805 lines
31 KiB
Plaintext
805 lines
31 KiB
Plaintext
-- *********************************************************************
|
|
-- IEEE8021-DEVID-MIB
|
|
--
|
|
-- Managed object definitions for IEEE 802.1AR Secure Device Identity
|
|
-- *********************************************************************
|
|
|
|
IEEE8021-DEVID-MIB
|
|
DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE,
|
|
Unsigned32,
|
|
Counter32
|
|
FROM SNMPv2-SMI
|
|
TruthValue,
|
|
TEXTUAL-CONVENTION
|
|
FROM SNMPv2-TC
|
|
SnmpAdminString
|
|
FROM SNMP-FRAMEWORK-MIB
|
|
MODULE-COMPLIANCE,
|
|
OBJECT-GROUP
|
|
FROM SNMPv2-CONF
|
|
PhysicalIndex, entPhysicalIndex
|
|
FROM ENTITY-MIB;
|
|
|
|
ieee8021DevIDMIB MODULE-IDENTITY
|
|
LAST-UPDATED "201807151904Z"
|
|
ORGANIZATION "IEEE 802.1 Working Group"
|
|
CONTACT-INFO "WG-URL: http://www.ieee802.org/1
|
|
WG-EMail: stds-802-1-L@ieee.org
|
|
|
|
Contact: IEEE 802.1 Working Group Chair
|
|
Postal: C/O IEEE 802.1 Working Group
|
|
IEEE Standards Association
|
|
445 Hoes Lane
|
|
Piscataway
|
|
NJ 08854
|
|
USA
|
|
E-mail: STDS-802-1-L@IEEE.ORG"
|
|
DESCRIPTION
|
|
"The MIB module for managing an IEEE 802.1AR DevID (Secure Device
|
|
Identifier) Module. A DevID comprises: a DevID secret (a private
|
|
key) stored confidentially by the DevID module and accessible only
|
|
through operations provided by the module; a DevID certificate
|
|
containing the corresponding public key and a subject name that
|
|
identifies the device; and a (possibly null) certificate chain. Use
|
|
of the DevID module signing operations allows the device to prove
|
|
possession of the DevID secret, and thus assert its identity in
|
|
authentication protocols. An initial IDevID provided by the
|
|
device supplier can be used directly or can be used to provision
|
|
one or more locally significant LDevIDs that reflect authorization
|
|
decisions by the local network administrator with certificate fields
|
|
that record those decisions.
|
|
An SNMP agent can manage a network element comprising one or
|
|
many devices. They can include component (such as individual line
|
|
cards in a chassis) or aggregate devices (such as the chassis and
|
|
its current complement of cards). In each case a DevID module binds
|
|
DevIDs secrets and certificates to the device whose identity they can be
|
|
used to assert: they remain attached to a component device if it is
|
|
removed from the network element, and are not retained by the SNMP
|
|
agent. The entPhysicalIndex defined by the ENTITY-MIB identifies each
|
|
device managed by the agent and is used to index tables of managed
|
|
objects for each device with a DevID module, so ENTITY-MIB objects are
|
|
correlated with and can supplement DevID information cryptographically
|
|
bound to the device.
|
|
The initial version of this ieee8021DevIDMIB used the object name
|
|
prefix 'devID' rather than 'ieee8021DevI' as recommended by
|
|
RFC 4181. The 'devID' prefix has been retained for backwards
|
|
compatibility and internal consistency."
|
|
REVISION "201807151904Z"
|
|
DESