwareVersion,
1340 cFirmwareSource,
1341 cFirmwareRunning,
1342 cFirmwareRowStatus
1344 }
1345 STATUS current
1346 DESCRIPTION
1347 "This group is composed of objects related to firmware
1348 information."
1349 ::= { cDeviceInfoGroups 4 }
1351 cDeviceInfoSystemNotifyGroup NOTIFICATION-GROUP
1352 NOTIFICATIONS {
1353 cResetDeviceInitialized,
1354 cSanitizeDeviceInitialized,
1355 cTamperEventIndicated,
1356 cSanitizeDeviceInitialized
1357 }
1358 STATUS current
1359 DESCRIPTION
1360 "This group is composed of notifications related to system
1361 information."
1362 ::= { cDeviceInfoGroups 5 }
1364 cDeviceInfoComponentNotifyGroup NOTIFICATION-GROUP
1365 NOTIFICATIONS {
1366 cDeviceComponentDisabled,
1367 cDeviceComponentEnabled
1368 }
1369 STATUS current
1370 DESCRIPTION
1371 "This group is composed of notifications related to
1372 component information."
1373 ::= { cDeviceInfoGroups 6 }
1375 cDeviceInfoBatteryNotifyGroup NOTIFICATION-GROUP
1376 NOTIFICATIONS {
1377 cBatteryLow,
1378 cBatteryRequiresReplacement,
1379 cDeviceOnBattery
1380 }
1381 STATUS current
1382 DESCRIPTION
1383 "This group is composed of notifications related to battery
1384 information."
1385 ::= { cDeviceInfoGroups 7 }
1387 cDeviceInfoFirmwareNotifyGroup NOTIFICATION-GROUP
1388 NOTIFICATIONS {
1389 cFirmwareInstallFailed,
1390 cFirmwareInstallSuccess
1391 }
1393 STATUS current
1394 DESCRIPTION
1395 "This group is composed of notifications related to firmware
1396 information."
1397 ::= { cDeviceInfoGroups 8 }
1399 END
1401 5.5. Key Management Info
1403 This MIB module makes references to the following documents:
1404 [RFC2571], [RFC2578], [RFC2579], [RFC2580], [RFC5280], [RFC5914],
1405 [RFC6030], and [RFC6353].
1407 CC-KEY-MANAGEMENT-MIB DEFINITIONS ::= BEGIN
1409 IMPORTS
1410 ccKeyManagement
1412 FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}}
1413 OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE,
1414 Counter64, MODULE-IDENTITY
1415 FROM SNMPv2-SMI -- FROM RFC 2578
1416 SnmpAdminString
1417 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571
1418 RowPointer, RowStatus, DateAndTime,
1419 TruthValue,TEXTUAL-CONVENTION, TimeStamp
1420 FROM SNMPv2-TC -- FROM RFC 2579
1421 MODULE-COMPLIANCE, OBJECT-GROUP,
1422 NOTIFICATION-GROUP
1423 FROM SNMPv2-CONF -- FROM RFC 2580
1424 SnmpTLSFingerprint
1425 FROM SNMP-TLS-TM-MIB; -- FROM RFC 6353
1427 ccKeyManagementMIB MODULE-IDENTITY
1428 "Shadi Azoum
1429 US Navy
1430 email: shadi.azoum@navy.mil
1432 Elliott Jones
1433 US Navy
1434 elliott.jones@navy.mil
1436 Lily Sun
1437 US Navy
1438 lily.sun@navy.mil
1440 Mike Irani
1441 NKI Engineering
1442 irani@nkiengineering.com
1444 Jeffrey Sun
1445 NKI Engineering
1446 sunjeff@nkiengineering.com
1448 Ray Purvis
1449 MITRE
1450 Email:rpurvis@mitre.org
1452 Sean Turner
1453 sn3rd
1454 Email:sean@sn3rd.com"
1455 DESCRIPTION
1456 "This MIB defines the CC MIB tree hierarchical assignments
1457 below it and acts as a reservation mechanism.
1459 Copyright (c) 2016 IETF Trust and the persons
1460 identified as authors of the code. All rights reserved.
1462 Redistribution and use in source and binary forms, with
1463 or without modification, is permitted pursuant to, and
1464 subject to the license terms contained in, the Simplified
1465 BSD License set forth in Section 4.c of the IETF Trust's
1466 Legal Provisions Relating to IETF Documents
1467 (http://trustee.ietf.org/license-info).
1469 This version of this MIB module is part of RFC xxxx;
1470 see the RFC itself for full legal notices."
1471 -- RFC Ed.: RFC-editor please fill in xxxx.
1472 REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
1473 DESCRIPTION "Initial Version. Published as RFC xxxx."
1474 -- RFC Ed.: RFC-editor please fill in xxxx.
1475 ::= { ccKeyManagement 1 }
1477 -- *****************************************************************
1478 -- Key Management Information Segments
1479 -- *****************************************************************
1481 cSymmetricKeyInfo OBJECT IDENTIFIER
1482 ::= { ccKeyManagementMIB 1 }
1483 cAsymKeyInfo OBJECT IDENTIFIER
1484 ::= { ccKeyManagementMIB 2 }
1485 cTrustAnchorInfo OBJECT IDENTIFIER
1486 ::= { ccKeyManagementMIB 3 }
1487 cCKLInfo OBJECT IDENTIFIER
1488 ::= { ccKeyManagementMIB 4 }
1490 cCDMStoreInfo OBJECT IDENTIFIER
1491 ::= { ccKeyManagementMIB 5 }
1492 cCertSubAltNameInfo OBJECT IDENTIFIER
1493 ::= { ccKeyManagementMIB 6 }
1494 cCertPathCtrlsInfo OBJECT IDENTIFIER
1495 ::= { ccKeyManagementMIB 7 }
1496 cCertPolicyInfo OBJECT IDENTIFIER
1497 ::= { ccKeyManagementMIB 8 }
1498 cPolicyMappingInfo OBJECT IDENTIFIER
1499 ::= { ccKeyManagementMIB 9 }
1500 cNameConstraintInfo OBJECT IDENTIFIER
1501 ::= { ccKeyManagementMIB 10 }
1502 cKeyManagementScalars OBJECT IDENTIFIER
1503 ::= { ccKeyManagementMIB 11 }
1504 cKeyManagementNotify OBJECT IDENTIFIER
1505 ::= { ccKeyManagementMIB 12 }
1506 cKeyManagementConformance OBJECT IDENTIFIER
1507 ::= { ccKeyManagementMIB 13 }
1509 -- *****************************************************************
1510 -- Key Management Scalars
1511 -- *****************************************************************
1513 cZeroizeAllKeys OBJECT-TYPE
1514 SYNTAX TruthValue
1515 MAX-ACCESS read-write
1516 STATUS current
1517 DESCRIPTION
1518 "Setting this object to 'true' removes all entries in key
1519 material tables and zeroizes key materials. It is applicable
1520 to symmetric keys, asymmetric keys, and Trust Anchors (TA).
1521 It must not modify any other information in the device such
1522 as the persistent storage or the audit log. When read this
1523 object should return false. If this object is set to the
1524 same value as the current value, the device must not perform
1525 any operation but should accept this as a valid SET
1526 operation. Note after being set to true, an agent should
1527 reset this object to false once it has zeroized all the keys
1528 stored in the device."
1529 ::= { cKeyManagementScalars 1 }
1531 cZeroizeSymmetricKeyTable OBJECT-TYPE
1532 SYNTAX TruthValue
1533 MAX-ACCESS read-write
1534 STATUS current
1535 DESCRIPTION
1536 "Setting this object to 'true' removes all entries in the
1537 cSymmetricKeyTablekey and zeroizes the associated key
1538 materials. This operation must not modify any other
1539 information in the device such as the persistent storage or
1540 the audit log. When read this object should return false. If
1541 this object is set to the same value as the current value,
1542 the device must not perform any operation but should accept
1543 this as a valid SET operation. Note after being set to true,
1544 an agent should reset this object to false once it has
1545 zeroized the specific key materials stored in the device."
1546 ::= { cKeyManagementScalars 2 }
1548 cZeroizeAsymKeyTable OBJECT-TYPE
1549 SYNTAX TruthValue
1550 MAX-ACCESS read-write
1551 STATUS current
1552 DESCRIPTION
1553 "Setting this object to 'true' removes all entries in the
1554 cAsymKeyTable, cCertSubAltNameTable, and zeroizes the
1555 associated key materials. This operation must not modify any
1556 other information in the device such as the persistent
1557 storage or the audit log. When read this object should
1558 return false. If this object is set to the same value as the
1559 current value, the device must not perform any operation but
1560 should accept this as a valid SET operation. Note after
1561 being set to true, an agent should reset this object to
1562 false once it has zeroized the specific key materials stored
1563 in the device."
1564 ::= { cKeyManagementScalars 3 }
1566 cZeroizeTrustAnchorTable OBJECT-TYPE
1567 SYNTAX TruthValue
1568 MAX-ACCESS read-write
1569 STATUS current
1570 DESCRIPTION
1571 "Setting this object to 'true' removes all entries in the
1572 cTrustAnchorTable. This operation must not modify any other
1573 information in the device such as the persistent storage or
1574 the audit log. When read this object should return false. If
1575 this object is set to the same value as the current value,
1576 the device must not perform any operation but should accept
1577 this as a valid SET operation. Note after being set to true,
1578 an agent should reset this object to false once it has
1579 zeroized the specific key materials stored in the device.
1581 Some implementations may restrict the deletion of Trust
1582 Anchors to specific protocols (e.g. TAMP)."
1583 ::= { cKeyManagementScalars 4 }
1585 cZeroizeCDMStoreTable OBJECT-TYPE
1586 SYNTAX TruthValue
1587 MAX-ACCESS read-write
1588 STATUS current
1589 DESCRIPTION
1590 "Setting this object to 'true' removes all entries in the
1591 cCDMStoreTable that are of type symkey, asymkey, and
1592 trustAnchor. This operation must not modify any other
1593 information in the device such as the persistent storage or
1594 the audit log. When read this object should return false. If
1595 this object is set to the same value as the current value,
1596 the device must not perform any operation but should accept
1597 this as a valid SET operation. Note after being set to true,
1598 an agent should reset this object to false once it has
1599 zeroized the specific key materials stored in the device."
1600 ::= { cKeyManagementScalars 5 }
1602 cKeyMaterialTableOID OBJECT-TYPE
1603 SYNTAX OBJECT IDENTIFIER
1604 MAX-ACCESS read-write
1605 STATUS current
1606 DESCRIPTION
1607 "The OID of the table for which (1) a successful or failed
1608 configuration occurred upon a key material load or (2) a key
1609 material has expired, will expire, or had its expiration
1610 date changed (3) a key material has been zeroized."
1611 ::= { cKeyManagementScalars 6 }
1613 cKeyMaterialFingerprint OBJECT-TYPE
1614 SYNTAX SnmpTLSFingerprint
1615 MAX-ACCESS accessible-for-notify
1616 STATUS current
1617 DESCRIPTION
1618 "The fingerprint of the key material to be transmitted in a
1619 notification."
1620 ::= { cKeyManagementScalars 7 }
1622 cSymKeyGlobalExpiryWarning OBJECT-TYPE
1623 SYNTAX Unsigned32
1624 UNITS "days"
1625 MAX-ACCESS read-write
1626 STATUS current
1627 DESCRIPTION
1628 "A global setting, indicating the number of days prior to
1629 the expiration date of a symmetric key (value of
1630 cSymKeyExpirationDate in the associated cSymmetricKeyTable
1631 entry) for which the cKeyMaterialExpiring notification will
1632 be transmitted.
1634 The value in this object is only used if no value exists for
1635 the associated cSymmetricKeyTable entry's
1636 cSymKeyExpiryWarning object."
1637 ::= { cKeyManagementScalars 8 }
1639 cAsymKeyGlobalExpiryWarning OBJECT-TYPE
1640 SYNTAX Unsigned32
1641 UNITS "days"
1642 MAX-ACCESS read-write
1643 STATUS current
1644 DESCRIPTION
1645 "A global setting, indicating the number of days prior to
1646 the expiration date of an asymmetric key (value of
1647 cAsymKeyExpirationDate in the associated cAsymKeyTable entry)
1648 for which the cKeyMaterialExpiring notification will be
1649 transmitted.
1651 The value in this object is only used if no value exists for
1652 the associated cAsymKeyTable entry's cAsymKeyExpiryWarning
1653 object."
1654 ::= { cKeyManagementScalars 9 }
1656 cGenerateKeyType OBJECT-TYPE
1657 SYNTAX INTEGER { x509v3(1), psk(2)}
1658 MAX-ACCESS read-write
1659 STATUS current
1660 DESCRIPTION
1661 "The type of key material to be generated
1663 [1] x509v3: X.509v3 certificate per RFC 5280.
1664 [2] Symmetric Pre-Shared Key."
1665 ::= { cKeyManagementScalars 10 }
1667 cGenerateKey OBJECT-TYPE
1668 SYNTAX TruthValue
1669 MAX-ACCESS read-write
1670 STATUS current
1671 DESCRIPTION
1672 "Setting this object to 'true' will force the generation of
1673 key material, based on the type of key material described in
1674 cGenerateKeyType. Post-generation, the agent must create an
1675 entry in the appropriate key material table that captures
1676 information on this key.
1678 Note after being set to true, an agent should reset this
1679 object to false once the key material has been generated and
1680 an entry created in the appropriate table."
1681 ::= { cKeyManagementScalars 11 }
1683 -- *****************************************************************
1684 -- Key Management Notifications
1685 -- *****************************************************************
1687 cKeyMaterialLoadSuccess NOTIFICATION-TYPE
1688 OBJECTS { cKeyMaterialTableOID }
1689 STATUS current
1690 DESCRIPTION
1691 "An attempt to load the device with key material, identified
1692 by the table identifier (e.g. cSymmetricKeyTable), has
1693 succeeded. This notification may be sent upon a single
1694 successful key material load or may be sent upon a series of
1695 successful single key material loads."
1696 ::= { cKeyManagementNotify 1 }
1698 cKeyMaterialLoadFail NOTIFICATION-TYPE
1699 OBJECTS { cKeyMaterialTableOID }
1700 STATUS current
1701 DESCRIPTION
1702 "An attempt to load the device with key material, identified
1703 by the table identifier (e.g. cSymmetricKeyTable), has
1704 failed."
1705 ::= { cKeyManagementNotify 2 }
1707 cKeyMaterialExpiring NOTIFICATION-TYPE
1708 OBJECTS {
1709 cKeyMaterialFingerprint,
1710 cKeyMaterialTableOID
1711 }
1712 STATUS current
1713 DESCRIPTION
1714 "Key Material, identified by Key Fingerprint and OID of the
1715 associated key material table, is about to expire. This
1716 notification is transmitted prior to the key material's
1717 configured expiration date
1718 (cSymKeyExpirationDate/cAsymKeyExpirationDate) as indicated
1719 by a global setting
1720 (cSymKeyGlobalExpiryWarning/cAsymKeyGlobalExpiryWarning) or
1721 the granular setting per key material table entry
1722 (cSymKeyExpiryWarning/cAsymKeyExpiryWarning) if configured."
1723 ::= { cKeyManagementNotify 3 }
1725 cKeyMaterialExpired NOTIFICATION-TYPE
1726 OBJECTS {
1727 cKeyMaterialFingerprint,
1728 cKeyMaterialTableOID
1729 }
1730 STATUS current
1731 DESCRIPTION
1732 "Key Material, identified by Key Fingerprint and OID of the
1733 associated key material table, has expired."
1734 ::= { cKeyManagementNotify 4 }
1736 cKeyMaterialExpirationChanged NOTIFICATION-TYPE
1737 OBJECTS {
1738 cKeyMaterialFingerprint,
1739 cKeyMaterialTableOID
1740 }
1741 STATUS current
1742 DESCRIPTION
1743 "The expiration date of Key Material, identified by Key
1744 Fingerprint and the OID of the associated key material
1745 table, has changed. This can happen by either the
1746 'Expiration' object in the table changing or by the device
1747 making a change due to some other automated security policy
1748 change such as automatically extending a key when no new key
1749 is available."
1750 ::= { cKeyManagementNotify 5 }
1752 cKeyMaterialZeroized NOTIFICATION-TYPE
1753 OBJECTS {
1754 cKeyMaterialFingerprint,
1755 cKeyMaterialTableOID
1756 }
1757 STATUS current
1758 DESCRIPTION
1759 "A key material, identified by fingerprint and OID of the
1760 associated key material table, has been securely deleted and
1761 zeroized. This notification is transmitted upon setting the
1762 Row Status object of the associated key material table entry
1763 to 'destroy', setting the cZeroizeAllKeys object to 'true',
1764 setting the cZeroizeSymmetricKeyTable object to 'true',
1765 setting the cZeroizeAsymKeyTable object to 'true', setting
1766 the cZeroizeTrustAnchorTable object to 'true', or setting
1767 the cZeroizeCDMStoreTable object to 'true'."
1768 ::= { cKeyManagementNotify 6 }
1770 cCKLLoadSuccess NOTIFICATION-TYPE
1771 OBJECTS {
1772 cCKLIndex,
1773 cCKLIssuer
1774 }
1775 STATUS current
1776 DESCRIPTION
1777 "An attempt to load the device with CKL, identified by
1778 cCKLIndex and cCKLIssuer (indexes to the cCKLTable), has
1779 succeeded."
1780 ::= { cKeyManagementNotify 7 }
1782 cCKLLoadFail NOTIFICATION-TYPE
1783 STATUS current
1784 DESCRIPTION
1785 "An attempt to load the device with CKL has failed."
1786 ::= { cKeyManagementNotify 8 }
1788 cCDMAdded NOTIFICATION-TYPE
1789 OBJECTS {
1790 cCDMStoreIndex,
1791 cCDMStoreType
1792 }
1793 STATUS current
1794 DESCRIPTION
1795 "A new cryptographic device material (CDM) entry has been
1796 added to the cCDMStoreTable, as identified cCDMStoreIndex
1797 and cCDMStoreType."
1798 ::= { cKeyManagementNotify 9 }
1800 cCDMDeleted NOTIFICATION-TYPE
1801 OBJECTS {
1802 cCDMStoreIndex,
1803 cCDMStoreType,
1804 cCDMStoreFriendlyName
1805 }
1806 STATUS current
1807 DESCRIPTION
1808 "A cryptographic device material (CDM) entry has been
1809 deleted from the cCDMStoreTable, as identified
1810 cCDMStoreIndex, cCDMStoreType and cCDMStoreFriendlyName."
1811 ::= { cKeyManagementNotify 10 }
1813 cTrustAnchorAdded NOTIFICATION-TYPE
1814 OBJECTS {
1815 cTrustAnchorFingerprint,
1816 cTrustAnchorFormatType,
1817 cTrustAnchorUsageType
1818 }
1819 STATUS current
1820 DESCRIPTION
1821 "A trust anchor has been added to the cTrustAnchorTable, as
1822 identified by cTrustAnchorFingerprint,
1823 cTrustAnchorFormatType, and cTrustAnchorUsageType."
1824 ::= { cKeyManagementNotify 11 }
1826 cTrustAnchorUpdated NOTIFICATION-TYPE
1827 OBJECTS {
1828 cTrustAnchorFingerprint,
1829 cTrustAnchorFormatType,
1830 cTrustAnchorUsageType
1831 }
1832 STATUS current
1833 DESCRIPTION
1834 "A trust anchor has been updated in the cTrustAnchorTable,
1835 as identified by cTrustAnchorFingerprint,
1836 cTrustAnchorFormatType, and cTrustAnchorUsageType."
1837 ::= { cKeyManagementNotify 12 }
1839 cTrustAnchorRemoved NOTIFICATION-TYPE
1840 OBJECTS {
1841 cTrustAnchorFingerprint,
1842 cTrustAnchorFormatType,
1843 cTrustAnchorUsageType
1844 }
1845 STATUS current
1846 DESCRIPTION
1847 "A trust anchor has been removed from the cTrustAnchorTable,
1848 as identified by cTrustAnchorFingerprint,
1849 cTrustAnchorFormatType, and cTrustAnchorUsageType."
1850 ::= { cKeyManagementNotify 13 }
1852 -- *****************************************************************
1853 -- CC MIB cSymmetricKeyTable
1854 -- *****************************************************************
1856 cSymmetricKeyTableCount OBJECT-TYPE
1857 SYNTAX Unsigned32
1858 MAX-ACCESS read-only
1859 STATUS current
1860 DESCRIPTION
1861 "The number of rows in the cSymmetricKeyTable."
1862 ::= { cSymmetricKeyInfo 1 }
1864 cSymmetricKeyTableLastChanged OBJECT-TYPE
1865 SYNTAX TimeStamp
1866 MAX-ACCESS read-only
1867 STATUS current
1868 DESCRIPTION
1869 "The last time any entry in the table was modified, created,
1870 or deleted by either SNMP, agent, or other management method
1871 (e.g. via an HMI). Managers can use this object to ensure
1872 that no changes to configuration of this table have happened
1873 since the last time it examined the table. A value of 0
1874 indicates that no entry has been changed since the agent
1875 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
1876 should be used to populate this column."
1877 ::= { cSymmetricKeyInfo 2 }
1879 cSymmetricKeyTable OBJECT-TYPE
1880 SYNTAX SEQUENCE OF CSymmetricKeyEntry
1881 MAX-ACCESS not-accessible
1882 STATUS current
1883 DESCRIPTION
1884 "The table containing the various types of symmetric keys
1885 used by the device."
1886 ::= { cSymmetricKeyInfo 3 }
1888 cSymmetricKeyEntry OBJECT-TYPE
1889 SYNTAX CSymmetricKeyEntry
1890 MAX-ACCESS not-accessible
1891 STATUS current
1892 DESCRIPTION
1893 "A row containing information about a Symmetric Key."
1894 INDEX { cSymKeyFingerprint }
1895 ::= { cSymmetricKeyTable 1 }
1897 CSymmetricKeyEntry ::= SEQUENCE {
1898 cSymKeyFingerprint SnmpTLSFingerprint,
1899 cSymKeyUsage BITS,
1900 cSymKeyID OCTET STRING,
1901 cSymKeyIssuer OCTET STRING,
1902 cSymKeyEffectiveDate DateAndTime,
1903 cSymKeyExpirationDate DateAndTime,
1904 cSymKeyExpiryWarning Unsigned32,
1905 cSymKeyNumberOfTransactions Unsigned32,
1906 cSymKeyFriendlyName SnmpAdminString,
1907 cSymKeyClassification BITS,
1908 cSymKeySource OCTET STRING,
1909 cSymKeyRowStatus RowStatus
1910 }
1912 cSymKeyFingerprint OBJECT-TYPE
1913 SYNTAX SnmpTLSFingerprint
1914 MAX-ACCESS not-accessible
1915 STATUS current
1916 DESCRIPTION
1917 "An inherent identification of the symmetric key and the
1918 primary index to the cSymmetricKeyTable.
1920 This MIB does not provide any additional requirements on
1921 developing the fingerprint. Implementations are cautioned to
1922 develop the hash in a manner that does not compromise the
1923 security of the key material."
1924 ::= { cSymmetricKeyEntry 1 }
1926 cSymKeyUsage OBJECT-TYPE
1927 SYNTAX BITS { oneTimePassword(0), challengeResponse(1),
1928 unlock(2), encrypt(3), decrypt(4),
1929 integrity(5), verify(6), keyWrap(7),
1930 unwrap(8), derive(9), generate(10),
1931 sharedSecret(11) }
1932 MAX-ACCESS read-create
1933 STATUS current
1934 DESCRIPTION
1935 "The intended usage for the key: One Time Password (OTP),
1936 Challenge/Response (CR), Unlock, Encrypt, Decrypt,
1937 Integrity, Verify, KeyWrap, Unwrap, Derive, Generate,
1938 Shared Secret.
1939 From RFC 6030 section 5.
1941 OTP: The key is used for One Time Password (OTP) generation.
1943 CR: The key is used for Challenge/Response purposes.
1945 Unlock: The key is used for an inverse challenge response in
1946 the case where a user has locked the device by entering a
1947 wrong password too many times (for devices with password
1948 input capability).
1950 Encrypt: The key is used for data encryption purposes.
1952 Integrity: The key is used to generate a keyed message
1953 digest for data integrity or authentication purposes.
1955 Verify: The key is used to verify a keyed message digest for
1956 data integrity or authentication purposes (this is the
1957 opposite key usage of 'Integrity').
1959 Decrypt: The key is used for data decryption purposes.
1961 KeyWrap: The key is used for key wrap purposes.
1963 Unwrap: The key is used for key unwrap purposes.
1965 Derive: The key is used with a key derivation function to
1966 derive a new key.
1968 Generate: The key is used to generate a new key based on a
1969 random number and the previous value of the key.
1971 Shared Secret: The key is used as a shared secret between
1972 entities.
1974 Bit value translation:
1975 1000 0000 0000 0000 = OneTimePassword
1976 0100 0000 0000 0000 = ChallengeResponse
1977 0010 0000 0000 0000 = Unlock
1978 0001 0000 0000 0000 = Encrypt
1979 0000 1000 0000 0000 = Decrypt
1980 0000 0100 0000 0000 = Integrity
1981 0000 0010 0000 0000 = Verify
1982 0000 0001 0000 0000 = KeyWrap
1983 0000 0000 1000 0000 = Unwrap
1984 0000 0000 0100 0000 = Derive
1985 0000 0000 0010 0000 = Generate
1986 0000 0000 0001 0000 = SharedSecret"
1987 ::= { cSymmetricKeyEntry 2 }
1989 cSymKeyID OBJECT-TYPE
1990 SYNTAX OCTET STRING (SIZE(1..255))
1991 MAX-ACCESS read-create
1992 STATUS current
1993 DESCRIPTION
1994 "Represents a unique identifier assigned to this symmetric
1995 key. This would typically be an identifier inherent to the
1996 key material, such as a serial number or other form of
1997 identifier derived from a tag or other key wrapper. This
1998 object differs from cSymKeyFriendlyName which is a
1999 user-defined ID."
2000 ::= { cSymmetricKeyEntry 3 }
2002 cSymKeyIssuer OBJECT-TYPE
2003 SYNTAX OCTET STRING (SIZE(1..255))
2004 MAX-ACCESS read-create
2005 STATUS current
2006 DESCRIPTION
2007 "Represents the name of the entity which issued the key. Use
2008 a distinguished name (DN) when one is available."
2009 ::= { cSymmetricKeyEntry 4 }
2011 cSymKeyEffectiveDate OBJECT-TYPE
2012 SYNTAX DateAndTime
2013 MAX-ACCESS read-create
2014 STATUS current
2015 DESCRIPTION
2016 "The effective date of the key."
2017 ::= { cSymmetricKeyEntry 5 }
2019 cSymKeyExpirationDate OBJECT-TYPE
2020 SYNTAX DateAndTime
2021 MAX-ACCESS read-create
2022 STATUS current
2023 DESCRIPTION
2024 "The expiration date of the key."
2025 ::= { cSymmetricKeyEntry 6 }
2027 cSymKeyExpiryWarning OBJECT-TYPE
2028 SYNTAX Unsigned32
2029 UNITS "days"
2030 MAX-ACCESS read-create
2031 STATUS current
2032 DESCRIPTION
2033 "The number of days prior to the expiration date of this key
2034 (cSymKeyExpirationDate) for which the cKeyMaterialExpiring
2035 notification will be transmitted.
2037 If configured, the scalar value of
2038 cSymKeyGlobalExpiryWarning will be ignored. The value of
2039 cSymKeyGlobalExpiryWarning will only be used if this column
2040 is not populated, populated with 0, or not implemented."
2041 ::= { cSymmetricKeyEntry 7 }
2043 cSymKeyNumberOfTransactions OBJECT-TYPE
2044 SYNTAX Unsigned32
2045 MAX-ACCESS read-create
2046 STATUS current
2047 DESCRIPTION
2048 "Indicates the maximum number of times a key can be used
2049 after having received it. If this column is not implemented,
2050 then there is no restriction regarding the number of times a
2051 key can be used.
2053 When this number is reached, implementations supporting this
2054 object should stop using this key and send a
2055 cKeyMaterialExpired notification."
2056 ::= { cSymmetricKeyEntry 8 }
2058 cSymKeyFriendlyName OBJECT-TYPE
2059 SYNTAX SnmpAdminString
2060 MAX-ACCESS read-create
2061 STATUS current
2062 DESCRIPTION
2063 "A human readable label of the key for easier reference. It
2064 is used only for helpful or informational purposes."
2065 ::= { cSymmetricKeyEntry 9 }
2067 cSymKeyClassification OBJECT-TYPE
2068 SYNTAX BITS { unclassified(0), restricted(1),
2069 confidential(2), secret(3), topSecret(4) }
2070 MAX-ACCESS read-create
2071 STATUS current
2072 DESCRIPTION
2073 "The classification of the key.
2074 Bit value translation:
2075 1000 0000 = unclassified
2076 0100 0000 = restricted
2077 0010 0000 = confidential
2078 0001 0000 = secret
2079 0000 1000 = topSecret
2080 This column does not exist for devices that do not have the
2081 concept of classification."
2082 ::= { cSymmetricKeyEntry 10 }
2084 cSymKeySource OBJECT-TYPE
2085 SYNTAX OCTET STRING (SIZE(1..255))
2086 MAX-ACCESS read-create
2087 STATUS current
2088 DESCRIPTION
2089 "The source of the key material. This can be the URI of a
2090 key source entity. If the key was derived from a user-input
2091 password, the string should say PASSWORD.
2093 Keys developed by the device should contain the string
2094 DEVICE-GENERATED. If the key was filled locally then this
2095 column should begin with the word FILL followed by the fill
2096 protocol. If the source is unknown, this column should not
2097 be populated or be set to an empty string, ''."
2098 ::= { cSymmetricKeyEntry 11 }
2100 cSymKeyRowStatus OBJECT-TYPE
2101 SYNTAX RowStatus
2102 MAX-ACCESS read-create
2103 STATUS current
2104 DESCRIPTION
2105 "The status of this row by which existing entries may be
2106 deleted from this table. Setting this column to destroy is
2107 synonymous with zeroizing the key. Any reference(s) to this
2108 object, upon setting this RowStatus to destroy, should be
2109 destroyed as well.
2111 Upon populating this row, this column should automatically
2112 be set to notReady. Only after valid information has been
2113 entered by the manager, can the manager set this column to
2114 active.
2116 At a minimum, implementations must support active and
2117 destroy management functions. Implementations must support
2118 createAndWait and createAndGo management functions for this
2119 object if the symmetric key material can be manually entered
2120 by the manager."
2121 ::= { cSymmetricKeyEntry 12 }
2123 -- *********************************************************************
2124 -- CC MIB cAsymKeyTable
2125 -- *********************************************************************
2127 cAsymKeyTableCount OBJECT-TYPE
2128 SYNTAX Unsigned32
2129 MAX-ACCESS read-only
2130 STATUS current
2131 DESCRIPTION
2132 "The number of rows in the cAsymKeyTable."
2133 ::= { cAsymKeyInfo 1 }
2135 cAsymKeyTableLastChanged OBJECT-TYPE
2136 SYNTAX TimeStamp
2137 MAX-ACCESS read-only
2138 STATUS current
2139 DESCRIPTION
2140 "The last time any entry in the table was modified, created,
2141 or deleted by either SNMP, agent, or other management method
2142 (e.g. via an HMI). Managers can use this object to ensure
2143 that no changes to configuration of this table have happened
2144 since the last time it examined the table. A value of 0
2145 indicates that no entry has been changed since the agent
2146 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
2147 should be used to populate this column."
2148 ::= { cAsymKeyInfo 2 }
2150 cAsymKeyTable OBJECT-TYPE
2151 SYNTAX SEQUENCE OF CAsymKeyEntry
2152 MAX-ACCESS not-accessible
2153 STATUS current
2154 DESCRIPTION
2155 "The table containing the Asymmetric Key Material and
2156 Certificates used by the device. Enumeration values, when
2157 applicable follow the conventions in RFC 5280."
2158 ::= { cAsymKeyInfo 3 }
2160 cAsymKeyEntry OBJECT-TYPE
2161 SYNTAX CAsymKeyEntry
2162 MAX-ACCESS not-accessible
2163 STATUS current
2164 DESCRIPTION
2165 "A row containing information about an Asymmetric Key or
2166 Certificate."
2167 INDEX { cAsymKeyFingerprint }
2168 ::= { cAsymKeyTable 1 }
2170 CAsymKeyEntry ::= SEQUENCE {
2171 cAsymKeyFingerprint SnmpTLSFingerprint,
2172 cAsymKeyFriendlyName SnmpAdminString,
2173 cAsymKeySerialNumber OCTET STRING,
2174 cAsymKeyIssuer OCTET STRING,
2175 cAsymKeySignatureAlgorithm OCTET STRING,
2176 cAsymKeyPublicKeyAlgorithm OCTET STRING,
2177 cAsymKeyEffectiveDate DateAndTime,
2178 cAsymKeyExpirationDate DateAndTime,
2179 cAsymKeyExpiryWarning Unsigned32,
2180 cAsymKeySubject OCTET STRING,
2181 cAsymKeySubjectType BITS,
2182 cAsymKeySubjectAltName SnmpAdminString,
2183 cAsymKeyUsage BITS,
2184 cAsymKeyClassification BITS,
2185 cAsymKeySource OCTET STRING,
2186 cAsymKeyRowStatus RowStatus,
2187 cAsymKeyVersion INTEGER,
2188 cAsymKeyRekey TruthValue,
2189 cAsymKeyType OCTET STRING
2190 }
2192 cAsymKeyFingerprint OBJECT-TYPE
2193 SYNTAX SnmpTLSFingerprint
2194 MAX-ACCESS read-only
2195 STATUS current
2196 DESCRIPTION
2197 "An inherent identification of the asymmetric key and the
2198 primary index to the cAsymKeyTable."
2199 ::= { cAsymKeyEntry 1 }
2201 cAsymKeyFriendlyName OBJECT-TYPE
2202 SYNTAX SnmpAdminString
2203 MAX-ACCESS read-write
2204 STATUS current
2205 DESCRIPTION
2206 "A human readable label of the key for easier reference. It
2207 is used only for helpful or informational purposes."
2208 ::= { cAsymKeyEntry 2 }
2210 cAsymKeySerialNumber OBJECT-TYPE
2211 SYNTAX OCTET STRING (SIZE(1..255))
2212 MAX-ACCESS read-only
2213 STATUS current
2214 DESCRIPTION
2215 "The unique positive integer assigned to the Asymmetric
2216 Key. For Public Key Certificate (PKC) this serial number is
2217 assigned by the Certification Authority (CA). The value is
2218 this column can be up to 20 bytes long per Section
2219 '4.1.2.2. Serial Number' of RFC 5280. Other types of Key
2220 Material may have different serial number format as defined
2221 by the issuer (e.g. a Key Material ID)."
2222 ::= { cAsymKeyEntry 3 }
2224 cAsymKeyIssuer OBJECT-TYPE
2225 SYNTAX OCTET STRING (SIZE(1..255))
2226 MAX-ACCESS read-only
2227 STATUS current
2228 DESCRIPTION
2229 "The issuer of this key material. For Public Key
2230 Certificates, this is the distinguished name (DN) of the
2231 entity that has signed and issued the Public Key
2232 Certificate (PKC). Other issuers shall be defined by the
2233 class of device and will reference the Key Management
2234 System that delivers the key material for that device."
2235 ::= { cAsymKeyEntry 4 }
2237 cAsymKeySignatureAlgorithm OBJECT-TYPE
2238 SYNTAX OCTET STRING
2239 MAX-ACCESS read-only
2240 STATUS current
2241 DESCRIPTION
2242 "Signature algorithm used by a Certification Authority to
2243 sign this asymmetric key material (e.g. X.509 Certificate).
2244 If no signature/signature algorithm is provided/used, this
2245 column would not exist.
2247 Note, this is a free form OCTET STRING column, meaning
2248 implementations may utilize a standardized definition of
2249 string values or use a proprietary definition of string
2250 values for supported signature algorithms."
2251 ::= { cAsymKeyEntry 5 }
2253 cAsymKeyPublicKeyAlgorithm OBJECT-TYPE
2254 SYNTAX OCTET STRING
2255 MAX-ACCESS read-only
2256 STATUS current
2257 DESCRIPTION
2258 "Public key algorithm with which the public key is used (as
2259 associated with the asymmetric key material (e.g. X.509
2260 Certificate)).
2262 Note, this is a free form OCTET STRING column, meaning
2263 implementations may utilize a standardized definition of
2264 string values or use a proprietary definition of string
2265 values for supported public key algorithms."
2266 ::= { cAsymKeyEntry 6 }
2268 cAsymKeyEffectiveDate OBJECT-TYPE
2269 SYNTAX DateAndTime
2270 MAX-ACCESS read-write
2271 STATUS current
2272 DESCRIPTION
2273 "The date on which the validity period of the Asymmetric
2274 Key begins. This column must not exist when the key
2275 material does not have an inherent and associated effective
2276 date."
2277 ::= { cAsymKeyEntry 7 }
2279 cAsymKeyExpirationDate OBJECT-TYPE
2280 SYNTAX DateAndTime
2281 MAX-ACCESS read-write
2282 STATUS current
2283 DESCRIPTION
2284 "The date on which the validity period of the Asymmetric
2285 Key ends. This column must not exist when the key material
2286 does not have an inherent and associated expiration date."
2287 ::= { cAsymKeyEntry 8 }
2289 cAsymKeyExpiryWarning OBJECT-TYPE
2290 SYNTAX Unsigned32
2291 UNITS "days"
2292 MAX-ACCESS read-write
2293 STATUS current
2294 DESCRIPTION
2295 "The number of days prior to the expiration date of this
2296 key (cAsymKeyExpirationDate) for which the
2297 cKeyMaterialExpiring notification will be transmitted.
2299 If configured, the scalar value of
2300 cAsymKeyGlobalExpiryWarning will be ignored. The value of
2301 cAsymKeyGlobalExpiryWarning will only be used if this
2302 column is not populated, populated with 0, or not
2303 implemented."
2304 ::= { cAsymKeyEntry 9 }
2306 cAsymKeySubject OBJECT-TYPE
2307 SYNTAX OCTET STRING (SIZE(1..255))
2308 MAX-ACCESS read-only
2309 STATUS current
2310 DESCRIPTION
2311 "The entity associated with this Asymmetric Key.
2313 For non-X.509 based key material, or when this object does
2314 not apply for the key material, this column will not exist."
2315 ::= { cAsymKeyEntry 10 }
2317 cAsymKeySubjectType OBJECT-TYPE
2318 SYNTAX BITS { other(0), certificationAuthority(1),
2319 crlIssuer(2) }
2320 MAX-ACCESS read-only
2321 STATUS current
2322 DESCRIPTION
2323 "Defines the type of subject based on the following
2324 choices. certificationAuthority(1) - When set to 1
2325 indicates that the subject (cAsymKeySubject) of the Public
2326 Key Certificate (PKC) is a Certification Authority (CA).
2327 crlIssuer(2) - When set to 1 indicates that the subject
2328 (cCertificateSubject) of the Public Key Certificate (PKC)
2329 is a Certificate Revocation List (CRL) issuer.
2330 Bit value translation:
2331 1000 0000 = other
2332 0100 0000 = certificationAuthority
2333 0010 0000 = crlIssuer
2334 For non-X.509 based key material, or when this object does not
2335 apply for the key material, this column will not exist."
2336 ::= { cAsymKeyEntry 11 }
2338 cAsymKeySubjectAltName OBJECT-TYPE
2339 SYNTAXSnmpAdminString (SIZE(1..32))
2340 MAX-ACCESS read-write
2341 STATUS current
2342 DESCRIPTION
2343 "A reference string that points to a set of Certificate
2344 Subject Alternative Subject Names in the
2345 cCertSubAltNameTable.
2347 This column should contain an empty string if the
2348 Certificate has no associating Subject Alternative Names.
2350 For non-X.509 based key material, or when this object does
2351 not apply for the key material, this column will not
2352 exist."
2353 ::= { cAsymKeyEntry 12 }
2355 cAsymKeyUsage OBJECT-TYPE
2356 SYNTAX BITS { other(0), digitalSignature(1),
2357 nonRepudiation(2), keyEncipherment(3),
2358 dataEncipherment(4), keyAgreement(5),
2359 keyCertSign(6), cRLSign(7), encipherOnly(8),
2360 decipherOnly(9) }
2361 MAX-ACCESS read-write
2362 STATUS current
2363 DESCRIPTION
2364 "Provides the intended type of usage for the Asymmetric
2365 Key. The following types are supported (defined in Section
2366 4.2.1.3 Key Usage of RFC 5280 for PKC):
2367 other(0), digitalSignature(1), nonRepudiation(2),
2368 keyEncipherment(3), dataEncipherment(4), keyAgreement(5),
2369 keyCertSign(6), cRLSign(7), encipherOnly(8), and
2370 decipherOnly(9)
2371 Bit value translation:
2372 1000 0000 0000 0000 = other,
2373 0100 0000 0000 0000 = digitalSignature,
2374 0010 0000 0000 0000 = nonRepudiation,
2375 0001 0000 0000 0000 = keyEncipherment,
2376 0000 1000 0000 0000 = dataEncipherment,
2377 0000 0100 0000 0000 = keyAgreement,
2378 0000 0010 0000 0000 = keyCertSign,
2379 0000 0001 0000 0000 = cRLSign,
2380 0000 0000 1000 0000 = encipherOnly,
2381 0000 0000 0100 0000 = decipherOnly.
2382 Devices using asymmetric key material not adhering to RFC
2383 5280 (X.509 format) may still use an applicable value for
2384 the Usage, or may use 'other'."
2385 ::= { cAsymKeyEntry 13 }
2387 cAsymKeyClassification OBJECT-TYPE
2388 SYNTAX BITS { unclassified(0), restricted(1),
2389 confidential(2), secret(3), topSecret(4) }
2390 MAX-ACCESS read-only
2391 STATUS current
2392 DESCRIPTION
2393 "The supported classification level supported by the
2394 cAsymKeySubject used by this key material
2395 Bit value translation:
2396 1000 0000 = unclassified,
2397 0100 0000 = restricted,
2398 0010 0000 = confidential,
2399 0001 0000 = secret,
2400 0000 1000 = topSecret.
2402 This column does not exist for devices that do not have the
2403 concept of classification."
2405 ::= { cAsymKeyEntry 14 }
2407 cAsymKeySource OBJECT-TYPE
2408 SYNTAX OCTET STRING (SIZE(1..255))
2409 MAX-ACCESS read-write
2410 STATUS current
2411 DESCRIPTION
2412 "The source of the key material. This can be the URI of a
2413 key source entity. Keys developed by the device should
2414 contain the string DEVICE-GENERATED. If the key was filled
2415 locally then this column should begin with the word FILL
2416 followed by the fill protocol. If the source is unknown,
2417 this column should be blank."
2418 ::= { cAsymKeyEntry 15 }
2420 cAsymKeyRowStatus OBJECT-TYPE
2421 SYNTAX RowStatus
2422 MAX-ACCESS read-write
2423 STATUS current
2424 DESCRIPTION
2425 "The status of this row by which existing entries may be
2426 deleted from this table. Deleting a row in this table will
2427 also delete analogous rows in the cCertSubAltNameTable that
2428 are referenced by the cAsymKeySubjectAltName.
2430 Setting this column to destroy is synonymous with zeroizing
2431 the key material. Any reference(s) to this object, upon
2432 setting this RowStatus to destroy, should be destroyed as
2434 well. At a minimum, implementations must support active and
2435 destroy management functions. Support for notInService and
2436 notReady management functions is optional. Implementations
2437 must not support createAndWait and createAndGo management
2438 functions for this object."
2439 ::= { cAsymKeyEntry 16 }
2441 cAsymKeyVersion OBJECT-TYPE
2442 SYNTAX INTEGER
2443 MAX-ACCESS read-only
2444 STATUS current
2445 DESCRIPTION
2446 "The version of the asymmetric key material. For example,
2447 X.509 Version 3 certificates would have a value of '2', as
2448 defined in RFC 5280 - Section 4.1.2.1.
2450 When this object does not apply for the key material, this
2451 column will not exist."
2452 ::= { cAsymKeyEntry 17 }
2454 cAsymKeyRekey OBJECT-TYPE
2455 SYNTAX TruthValue
2456 MAX-ACCESS read-create
2457 STATUS current
2458 DESCRIPTION
2459 "Setting this object to 'true' imitates a rekey operation
2460 for the asymmetric key material. Note, additional
2461 configurations will likely be required based on the
2462 supported key management protocol.
2464 Note after being set to true, an agent should reset this
2465 object to false once the rekey operation has completed."
2466 ::= { cAsymKeyEntry 18 }
2468 cAsymKeyType OBJECT-TYPE
2469 SYNTAX OCTET STRING (SIZE(1..255))
2470 MAX-ACCESS read-only
2471 STATUS current
2472 DESCRIPTION
2473 "This column describes the type of asymmetric key material.
2475 Note, this is a free form OCTET STRING column.
2476 Implementations are expected to utilize definition of string
2477 values that apply to their specific nomenclature supported.
2478 If no such nomenclature exists, this column should not be
2479 populated or be set to an empty string (i.e. '')."
2480 ::= { cAsymKeyEntry 19 }
2482 -- *****************************************************************
2483 -- CC MIB cTrustAnchorTable
2484 -- *****************************************************************
2486 cTrustAnchorTableCount OBJECT-TYPE
2487 SYNTAX Unsigned32
2488 MAX-ACCESS read-only
2489 STATUS current
2490 DESCRIPTION
2491 "The number of rows in the cTrustAnchorTable."
2492 ::= { cTrustAnchorInfo 1 }
2494 cTrustAnchorTableLastChanged OBJECT-TYPE
2495 SYNTAX TimeStamp
2496 MAX-ACCESS read-only
2497 STATUS current
2498 DESCRIPTION
2499 "The last time any entry in the table was modified, created,
2500 or deleted by either SNMP, agent, or other management method
2501 (e.g. via an HMI). Managers can use this object to ensure
2502 that no changes to configuration of this table have happened
2503 since the last time it examined the table. A value of 0
2504 indicates that no entry has been changed since the agent
2505 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
2506 should be used to populate this column."
2507 ::= { cTrustAnchorInfo 2 }
2509 cTrustAnchorTable OBJECT-TYPE
2510 SYNTAX SEQUENCE OF CTrustAnchorEntry
2511 MAX-ACCESS not-accessible
2512 STATUS current
2513 DESCRIPTION
2514 "The table containing the Trust Anchors (TAs) in this
2515 device."
2516 ::= { cTrustAnchorInfo 3 }
2518 cTrustAnchorEntry OBJECT-TYPE
2519 SYNTAX CTrustAnchorEntry
2520 MAX-ACCESS not-accessible
2521 STATUS current
2522 DESCRIPTION
2523 "A row containing information about a Trust Anchor (TA) that
2524 has been loaded into the device."
2525 INDEX { cTrustAnchorFingerprint }
2526 ::= { cTrustAnchorTable 1 }
2528 CTrustAnchorEntry ::= SEQUENCE {
2529 cTrustAnchorFingerprint SnmpTLSFingerprint,
2530 cTrustAnchorFormatType INTEGER,
2531 cTrustAnchorName OCTET STRING,
2532 cTrustAnchorUsageType INTEGER,
2533 cTrustAnchorKeyIdentifier OCTET STRING,
2534 cTrustAnchorPublicKeyAlgorithm OCTET STRING,
2535 cTrustAnchorContingencyAvail TruthValue,
2536 cTrustAnchorRowStatus RowStatus
2537 }
2539 cTrustAnchorFingerprint OBJECT-TYPE
2540 SYNTAX SnmpTLSFingerprint
2541 MAX-ACCESS read-only
2542 STATUS current
2543 DESCRIPTION
2544 "An inherent identification of the trust anchor and the
2545 primary index to the cTrustAnchorTable."
2546 ::= { cTrustAnchorEntry 1 }
2548 cTrustAnchorFormatType OBJECT-TYPE
2549 SYNTAX INTEGER { x509v3(1), trustAnchorFormat(2),
2550 tbsCertificate(3) }
2551 MAX-ACCESS read-only
2552 STATUS current
2553 DESCRIPTION
2554 "The type/format of the trust anchor.
2556 [1] x509v3: X.509v3 certificate per RFC 5280.
2557 [2] trustAnchorFormat: Trust Anchor Format per RFC 5914.
2558 [3] tbsCertificate: To Be Signed Certificate per RFC 5280."
2559 ::= { cTrustAnchorEntry 2 }
2561 cTrustAnchorName OBJECT-TYPE
2562 SYNTAX OCTET STRING (SIZE(0..255))
2563 MAX-ACCESS read-only
2564 STATUS current
2565 DESCRIPTION
2566 "The name of the Trust Anchor. When available, this is the
2567 X.500 distinguished name (DN) associated with the Trust
2568 Anchor (TA) used to construct and validate an X.509
2569 certification path. When the value of cTrustAnchorFormatType
2570 is 'trustAnchorFormat', this column is populated with the
2571 value from the taTitle field of the TrustAnchorInfo
2572 structure defined in RFC 5914, which is a human-readable
2573 name for the trust anchor. Otherwise, this column should be
2574 blank."
2575 ::= { cTrustAnchorEntry 3 }
2577 cTrustAnchorUsageType OBJECT-TYPE
2578 SYNTAX INTEGER { other(1), apex(2), management(3),
2579 identity(4), firmware(5), crl(6) }
2580 MAX-ACCESS read-only
2581 STATUS current
2582 DESCRIPTION
2583 "The usage type for the Trust Anchor (TA). Note, crl(6) also
2584 applies to compromised key lists."
2585 ::= { cTrustAnchorEntry 4 }
2587 cTrustAnchorKeyIdentifier OBJECT-TYPE
2588 SYNTAX OCTET STRING (SIZE(1..255))
2589 MAX-ACCESS read-only
2590 STATUS current
2591 DESCRIPTION
2592 "The identifier of the Trust Anchor's (TA's) public key."
2593 ::= { cTrustAnchorEntry 5 }
2595 cTrustAnchorPublicKeyAlgorithm OBJECT-TYPE
2596 SYNTAX OCTET STRING
2597 MAX-ACCESS read-only
2598 STATUS current
2599 DESCRIPTION
2600 "Public key algorithm with which the public key is used (as
2601 associated with the trust anchor).
2603 Note, this is a free form OCTET STRING column, meaning
2604 implementations may utilize a standardized definition of
2605 string values or use a proprietary definition of string
2606 values for supported public key algorithms."
2607 ::= { cTrustAnchorEntry 6 }
2609 cTrustAnchorContingencyAvail OBJECT-TYPE
2610 SYNTAX TruthValue
2611 MAX-ACCESS read-only
2612 STATUS current
2613 DESCRIPTION
2614 "An indication of the availability of a contingency key for
2615 an Apex Trust Anchor. When set to 'True', a contingency key
2616 is available."
2617 ::= { cTrustAnchorEntry 7 }
2619 cTrustAnchorRowStatus OBJECT-TYPE
2620 SYNTAX RowStatus
2621 MAX-ACCESS read-write
2622 STATUS current
2623 DESCRIPTION
2624 "The status of this row by which existing entries may be
2625 deleted from this table. Setting this column to destroy is
2626 synonymous with zeroizing the Trust Anchor (TA). Any
2627 reference(s) to this object, upon setting this RowStatus to
2628 destroy, should be destroyed as well.
2630 At a minimum, implementations must support active and
2631 destroy management functions. Support for notInService and
2632 notReady management functions is optional. Implementations
2633 must not support createAndWait and createAndGo management
2634 functions for this object.
2636 Some implementations may restrict the deletion of Trust
2637 Anchors to specific protocols (e.g. TAMP)."
2638 ::= { cTrustAnchorEntry 8 }
2640 -- *********************************************************************
2641 -- CC MIB cCKLTable
2642 -- *********************************************************************
2644 cCKLTableCount OBJECT-TYPE
2645 SYNTAX Unsigned32
2646 MAX-ACCESS read-only
2647 STATUS current
2648 DESCRIPTION
2649 "The number of rows in the cCKLTable."
2650 ::= { cCKLInfo 1 }
2652 cCKLLastChanged OBJECT-TYPE
2653 SYNTAX TimeStamp
2654 MAX-ACCESS read-only
2655 STATUS current
2656 DESCRIPTION
2657 "The last time any entry in the table was modified, created,
2658 or deleted by either SNMP, agent, or other management method
2659 (e.g. via an HMI). Managers can use this object to ensure
2660 that no changes to configuration of this table have happened
2661 since the last time it examined the table. A value of 0
2662 indicates that no entry has been changed since the agent
2663 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
2664 should be used to populate this column."
2665 ::= { cCKLInfo 2 }
2667 cCKLTable OBJECT-TYPE
2668 SYNTAX SEQUENCE OF CCKLEntry
2669 MAX-ACCESS not-accessible
2670 STATUS current
2671 DESCRIPTION
2672 "The table containing the Compromised Key Lists and
2673 Certificate Revocation Lists (CRLS) used by the device. This
2674 table is used both for CRLs as defined in RFC 5280 and for
2675 other formats of revocation lists (such as Compromised Key
2676 Lists.)"
2677 ::= { cCKLInfo 3 }
2679 cCKLEntry OBJECT-TYPE
2680 SYNTAX CCKLEntry
2681 MAX-ACCESS not-accessible
2682 STATUS current
2683 DESCRIPTION
2684 "A row containing information about a Compromised Key List
2685 or Certificate Revocation List (CRL) used by the device."
2686 INDEX { cCKLIndex, cCKLIssuer }
2687 ::= { cCKLTable 1 }
2689 CCKLEntry ::= SEQUENCE {
2690 cCKLIndex Unsigned32,
2691 cCKLIssuer OCTET STRING,
2692 cCKLSerialNumber OCTET STRING,
2693 cCKLIssueDate DateAndTime,
2694 cCKLNextUpdate DateAndTime,
2695 cCKLRowStatus RowStatus,
2696 cCKLVersion INTEGER,
2697 cCKLLastUpdate DateAndTime
2698 }
2700 cCKLIndex OBJECT-TYPE
2701 SYNTAX Unsigned32
2702 MAX-ACCESS read-only
2703 STATUS current
2704 DESCRIPTION
2705 "An ID that uniquely identifies the Compromised Key List
2706 (CKL) in this table."
2707 ::= { cCKLEntry 1 }
2709 cCKLIssuer OBJECT-TYPE
2710 SYNTAX OCTET STRING (SIZE(0..255))
2711 MAX-ACCESS read-only
2712 STATUS current
2713 DESCRIPTION
2714 "For devices adhering to RFC 5280 this is the X.500
2715 distinguished name (DN) of the entity that has signed and
2716 issued the Certificate Revocation List (CRL).
2718 Other CRL/CKL issuers may use proprietary naming conventions
2719 or formats.
2721 If the source is unknown, this column should not be
2722 populated or be set to an empty string, ''."
2723 ::= { cCKLEntry 2 }
2725 cCKLSerialNumber OBJECT-TYPE
2726 SYNTAX OCTET STRING (SIZE(0..255))
2727 MAX-ACCESS read-only
2728 STATUS current
2729 DESCRIPTION
2730 "A Serial Number for this CRL or CKL.
2732 For CRLs adhering to RFC 5280, this will be a monotonically
2733 increasing sequence number for a given Certificate
2734 Revocation List (CRL) scope and CRL issuer. The CRL Number
2735 allows users to easily determine when a particular CKL/CRL
2736 supersedes another CKL/CRL."
2737 ::= { cCKLEntry 3 }
2739 cCKLIssueDate OBJECT-TYPE
2740 SYNTAX DateAndTime
2741 MAX-ACCESS read-only
2742 STATUS current
2743 DESCRIPTION
2744 "The issue date of this CRL/CKL."
2745 ::= { cCKLEntry 4 }
2747 cCKLNextUpdate OBJECT-TYPE
2748 SYNTAX DateAndTime
2749 MAX-ACCESS read-only
2750 STATUS current
2751 DESCRIPTION
2753 "The date by which the next CKL/CRL issued. The next CRL
2754 could be issued before the indicated date, but it will not
2755 be issued any later than the indicated date.
2757 If this value is unknown, this column should not be
2758 populated or be set to an empty string, ''."
2759 ::= { cCKLEntry 5 }
2761 cCKLRowStatus OBJECT-TYPE
2762 SYNTAX RowStatus
2763 MAX-ACCESS read-write
2764 STATUS current
2765 DESCRIPTION
2766 "The status of this row by which existing entries may be
2767 deleted from this table.
2769 At a minimum, implementations must support active and
2770 destroy management functions. Support for notInService and
2771 notReady management functions is optional. Implementations
2772 must not support createAndWait and createAndGo management
2773 functions for this object."
2774 ::= { cCKLEntry 6 }
2776 cCKLVersion OBJECT-TYPE
2777 SYNTAX INTEGER
2778 MAX-ACCESS read-only
2779 STATUS current
2780 DESCRIPTION
2781 "The version of the CKL/CRL. For example, X.509 Version 2
2782 CRLs would have a value of '1', as defined in RFC 5280 -
2783 Section 5.1.2.1.
2785 When this object does not apply for the CKL/CRL, this column
2786 will not exist."
2787 ::= { cCKLEntry 7 }
2789 cCKLLastUpdate OBJECT-TYPE
2790 SYNTAX DateAndTime
2791 MAX-ACCESS read-only
2792 STATUS current
2793 DESCRIPTION
2794 "The date this CKL/CRL was last updated."
2795 ::= { cCKLEntry 8 }
2797 -- *********************************************************************
2798 -- CC MIB cCDMStoreTable
2799 -- *********************************************************************
2801 cCDMStoreTableCount OBJECT-TYPE
2802 SYNTAX Unsigned32
2803 MAX-ACCESS read-only
2804 STATUS current
2805 DESCRIPTION
2806 "The number of rows in the cCDMStoreTable."
2807 ::= { cCDMStoreInfo 1 }
2809 cCDMStoreTableLastChanged OBJECT-TYPE
2810 SYNTAX TimeStamp
2811 MAX-ACCESS read-only
2812 STATUS current
2813 DESCRIPTION
2814 "The last time any entry in the table was modified, created,
2815 or deleted by either SNMP, agent, or other management method
2816 (e.g. via an HMI). Managers can use this object to ensure
2817 that no changes to configuration of this table have happened
2818 since the last time it examined the table. A value of 0
2819 indicates that no entry has been changed since the agent
2820 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
2821 should be used to populate this column."
2822 ::= { cCDMStoreInfo 2 }
2824 cCDMStoreTable OBJECT-TYPE
2825 SYNTAX SEQUENCE OF CCDMStoreEntry
2826 MAX-ACCESS not-accessible
2827 STATUS current
2828 DESCRIPTION
2829 "The table containing various types of stored Crypto Device
2830 Material (CDM) that are destined for this device and/or
2831 destined for another device. When sending CDM to a destined
2832 device, the cCDMTransferPkgLocatorRowPtr from the
2833 CC-KEY-TRANSFER-PUSH-MIB can be used to point to the rows in
2834 this table."
2835 ::= { cCDMStoreInfo 3 }
2837 cCDMStoreEntry OBJECT-TYPE
2838 SYNTAX CCDMStoreEntry
2839 MAX-ACCESS not-accessible
2840 STATUS current
2841 DESCRIPTION
2842 "A row containing information about stored Crypto Device
2843 Material (CDM)."
2844 INDEX { cCDMStoreIndex }
2845 ::= { cCDMStoreTable 1 }
2847 CCDMStoreEntry ::= SEQUENCE {
2848 cCDMStoreIndex Unsigned32,
2849 cCDMStoreType INTEGER,
2850 cCDMStoreSource SnmpAdminString,
2851 cCDMStoreID OCTET STRING,
2852 cCDMStoreFriendlyName SnmpAdminString,
2853 cCDMStoreControl INTEGER,
2854 cCDMStoreRowStatus RowStatus
2855 }
2857 cCDMStoreIndex OBJECT-TYPE
2858 SYNTAX Unsigned32
2859 MAX-ACCESS read-only
2860 STATUS current
2861 DESCRIPTION
2862 "A numeric index that identifies a unique location in this
2863 table."
2864 ::= { cCDMStoreEntry 1 }
2866 cCDMStoreType OBJECT-TYPE
2867 SYNTAX INTEGER { symKey(1), asymKey(2), trustAnchor(3),
2868 crl(4), ckl(5), firmware(6),
2869 storeAndForwardWrappedPkg(7) }
2870 MAX-ACCESS read-only
2871 STATUS current
2872 DESCRIPTION
2873 "The type of Crypto Device Material (CDM) populated in this
2874 row.
2876 (1) symKey - This row contains information about a stored
2877 symmetric key.
2878 (2) asymKey - This row contains information about a stored
2879 asymmetric key.
2880 (3) trustAnchor - This row contains information about a
2881 stored Trust Anchor (TA).
2882 (4) crl - This row contains information about a stored
2883 Certificate Revocation List (CRL).
2884 (5) ckl - This row contains information about a stored
2885 Compromised Key List (CKL).
2887 (6) firmware - This row contains information about stored
2888 firmware.
2889 (7) storeAndForwardWrappedPkg - This row contains
2890 information about a stored encrypted wrapped package,
2891 typically meant to be forwarded to another device."
2892 ::= { cCDMStoreEntry 2 }
2894 cCDMStoreSource OBJECT-TYPE
2895 SYNTAX SnmpAdminString
2896 MAX-ACCESS read-only
2897 STATUS current
2898 DESCRIPTION
2899 "An administrative name that identifies the source of this
2900 Crypto Device Material (CDM). This could be the URI used
2901 when downloaded from the CDM server or a physical port
2902 designator for CDM downloaded via HMI."
2903 ::= { cCDMStoreEntry 3 }
2905 cCDMStoreID OBJECT-TYPE
2906 SYNTAX OCTET STRING (SIZE(1..255))
2907 MAX-ACCESS read-write
2908 STATUS current
2909 DESCRIPTION
2910 "Represents a unique identifier assigned to this Crypto
2911 Device Material (CDM). This would typically be an identifier
2912 inherent to the CDM, such as a serial number or other form
2913 of identifier derived from a tag or other CDM wrapper. This
2914 object differs from cCDMStoreFriendlyName which is a
2915 user-defined ID."
2916 ::= { cCDMStoreEntry 4 }
2918 cCDMStoreFriendlyName OBJECT-TYPE
2919 SYNTAX SnmpAdminString
2920 MAX-ACCESS read-write
2921 STATUS current
2922 DESCRIPTION
2923 "A human readable label of this Crypto Device Material (CDM)
2924 for easier reference. It is used only for helpful or
2925 informational purposes."
2926 ::= { cCDMStoreEntry 5 }
2928 cCDMStoreControl OBJECT-TYPE
2929 SYNTAX INTEGER { readyForInstall(1), install(2),
2930 installAndDiscard(3) }
2931 MAX-ACCESS read-write
2932 STATUS current
2933 DESCRIPTION
2934 "A means to control what happens to the Crypto Device
2935 Material (CDM) stored in this table.
2936 (1) readyForInstall - The CDM is ready for installation.
2937 (2) install - The CDM will be installed in the appropriate
2938 table based on the cCDMStoreType.
2939 (3) installAndDiscard - The CDM will be installed in the
2940 appropriate table based on the cCDMStoreType and
2941 discarded from this table after the install operation is
2942 complete.
2944 Note, setting the cCDMStoreRowStatus object to 'destroy'
2945 will discard the CDM."
2946 ::= { cCDMStoreEntry 6 }
2948 cCDMStoreRowStatus OBJECT-TYPE
2949 SYNTAX RowStatus
2950 MAX-ACCESS read-write
2951 STATUS current
2952 DESCRIPTION
2953 "The status of this row by which existing entries may be
2954 deleted from this table.
2956 At a minimum, implementations must support active and
2957 destroy management functions. Support for notInService and
2958 notReady management functions is optional. Implementations
2959 must not support createAndWait and createAndGo management
2960 functions for this object."
2961 ::= { cCDMStoreEntry 7 }
2963 -- *****************************************************************
2964 -- CC MIB cCertSubAltNameTable
2965 -- *****************************************************************
2967 cCertSubAltNameTableCount OBJECT-TYPE
2968 SYNTAX Unsigned32
2969 MAX-ACCESS read-only
2970 STATUS current
2971 DESCRIPTION
2972 "The number of rows in the cCertSubAltNameTable."
2973 ::= { cCertSubAltNameInfo 1 }
2975 cCertSubAltNameTableLastChanged OBJECT-TYPE
2976 SYNTAX TimeStamp
2977 MAX-ACCESS read-only
2978 STATUS current
2979 DESCRIPTION
2980 "The last time any entry in the table was modified, created,
2981 or deleted by either SNMP, agent, or other management method
2982 (e.g. via an HMI). Managers can use this object to ensure
2983 that no changes to configuration of this table have happened
2984 since the last time it examined the table. A value of 0
2985 indicates that no entry has been changed since the agent
2986 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
2987 should be used to populate this column."
2988 ::= { cCertSubAltNameInfo 2 }
2990 cCertSubAltNameTable OBJECT-TYPE
2991 SYNTAX SEQUENCE OF CCertSubAltNameTableEntry
2992 MAX-ACCESS not-accessible
2993 STATUS current
2994 DESCRIPTION
2995 "The table containing a list of Subject Alternative Names
2996 associated with the certificate."
2997 ::= { cCertSubAltNameInfo 3 }
2999 cCertSubAltNameTableEntry OBJECT-TYPE
3000 SYNTAX CCertSubAltNameTableEntry
3001 MAX-ACCESS not-accessible
3002 STATUS current
3003 DESCRIPTION
3004 "A row containing information about a Subject Alternative
3005 Name and its type."
3006 INDEX { cCertSubAltNameList, cCertSubAltNameListIndex }
3007 ::= { cCertSubAltNameTable 1 }
3009 CCertSubAltNameTableEntry ::= SEQUENCE {
3010 cCertSubAltNameList SnmpAdminString,
3011 cCertSubAltNameListIndex Unsigned32,
3012 cCertSubAltNameType INTEGER,
3013 cCertSubAltNameValue1 OCTET STRING,
3014 cCertSubAltNameValue2 OCTET STRING,
3015 cCertSubAltNameRowStatus RowStatus
3016 }
3018 cCertSubAltNameList OBJECT-TYPE
3019 SYNTAX SnmpAdminString (SIZE(1..32))
3020 MAX-ACCESS not-accessible
3021 STATUS current
3022 DESCRIPTION
3023 "The administrative name defining the set of Subject
3024 Alternative Names that are associated with the certificate.
3025 Multiple Subject Alternative Names may use the same
3026 administrative name, implying a group. It is the combination
3027 of cCertSubAltNameList and cCertSubAltNameListIndex that
3028 uniquely identifies each row or set of Subject Alternative
3029 Names."
3030 ::= { cCertSubAltNameTableEntry 1 }
3032 cCertSubAltNameListIndex OBJECT-TYPE
3033 SYNTAX Unsigned32
3034 MAX-ACCESS not-accessible
3035 STATUS current
3036 DESCRIPTION
3037 "A unique numeric index for rows, or sets of Subject
3038 Alternative Names, with the same cCertSubAltNameList value.
3039 This value, in combination with cCertSubAltNameList,
3040 uniquely identifies each row, or set of Subject Alternative
3041 Names."
3042 ::= { cCertSubAltNameTableEntry 2 }
3044 cCertSubAltNameType OBJECT-TYPE
3045 SYNTAX INTEGER { otherName(0), rfc822Name(1), dNSName(2),
3046 x400Address(3), directoryName(4),
3047 ediPartyName(5),
3048 uniformResourceIdentifier(6), ipAddress(7),
3049 registeredID(8) }
3050 MAX-ACCESS read-only
3051 STATUS current
3052 DESCRIPTION
3053 "The type of the Subject Alternative Name as defined in RFC
3054 5280, Section 4.2.1.6. Specifically, the value of this
3055 object determines the format of cCertSubAltNameValue1 and
3056 cCertSubAltNameValue2."
3057 ::= { cCertSubAltNameTableEntry 3 }
3059 cCertSubAltNameValue1 OBJECT-TYPE
3060 SYNTAX OCTET STRING
3061 MAX-ACCESS read-only
3062 STATUS current
3063 DESCRIPTION
3064 "The main value of the Subject Alternative Name. The format
3065 of the value must match its Type as defined in RFC 5280,
3066 Section 4.2.1.6.
3068 This column is the main value and is used for all
3069 cCertSubAltNameType types. For otherName(0), this column
3071 provides the value of the 'value' field. For
3072 ediPartyName(5), this column provides the value of the
3073 'partyName'. For all other types, this column provides the
3074 value as defined in RFC 5280, Section 4.2.1.6."
3075 ::= { cCertSubAltNameTableEntry 4 }
3077 cCertSubAltNameValue2 OBJECT-TYPE
3078 SYNTAX OCTET STRING
3079 MAX-ACCESS read-only
3080 STATUS current
3081 DESCRIPTION
3082 "This column is a supplement to the main value
3083 cCertSubAltNameValue1 and may only be used when the
3084 cCertSubAltNameType is either otherName(0) or
3085 ediPartyName(5). For otherName(0), this column provides the
3086 value of the 'type-id' as defined in RFC 5280, Section
3087 4.2.1.6. For ediPartyName(5), this column provides the value
3088 of the 'nameAssigner' as defined in RFC 5280, Section
3089 4.2.1.6.
3091 For all other values of cCertSubAltNameType or when the
3092 'nameAssigner' is not used for ediPartyName(5), this column
3093 will not exist.
3095 Note: Support for multiple otherName(0) or ediPartyName(5)
3096 alternate names is provided by allowing multiple rows of the
3097 same cCertSubAltNameType and cCertSubAltNameList but with a
3098 unique cCertSubAltNameListIndex."
3099 ::= { cCertSubAltNameTableEntry 5 }
3101 cCertSubAltNameRowStatus OBJECT-TYPE
3102 SYNTAX RowStatus
3103 MAX-ACCESS read-create
3104 STATUS current
3105 DESCRIPTION
3106 "The status of this row by which existing entries may be
3107 deleted from this table.
3109 At a minimum, implementations must support active and
3110 destroy management functions. Support for notInService and
3111 notReady management functions is optional. Implementations
3112 must not support createAndWait and createAndGo management
3113 functions for this object."
3114 ::= { cCertSubAltNameTableEntry 6 }
3116 -- *****************************************************************
3117 -- CC MIB cCertPathCtrlsTable
3118 -- *****************************************************************
3120 cCertPathCtrlsTableCount OBJECT-TYPE
3121 SYNTAX Unsigned32
3122 MAX-ACCESS read-only
3123 STATUS current
3124 DESCRIPTION
3125 "The number of rows in the cCertPathCtrlsTable."
3126 ::= { cCertPathCtrlsInfo 1 }
3128 cCertPathCtrlsTableLastChanged OBJECT-TYPE
3129 SYNTAX TimeStamp
3130 MAX-ACCESS read-only
3131 STATUS current
3132 DESCRIPTION
3133 "The last time any entry in the table was modified, created,
3134 or deleted by either SNMP, agent, or other management method
3135 (e.g. via an HMI). Managers can use this object to ensure
3136 that no changes to configuration of this table have happened
3137 since the last time it examined the table. A value of 0
3138 indicates that no entry has been changed since the agent
3139 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
3140 should be used to populate this column."
3141 ::= { cCertPathCtrlsInfo 2 }
3143 cCertPathCtrlsTable OBJECT-TYPE
3144 SYNTAX SEQUENCE OF CCertPathCtrlsEntry
3145 MAX-ACCESS not-accessible
3146 STATUS current
3147 DESCRIPTION
3148 "The table containing the controls and constraints applied
3149 to a certificate in order to process certificate trust paths."
3150 ::= { cCertPathCtrlsInfo 3 }
3152 cCertPathCtrlsEntry OBJECT-TYPE
3153 SYNTAX CCertPathCtrlsEntry
3154 MAX-ACCESS not-accessible
3155 STATUS current
3156 DESCRIPTION
3157 "A row containing information about certificate path
3158 controls and constraints."
3159 INDEX { cCertPathCtrlsKeyFingerprint }
3160 ::= { cCertPathCtrlsTable 1 }
3162 CCertPathCtrlsEntry ::= SEQUENCE {
3163 cCertPathCtrlsKeyFingerprint SnmpTLSFingerprint,
3164 cCertPathCtrlsCertificate RowPointer,
3165 cCertPathCtrlsCertPolicies OCTET STRING,
3166 cCertPathCtrlsPolicyMappings OCTET STRING,
3167 cCertPathCtrlsPolicyFlags BITS,
3168 cCertPathCtrlsNamesPermitted OCTET STRING,
3169 cCertPathCtrlsNamesExcluded OCTET STRING,
3170 cCertPathCtrlsMaxPathLength Unsigned32
3171 }
3173 cCertPathCtrlsKeyFingerprint OBJECT-TYPE
3174 SYNTAX SnmpTLSFingerprint
3175 MAX-ACCESS not-accessible
3176 STATUS current
3177 DESCRIPTION
3178 "Identifies a trust anchor in the cTrustAnchorTable or a
3179 certificate in the cAsymKeyTable. This column is the
3180 primary index to the cCertPathCtrlsTable."
3181 ::= {cCertPathCtrlsEntry 1}
3183 cCertPathCtrlsCertificate OBJECT-TYPE
3184 SYNTAX RowPointer
3185 MAX-ACCESS read-only
3186 STATUS current
3187 DESCRIPTION
3188 "Optional reference to an X.509 certificate defined in the
3189 cAsymKeyTable to assist with certification path development
3190 and validation."
3191 ::= { cCertPathCtrlsEntry 2 }
3193 cCertPathCtrlsCertPolicies OBJECT-TYPE
3194 SYNTAX OCTET STRING
3195 MAX-ACCESS read-only
3196 STATUS current
3197 DESCRIPTION
3198 "Indicates a grouping of one or more policies for this
3199 certificate. The value of this column corresponds to the
3200 cCertPolicyInformation column in the cCertPolicyTable.
3202 When this object does not apply for the key material, this
3203 column will not exist."
3204 ::= { cCertPathCtrlsEntry 3 }
3206 cCertPathCtrlsPolicyMappings OBJECT-TYPE
3207 SYNTAX OCTET STRING
3208 MAX-ACCESS read-only
3209 STATUS current
3210 DESCRIPTION
3211 "For a Certificate Authority (CA) certificate, this
3212 indicates a grouping of policy mappings between a
3213 certificate issuer CA domain policy and a domain policy of
3214 the subject certificate CA. The value of this column
3215 corresponds to the cPolicyMappingGroup column of the
3216 cPolicyMappingTable.
3218 For non-X.509 based key material, or when this object does
3219 not apply for the key material, this column will not exist."
3220 ::= { cCertPathCtrlsEntry 4 }
3222 cCertPathCtrlsPolicyFlags OBJECT-TYPE
3223 SYNTAX BITS { inhibitPolicyMapping(0),
3224 requireExplicitPolicy(1),
3225 inhibitAnyPolicy(2) }
3226 MAX-ACCESS read-only
3227 STATUS current
3228 DESCRIPTION
3229 "Optional certificate path policy flags consisting of the
3230 following: inhibitPolicyMapping, requireExplicitPolicy, and
3231 inhibitAnyPolicy.
3233 inhibitPolicyMapping: Indicates if policy mapping is allowed
3234 in the certification path.
3236 requireExplicitPolicy: Indicates if the certification path
3237 must be valid for at least one of the certificate policies
3238 in cCertPathCtrlsCertPolicies.
3240 inhibitAnyPolicy: Indicates whether the special anyPolicy
3241 policy identifier is considered an explicit match for other
3242 certificate policies.
3244 Bit value translation:
3245 1000 = inhibitPolicyMapping
3246 0100 = requireExplicitPolicy
3247 0010 = inhibitAnyPolicy"
3248 ::= { cCertPathCtrlsEntry 5 }
3250 cCertPathCtrlsNamesPermitted OBJECT-TYPE
3251 SYNTAX OCTET STRING
3252 MAX-ACCESS read-only
3253 STATUS current
3254 DESCRIPTION
3255 "Indicates a subtree of names that are permitted for
3256 certificate path validation. The value of this column
3257 corresponds to the cNameConstraintGenSubtree column in the
3258 cNameConstraintTable.
3260 When this object does not apply for the key material, this
3261 column will not exist."
3262 ::= { cCertPathCtrlsEntry 6 }
3264 cCertPathCtrlsNamesExcluded OBJECT-TYPE
3265 SYNTAX OCTET STRING
3266 MAX-ACCESS read-only
3267 STATUS current
3268 DESCRIPTION
3269 "Indicates a subtree of names that are excluded from
3270 certificate path validation, regardless of information
3271 appearing in the cCertPathCtrlsNamesPermitted subtree. The
3272 value of this column corresponds to the
3273 cNameConstraintGenSubtree column in the
3274 cNameConstraintTable.
3276 When this object does not apply for the key material, this
3277 column will not exist."
3278 ::= { cCertPathCtrlsEntry 7 }
3280 cCertPathCtrlsMaxPathLength OBJECT-TYPE
3281 SYNTAX Unsigned32
3282 MAX-ACCESS read-only
3283 STATUS current
3284 DESCRIPTION
3285 "Optional indication of the maximum number of
3286 non-self-issued intermediate certificates that may follow
3287 this certificate in a valid certification path."
3288 ::= { cCertPathCtrlsEntry 8 }
3290 -- *****************************************************************
3291 -- CC MIB cCertPolicyTable
3292 -- *****************************************************************
3294 cCertPolicyTableCount OBJECT-TYPE
3295 SYNTAX Unsigned32
3296 MAX-ACCESS read-only
3297 STATUS current
3298 DESCRIPTION
3299 "The number of rows in the cCertPolicyTable."
3300 ::= { cCertPolicyInfo 1 }
3302 cCertPolicyTableLastChanged OBJECT-TYPE
3303 SYNTAX TimeStamp
3304 MAX-ACCESS read-only
3305 STATUS current
3306 DESCRIPTION
3307 "The last time any entry in the table was modified, created,
3308 or deleted by either SNMP, agent, or other management method
3309 (e.g. via an HMI). Managers can use this object to ensure
3310 that no changes to configuration of this table have happened
3311 since the last time it examined the table. A value of 0
3312 indicates that no entry has been changed since the agent
3313 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
3314 should be used to populate this column."
3315 ::= { cCertPolicyInfo 2 }
3317 cCertPolicyTable OBJECT-TYPE
3318 SYNTAX SEQUENCE OF CCertPolicyEntry
3319 MAX-ACCESS not-accessible
3320 STATUS current
3321 DESCRIPTION
3322 "The table containing certificate policy information to be
3323 provided as input to the certificate path validation
3324 algorithm. For an end entity certificate, this information
3325 indicates under which policy this certificate has been
3326 issued and the purposes for which the certificate may be
3327 used. For a Certificate Authority (CA) certificate, this
3328 information limits the set of policies for certification
3329 paths that include this certificate."
3330 ::= { cCertPolicyInfo 3 }
3332 cCertPolicyEntry OBJECT-TYPE
3333 SYNTAX CCertPolicyEntry
3334 MAX-ACCESS not-accessible
3335 STATUS current
3336 DESCRIPTION
3337 "A row containing information about a certificate policy."
3338 INDEX { cCertPolicyInformation, cCertPolicyInformationIndex }
3339 ::= { cCertPolicyTable 1 }
3341 CCertPolicyEntry ::= SEQUENCE {
3342 cCertPolicyInformation OCTET STRING,
3343 cCertPolicyInformationIndex Unsigned32,
3344 cCertPolicyIdentifier OBJECT IDENTIFIER,
3345 cCertPolicyQualifierID INTEGER,
3346 cCertPolicyQualifier OCTET STRING
3347 }
3349 cCertPolicyInformation OBJECT-TYPE
3350 SYNTAX OCTET STRING (SIZE(1..255))
3351 MAX-ACCESS not-accessible
3352 STATUS current
3353 DESCRIPTION
3354 "Identifies a grouping of policies that are applicable to a
3355 certificate. When used in conjunction with
3356 cCertPolicyInformationIndex, a unique policy and qualifier
3357 set is defined."
3358 ::= { cCertPolicyEntry 1 }
3360 cCertPolicyInformationIndex OBJECT-TYPE
3361 SYNTAX Unsigned32
3362 MAX-ACCESS not-accessible
3363 STATUS current
3364 DESCRIPTION
3365 "A numerical index that is unique for a specific
3366 cCertPolicyInformation value. This index allows multiple
3367 qualifiers to be defined for a particular policy. When used
3368 in conjunction with cCertPolicyInformation, a unique policy
3369 and qualifier set is defined."
3370 ::= { cCertPolicyEntry 2 }
3372 cCertPolicyIdentifier OBJECT-TYPE
3373 SYNTAX OBJECT IDENTIFIER
3374 MAX-ACCESS read-only
3375 STATUS current
3376 DESCRIPTION
3377 "For end entity certificates, this is an identifier for the
3378 policy under which the certificate has been issued. For
3379 Certificate Authority (CA) certificates, this is an
3380 identifier for a certification path policy that includes
3381 this certificate."
3382 ::= { cCertPolicyEntry 3 }
3384 cCertPolicyQualifierID OBJECT-TYPE
3385 SYNTAX INTEGER { cpsPointer(0), userNotice(1) }
3386 MAX-ACCESS read-only
3387 STATUS current
3388 DESCRIPTION
3389 "Indicates the type of qualifier per RFC 5280,
3390 Section 4.2.1.4."
3391 ::= { cCertPolicyEntry 4 }
3393 cCertPolicyQualifier OBJECT-TYPE
3394 SYNTAX OCTET STRING
3395 MAX-ACCESS read-only
3396 STATUS current
3397 DESCRIPTION
3398 "Qualifier information with type based on
3399 cCertPolicyQualifierID."
3400 ::= { cCertPolicyEntry 5 }
3402 -- *********************************************************************
3403 -- CC MIB cPolicyMappingTable
3404 -- *********************************************************************
3406 cPolicyMappingTableCount OBJECT-TYPE
3407 SYNTAX Unsigned32
3408 MAX-ACCESS read-only
3409 STATUS current
3410 DESCRIPTION
3411 "The number of rows in the cPolicyMappingTable."
3412 ::= { cPolicyMappingInfo 1 }
3414 cPolicyMappingTableLastChanged OBJECT-TYPE
3415 SYNTAX TimeStamp
3416 MAX-ACCESS read-only
3417 STATUS current
3418 DESCRIPTION
3419 "The last time any entry in the table was modified, created,
3420 or deleted by either SNMP, agent, or other management method
3422 (e.g. via an HMI). Managers can use this object to ensure
3423 that no changes to configuration of this table have happened
3424 since the last time it examined the table. A value of 0
3425 indicates that no entry has been changed since the agent
3426 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
3427 should be used to populate this column."
3428 ::= { cPolicyMappingInfo 2 }
3430 cPolicyMappingTable OBJECT-TYPE
3431 SYNTAX SEQUENCE OF CPolicyMappingEntry
3432 MAX-ACCESS not-accessible
3433 STATUS current
3434 DESCRIPTION
3435 "The table listing mappings between policies that a
3436 certificate issuing Certificate Authority (CA) considers as
3437 equivalent or comparable to the domain policies of the
3438 subject certificate CA."
3439 ::= { cPolicyMappingInfo 3 }
3441 cPolicyMappingEntry OBJECT-TYPE
3442 SYNTAX CPolicyMappingEntry
3443 MAX-ACCESS not-accessible
3444 STATUS current
3445 DESCRIPTION
3446 "A row containing a mapping between the domain policy of an
3447 issuing Certificate Authority (CA) and an equivalent domain
3448 policy of the subject certificate's CA."
3449 INDEX { cPolicyMappingGroup, cPolicyMappingIndex }
3450 ::= { cPolicyMappingTable 1 }
3452 CPolicyMappingEntry ::= SEQUENCE {
3453 cPolicyMappingGroup OCTET STRING,
3454 cPolicyMappingIndex Unsigned32,
3455 cPolicyMappingSubjectPolicy OBJECT IDENTIFIER,
3456 cPolicyMappingIssuerPolicy OBJECT IDENTIFIER
3457 }
3459 cPolicyMappingGroup OBJECT-TYPE
3460 SYNTAX OCTET STRING (SIZE(1..255))
3461 MAX-ACCESS not-accessible
3462 STATUS current
3463 DESCRIPTION
3464 "Identifies a grouping of policy mappings that are
3465 applicable to a certificate. When used in conjunction with
3466 cPolicyMappingIndex, a unique policy mapping is defined."
3467 ::= { cPolicyMappingEntry 1 }
3469 cPolicyMappingIndex OBJECT-TYPE
3470 SYNTAX Unsigned32
3471 MAX-ACCESS not-accessible
3472 STATUS current
3473 DESCRIPTION
3474 "A numerical index that is unique for a specific
3475 cPolicyMappingGroup value. When used in conjunction with
3476 cPolicyMappingGroup, a unique policy mapping is defined."
3477 ::= { cPolicyMappingEntry 2 }
3479 cPolicyMappingSubjectPolicy OBJECT-TYPE
3480 SYNTAX OBJECT IDENTIFIER
3481 MAX-ACCESS read-only
3482 STATUS current
3483 DESCRIPTION
3484 "Indicates the subject Certificate Authority's domain
3485 policy."
3486 ::= { cPolicyMappingEntry 3 }
3488 cPolicyMappingIssuerPolicy OBJECT-TYPE
3489 SYNTAX OBJECT IDENTIFIER
3490 MAX-ACCESS read-only
3491 STATUS current
3492 DESCRIPTION
3493 "Indicates the issuer domain policy that the issuer
3494 Certificate Authority (CA) considers equivalent to the
3495 subject CA domain policy."
3496 ::= { cPolicyMappingEntry 4 }
3498 -- *********************************************************************
3499 -- CC MIB cNameConstraintTable
3500 -- *********************************************************************
3502 cNameConstraintTableCount OBJECT-TYPE
3503 SYNTAX Unsigned32
3504 MAX-ACCESS read-only
3505 STATUS current
3506 DESCRIPTION
3507 "The number of rows in the cNameConstraintTable."
3508 ::= { cNameConstraintInfo 1 }
3510 cNameConstraintTableLastChanged OBJECT-TYPE
3511 SYNTAX TimeStamp
3512 MAX-ACCESS read-only
3513 STATUS current
3514 DESCRIPTION
3515 "The last time any entry in the table was modified, created,
3516 or deleted by either SNMP, agent, or other management method
3517 (e.g. via an HMI). Managers can use this object to ensure
3518 that no changes to configuration of this table have happened
3519 since the last time it examined the table. A value of 0
3520 indicates that no entry has been changed since the agent
3521 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
3522 should be used to populate this column."
3523 ::= { cNameConstraintInfo 2 }
3525 cNameConstraintTable OBJECT-TYPE
3526 SYNTAX SEQUENCE OF CNameConstraintEntry
3527 MAX-ACCESS not-accessible
3528 STATUS current
3529 DESCRIPTION
3530 "The table listing designated name spaces within which
3531 subject names in subsequent certificates in a certification
3532 path can be stored."
3533 ::= { cNameConstraintInfo 3 }
3535 cNameConstraintEntry OBJECT-TYPE
3536 SYNTAX CNameConstraintEntry
3537 MAX-ACCESS not-accessible
3538 STATUS current
3539 DESCRIPTION
3540 "A row designating an entity's distinguished name to a name
3541 space."
3542 INDEX { cNameConstraintGenSubtree, cNameConstraintSubtreeIndex }
3543 ::= { cNameConstraintTable 1 }
3545 CNameConstraintEntry ::= SEQUENCE {
3546 cNameConstraintGenSubtree OCTET STRING,
3547 cNameConstraintSubtreeIndex Unsigned32,
3548 cNameConstraintBaseName SnmpAdminString
3549 }
3551 cNameConstraintGenSubtree OBJECT-TYPE
3552 SYNTAX OCTET STRING (SIZE(1..255))
3553 MAX-ACCESS not-accessible
3554 STATUS current
3555 DESCRIPTION
3556 "Identifies a permitted or excluded name constraint subtree.
3557 When used with cNameConstraintSubtreeIndex, a unique subject
3558 name constraint entry is defined."
3559 ::= { cNameConstraintEntry 1 }
3561 cNameConstraintSubtreeIndex OBJECT-TYPE
3562 SYNTAX Unsigned32
3563 MAX-ACCESS not-accessible
3564 STATUS current
3565 DESCRIPTION
3566 "A numerical index used to specify a name constraint within
3567 a permitted or excluded name constraint subtree. When used
3568 with a specific value of cNameConstraintGenSubtree, a unique
3569 subject name constraint entry is defined."
3570 ::= { cNameConstraintEntry 2 }
3572 cNameConstraintBaseName OBJECT-TYPE
3573 SYNTAX SnmpAdminString
3574 MAX-ACCESS read-only
3575 STATUS current
3576 DESCRIPTION
3577 "The distinguished name of the subject that is permitted or
3578 excluded."
3579 ::= { cNameConstraintEntry 3 }
3581 -- *****************************************************************
3582 -- Module Conformance Information
3583 -- *****************************************************************
3585 cKeyManagementCompliances OBJECT IDENTIFIER
3586 ::= { cKeyManagementConformance 1}
3587 cKeyManagementGroups OBJECT IDENTIFIER
3588 ::= { cKeyManagementConformance 2}
3590 cKeyManSymKeyCompliance MODULE-COMPLIANCE
3591 STATUS current
3592 DESCRIPTION
3593 "Compliance levels for symmetric key information."
3594 MODULE
3595 MANDATORY-GROUPS { cKeyManSymKeyGroup }
3597 GROUP cKeyManSymKeyNotifyScalars
3598 DESCRIPTION
3599 "This symmetric key notification scalar group is optional
3600 for implementation."
3602 GROUP cKeyManSymKeyNotifyGroup
3603 DESCRIPTION
3604 "This notification group is optional for implementation."
3605 ::= { cKeyManagementCompliances 1 }
3607 cKeyManAsymKeyCompliance MODULE-COMPLIANCE
3608 STATUS current
3609 DESCRIPTION
3610 "Compliance levels for asymmetric key information."
3611 MODULE
3612 MANDATORY-GROUPS { cKeyManAsymKeyGroup }
3614 GROUP cKeyManCertSubAltNameGroup
3615 DESCRIPTION
3616 "Certificate Subject Alternative Name group is optional for
3617 implementation."
3619 GROUP cKeyManCertPathCtrlsGroup
3620 DESCRIPTION
3621 "Certificate Path Controls group is optional for
3622 implementation."
3624 GROUP cKeyManCertPolicyGroup
3625 DESCRIPTION
3626 "Certificate Policy group is optional for implementation."
3628 GROUP cKeyManPolicyMappingGroup
3629 DESCRIPTION
3630 "Policy Mapping group is optional for implementation."
3632 GROUP cKeyManNameConstraintGroup
3633 DESCRIPTION
3634 "Name Constraint group is optional for implementation."
3636 GROUP cKeyManTrustAnchorGroup
3637 DESCRIPTION
3638 "Trust Anchor group is optional for implementation."
3640 GROUP cKeyManAsymKeyNotifyScalars
3641 DESCRIPTION
3642 "This asymmetric key notification scalar group is optional
3643 for implementation."
3645 GROUP cKeyManAsymKeyNotifyGroup
3646 DESCRIPTION
3647 "This notification group is optional for implementation."
3649 GROUP cKeyManTrustAnchorNotifyGroup
3650 DESCRIPTION
3651 "This notification group is optional for implementation."
3653 OBJECT cCertPathCtrlsCertificate
3654 MIN-ACCESS not-accessible
3655 DESCRIPTION
3656 "Implementation of this object is optional."
3658 OBJECT cCertPathCtrlsPolicyFlags
3659 MIN-ACCESS not-accessible
3660 DESCRIPTION
3661 "Implementation of this object is optional."
3663 OBJECT cCertPathCtrlsMaxPathLength
3664 MIN-ACCESS not-accessible
3665 DESCRIPTION
3666 "Implementation of this object is optional."
3667 ::= { cKeyManagementCompliances 2 }
3669 cKeyManTrustAnchorCompliance MODULE-COMPLIANCE
3670 STATUS current
3671 DESCRIPTION
3672 "Compliance levels for trust anchor information."
3673 MODULE
3674 MANDATORY-GROUPS { cKeyManTrustAnchorGroup }
3676 GROUP cKeyManCertPathCtrlsGroup
3677 DESCRIPTION
3678 "Certificate Path Controls group is optional for
3679 implementation."
3681 GROUP cKeyManCertPolicyGroup
3682 DESCRIPTION
3683 "Certificate Policy group is optional for implementation."
3685 GROUP cKeyManPolicyMappingGroup
3686 DESCRIPTION
3687 "Policy Mapping group is optional for implementation."
3689 GROUP cKeyManNameConstraintGroup
3690 DESCRIPTION
3691 "Name Constraint group is optional for implementation."
3693 GROUP cKeyManTrustAnchorNotifyGroup
3694 DESCRIPTION
3695 "This notification group is optional for implementation."
3697 OBJECT cCertPathCtrlsCertificate
3698 MIN-ACCESS not-accessible
3699 DESCRIPTION
3700 "Implementation of this object is optional."
3702 OBJECT cCertPathCtrlsPolicyFlags
3703 MIN-ACCESS not-accessible
3704 DESCRIPTION
3705 "Implementation of this object is optional."
3707 OBJECT cCertPathCtrlsMaxPathLength
3708 MIN-ACCESS not-accessible
3709 DESCRIPTION
3710 "Implementation of this object is optional."
3711 ::= { cKeyManagementCompliances 3 }
3713 cKeyManCKLCompliance MODULE-COMPLIANCE
3714 STATUS current
3715 DESCRIPTION
3716 "Compliance levels for CKL information."
3717 MODULE
3718 MANDATORY-GROUPS { cKeyManCKLGroup }
3720 GROUP cKeyManCKLNotifyGroup
3721 DESCRIPTION
3722 "This notification group is optional for implementation."
3723 ::= { cKeyManagementCompliances 4 }
3725 cKeyManCDMStoreCompliance MODULE-COMPLIANCE
3726 STATUS current
3727 DESCRIPTION
3728 "Compliance levels for CDM Store information."
3729 MODULE
3730 MANDATORY-GROUPS { cKeyManCDMStoreGroup }
3732 GROUP cKeyManCDMStoreNotifyGroup
3733 DESCRIPTION
3734 "This notification group is optional for implementation."
3735 ::= { cKeyManagementCompliances 5 }
3737 cKeyManSymKeyGroup OBJECT-GROUP
3738 OBJECTS {
3739 cZeroizeAllKeys,
3740 cZeroizeSymmetricKeyTable,
3741 cSymmetricKeyTableCount,
3742 cSymmetricKeyTableLastChanged,
3743 cSymKeyUsage,
3744 cSymKeyID,
3745 cSymKeyIssuer,
3746 cSymKeyEffectiveDate,
3747 cSymKeyExpirationDate,
3748 cSymKeyExpiryWarning,
3749 cSymKeyNumberOfTransactions,
3750 cSymKeyFriendlyName,
3751 cSymKeyClassification,
3752 cSymKeySource,
3753 cSymKeyRowStatus
3754 }
3756 STATUS current
3757 DESCRIPTION
3758 "This group is composed of objects related to symmetric key
3759 information."
3760 ::= { cKeyManagementGroups 1 }
3762 cKeyManAsymKeyGroup OBJECT-GROUP
3763 OBJECTS {
3764 cZeroizeAllKeys,
3765 cZeroizeAsymKeyTable,
3766 cAsymKeyTableCount,
3767 cAsymKeyTableLastChanged,
3768 cAsymKeyFingerprint,
3769 cAsymKeyFriendlyName,
3770 cAsymKeySerialNumber,
3771 cAsymKeyIssuer,
3772 cAsymKeySignatureAlgorithm,
3773 cAsymKeyPublicKeyAlgorithm,
3774 cAsymKeyEffectiveDate,
3775 cAsymKeyExpirationDate,
3776 cAsymKeyExpiryWarning,
3777 cAsymKeySubject,
3778 cAsymKeySubjectType,
3779 cAsymKeyUsage,
3780 cAsymKeyClassification,
3781 cAsymKeySource,
3782 cAsymKeyRowStatus,
3783 cAsymKeyVersion,
3784 cAsymKeyRekey,
3785 cAsymKeyType
3786 }
3787 STATUS current
3788 DESCRIPTION
3789 "This group is composed of objects related to asymmetric key
3790 information."
3791 ::= { cKeyManagementGroups 2 }
3793 cKeyManCertSubAltNameGroup OBJECT-GROUP
3794 OBJECTS {
3795 cAsymKeySubjectAltName,
3796 cCertSubAltNameTableCount,
3797 cCertSubAltNameTableLastChanged,
3798 cCertSubAltNameType,
3799 cCertSubAltNameValue1,
3800 cCertSubAltNameValue2,
3801 cCertSubAltNameRowStatus
3802 }
3803 STATUS current
3804 DESCRIPTION
3805 "This group is composed of objects related to certificate
3806 subject alternative name information."
3807 ::= { cKeyManagementGroups 3 }
3809 cKeyManCertPathCtrlsGroup OBJECT-GROUP
3810 OBJECTS {
3811 cCertPathCtrlsTableCount,
3812 cCertPathCtrlsTableLastChanged,
3813 cCertPathCtrlsCertificate,
3814 cCertPathCtrlsPolicyFlags,
3815 cCertPathCtrlsMaxPathLength
3816 }
3817 STATUS current
3818 DESCRIPTION
3819 "This group is composed of objects related to certificate
3820 path controls information."
3821 ::= { cKeyManagementGroups 4 }
3823 cKeyManCertPolicyGroup OBJECT-GROUP
3824 OBJECTS {
3825 cCertPathCtrlsCertPolicies,
3826 cCertPolicyTableCount,
3827 cCertPolicyTableLastChanged,
3828 cCertPolicyIdentifier,
3829 cCertPolicyQualifierID,
3830 cCertPolicyQualifier
3831 }
3832 STATUS current
3833 DESCRIPTION
3834 "This group is composed of objects related to certificate
3835 policy information."
3836 ::= { cKeyManagementGroups 5 }
3838 cKeyManPolicyMappingGroup OBJECT-GROUP
3839 OBJECTS {
3840 cCertPathCtrlsPolicyMappings,
3841 cPolicyMappingTableCount,
3842 cPolicyMappingTableLastChanged,
3843 cPolicyMappingSubjectPolicy,
3844 cPolicyMappingIssuerPolicy
3845 }
3846 STATUS current
3847 DESCRIPTION
3848 "This group is composed of objects related to policy mapping
3849 information."
3850 ::= { cKeyManagementGroups 6 }
3852 cKeyManNameConstraintGroup OBJECT-GROUP
3853 OBJECTS {
3854 cCertPathCtrlsNamesPermitted,
3855 cCertPathCtrlsNamesExcluded,
3856 cNameConstraintTableCount,
3857 cNameConstraintTableLastChanged,
3858 cNameConstraintBaseName
3859 }
3860 STATUS current
3861 DESCRIPTION
3862 "This group is composed of objects related to name
3863 constraint information."
3864 ::= { cKeyManagementGroups 7 }
3866 cKeyManTrustAnchorGroup OBJECT-GROUP
3867 OBJECTS {
3868 cZeroizeAllKeys,
3869 cZeroizeTrustAnchorTable,
3870 cTrustAnchorTableCount,
3871 cTrustAnchorTableLastChanged,
3872 cTrustAnchorFingerprint,
3873 cTrustAnchorFormatType,
3874 cTrustAnchorName,
3875 cTrustAnchorUsageType,
3876 cTrustAnchorKeyIdentifier,
3877 cTrustAnchorPublicKeyAlgorithm,
3878 cTrustAnchorContingencyAvail,
3879 cTrustAnchorRowStatus
3880 }
3881 STATUS current
3882 DESCRIPTION
3883 "This group is composed of objects related to trust anchor
3884 information."
3885 ::= { cKeyManagementGroups 8 }
3887 cKeyManCKLGroup OBJECT-GROUP
3888 OBJECTS {
3889 cCKLTableCount,
3890 cCKLLastChanged,
3891 cCKLIndex,
3892 cCKLIssuer,
3893 cCKLSerialNumber,
3894 cCKLIssueDate,
3895 cCKLNextUpdate,
3896 cCKLRowStatus,
3897 cCKLVersion,
3898 cCKLLastUpdate
3899 }
3901 STATUS current
3902 DESCRIPTION
3903 "This group is composed of objects related to compromised
3904 key list information."
3905 ::= { cKeyManagementGroups 9 }
3907 cKeyManCDMStoreGroup OBJECT-GROUP
3908 OBJECTS {
3909 cZeroizeAllKeys,
3910 cZeroizeCDMStoreTable,
3911 cCDMStoreTableCount,
3912 cCDMStoreTableLastChanged,
3913 cCDMStoreIndex,
3914 cCDMStoreType,
3915 cCDMStoreSource,
3916 cCDMStoreID,
3917 cCDMStoreFriendlyName,
3918 cCDMStoreControl,
3919 cCDMStoreRowStatus
3920 }
3921 STATUS current
3922 DESCRIPTION
3923 "This group is composed of objects related to Crypto
3924 Device Material store information."
3925 ::= { cKeyManagementGroups 10 }
3927 cKeyManSymKeyNotifyScalars OBJECT-GROUP
3928 OBJECTS {
3929 cKeyMaterialTableOID,
3930 cKeyMaterialFingerprint,
3931 cSymKeyGlobalExpiryWarning
3932 }
3933 STATUS current
3934 DESCRIPTION
3935 "This group is composed of objects related to symmetric key
3936 notifications."
3937 ::= { cKeyManagementGroups 11 }
3939 cKeyManAsymKeyNotifyScalars OBJECT-GROUP
3940 OBJECTS {
3941 cKeyMaterialTableOID,
3942 cKeyMaterialFingerprint,
3943 cAsymKeyGlobalExpiryWarning
3944 }
3945 STATUS current
3946 DESCRIPTION
3947 "This group is composed of objects related to asymmetric key
3948 notifications."
3950 ::= { cKeyManagementGroups 12 }
3952 cKeyManSymKeyNotifyGroup NOTIFICATION-GROUP
3953 NOTIFICATIONS {
3954 cKeyMaterialLoadSuccess,
3955 cKeyMaterialLoadFail,
3956 cKeyMaterialExpiring,
3957 cKeyMaterialExpired,
3958 cKeyMaterialExpirationChanged,
3959 cKeyMaterialZeroized
3960 }
3961 STATUS current
3962 DESCRIPTION
3963 "This group is composed of notifications related to
3964 symmetric key information."
3965 ::= { cKeyManagementGroups 13 }
3967 cKeyManAsymKeyNotifyGroup NOTIFICATION-GROUP
3968 NOTIFICATIONS {
3969 cKeyMaterialLoadSuccess,
3970 cKeyMaterialLoadFail,
3971 cKeyMaterialExpiring,
3972 cKeyMaterialExpired,
3973 cKeyMaterialExpirationChanged,
3974 cKeyMaterialZeroized
3975 }
3976 STATUS current
3977 DESCRIPTION
3978 "This group is composed of notifications related to
3979 asymmetric key information."
3980 ::= { cKeyManagementGroups 14 }
3982 cKeyManTrustAnchorNotifyGroup NOTIFICATION-GROUP
3983 NOTIFICATIONS {
3984 cTrustAnchorAdded,
3985 cTrustAnchorUpdated,
3986 cTrustAnchorRemoved
3987 }
3988 STATUS current
3989 DESCRIPTION
3990 "This group is composed of notifications related to trust
3991 anchor information."
3992 ::= { cKeyManagementGroups 15 }
3994 cKeyManCKLNotifyGroup NOTIFICATION-GROUP
3995 NOTIFICATIONS {
3996 cCKLLoadSuccess,
3997 cCKLLoadFail
3999 }
4000 STATUS current
4001 DESCRIPTION
4002 "This group is composed of notifications related to
4003 compromised key list information."
4004 ::= { cKeyManagementGroups 16 }
4006 cKeyManCDMStoreNotifyGroup NOTIFICATION-GROUP
4007 NOTIFICATIONS {
4008 cCDMAdded,
4009 cCDMDeleted
4010 }
4011 STATUS current
4012 DESCRIPTION
4013 "This group is composed of notifications related to Crypto
4014 Device Material store information."
4015 ::= { cKeyManagementGroups 17 }
4017 END
4019 5.6. Key Transfer Pull
4021 This MIB module makes reference to the following documents:
4022 [RFC2571], [RFC2578], [RFC2579], and [RFC2580].
4024 CC-KEY-TRANSFER-PULL-MIB DEFINITIONS ::= BEGIN
4026 IMPORTS
4027 ccKeyTransferPull
4028 FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}}
4029 MODULE-COMPLIANCE, OBJECT-GROUP,
4030 NOTIFICATION-GROUP
4031 ROM SNMPv2-CONF -- FROM RFC 2580
4032 OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE,
4033 Counter64, MODULE-IDENTITY
4034 FROM SNMPv2-SMI -- FROM RFC 2578
4035 SnmpAdminString
4036 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571
4037 RowPointer, RowStatus, DateAndTime,
4038 TruthValue, TEXTUAL-CONVENTION, TimeStamp
4039 FROM SNMPv2-TC; -- FROM RFC 2579
4041 ccKeyTransferPullMIB MODULE-IDENTITY
4042 "Shadi Azoum
4043 US Navy
4044 email: shadi.azoum@navy.mil
4046 Elliott Jones
4047 US Navy
4048 elliott.jones@navy.mil
4050 Lily Sun
4051 US Navy
4052 lily.sun@navy.mil
4054 Mike Irani
4055 NKI Engineering
4056 irani@nkiengineering.com
4058 Jeffrey Sun
4059 NKI Engineering
4060 sunjeff@nkiengineering.com
4062 Ray Purvis
4063 MITRE
4064 Email:rpurvis@mitre.org
4066 Sean Turner
4067 sn3rd
4068 Email:sean@sn3rd.com"
4069 DESCRIPTION
4070 "This MIB defines the CC MIB tree hierarchical assignments
4071 below it and acts as a reservation mechanism.
4073 Copyright (c) 2016 IETF Trust and the persons
4074 identified as authors of the code. All rights reserved.
4076 Redistribution and use in source and binary forms, with
4077 or without modification, is permitted pursuant to, and
4078 subject to the license terms contained in, the Simplified
4079 BSD License set forth in Section 4.c of the IETF Trust's
4080 Legal Provisions Relating to IETF Documents
4081 (http://trustee.ietf.org/license-info).
4083 This version of this MIB module is part of RFC xxxx;
4084 see the RFC itself for full legal notices."
4085 -- RFC Ed.: RFC-editor please fill in xxxx.
4086 REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
4087 DESCRIPTION "Initial Version. Published as RFC xxxx."
4088 -- RFC Ed.: RFC-editor please fill in xxxx.
4089 ::= { 1 }
4091 -- *****************************************************************
4092 -- Key Transfer Pull Information Segments
4093 -- *****************************************************************
4094 cKeyTransferPullConformance OBJECT IDENTIFIER
4095 ::= { ccKeyTransferPullMIB 1 }
4096 cKeyTransferPullScalars OBJECT IDENTIFIER
4097 ::= { ccKeyTransferPullMIB 2 }
4098 cKeyTransferPullNotify OBJECT IDENTIFIER
4099 ::= { ccKeyTransferPullMIB 3 }
4100 cCDMServerInfo OBJECT IDENTIFIER
4101 ::= { ccKeyTransferPullMIB 4 }
4102 cCDMDeliveryInfo OBJECT IDENTIFIER
4103 ::= { ccKeyTransferPullMIB 5 }
4105 -- *****************************************************************
4106 -- Key Transfer Pull Scalars
4107 -- *****************************************************************
4109 cCDMServerRetryDelay OBJECT-TYPE
4110 SYNTAX Unsigned32
4111 MAX-ACCESS read-write
4112 STATUS current
4113 DESCRIPTION
4115 "The amount of time to wait after a download attempt to the
4116 cryptographic device material (CDM) server fails before
4117 attempting to retry the operation. Note, this scalar applies
4118 to the download of any type of item from the CDM server
4119 (e.g. CDMs, CDMLs)."
4120 ::= { cKeyTransferPullScalars 1 }
4122 cCDMServerRetryMaxAttempts OBJECT-TYPE
4123 SYNTAX Unsigned32
4124 MAX-ACCESS read-write
4125 STATUS current
4126 DESCRIPTION
4127 "The amount of retries attempted before the download attempt
4128 to the cryptographic device material (CDM) server is
4129 considered a failure. Note, this scalar applies to the
4130 download of any type of item from the CDM server (e.g. CDMs,
4131 CDMLs)."
4132 ::= { cKeyTransferPullScalars 2 }
4134 cCDMPullRetrievalPriorities OBJECT-TYPE
4135 SYNTAX Unsigned32
4136 MAX-ACCESS read-write
4137 STATUS current
4138 DESCRIPTION
4139 "An indication of which cryptographic device materials
4140 (CDMs) to retrieve based on this value and a configured
4141 cCDMDeliveryPriority in a cCDMDeliveryTable entry. This
4142 value identifies an upper bound. A value of '5' for example,
4143 implies that only cCDMDeliveryTable entries with a
4144 cCDMDeliveryPriority value of '5' or less can be acted upon
4145 (i.e. retrieved).
4147 Different types of ECUs may have different values for this
4148 scalar. Bandwidth-limited ECUs, for example, may configure
4149 lower values for only retrieving high-priority CDMs.
4151 A value of 0, also a default value for this scalar,
4152 indicates that all cCDMDeliveryTable entries can be acted
4153 upon regardless of the configured cCDMDeliveryPriority value."
4154 DEFVAL {0}
4155 ::= { cKeyTransferPullScalars 3 }
4157 cCDMLDeliveryRequest OBJECT-TYPE
4158 SYNTAX INTEGER { readyForDownload(1), downloadAndParse(2),
4159 discard(3) }
4160 MAX-ACCESS read-write
4161 STATUS current
4162 DESCRIPTION
4163 "This scalar controls the server's CDML download process -
4164 server information is stored in the cCDMServerTable. When
4165 read, it will return 'readyForDownload' if the last action
4166 succeeded. If the last action is in progress or failed, it
4167 will return the last requested action.
4169 The values which may be set depend on the current value of
4170 this object and the cCDMLDeliveryStatus object.
4172 In order to initiate a new download, this object must
4173 contain the value 'readyForDownload', and the
4174 cCDMLDeliveryStatus must contain the value 'complete'. At
4175 which point, setting this object to to 'downloadAndParse'
4176 initiates the CDML download process. Note, the
4177 cCDMLDeliveryStatus should transition to 'inProgress' at
4178 the device begins the CDML download process from the
4179 server(s) and URI(s) listed in the cCDMLServerTable (as
4180 ordered by the cCDMLServerPriority index).
4182 If the CDML download fails, the next highest priority URI
4183 will be tried, and so on.
4185 While a CDML download is in progress, or if the CDML
4186 download fails for all possible servers and URIs (indicated
4187 by a cCDMLDeliveryStatus value of 'downloadFailed'), this
4188 object will return an inconsistentValue error for any new
4189 value except 'discard' (which will cancel the current
4190 download).
4192 If the CDML download succeeded, the cCDMLDeliveryStatusvalue
4193 remains inProgress and the device attempts to parse the
4194 download immediately. During the parsing of the CDML, all
4195 new values will return inconsistentValue error (i.e. the
4196 parse process can not be aborted). If the parse fails, the
4197 cCDMLDeliveryStatus will transition to 'parseFailed', and
4198 this object must be set to 'discard' before a new CDML
4199 download is attempted."
4200 ::= { cKeyTransferPullScalars 4 }
4202 cCDMLDeliveryStatus OBJECT-TYPE
4203 SYNTAX INTEGER { complete(1), inProgress(2),
4204 downloadFailed(3),
4205 parseFailed(4) }
4206 MAX-ACCESS read-only
4207 STATUS current
4208 DESCRIPTION
4209 "This indicates the current state of a CDML download.
4211 'complete' indicates that the last requested
4212 cCDMLDeliveryRequest action was successful.
4214 'inProgress' indicates that a CDML download or CDML parse is
4215 underway.
4217 'downloadFailed' indicates that the last attempted CDML
4218 download failed.
4220 'parseFailed' indicates that the last attempted CDML parse
4221 failed.
4223 The relationship between this object and
4224 cCDMLDeliveryRequest is detailed in the following table. The
4225 table indicates values of cCDMLDeliveryRequest that are
4226 allowed depending on the current value of this object.
4228 cCDMLDeliveryRequest! cCDMLDeliveryStatus
4229 --------------------+-----------+----------+--------------+------------
4230 ! ! complete !inProgress!downloadFailed!parseFailed!
4231 --------------------+-----------+----------+--------------+------------
4232 ! readyForDownload ! allowed ! error ! error ! error !
4233 --------------------+-----------+----------+--------------+------------
4234 ! downloadAndParse ! allowed ! error ! error ! error !
4235 --------------------+-----------+----------+--------------+------------
4236 ! discard ! error ! allowed ! allowed ! allowed !
4237 --------------------+-----------+----------+--------------+------------
4239 As described cCDMLDeliveryRequest description, an
4240 inconsistentValue error is returned."
4241 DEFVAL {complete}
4242 ::= { cKeyTransferPullScalars 5 }
4244 -- *****************************************************************
4245 -- Key Transfer Pull Notifications
4246 -- *****************************************************************
4248 cCDMLPullReceiveSuccess NOTIFICATION-TYPE
4249 OBJECTS { cCDMServerURI }
4250 STATUS current
4251 DESCRIPTION
4252 "An attempt to receive a cryptographic device material list
4253 (CDML) has succeeded. The CDM Server URI is provided with
4254 this notification."
4255 ::= { cKeyTransferPullNotify 1 }
4257 cCDMLPullReceiveFailed NOTIFICATION-TYPE
4258 OBJECTS {
4259 cCDMServerURI,
4260 cCDMLDeliveryStatus
4261 }
4262 STATUS current
4263 DESCRIPTION
4264 "An attempt to receive a cryptographic device material list
4265 (CDML) has failed. The CDM Server URI and CDML Delivery
4266 Status are provided with this notification. Note, the
4267 expected values for the CDML Delivery Status are:
4268 'downloadFailed' and 'parseFailed'."
4269 ::= { cKeyTransferPullNotify 2 }
4271 cCDMPullReceiveSuccess NOTIFICATION-TYPE
4272 OBJECTS {
4273 cCDMType,
4274 cCDMURI
4275 }
4276 STATUS current
4277 DESCRIPTION
4279 "An attempt to receive a cryptographic device material (CDM)
4280 has succeeded. The CDM Type and CDM URI are provided with
4281 this notification."
4282 ::= { cKeyTransferPullNotify 3 }
4284 cCDMPullReceiveFailed NOTIFICATION-TYPE
4285 OBJECTS {
4286 cCDMType,
4287 cCDMURI
4288 }
4289 STATUS current
4290 DESCRIPTION
4291 "An attempt to receive a cryptographic device material (CDM)
4292 has failed. The CDM Type and CDM URI are provided with this
4293 notification."
4294 ::= { cKeyTransferPullNotify 4 }
4296 -- *****************************************************************
4297 -- CC MIB cCDMServerTable
4298 -- *****************************************************************
4300 cCDMServerTableCount OBJECT-TYPE
4301 SYNTAX Unsigned32
4302 MAX-ACCESS read-only
4303 STATUS current
4304 DESCRIPTION
4305 "The number of rows in the cCDMServerTable"
4306 ::= { cCDMServerInfo 1 }
4308 cCDMServerTableLastChanged OBJECT-TYPE
4309 SYNTAX TimeStamp
4310 MAX-ACCESS read-only
4311 STATUS current
4312 DESCRIPTION
4313 "The last time any entry in the table was modified, created,
4314 or deleted by either SNMP, agent, or other management method
4315 (e.g. via an HMI). Managers can use this object to ensure
4316 that no changes to configuration of this table have happened
4317 since the last time it examined the table. A value of 0
4318 indicates that no entry has been changed since the agent
4319 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
4320 should be used to populate this column."
4321 ::= { cCDMServerInfo 2 }
4323 cCDMServerTable OBJECT-TYPE
4324 SYNTAX SEQUENCE OF CCDMServerEntry
4325 MAX-ACCESS not-accessible
4326 STATUS current
4327 DESCRIPTION
4328 "The table containing a list of servers that will be queried
4329 for available cryptographic device materials (CDMs), such as
4330 keys and firmware packages. This table is also used to
4331 obtain the cryptographic device material list (CDML), which
4332 is a list detailing available CDMs and their associated
4333 location for obtainment."
4334 ::= { cCDMServerInfo 3 }
4336 cCDMServerEntry OBJECT-TYPE
4337 SYNTAX CCDMServerEntry
4338 MAX-ACCESS not-accessible
4339 STATUS current
4340 DESCRIPTION
4341 "A row containing information about a server that has
4342 available CDMLs/CDMs for download."
4343 INDEX { cCDMServerPriority }
4344 ::= { cCDMServerTable 1 }
4346 CCDMServerEntry ::= SEQUENCE {
4347 cCDMServerPriority Unsigned32,
4348 cCDMServerURI OCTET STRING,
4349 cCDMServerAdditionalInfo SnmpAdminString,
4350 cCDMServerRowStatus RowStatus
4351 }
4353 cCDMServerPriority OBJECT-TYPE
4354 SYNTAX Unsigned32
4355 MAX-ACCESS not-accessible
4356 STATUS current
4357 DESCRIPTION
4358 "A unique numeric index that identifies a server that has
4359 available CDMLs/CDMs for download. This index also provides
4360 server prioritization functionality - lower values have a
4362 higher priority. For example, the server with the lowest
4363 value will be the first server for CDML/CDM downloads. In
4364 the event of failure, the next lowest value server will be
4365 tried, and so on.
4367 This column is the sole index to the cCDMServerTable."
4368 ::= { cCDMServerEntry 1 }
4370 cCDMServerURI OBJECT-TYPE
4371 SYNTAX OCTET STRING (SIZE(1..255))
4372 MAX-ACCESS read-create
4373 STATUS current
4374 DESCRIPTION
4375 "The location of the server that has available CDMLs/CDMs
4376 for download. The value in this column is represented as a
4377 URI.
4379 Note, download of a CDML will typically result in the
4380 population of new CDM entries in the cCDMDeliveryTable."
4382 ::= { cCDMServerEntry 2 }
4384 cCDMServerAdditionalInfo OBJECT-TYPE
4385 SYNTAX SnmpAdminString
4386 MAX-ACCESS read-create
4387 STATUS current
4388 DESCRIPTION
4389 "Additional information about the CDM Server. This
4390 information is manually configured by the manager both at or
4391 after row creation."
4392 ::= { cCDMServerEntry 3 }
4394 cCDMServerRowStatus OBJECT-TYPE
4395 SYNTAX RowStatus
4396 MAX-ACCESS read-create
4397 STATUS current
4398 DESCRIPTION
4399 "The status of the row, by which new entries may be created
4400 or old entries deleted from this table.
4402 Entries created within this table may not become active
4403 unless all read-create columns in this column have valid
4404 values, as detailed by each individual column's description.
4406 At a minimum, implementations must support createAndGo,
4407 active, and destroy management functions. Support for
4408 createAndWait, notInService, and notReady management
4409 functions is optional."
4410 ::= { cCDMServerEntry 4 }
4412 -- *****************************************************************
4413 -- CC MIB cCDMDeliveryTable
4414 -- *****************************************************************
4416 cCDMDeliveryTableCount OBJECT-TYPE
4417 SYNTAX Unsigned32
4418 MAX-ACCESS read-only
4419 STATUS current
4420 DESCRIPTION
4421 "The number of rows in the cCDMDeliveryTable"
4422 ::= { cCDMDeliveryInfo 1 }
4424 cCDMDeliveryTableLastChanged OBJECT-TYPE
4425 SYNTAX TimeStamp
4426 MAX-ACCESS read-only
4427 STATUS current
4428 DESCRIPTION
4429 "The last time any entry in the table was modified, created,
4430 or deleted by either SNMP, agent, or other management method
4431 (e.g. via an HMI). Managers can use this object to ensure
4432 that no changes to configuration of this table have happened
4433 since the last time it examined the table. A value of 0
4434 indicates that no entry has been changed since the agent
4435 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
4436 should be used to populate this column."
4437 ::= { cCDMDeliveryInfo 2 }
4439 cCDMDeliveryTable OBJECT-TYPE
4440 SYNTAX SEQUENCE OF CCDMDeliveryEntry
4441 MAX-ACCESS not-accessible
4442 STATUS current
4443 DESCRIPTION
4444 "The table storing information about cryptographic device
4445 materials (CDMs) that are ready/available for retrieval.
4446 Entries in this table are typically automatically configured
4447 by the device after a server query. Entries can also be
4448 manually configured by a manager if the location of the CDM
4449 is predetermined."
4450 ::= { cCDMDeliveryInfo 3 }
4452 cCDMDeliveryEntry OBJECT-TYPE
4453 SYNTAX CCDMDeliveryEntry
4454 MAX-ACCESS not-accessible
4455 STATUS current
4456 DESCRIPTION
4457 "A row containing information about a specific cryptographic
4458 device material (CDM) available for download."
4459 INDEX { cCDMType, cCDMURI }
4460 ::= { cCDMDeliveryTable 1 }
4462 CCDMDeliveryEntry ::= SEQUENCE {
4463 cCDMType INTEGER,
4464 cCDMURI OCTET STRING,
4465 cCDMPackageSize Unsigned32,
4466 cCDMAdditionalInfo SnmpAdminString,
4467 cCDMLastDownloadDate OCTET STRING,
4468 cCDMDeliveryPriority Unsigned32,
4469 cCDMDeliveryRequest INTEGER,
4470 cCDMDeliveryStatus INTEGER,
4471 cCDMDeliveryRowStatus RowStatus
4472 }
4474 cCDMType OBJECT-TYPE
4475 SYNTAX INTEGER { notification(1), symmetricKey(2),
4476 asymmetricKey(3), certificate(4),
4477 cklOrCrl(5), firmware(6) }
4479 MAX-ACCESS read-only
4480 STATUS current
4481 DESCRIPTION
4482 "The type of the cryptographic device material (CDM) that
4483 can be retrieved from a CDM server:
4485 [notification] = CDM is a notification providing
4486 status/information for a particular
4487 (other) CDM
4488 [symmetricKey] = CDM is a symmetric key
4489 [asymmetricKey] = CDM is a non-certificate asymmetric key
4490 [certificate] = CDM is a certificate
4491 [cklOrCrl] = CDM is a compromised key list or
4492 certificate revocation list
4493 [firmware] = CDM is a firmware package."
4494 ::= { cCDMDeliveryEntry 1 }
4496 cCDMURI OBJECT-TYPE
4497 SYNTAX OCTET STRING (SIZE(1..255))
4498 MAX-ACCESS read-only
4499 STATUS current
4500 DESCRIPTION
4501 "The location of the cryptographic device material (CDM),
4502 represented in a URI format. Because of its type, the
4503 associated URI of the CDM Server can easily be derived.
4505 This column is typically populated by an agent upon querying
4506 a CDM Server (e.g. downloading and parsing a cryptographic
4507 device material list (CDML) from a CDM Server (entry in the
4508 cCDMServerTable)). However, a manager can also configure an
4509 entry in this table with predetermined knowledge of the CDM
4510 location."
4511 ::= { cCDMDeliveryEntry 2 }
4513 cCDMPackageSize OBJECT-TYPE
4514 SYNTAX Unsigned32
4515 UNITS "bytes"
4516 MAX-ACCESS read-only
4517 STATUS current
4518 DESCRIPTION
4519 "The package size, in bytes, of the cryptographic device
4520 material (CDM). This information is retrieved from a
4521 cryptographic device material list (CDML) or a server's
4522 product availability response following a query. This column
4523 does not apply to notifications found in CDMLs."
4524 ::= { cCDMDeliveryEntry 3 }
4526 cCDMAdditionalInfo OBJECT-TYPE
4527 SYNTAX SnmpAdminString
4528 MAX-ACCESS read-create
4529 STATUS current
4530 DESCRIPTION
4531 "Additional information about the cryptographic device
4532 material (CDM). This information can be retrieved from the
4533 downloaded cryptographic device material list (CDML) or
4534 manually configured by the manager both at or after row
4535 creation."
4536 ::= { cCDMDeliveryEntry 4 }
4538 cCDMLastDownloadDate OBJECT-TYPE
4539 SYNTAX OCTET STRING (SIZE(14))
4540 MAX-ACCESS read-only
4541 STATUS current
4542 DESCRIPTION
4543 "This is a 14 character field that will be populated with
4544 the following values depending on the state of the download
4545 and the CDM type.
4546 1. The date and time (expressed as Generalized Time) when
4547 the device last successfully downloaded the CDM from the
4548 CDM Server. The format follows: 'yyyymmddhhmmss' where
4549 'yyyy' - year
4550 'mm' - month (first 'mm's from left to right)
4551 'dd' - day
4552 'hh' - hour
4553 'mm' - minutes (second 'mm's from left to right)
4554 'ss' - seconds
4556 2. All zero characters for the following cases.
4557 a. No indication that device has successfully downloaded
4558 the CDM.
4559 b. The cCDMType is a notification."
4560 ::= { cCDMDeliveryEntry 5 }
4562 cCDMDeliveryPriority OBJECT-TYPE
4563 SYNTAX Unsigned32
4564 MAX-ACCESS read-create
4565 STATUS current
4566 DESCRIPTION
4567 "A configurable priority value on the cryptographic device
4568 material (CDM). This column is a means to allow certain key
4569 products to be downloaded before others. Lower values have a
4570 higher priority (e.g. a value of 1 will be processed before
4571 a value of 2)."
4572 ::= { cCDMDeliveryEntry 6 }
4574 cCDMDeliveryRequest OBJECT-TYPE
4575 SYNTAX INTEGER { downloadAndInstall(1), downloadAndStore(2),
4576 discard(3) }
4577 MAX-ACCESS read-create
4578 STATUS current
4579 DESCRIPTION
4580 "This object signals the local device to perform actions on
4581 the available cryptographic device materials (CDMs) from a
4582 CDM server. The following types of actions are supported:
4584 [downloadAndInstall] = Initiates a download of a CDM. After
4585 a successful download, the CDM will be installed for local
4586 consumption and an entry is to be configured in the
4587 appropriate MIB table based on cCDMType:
4589 cCDMType | MIB Table Destination
4590 -------------------------------------
4591 (1) notification | N/A
4592 (2) symmetricKey | cSymmetricKeyTable
4593 (3) asymmetricKey | cAsymKeyTable
4594 (4) certificate | cAsymKeyTable
4595 (5) cklOrCrl | cCKLTable
4596 (6) firmware | cFirmwareInformationTable
4598 [downloadAndStore] = Initiates a download of the CDM. After
4599 a successful download, an entry is created in the
4600 cCDMStoreTable to store the CDM.
4602 [discard] = Stops the current CDM delivery request and
4603 discards the CDM if potentially downloaded; this reverts the
4604 current value of the cCDMDeliveryStatus to 'complete'. If
4605 entries are created in the aforementioned tables for the
4606 install and store operations, these newly configured entries
4607 will be removed.
4609 The enumeration value of 'downloadAndStore' does not apply
4610 when cCDMType is set to 'notification'. 'downloadAndInstall'
4611 is used for a cCDMType of 'notification'.
4613 If this column is configured to any value except 'discard'
4614 while the value of cCDMDeliveryStatus is any value except
4615 'complete', the SNMP set operation must result in an
4616 inconsistentValue exception. The same applies if 'discard'
4617 is configured while the value cCDMDeliveryStatus is
4618 'complete'."
4619 ::= { cCDMDeliveryEntry 7 }
4621 cCDMDeliveryStatus OBJECT-TYPE
4622 SYNTAX INTEGER { complete(1), inProgress(2),
4623 downloadFailed(3), installFailed(4),
4624 storeFailed(5) }
4625 MAX-ACCESS read-only
4626 STATUS current
4627 DESCRIPTION
4628 "The status of the cryptographic device material (CDM)
4629 delivery operation. The following status values are
4630 supported:
4632 [complete] = The default state where the local device is
4633 ready to start a delivery request for the CDM. Between
4634 requests this state can only be reached after successful
4635 operations or if cCDMDeliveryRequest is set to 'discard'
4636 during an operation.
4638 [inProgress] = This state is reached when the device is
4639 either currently performing a download of the CDM or
4640 configuring appropriate MIB tables conveying installation or
4641 storage of key material.
4643 [downloadFailed] = This state is reached after a failure
4644 occurs during a download of a CDM when cCDMDeliveryRequest
4645 was configured to either 'downloadAndStore' or
4646 'downloadAndInstall'.
4648 [installFailed] = This state is reached after a failure
4649 occurs during the install of the downloaded CDM when
4650 cCDMDeliveryRequest was configured to 'downloadAndInstall'.
4652 [storeFailed] = This state is reached after a failure
4653 occurs during the store of the downloaded CDM when
4654 cCDMDeliveryRequest was configured to 'downloadAndStore'."
4655 ::= { cCDMDeliveryEntry 8 }
4657 cCDMDeliveryRowStatus OBJECT-TYPE
4658 SYNTAX RowStatus
4659 MAX-ACCESS read-create
4660 STATUS current
4661 DESCRIPTION
4662 "The status of the row, by which new entries may be created
4663 or old entries deleted from this table.
4665 Entries created within this table may not become active
4666 unless all read-create columns in this column have valid
4667 values, as detailed by each individual column's description.
4669 At a minimum, implementations must support createAndGo,
4670 active, and destroy management functions. Support for
4671 createAndWait, notInService, and notReady management
4672 functions is optional."
4673 ::= { cCDMDeliveryEntry 9 }
4675 -- *****************************************************************
4676 -- Module Conformance Information
4677 -- *****************************************************************
4679 cKeyTransferPullCompliances OBJECT IDENTIFIER
4680 ::= { cKeyTransferPullConformance 1}
4681 cKeyTransferPullGroups OBJECT IDENTIFIER
4682 ::= { cKeyTransferPullConformance 2}
4684 cKeyTransferPullCompliance MODULE-COMPLIANCE
4685 STATUS current
4686 DESCRIPTION
4687 "Compliance levels for key transfer pull information."
4688 MODULE
4689 MANDATORY-GROUPS {
4690 cKeyTransferPullServerGroup,
4691 cKeyTransferPullDeliveryGroup
4692 }
4694 GROUP cKeyTransferPullDeliveryNotifyGroup
4695 DESCRIPTION
4696 "This notification group is optional for implementation."
4698 OBJECT cCDMDeliveryRequest
4699 SYNTAX INTEGER { downloadAndInstall(1), discard(3) }
4700 DESCRIPTION
4701 "Implementation of this enumeration value(s) is mandatory -
4702 enumeration values not listed here are optional."
4704 OBJECT cCDMDeliveryStatus
4705 SYNTAX INTEGER { complete(1), inProgress(2), downloadFailed(3),
4706 installFailed(4) }
4707 DESCRIPTION
4708 "Implementation of this enumeration value(s) is mandatory -
4709 enumeration values not listed here are optional."
4710 ::= { cKeyTransferPullCompliances 1 }
4712 cKeyTransferPullServerGroup OBJECT-GROUP
4713 OBJECTS {
4714 cCDMServerRetryDelay,
4715 cCDMServerRetryMaxAttempts,
4716 cCDMServerTableCount,
4717 cCDMServerTableLastChanged,
4718 cCDMServerURI,
4719 cCDMServerAdditionalInfo,
4720 cCDMServerRowStatus
4721 }
4722 STATUS current
4723 DESCRIPTION
4724 "This group is composed of objects related to server
4725 information."
4726 ::= { cKeyTransferPullGroups 1 }
4728 cKeyTransferPullDeliveryGroup OBJECT-GROUP
4729 OBJECTS {
4730 cCDMPullRetrievalPriorities,
4731 cCDMLDeliveryRequest,
4732 cCDMLDeliveryStatus,
4733 cCDMDeliveryTableCount,
4734 cCDMDeliveryTableLastChanged,
4735 cCDMDeliveryTableLastChanged,
4736 cCDMType,
4737 cCDMURI,
4738 cCDMPackageSize,
4739 cCDMAdditionalInfo,
4740 cCDMLastDownloadDate,
4741 cCDMDeliveryPriority,
4742 cCDMDeliveryRequest,
4743 cCDMDeliveryStatus,
4744 cCDMDeliveryRowStatus
4745 }
4746 STATUS current
4747 DESCRIPTION
4748 "This group is composed of objects related to delivery
4749 information."
4750 ::= { cKeyTransferPullGroups 2 }
4752 cKeyTransferPullDeliveryNotifyGroup NOTIFICATION-GROUP
4753 NOTIFICATIONS {
4754 cCDMLPullReceiveSuccess,
4755 cCDMLPullReceiveFailed,
4756 cCDMPullReceiveSuccess,
4757 cCDMPullReceiveFailed
4758 }
4759 STATUS current
4760 DESCRIPTION
4761 "This group is composed of notifications related to delivery
4762 information."
4763 ::= { cKeyTransferPullGroups 3 }
4765 END
4767 5.7. Key Transfer Push
4769 This MIB module makes reference to following documents: [RFC2571],
4770 [RFC2578], [RFC2579], [RFC2580].
4772 CC-KEY-TRANSFER-PUSH-MIB DEFINITIONS ::= BEGIN
4774 IMPORTS
4775 ccKeyTransferPush
4776 FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}}
4777 OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE,
4778 Counter64, MODULE-IDENTITY
4779 FROM SNMPv2-SMI -- FROM RFC 2578
4780 SnmpAdminString
4781 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571
4782 RowPointer, RowStatus, DateAndTime,
4783 TruthValue, TEXTUAL-CONVENTION, TimeStamp
4784 FROM SNMPv2-TC -- FROM RFC 2579
4785 MODULE-COMPLIANCE, OBJECT-GROUP,
4786 NOTIFICATION-GROUP
4787 FROM SNMPv2-CONF; -- FROM RFC 2580
4789 ccKeyTransferPushMIB MODULE-IDENTITY
4790 "Shadi Azoum
4791 US Navy
4792 email: shadi.azoum@navy.mil
4794 Elliott Jones
4795 US Navy
4796 elliott.jones@navy.mil
4798 Lily Sun
4799 US Navy
4800 lily.sun@navy.mil
4802 Mike Irani
4803 NKI Engineering
4804 irani@nkiengineering.com
4806 Jeffrey Sun
4807 NKI Engineering
4808 sunjeff@nkiengineering.com
4810 Ray Purvis
4811 MITRE
4812 Email:rpurvis@mitre.org
4814 Sean Turner
4815 sn3rd
4816 Email:sean@sn3rd.com"
4817 DESCRIPTION
4818 "This MIB defines the CC MIB tree hierarchical assignments
4819 below it and acts as a reservation mechanism.
4821 Copyright (c) 2016 IETF Trust and the persons
4822 identified as authors of the code. All rights reserved.
4824 Redistribution and use in source and binary forms, with
4825 or without modification, is permitted pursuant to, and
4826 subject to the license terms contained in, the Simplified
4827 BSD License set forth in Section 4.c of the IETF Trust's
4828 Legal Provisions Relating to IETF Documents
4829 (http://trustee.ietf.org/license-info).
4831 This version of this MIB module is part of RFC xxxx;
4832 see the RFC itself for full legal notices."
4833 -- RFC Ed.: RFC-editor please fill in xxxx.
4834 REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
4835 DESCRIPTION "Initial Version. Published as RFC xxxx."
4836 -- RFC Ed.: RFC-editor please fill in xxxx.
4837 ::= { ccKeyTransferPush 1 }
4839 -- *****************************************************************
4840 -- Key Transfer Push Information Segments
4841 -- *****************************************************************
4843 cCDMPushDestInfo OBJECT IDENTIFIER
4844 ::= { ccKeyTransferPushMIB 1 }
4845 cCDMTransferPkgInfo OBJECT IDENTIFIER
4846 ::= { ccKeyTransferPushMIB 2 }
4847 cCDMPushSrcInfo OBJECT IDENTIFIER
4848 ::= { ccKeyTransferPushMIB 3 }
4849 cKeyTransferPushScalars OBJECT IDENTIFIER
4850 ::= { ccKeyTransferPushMIB 4 }
4851 cKeyTransferPushNotify OBJECT IDENTIFIER
4852 ::= { ccKeyTransferPushMIB 5 }
4853 cKeyTransferPushConformance OBJECT IDENTIFIER
4854 ::= { ccKeyTransferPushMIB 6 }
4856 -- *****************************************************************
4857 -- Key Transfer Push Scalars
4858 -- *****************************************************************
4860 cCDMTransferDelay OBJECT-TYPE
4861 SYNTAX Unsigned32
4862 MAX-ACCESS read-write
4863 STATUS current
4864 DESCRIPTION
4865 "The number of seconds to wait after a Cryptographic Device
4866 Material (CDM) transfer attempt initiated by the sender
4867 fails before attempting to retry the operation."
4868 ::= { cKeyTransferPushScalars 1 }
4870 cCDMTransferMaxAttempts OBJECT-TYPE
4871 SYNTAX Unsigned32
4872 MAX-ACCESS read-write
4873 STATUS current
4874 DESCRIPTION
4875 "The amount of retries attempted before giving up on a
4876 device due to consecutive Cryptographic Device Material
4877 (CDM) transfer failures."
4878 ::= { cKeyTransferPushScalars 2 }
4880 -- *****************************************************************
4881 -- Key Transfer Push Notifications
4882 -- *****************************************************************
4884 cCDMPushSendSuccess NOTIFICATION-TYPE
4885 OBJECTS {
4886 cCDMPushDestAddressLocationType,
4887 cCDMPushDestAddressLocation,
4888 cCDMPushDestTransferType,
4889 cCDMPushDestPackageSelection
4890 }
4891 STATUS current
4892 DESCRIPTION
4893 "An attempt to send CDM, identified by CDM push transfer
4894 information (cCDMPushDestTable row data), has succeeded."
4895 ::= { cKeyTransferPushNotify 1 }
4897 cCDMPushReceiveSuccess NOTIFICATION-TYPE
4898 OBJECTS {
4899 cCDMPushSrcAddrLocationType,
4900 cCDMPushSrcAddrLocation,
4901 cCDMPushSrcTransferType
4902 }
4903 STATUS current
4904 DESCRIPTION
4905 "An attempt to receive key material, identified by CDM push
4906 transfer information (cCDMPushSrcTable row data), has
4907 succeeded."
4908 ::= { cKeyTransferPushNotify 2 }
4910 cCDMPushReceiveFail NOTIFICATION-TYPE
4911 OBJECTS {
4912 cCDMPushSrcAddrLocationType,
4913 cCDMPushSrcAddrLocation,
4914 cCDMPushSrcTransferType
4915 }
4916 STATUS current
4917 DESCRIPTION
4918 "An attempt to receive key material via a Push operation,
4919 identified by the Sender Address and Transfer Type has
4920 failed."
4921 ::= { cKeyTransferPushNotify 3 }
4923 cCDMPushSendFail NOTIFICATION-TYPE
4924 OBJECTS {
4925 cCDMPushDestAddressLocationType,
4926 cCDMPushDestAddressLocation,
4927 cCDMPushDestTransferType,
4928 cCDMPushDestPackageSelection
4929 }
4930 STATUS current
4931 DESCRIPTION
4932 "An attempt to send key material, identified by the
4933 Recipient Address and Transfer Type, has failed."
4934 ::= { cKeyTransferPushNotify 4 }
4936 -- *****************************************************************
4937 -- CC MIB cCDMPushDestTable
4938 -- *****************************************************************
4940 cCDMPushDestTableCount OBJECT-TYPE
4941 SYNTAX Unsigned32
4942 MAX-ACCESS read-only
4943 STATUS current
4944 DESCRIPTION
4945 "The number of rows in the cCDMPushDestTable"
4946 ::= { cCDMPushDestInfo 1 }
4948 cCDMPushDestTableLastChanged OBJECT-TYPE
4949 SYNTAX TimeStamp
4950 MAX-ACCESS read-only
4951 STATUS current
4952 DESCRIPTION
4953 "The last time any entry in the table was modified, created,
4954 or deleted by either SNMP, agent, or other management method
4955 (e.g. via an HMI). Managers can use this object to ensure
4956 that no changes to configuration of this table have happened
4957 since the last time it examined the table. A value of 0
4958 indicates that no entry has been changed since the agent
4959 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
4960 should be used to populate this column."
4961 ::= { cCDMPushDestInfo 2 }
4963 cCDMPushDestTable OBJECT-TYPE
4964 SYNTAX SEQUENCE OF CCDMPushDestEntry
4965 MAX-ACCESS not-accessible
4966 STATUS current
4967 DESCRIPTION
4968 "The table that provides the necessary information a sender
4969 needs to initiate a Cryptographic Device Material (CDM) send
4970 to a receiving device."
4971 ::= { cCDMPushDestInfo 3 }
4973 cCDMPushDestEntry OBJECT-TYPE
4974 SYNTAX CCDMPushDestEntry
4975 MAX-ACCESS not-accessible
4976 STATUS current
4977 DESCRIPTION
4978 "A row containing information for a Cryptographic Device
4979 Material (CDM) transfer to a receiving device."
4980 INDEX { cCDMPushDestIndex }
4981 ::= { cCDMPushDestTable 1 }
4983 CCDMPushDestEntry ::= SEQUENCE {
4984 cCDMPushDestIndex Unsigned32,
4985 cCDMPushDestTransferType INTEGER,
4986 cCDMPushDestAddressLocationType INTEGER,
4987 cCDMPushDestAddressLocation OCTET STRING,
4988 cCDMPushDestTransferTime DateAndTime,
4989 cCDMPushDestPackageSelection SnmpAdminString,
4990 cCDMPushDestRowStatus RowStatus
4991 }
4993 cCDMPushDestIndex OBJECT-TYPE
4994 SYNTAX Unsigned32
4995 MAX-ACCESS not-accessible
4996 STATUS current
4997 DESCRIPTION
4998 "A numeric index that identifies a unique location in this
4999 table."
5000 ::= { cCDMPushDestEntry 1 }
5002 cCDMPushDestTransferType OBJECT-TYPE
5003 SYNTAX INTEGER { ipsec(1), tls(2) }
5004 MAX-ACCESS read-create
5005 STATUS current
5006 DESCRIPTION
5007 "The transfer mechanism or protocol used by the sender to
5008 execute the Cryptographic Device Material (CDM) transfer:
5009 ipsec(1), tls(2):
5010 ipsec - Internet Protocol Security (IPsec)
5011 tls - Transport Layer Security (TLS)"
5012 ::= { cCDMPushDestEntry 2 }
5014 cCDMPushDestAddressLocationType OBJECT-TYPE
5015 SYNTAX INTEGER { ipv4(1), ipv6(2), uri(3), other(4) }
5016 MAX-ACCESS read-create
5017 STATUS current
5018 DESCRIPTION
5019 "Enumeration indicating the type of address location."
5020 ::= { cCDMPushDestEntry 3 }
5022 cCDMPushDestAddressLocation OBJECT-TYPE
5023 SYNTAX OCTET STRING
5024 MAX-ACCESS read-create
5025 STATUS current
5026 DESCRIPTION
5027 "Location of the receiver. The syntax allows a URI or an IP
5028 address to be configured."
5029 ::= { cCDMPushDestEntry 4 }
5031 cCDMPushDestTransferTime OBJECT-TYPE
5032 SYNTAX DateAndTime
5033 MAX-ACCESS read-create
5034 STATUS current
5035 DESCRIPTION
5036 "A valid date and time value populated in this object will
5037 automatically initiate the transfer at the value specified.
5039 To initiate an immediate transfer the following
5040 configuration is used: '0' for the year field, '1' for the
5041 month field, '1' for the day field, '-' for the direction
5042 from UTC field, and '0' for all other fields. This
5043 configuration is displayed as '0-1-1,00:00:00.0,-0:0'. Note
5044 that if the timezone fields are not used then the displayed
5045 value is as follows: '0-1-1,00:00:00.0'. The timezone
5046 fields are the direction from UTC, hours from UTC, and
5047 minutes from UTC."
5048 ::= { cCDMPushDestEntry 5 }
5050 cCDMPushDestPackageSelection OBJECT-TYPE
5051 SYNTAX SnmpAdminString
5052 MAX-ACCESS read-create
5053 STATUS current
5054 DESCRIPTION
5055 "A reference string that points to the key material(s) to
5056 transfer. This column may reference one entry (e.g. an entry
5057 in the cCDMStoreTable) or multiple entries (e.g. multiple
5058 entries in the cCDMTransferPkgTable). This object defines
5059 all the items in the package that will be sent."
5060 ::= { cCDMPushDestEntry 6 }
5062 cCDMPushDestRowStatus OBJECT-TYPE
5063 SYNTAX RowStatus
5064 MAX-ACCESS read-create
5065 STATUS current
5066 DESCRIPTION
5067 "The status of the row, by which new entries may be created
5068 or old entries deleted from this table.
5070 Entries created within this table may not become active
5071 unless all read-create columns in this column have valid
5072 values, as detailed by each individual column's description.
5074 At a minimum, implementations must support createAndGo,
5075 active, and destroy management functions. Support for
5076 createAndWait, notInService, and notReady management
5077 functions is optional."
5078 ::= { cCDMPushDestEntry 7 }
5080 -- *****************************************************************
5081 -- CC MIB cCDMTransferPkgTable
5082 -- *****************************************************************
5084 cCDMTransferPkgTableCount OBJECT-TYPE
5085 SYNTAX Unsigned32
5086 MAX-ACCESS read-only
5087 STATUS current
5088 DESCRIPTION
5089 "The number of rows in the cCDMTransferPkgTable."
5090 ::= { cCDMTransferPkgInfo 1 }
5092 cCDMTransferPkgTableLastChanged OBJECT-TYPE
5093 SYNTAX TimeStamp
5094 MAX-ACCESS read-only
5095 STATUS current
5096 DESCRIPTION
5097 "The last time any entry in the table was modified, created,
5098 or deleted by either SNMP, agent, or other management method
5099 (e.g. via an HMI). Managers can use this object to ensure
5100 that no changes to configuration of this table have happened
5101 since the last time it examined the table. A value of 0
5102 indicates that no entry has been changed since the agent
5103 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
5104 should be used to populate this column."
5105 ::= { cCDMTransferPkgInfo 2 }
5107 cCDMTransferPkgTable OBJECT-TYPE
5108 SYNTAX SEQUENCE OF CCDMTransferPkgEntry
5109 MAX-ACCESS not-accessible
5110 STATUS current
5111 DESCRIPTION
5112 "The table for configuring single or multiple Cryptographic
5113 Device Material (CDM) in a package that can be transferred
5114 on a send operation. Entries in this table are referenced by
5115 the cCDMPushDestPackageSelection column."
5116 ::= { cCDMTransferPkgInfo 3 }
5118 cCDMTransferPkgEntry OBJECT-TYPE
5119 SYNTAX CCDMTransferPkgEntry
5120 MAX-ACCESS not-accessible
5121 STATUS current
5122 DESCRIPTION
5123 "A row containing information about a package used on a send
5124 operation."
5125 INDEX { cCDMTransferPkgLabel, cCDMTransferPkgIndex }
5126 ::= { cCDMTransferPkgTable 1 }
5128 CCDMTransferPkgEntry ::= SEQUENCE {
5129 cCDMTransferPkgLabel SnmpAdminString,
5130 cCDMTransferPkgIndex Unsigned32,
5131 cCDMTransferPkgLocatorRowPtr RowPointer,
5132 cCDMTransferPkgRowStatus RowStatus
5133 }
5135 cCDMTransferPkgLabel OBJECT-TYPE
5136 SYNTAX SnmpAdminString
5137 MAX-ACCESS not-accessible
5138 STATUS current
5139 DESCRIPTION
5140 "An administrative name that identifies a package within
5141 this table. cCDMTransferPkgLabel and cCDMTransferPkgIndex
5142 serve as indexes of this table."
5143 ::= { cCDMTransferPkgEntry 1 }
5145 cCDMTransferPkgIndex OBJECT-TYPE
5146 SYNTAX Unsigned32
5147 MAX-ACCESS not-accessible
5148 STATUS current
5149 DESCRIPTION
5150 "An administrative way of creating a unique row within this
5151 table. This value shows the position of a given item within
5152 this package designated by cCDMTransferPkgLabel.
5153 cCDMTransferPkgLabel and cCDMTransferPkgIndex serve as
5154 indexes of this table."
5155 ::= { cCDMTransferPkgEntry 2 }
5157 cCDMTransferPkgLocatorRowPtr OBJECT-TYPE
5158 SYNTAX RowPointer
5159 MAX-ACCESS read-create
5160 STATUS current
5161 DESCRIPTION
5162 "A RowPointer that points to a unique entry in the table
5163 containing the necessary Cryptographic Device Material (CDM)
5164 for transfer. For example, referencing a key in the
5165 cSymmetricKeyTable, the value in this column contains the
5166 pointer to the appropriate row in the cSymmetricKeyTable."
5167 ::= { cCDMTransferPkgEntry 3 }
5169 cCDMTransferPkgRowStatus OBJECT-TYPE
5170 SYNTAX RowStatus
5171 MAX-ACCESS read-create
5172 STATUS current
5173 DESCRIPTION
5174 "The status of the row, by which new entries may be created
5175 or old entries deleted from this table.
5177 Entries created within this table may not become active
5178 unless all read-create columns in this column have valid
5179 values, as detailed by each individual column's description.
5181 At a minimum, implementations must support createAndGo,
5182 active, and destroy management functions. Support for
5183 createAndWait, notInService, and notReady management
5184 functions is optional."
5185 ::= { cCDMTransferPkgEntry 4 }
5187 -- *****************************************************************
5188 -- CC MIB cCDMPushSrcTable
5189 -- *****************************************************************
5191 cCDMPushSrcTableCount OBJECT-TYPE
5192 SYNTAX Unsigned32
5193 MAX-ACCESS read-only
5194 STATUS current
5195 DESCRIPTION
5196 "The number of rows in the cCDMPushSrcTable"
5197 ::= { cCDMPushSrcInfo 1 }
5199 cCDMPushSrcTableLastChanged OBJECT-TYPE
5200 SYNTAX TimeStamp
5201 MAX-ACCESS read-only
5202 STATUS current
5203 DESCRIPTION
5204 "The last time any entry in the table was modified, created,
5205 or deleted by either SNMP, agent, or other management method
5206 (e.g. via an HMI). Managers can use this object to ensure
5207 that no changes to configuration of this table have happened
5208 since the last time it examined the table. A value of 0
5209 indicates that no entry has been changed since the agent
5210 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
5211 should be used to populate this column."
5212 ::= { cCDMPushSrcInfo 2 }
5214 cCDMPushSrcTable OBJECT-TYPE
5215 SYNTAX SEQUENCE OF CCDMPushSrcEntry
5216 MAX-ACCESS not-accessible
5217 STATUS current
5218 DESCRIPTION
5219 "This table provides the list of authorized senders that
5220 this receiving device will accept Cryptographic Device
5221 Material (CDM) transfers from. Servers for the
5222 cCDMServerTable are not listed in this table since this
5223 table is specific for the Push Model."
5224 ::= { cCDMPushSrcInfo 3 }
5226 cCDMPushSrcEntry OBJECT-TYPE
5227 SYNTAX CCDMPushSrcEntry
5228 MAX-ACCESS not-accessible
5229 STATUS current
5230 DESCRIPTION
5231 "A row containing information about an authorized sender
5232 that this receiving device will accept."
5233 INDEX { cCDMPushSrcSenderName, cCDMPushSrcTransferType }
5234 ::= { cCDMPushSrcTable 1 }
5236 CCDMPushSrcEntry ::= SEQUENCE {
5237 cCDMPushSrcSenderName SnmpAdminString,
5238 cCDMPushSrcTransferType INTEGER,
5239 cCDMPushSrcAddrLocationType INTEGER,
5240 cCDMPushSrcAddrLocation OCTET STRING,
5241 cCDMPushSrcRowStatus RowStatus
5242 }
5244 cCDMPushSrcSenderName OBJECT-TYPE
5245 SYNTAX SnmpAdminString
5246 MAX-ACCESS not-accessible
5247 STATUS current
5248 DESCRIPTION
5249 "An administrative string for an authorized sender.
5250 cCDMPushSrcSenderName and cCDMPushSrcTransferType serve as
5251 indexes of this table."
5252 ::= { cCDMPushSrcEntry 1 }
5254 cCDMPushSrcTransferType OBJECT-TYPE
5255 SYNTAX INTEGER { ipsec(1), tls(2), other(3) }
5256 MAX-ACCESS read-only
5257 STATUS current
5258 DESCRIPTION
5259 "Analogous to cCDMPushDestTransferType. The transfer
5260 mechanism or protocol used by the receiver to receive the
5261 Cryptographic Device Material (CDM) transfer.
5263 ipsec - Internet Protocol Security (IPsec)
5264 tls - Transport Layer Security (TLS)
5265 other - used for device specific transfer mechanisms
5267 cCDMPushSrcSenderName and cCDMPushSrcTransferType serve as
5268 indexes of this table."
5269 ::= { cCDMPushSrcEntry 2 }
5271 cCDMPushSrcAddrLocationType OBJECT-TYPE
5272 SYNTAX INTEGER { ipv4(1), ipv6(2), uri(3), other(4) }
5273 MAX-ACCESS read-create
5274 STATUS current
5275 DESCRIPTION
5276 "Enumeration indicating the type of address location
5277 (values: ipv4, ipv6 or uri)."
5278 ::= { cCDMPushSrcEntry 3 }
5280 cCDMPushSrcAddrLocation OBJECT-TYPE
5281 SYNTAX OCTET STRING
5282 MAX-ACCESS read-create
5283 STATUS current
5284 DESCRIPTION
5285 "Location of the authorized sender."
5286 ::= { cCDMPushSrcEntry 4 }
5288 cCDMPushSrcRowStatus OBJECT-TYPE
5289 SYNTAX RowStatus
5290 MAX-ACCESS read-create
5291 STATUS current
5292 DESCRIPTION
5293 "The status of the row, by which new entries may be created
5294 or old entries deleted from this table.
5296 Entries created within this table may not become active
5297 unless all read-create columns in this column have valid
5298 values, as detailed by each individual column's description.
5300 At a minimum, implementations must support createAndGo,
5301 active, and destroy management functions. Support for
5302 createAndWait, notInService, and notReady management
5303 functions is optional."
5304 ::= { cCDMPushSrcEntry 5 }
5306 -- *****************************************************************
5307 -- Module Conformance Information
5308 -- *****************************************************************
5310 cKeyTransferPushCompliances OBJECT IDENTIFIER
5311 ::= { cKeyTransferPushConformance 1}
5312 cKeyTransferPushGroups OBJECT IDENTIFIER
5313 ::= { cKeyTransferPushConformance 2}
5315 cKeyTransferPushSenderCompliance MODULE-COMPLIANCE
5316 STATUS current
5317 DESCRIPTION
5318 "Compliance levels for sender information."
5319 MODULE
5320 MANDATORY-GROUPS { cKeyTransferPushSenderGroup }
5322 GROUP cKeyTransferPushSenderNotifyGroup
5323 DESCRIPTION
5324 "This notification group is optional for implementation."
5326 OBJECT cCDMTransferDelay
5327 MIN-ACCESS not-accessible
5328 DESCRIPTION
5329 "Implementation of this object is optional."
5331 OBJECT cCDMTransferMaxAttempts
5332 MIN-ACCESS not-accessible
5333 DESCRIPTION
5334 "Implementation of this object is optional."
5335 ::= { cKeyTransferPushCompliances 1 }
5337 cKeyTransferPushReceiverCompliance MODULE-COMPLIANCE
5338 STATUS current
5339 DESCRIPTION
5340 "Compliance levels for receiver information."
5341 MODULE
5342 MANDATORY-GROUPS { cKeyTransferPushReceiverGroup }
5343 GROUP cKeyTransferPushReceiverNotifyGroup
5344 DESCRIPTION
5345 "This notification group is optional for implementation."
5346 ::= { cKeyTransferPushCompliances 2 }
5348 cKeyTransferPushSenderGroup OBJECT-GROUP
5349 OBJECTS {
5350 cCDMTransferDelay,
5351 cCDMTransferMaxAttempts,
5352 cCDMPushDestTableCount,
5353 cCDMPushDestTableLastChanged,
5354 cCDMPushDestTransferType,
5355 cCDMPushDestAddressLocationType,
5356 cCDMPushDestAddressLocation,
5357 cCDMPushDestTransferTime,
5358 cCDMPushDestPackageSelection,
5359 cCDMPushDestRowStatus,
5360 cCDMTransferPkgTableCount,
5361 cCDMTransferPkgTableLastChanged,
5362 cCDMTransferPkgLocatorRowPtr,
5363 cCDMTransferPkgRowStatus
5364 }
5365 STATUS current
5366 DESCRIPTION
5367 "This group is composed of objects related to sender
5368 information."
5369 ::= { cKeyTransferPushGroups 1 }
5371 cKeyTransferPushReceiverGroup OBJECT-GROUP
5372 OBJECTS {
5373 cCDMPushSrcTableCount,
5374 cCDMPushSrcTableLastChanged,
5375 cCDMPushSrcTransferType,
5376 cCDMPushSrcAddrLocationType,
5377 cCDMPushSrcAddrLocation,
5378 cCDMPushSrcRowStatus
5379 }
5380 STATUS current
5381 DESCRIPTION
5382 "This group is composed of objects related to receiver
5383 information."
5384 ::= { cKeyTransferPushGroups 2 }
5386 cKeyTransferPushSenderNotifyGroup NOTIFICATION-GROUP
5387 NOTIFICATIONS {
5388 cCDMPushSendSuccess,
5389 cCDMPushSendFail
5390 }
5392 STATUS current
5393 DESCRIPTION
5394 "This group is composed of notifications related to sender
5395 information."
5396 ::= { cKeyTransferPushGroups 3 }
5398 cKeyTransferPushReceiverNotifyGroup NOTIFICATION-GROUP
5399 NOTIFICATIONS {
5400 cCDMPushReceiveSuccess,
5401 cCDMPushReceiveFail
5402 }
5403 STATUS current
5404 DESCRIPTION
5405 "This group is composed of notifications related to receiver
5406 information."
5407 ::= { cKeyTransferPushGroups 4 }
5409 END
5411 5.8. Security Policy Information
5413 This module makes reference to: Section 5.2, Section 5.3, [RFC2571],
5414 [RFC2578], [RFC2579], and [RFC2580].
5416 ~~~~
5417 CC-SECURE-POLICY-INFO-MIB DEFINITIONS ::= BEGIN
5419 IMPORTS
5420 ccSecurePolicyInfo
5422 FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}}
5423 IPAddressType, IPAddress, PortNumber,
5424 ROHCModes
5425 FROM CC-TEXTUAL-CONVENTIONS-MIB -- FROM {{cc-txt}}
5426 OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE,
5427 Counter64, MODULE-IDENTITY
5428 FROM SNMPv2-SMI -- FROM RFC 2578
5429 MODULE-COMPLIANCE, OBJECT-GROUP,
5430 NOTIFICATION-GROUP
5431 FROM SNMPv2-CONF -- FROM RFC 2580
5432 SnmpAdminString
5433 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571
5434 RowPointer, RowStatus, DateAndTime,
5435 TruthValue, TEXTUAL-CONVENTION, TimeStamp
5436 FROM SNMPv2-TC; -- FROM RFC 2579
5438 ccSecurePolicyInfoMIB MODULE-IDENTITY
5439 "Shadi Azoum
5440 US Navy
5441 email: shadi.azoum@navy.mil
5443 Elliott Jones
5444 US Navy
5445 elliott.jones@navy.mil
5447 Lily Sun
5448 US Navy
5449 lily.sun@navy.mil
5451 Mike Irani
5452 NKI Engineering
5453 irani@nkiengineering.com
5455 Jeffrey Sun
5456 NKI Engineering
5457 sunjeff@nkiengineering.com
5459 Ray Purvis
5460 MITRE
5461 Email:rpurvis@mitre.org
5463 Sean Turner
5464 sn3rd
5465 Email:sean@sn3rd.com"
5466 DESCRIPTION
5467 "This MIB defines the CC MIB tree hierarchical assignments
5468 below it and acts as a reservation mechanism.
5470 Copyright (c) 2016 IETF Trust and the persons
5471 identified as authors of the code. All rights reserved.
5473 Redistribution and use in source and binary forms, with
5474 or without modification, is permitted pursuant to, and
5475 subject to the license terms contained in, the Simplified
5476 BSD License set forth in Section 4.c of the IETF Trust's
5477 Legal Provisions Relating to IETF Documents
5478 (http://trustee.ietf.org/license-info).
5480 This version of this MIB module is part of RFC xxxx;
5481 see the RFC itself for full legal notices."
5482 -- RFC Ed.: RFC-editor please fill in xxxx.
5483 REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
5484 DESCRIPTION "Initial Version. Published as RFC xxxx."
5485 -- RFC Ed.: RFC-editor please fill in xxxx.
5486 ::= { ccSecurePolicyInfo 1 }
5488 -- *****************************************************************
5489 -- Secure Policy Info Information Segments
5490 -- *****************************************************************
5492 cSecurePolicyConformance OBJECT IDENTIFIER
5493 ::= { ccSecurePolicyInfoMIB 1 }
5494 cSecPolicyRuleInfo OBJECT IDENTIFIER
5495 ::= { ccSecurePolicyInfoMIB 2 }
5496 cSecurePolicyInfoScalars OBJECT IDENTIFIER
5497 ::= { ccSecurePolicyInfoMIB 3 }
5498 cSecurePolicyInfoNotify OBJECT IDENTIFIER
5499 ::= { ccSecurePolicyInfoMIB 4 }
5501 -- *****************************************************************
5502 -- Secure Policy Info Scalars
5503 -- *****************************************************************
5505 -- *****************************************************************
5506 -- Secure Policy Info Notifications
5507 -- *****************************************************************
5509 cSecPolicyChanged NOTIFICATION-TYPE
5510 OBJECTS {
5511 cSecPolicyRulePriorityID,
5512 cSecPolicyRuleDescription
5513 }
5514 STATUS current
5515 DESCRIPTION
5516 "A notification indicating that an existent Security Policy
5517 entry in the cSecPolicyRuleTable in has changed."
5518 ::= { cSecurePolicyInfoNotify 1 }
5520 -- *****************************************************************
5521 -- CC MIB cSecPolicyRuleTable
5522 -- *****************************************************************
5524 cSecPolicyRuleTableCount OBJECT-TYPE
5525 SYNTAX Unsigned32
5526 MAX-ACCESS read-only
5527 STATUS current
5528 DESCRIPTION
5529 "The number of rows in the cSecPolicyRuleTable."
5530 ::= { cSecPolicyRuleInfo 1 }
5532 cSecPolicyRuleTableLastChanged OBJECT-TYPE
5533 SYNTAX TimeStamp
5534 MAX-ACCESS read-only
5535 STATUS current
5536 DESCRIPTION
5537 "The last time any entry in the table was modified, created,
5538 or deleted by either SNMP, agent, or other management method
5539 (e.g. via an HMI). Managers can use this object to ensure
5540 that no changes to configuration of this table have happened
5541 since the last time it examined the table. A value of 0
5542 indicates that no entry has been changed since the agent
5543 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
5544 should be used to populate this column."
5545 ::= { cSecPolicyRuleInfo 2 }
5547 cSecPolicyRuleTable OBJECT-TYPE
5548 SYNTAX SEQUENCE OF CSecPolicyRuleEntry
5549 MAX-ACCESS not-accessible
5550 STATUS current
5551 DESCRIPTION
5552 "The cSecPolicyRuleTable stores the Security Policy Rules
5553 that are compared against inbound and outbound data traffic
5554 flow. These Security Policy Rules define the actions (e.g.
5555 protect, bypass, discard) on how the data traffic flow should
5556 be treated."
5557 ::= { cSecPolicyRuleInfo 3 }
5559 cSecPolicyRuleEntry OBJECT-TYPE
5560 SYNTAX CSecPolicyRuleEntry
5561 MAX-ACCESS not-accessible
5562 STATUS current
5563 DESCRIPTION
5564 "A row containing general information about a Security
5565 Policy rule."
5566 INDEX { cSecPolicyRulePriorityID }
5567 ::= { cSecPolicyRuleTable 1 }
5569 CSecPolicyRuleEntry ::= SEQUENCE {
5570 cSecPolicyRulePriorityID Unsigned32,
5571 cSecPolicyRuleDescription OCTET STRING,
5572 cSecPolicyRuleType INTEGER,
5573 cSecPolicyRuleFilterReference SnmpAdminString,
5574 cSecPolicyRuleAction INTEGER,
5575 cSecPolicyRuleRowStatus RowStatus
5576 }
5578 cSecPolicyRulePriorityID OBJECT-TYPE
5579 SYNTAX Unsigned32
5580 MAX-ACCESS read-only
5581 STATUS current
5582 DESCRIPTION
5583 "Local unique index that identifies the priority at which
5584 this Security Policy rule is applied. Lower values have a
5585 higher priority (e.g. a value of 1 will be processed before
5586 a value of 2). This column is the primary index to the
5587 cSecPolicyRuleTable."
5588 ::= { cSecPolicyRuleEntry 1 }
5590 cSecPolicyRuleDescription OBJECT-TYPE
5591 SYNTAX OCTET STRING
5592 MAX-ACCESS read-create
5593 STATUS current
5594 DESCRIPTION
5595 "An administrative string describing the Security Policy
5596 rule. Note, this is a free form OCTET STRING that provides
5597 the user a store for any form of description/documentation
5598 for the given entry."
5599 ::= { cSecPolicyRuleEntry 2 }
5601 cSecPolicyRuleType OBJECT-TYPE
5602 SYNTAX INTEGER { ipsec(1), tls(2) }
5603 MAX-ACCESS read-create
5604 STATUS current
5605 DESCRIPTION
5606 "Optional column that defines the related protocol type of
5607 the Security Policy rule. Depending on this column's set
5608 value, entries will vary in respect to which other
5609 columns/tables (if at all) must be populated to fully
5610 configure the Security Policy rule."
5611 ::= { cSecPolicyRuleEntry 3 }
5613 cSecPolicyRuleFilterReference OBJECT-TYPE
5614 SYNTAX SnmpAdminString
5615 MAX-ACCESS read-create
5616 STATUS current
5617 DESCRIPTION
5618 "A string that references the associated filter for the
5619 Security Policy rule. Data traffic flow (inbound/outbound)
5620 comparison against the associated filter provide the basis
5621 in which a Security Policy rule is applied to the given data
5622 traffic flow."
5623 ::= { cSecPolicyRuleEntry 4 }
5625 cSecPolicyRuleAction OBJECT-TYPE
5626 SYNTAX INTEGER { protect(1), bypass(10), discard(20),
5627 discardInbound(21), discardOutbound(22) }
5628 MAX-ACCESS read-create
5629 STATUS current
5630 DESCRIPTION
5631 "This object indicates what action the ECU should take on
5632 matching a data traffic flow against a filter (as defined by
5633 cSecPolicyRuleFilterReference). The value of this column can
5634 take one of four enumeration values.
5636 [1] protect: The 'protect' enumeration value indicates that
5637 the data traffic flow should be protected by a Secure
5638 Connection with attributes defined by the associated filter
5639 (cSecPolicyRuleFilterReference).
5641 [10] bypass: The 'bypass' enumeration value indicates that
5642 the data traffic flow should be bypassed with no
5643 cryptographic protection/services provided.
5645 [20] discard: The 'discard enumeration value indicates that
5646 the data traffic flow, agnostic of their direction, should
5647 be discarded.
5649 [21] discardInbound: The 'discardInbound' enumeration value
5650 indicates that an inbound data traffic flow should be
5651 discarded.
5653 [22] discardOutbound: The 'discardOutbound' enumeration
5654 value indicates that an outbound data traffic flow should be
5655 discarded.
5657 Implementations that do not support the 'discardInbound' and
5658 'discardOutbound' enumeration values should return a
5659 wrongValue exception during a SET to the cSecPolicyRuleAction
5660 object.
5662 A valid enumeration value must be specified in order for
5663 cSecPolicyRuleRowStatus to be 'active'."
5664 ::= { cSecPolicyRuleEntry 5 }
5666 cSecPolicyRuleRowStatus OBJECT-TYPE
5667 SYNTAX RowStatus
5668 MAX-ACCESS read-create
5669 STATUS current
5670 DESCRIPTION
5671 "The status of the row, by which new entries may be created,
5672 or old entries deleted from this table.
5674 Entries created within this table may not become active
5675 unless all read-create columns in this table have valid
5676 values, as detailed by each individual column's description.
5678 At a minimum, implementations must support createAndGo and
5679 destroy management functions. Support for createAndWait,
5680 active, notInService, and notReady management functions is
5681 optional."
5682 ::= { cSecPolicyRuleEntry 6 }
5684 -- *****************************************************************
5685 -- Module Conformance Information
5686 -- *****************************************************************
5688 cSecurePolicyCompliances OBJECT IDENTIFIER
5689 ::= { cSecurePolicyConformance 1 }
5690 cSecurePolicyGroups OBJECT IDENTIFIER
5691 ::= { cSecurePolicyConformance 2 }
5693 cSecurePolicyCompliance MODULE-COMPLIANCE
5694 STATUS current
5695 DESCRIPTION
5696 "Compliance levels for secure policy information."
5697 MODULE
5698 MANDATORY-GROUPS { cSecurePolicyGroup }
5700 GROUP cSecurePolicyNotifyGroup
5701 DESCRIPTION
5702 "This notification group is optional for implementation."
5703 ::= { cSecurePolicyCompliances 1 }
5705 cSecurePolicyGroup OBJECT-GROUP
5706 OBJECTS {
5707 cSecPolicyRuleTableCount,
5708 cSecPolicyRuleTableLastChanged,
5709 cSecPolicyRulePriorityID,
5710 cSecPolicyRuleDescription,
5711 cSecPolicyRuleType,
5712 cSecPolicyRuleFilterReference,
5713 cSecPolicyRuleAction,
5714 cSecPolicyRuleRowStatus
5715 }
5716 STATUS current
5717 DESCRIPTION
5718 "This group is composed of objects related to secure policy
5719 information."
5720 ::= { cSecurePolicyGroups 1 }
5722 cSecurePolicyNotifyGroup NOTIFICATION-GROUP
5723 NOTIFICATIONS {
5724 cSecPolicyChanged
5725 }
5726 STATUS current
5727 DESCRIPTION
5728 "This group is composed of notifications related to secure
5729 policy information."
5730 ::= { cSecurePolicyGroups 2 }
5732 END ~~~~
5734 5.9. Secure Connection Information
5736 This module makes reference to: Section 5.2, Section 5.3, [RFC2571],
5737 [RFC2578], [RFC2579], and [RFC2580], [RFC4303].
5739 CC-SECURE-CONNECTION-INFO-MIB DEFINITIONS ::= BEGIN
5741 IMPORTS
5742 ccSecureConnectionInfo
5743 FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}}
5744 IPAddressType, IPAddress, PortNumber,
5745 ROHCCompressionProfiles
5746 FROM CC-TEXTUAL-CONVENTIONS-MIB -- FROM {{cc-txt}}
5747 OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE,
5748 Counter64, MODULE-IDENTITY
5749 FROM SNMPv2-SMI -- FROM RFC 2578
5750 MODULE-COMPLIANCE, OBJECT-GROUP,
5751 NOTIFICATION-GROUP
5752 FROM SNMPv2-CONF -- FROM RFC 2580
5753 SnmpAdminString
5754 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 2571
5755 RowPointer, RowStatus, DateAndTime,
5756 TruthValue, TEXTUAL-CONVENTION, TimeStamp
5757 FROM SNMPv2-TC; -- FROM RFC 2579
5759 ccSecureConnectionInfoMIB MODULE-IDENTITY
5760 "Shadi Azoum
5761 US Navy
5762 email: shadi.azoum@navy.mil
5764 Elliott Jones
5765 US Navy
5766 elliott.jones@navy.mil
5768 Lily Sun
5769 US Navy
5770 lily.sun@navy.mil
5772 Mike Irani
5773 NKI Engineering
5774 irani@nkiengineering.com
5775 Jeffrey Sun
5776 NKI Engineering
5777 sunjeff@nkiengineering.com
5779 Ray Purvis
5780 MITRE
5781 Email:rpurvis@mitre.org
5783 Sean Turner
5784 sn3rd
5785 Email:sean@sn3rd.com"
5786 DESCRIPTION
5787 "This MIB defines the CC MIB tree hierarchical assignments
5788 below it and acts as a reservation mechanism.
5790 Copyright (c) 2016 IETF Trust and the persons
5791 identified as authors of the code. All rights reserved.
5793 Redistribution and use in source and binary forms, with
5794 or without modification, is permitted pursuant to, and
5795 subject to the license terms contained in, the Simplified
5796 BSD License set forth in Section 4.c of the IETF Trust's
5797 Legal Provisions Relating to IETF Documents
5798 (http://trustee.ietf.org/license-info).
5800 This version of this MIB module is part of RFC xxxx;
5801 see the RFC itself for full legal notices."
5802 -- RFC Ed.: RFC-editor please fill in xxxx.
5803 REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
5804 DESCRIPTION "Initial Version. Published as RFC xxxx."
5805 -- RFC Ed.: RFC-editor please fill in xxxx.
5806 ::= { ccSecureConnectionInfo 1 }
5808 -- *****************************************************************
5809 -- Secure Connection Info Information Segments
5810 -- *****************************************************************
5812 cSecureConnectionConformance OBJECT IDENTIFIER
5813 ::= { ccSecureConnectionInfoMIB 1 }
5814 cSecureConnectionInfo OBJECT IDENTIFIER
5815 ::= { ccSecureConnectionInfoMIB 2 }
5816 cSecureConnectionInfoScalars OBJECT IDENTIFIER
5817 ::= { ccSecureConnectionInfoMIB 3 }
5818 cSecureConnectionInfoNotify OBJECT IDENTIFIER
5819 ::= { ccSecureConnectionInfoMIB 4 }
5821 -- *****************************************************************
5822 -- Secure Connection Info Scalars
5823 -- *****************************************************************
5825 -- *****************************************************************
5826 -- Secure Connection Info Notifications
5827 -- *****************************************************************
5829 cSecConnectionEstablished NOTIFICATION-TYPE
5830 OBJECTS { cSecConTableID }
5831 STATUS current
5832 DESCRIPTION
5833 "A notification indicating that a new Secure Connection was
5834 successfully established."
5835 ::= { cSecureConnectionInfoNotify 1 }
5837 cSecConnectionDeleted NOTIFICATION-TYPE
5838 OBJECTS { cSecConTableID }
5839 STATUS current
5840 DESCRIPTION
5841 "A notification indicating that an existent Secure
5842 Connection was successfully deleted."
5843 ::= { cSecureConnectionInfoNotify 2 }
5845 -- *********************************************************************
5846 -- CC MIB cSecConTable
5847 -- *********************************************************************
5849 cSecConTableCount OBJECT-TYPE
5850 SYNTAX Unsigned32
5851 MAX-ACCESS read-only
5852 STATUS current
5853 DESCRIPTION
5854 "The number of rows in the cSecConTable."
5855 ::= { cSecureConnectionInfo 1 }
5857 cSecConTableLastChanged OBJECT-TYPE
5858 SYNTAX TimeStamp
5859 MAX-ACCESS read-only
5860 STATUS current
5861 DESCRIPTION
5862 "The last time any entry in the table was modified, created,
5863 or deleted by either SNMP, agent, or other management method
5864 (e.g. via an HMI). Managers can use this object to ensure
5865 that no changes to configuration of this table have happened
5866 since the last time it examined the table. A value of 0
5867 indicates that no entry has been changed since the agent
5868 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
5869 should be used to populate this column."
5871 ::= { cSecureConnectionInfo 2 }
5873 cSecConTable OBJECT-TYPE
5874 SYNTAX SEQUENCE OF CSecConEntry
5875 MAX-ACCESS not-accessible
5876 STATUS current
5877 DESCRIPTION
5878 "The cSecConTable stores general Secure Connection
5879 (active/inactive) information associated with the ECU. This
5880 table provides the base/common information for Secure
5881 Connections."
5882 ::= { cSecureConnectionInfo 3 }
5884 cSecConEntry OBJECT-TYPE
5885 SYNTAX CSecConEntry
5886 MAX-ACCESS not-accessible
5887 STATUS current
5888 DESCRIPTION
5889 "A row containing general information about an
5890 active/inactive Secure Connection."
5891 INDEX { cSecConTableID }
5892 ::= { cSecConTable 1 }
5894 CSecConEntry ::= SEQUENCE {
5895 cSecConTableID Unsigned32,
5896 cSecConType OCTET STRING,
5897 cSecConDataPlaneID OCTET STRING,
5898 cSecConDirection INTEGER,
5899 cSecConKeyReference OCTET STRING,
5900 cSecConCryptographicSuite OCTET STRING,
5901 cSecConEstablishmentTime DateAndTime,
5902 cSecConStatus OCTET STRING,
5903 cSecConRowStatus RowStatus
5904 }
5906 cSecConTableID OBJECT-TYPE
5907 SYNTAX Unsigned32
5908 MAX-ACCESS read-only
5909 STATUS current
5910 DESCRIPTION
5911 "Local unique index that identifies a Secure Connection.
5912 This column is the primary index to the cSecConTable."
5913 ::= { cSecConEntry 1 }
5915 cSecConType OBJECT-TYPE
5916 SYNTAX OCTET STRING
5917 MAX-ACCESS read-create
5918 STATUS current
5919 DESCRIPTION
5920 "Optional column that defines the related protocol type of
5921 the Secure Connection. Depending on this column's populated
5922 value, entries will vary in respect to which other
5923 columns/tables (if at all) are applicable to the Secure
5924 Connection. Example of values for this column are: 'ipsec'
5925 for Internet Protocol Security secure connections and 'tls'
5926 for Transport Layer Security/Secure Socket Layer secure
5927 connections."
5928 ::= { cSecConEntry 2 }
5930 cSecConDataPlaneID OBJECT-TYPE
5931 SYNTAX OCTET STRING
5932 MAX-ACCESS read-create
5933 STATUS current
5934 DESCRIPTION
5935 "The unique identifier associated with the Secure
5936 Connection, based on the Secure Connection protocol.
5938 Note, this is a free form OCTET STRING column where
5939 meaningful values/format are defined per Secure Connection
5940 protocol type basis. For instance, in an IPsec context (i.e.
5941 cSecConType value is set to 'ipsec'), this column would
5942 store the Security Parameter Index (SPI) for a given
5943 Encapsulating Security Payload Version 3 Security
5944 Association (RFC 4303 - Section 2.1.)."
5945 ::= { cSecConEntry 3 }
5947 cSecConDirection OBJECT-TYPE
5948 SYNTAX INTEGER { inbound(1), outbound(2),
5949 bidirectional(3) }
5950 MAX-ACCESS read-create
5951 STATUS current
5952 DESCRIPTION
5953 "The data plane traffic flow direction for the Secure
5954 Connection.
5956 [1] inbound: data plane traffic flow is incoming on the
5957 Secure Connection.
5959 [2] outbound: data plane traffic flow is outgoing on the
5960 Secure Connection.
5962 [3] bidirectional: data plane traffic flow is incoming and
5963 outgoing on the Secure Connection."
5964 ::= { cSecConEntry 4 }
5966 cSecConKeyReference OBJECT-TYPE
5967 SYNTAX OCTET STRING (SIZE(0..255))
5968 MAX-ACCESS read-create
5969 STATUS current
5970 DESCRIPTION
5971 "Administrative string that references key material
5972 associated with the Secure Connection. This column
5973 references an entry (via table index value) in a key-related
5974 table in the CC-KEY-MANAGEMENT-MIB.
5976 If there is no appropriate value to populate with, this
5977 column would be populated with an empty string, ''."
5978 ::= { cSecConEntry 5 }
5980 cSecConCryptographicSuite OBJECT-TYPE
5981 SYNTAX OCTET STRING
5982 MAX-ACCESS read-create
5983 STATUS current
5984 DESCRIPTION
5985 "The set of cryptographic attributes (e.g. Encryption
5986 Algorithm, Integrity Algorithm) respective to the Secure
5987 Connection. Note, this is a free form OCTET STRING column,
5988 meaning implementations may utilize a standardized
5989 definition of string values that describe a set of
5990 cryptographic suites or use a proprietary definition of
5991 string values for supported cryptographic suites."
5992 ::= { cSecConEntry 6 }
5994 cSecConEstablishmentTime OBJECT-TYPE
5995 SYNTAX DateAndTime
5996 MAX-ACCESS read-create
5997 STATUS current
5998 DESCRIPTION
5999 "The local date and time when the Secure Connection was or
6000 will be established. The value in this column may be
6001 manually set to a date and time prior to the effective date
6002 of the key material (if associated) as referenced by the
6003 cSecConKeyReference column. If this column value is not
6004 manually configured with a date and time then the value will
6005 be automatically populated with the current cSystemDate
6006 value in respect to when the cSecConRowStatus column is
6007 first set to Active.
6009 Note, implementations may treat this column as an alpha date
6010 for the Secure Connection, and thus ascertain other Secure
6011 Connection-related values based on this time."
6012 ::= { cSecConEntry 7 }
6014 cSecConStatus OBJECT-TYPE
6015 SYNTAX OCTET STRING
6016 MAX-ACCESS read-create
6017 STATUS current
6018 DESCRIPTION
6019 "Column that provides the current status of the Secure
6020 Connection. Note, this is a free form OCTET STRING column
6021 where meaningful values are defined per Secure Connection
6022 protocol type basis (i.e. as defined by the cSecConType
6023 value) or per implementation basis.
6025 If there is no appropriate value to populate with, this
6026 column would be populated with an empty string, ''."
6027 ::= { cSecConEntry 8 }
6029 cSecConRowStatus OBJECT-TYPE
6030 SYNTAX RowStatus
6031 MAX-ACCESS read-create
6032 STATUS current
6033 DESCRIPTION
6034 "The status of the row, by which new entries may be created,
6035 or old entries deleted from this table.
6037 Entries created within this table may not become active
6038 unless all read-create columns in this table have valid
6039 values, as detailed by each individual column's description.
6041 The set of RowStatus enumerations that must be supported is
6042 dependent on the type of secure connection. At a minimum,
6043 implementations must support createAndGo and destroy if the
6044 secure connection can be created and destroyed by the
6045 manager. Implementations must support active and
6046 notInService if the secure connection can be
6047 enabled/disabled by the manager."
6048 ::= { cSecConEntry 9 }
6050 -- *********************************************************************
6051 -- Module Conformance Information
6052 -- *********************************************************************
6054 cSecureConnectionCompliances OBJECT IDENTIFIER
6055 ::= { cSecureConnectionConformance 1}
6056 cSecureConnectionGroups OBJECT IDENTIFIER
6057 ::= { cSecureConnectionConformance 2}
6059 cSecureConnectionCompliance MODULE-COMPLIANCE
6060 STATUS current
6061 DESCRIPTION
6062 "Compliance levels for secure connection information."
6064 MODULE
6065 MANDATORY-GROUPS { cSecureConnectionGroup }
6067 GROUP cSecureConnectionNotifyGroup
6068 DESCRIPTION
6069 "This notification group is optional for implementation."
6071 OBJECT cSecConType
6072 MIN-ACCESS not-accessible
6073 DESCRIPTION
6074 "Implementation of this object is optional."
6075 ::= { cSecureConnectionCompliances 1 }
6077 cSecureConnectionGroup OBJECT-GROUP
6078 OBJECTS {
6079 cSecConTableCount,
6080 cSecConTableLastChanged,
6081 cSecConTableID,
6082 cSecConType,
6083 cSecConDataPlaneID,
6084 cSecConDirection,
6085 cSecConKeyReference,
6086 cSecConCryptographicSuite,
6087 cSecConEstablishmentTime,
6088 cSecConStatus,
6089 cSecConRowStatus
6090 }
6091 STATUS current
6092 DESCRIPTION
6093 "This group is composed of objects related to secure
6094 connection information."
6095 ::= { cSecureConnectionGroups 1 }
6097 cSecureConnectionNotifyGroup NOTIFICATION-GROUP
6098 NOTIFICATIONS {
6099 cSecConnectionEstablished,
6100 cSecConnectionDeleted
6101 }
6102 STATUS current
6103 DESCRIPTION
6104 "This group is composed of notifications related to secure
6105 connection information."
6106 ::= { cSecureConnectionGroups 2 }
6108 END
6110 6. IANA Considerations
6112 7. Security Considerations
6114 SNMP versions prior to SNMPv3 did not include adequate security.
6115 Even if the network itself is secure (for example by using IPsec),
6116 there is no control as to who on the secure network is allowed to
6117 access and GET/SET (read/change/create/delete) the objects in this
6118 MIB module.
6120 Implementations SHOULD provide the security features described by the
6121 SNMPv3 framework (see [RFC3410]), and implementations claiming
6122 compliance to the SNMPv3 standard MUST include full support for
6123 authentication and privacy via the User-based Security Model (USM)
6124 [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations
6125 MAY also provide support for the Transport Security Model (TSM)
6126 [RFC5591] in combination with a secure transport such as SSH
6127 [RFC5592] or TLS/DTLS {RFC6353}.
6129 Further, deployment of SNMP versions prior to SNMPv3 is NOT
6130 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
6131 enable cryptographic security. It is then a customer/operator
6132 responsibility to ensure that the SNMP entity giving access to an
6133 instance of this MIB module is properly configured to give access to
6134 the objects only to those principals (users) that have legitimate
6135 rights to indeed GET or SET (change/create/delete) them.
6137 8. References
6139 8.1. Normative References
6141 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
6142 Requirement Levels", BCP 14, RFC 2119,
6143 DOI 10.17487/RFC2119, March 1997,
6144 .
6146 [RFC2571] Wijnen, B., Harrington, D., and R. Presuhn, "An
6147 Architecture for Describing SNMP Management Frameworks",
6148 RFC 2571, DOI 10.17487/RFC2571, April 1999,
6149 .
6151 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J.
6152 Schoenwaelder, Ed., "Structure of Management Information
6153 Version 2 (SMIv2)", STD 58, RFC 2578,
6154 DOI 10.17487/RFC2578, April 1999,
6155 .
6157 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J.
6158 Schoenwaelder, Ed., "Textual Conventions for SMIv2",
6159 STD 58, RFC 2579, DOI 10.17487/RFC2579, April 1999,
6160 .
6162 [RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J.
6163 Schoenwaelder, Ed., "Conformance Statements for SMIv2",
6164 STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999,
6165 .
6167 [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model
6168 (USM) for version 3 of the Simple Network Management
6169 Protocol (SNMPv3)", STD 62, RFC 3414,
6170 DOI 10.17487/RFC3414, December 2002,
6171 .
6173 [RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The
6174 Advanced Encryption Standard (AES) Cipher Algorithm in the
6175 SNMP User-based Security Model", RFC 3826,
6176 DOI 10.17487/RFC3826, June 2004,
6177 .
6179 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
6180 (TLS) Protocol Version 1.2", RFC 5246,
6181 DOI 10.17487/RFC5246, August 2008,
6182 .
6184 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
6185 Housley, R., and W. Polk, "Internet X.509 Public Key
6186 Infrastructure Certificate and Certificate Revocation List
6187 (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
6188 .
6190 [RFC5591] Harrington, D. and W. Hardaker, "Transport Security Model
6191 for the Simple Network Management Protocol (SNMP)",
6192 STD 78, RFC 5591, DOI 10.17487/RFC5591, June 2009,
6193 .
6195 [RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure
6196 Shell Transport Model for the Simple Network Management
6197 Protocol (SNMP)", RFC 5592, DOI 10.17487/RFC5592, June
6198 2009, .
6200 [RFC5914] Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor
6201 Format", RFC 5914, DOI 10.17487/RFC5914, June 2010,
6202 .
6204 [RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric
6205 Key Container (PSKC)", RFC 6030, DOI 10.17487/RFC6030,
6206 October 2010, .
6208 [RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport
6209 Model for the Simple Network Management Protocol (SNMP)",
6210 STD 78, RFC 6353, DOI 10.17487/RFC6353, July 2011,
6211 .
6213 8.2. Informative References
6215 [RFC1213] McCloghrie, K. and M. Rose, "Management Information Base
6216 for Network Management of TCP/IP-based internets: MIB-II",
6217 STD 17, RFC 1213, DOI 10.17487/RFC1213, March 1991,
6218 .
6220 [RFC1907] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser,
6221 "Management Information Base for Version 2 of the Simple
6222 Network Management Protocol (SNMPv2)", RFC 1907,
6223 DOI 10.17487/RFC1907, January 1996,
6224 .
6226 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart,
6227 "Introduction and Applicability Statements for Internet-
6228 Standard Management Framework", RFC 3410,
6229 DOI 10.17487/RFC3410, December 2002,
6230 .
6232 [RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)",
6233 RFC 4303, DOI 10.17487/RFC4303, December 2005,
6234 .
6236 [RFC5225] Pelletier, G. and K. Sandlund, "RObust Header Compression
6237 Version 2 (ROHCv2): Profiles for RTP, UDP, IP, ESP and
6238 UDP-Lite", RFC 5225, DOI 10.17487/RFC5225, April 2008,
6239 .
6241 Authors' Addresses
6243 Shadi Azoum
6244 SPAWAR Systems Center Pacific
6246 Email: shadi.azoum@navy.mil
6247 Elliott Jones
6248 SPAWAR Systems Center Pacific
6250 Email: elliott.jones@navy.mil
6252 Lily Sun
6253 SPAWAR Systems Center Pacific
6255 Email: lily.sun@navy.mil
6257 Mike Irani
6258 Nathan Kunes, Inc.
6260 Email: irani@nkiengineering.com
6262 Jeffrey Sun
6263 Nathan Kunes, Inc.
6265 Email: sunjeff@nkiengineering.com
6267 Ray Purvis
6268 The MITRE Corporation
6270 Email: rpurvis@mitre.org
6272 Sean Turner
6273 sn3rd
6275 Email: sean@sn3rd.com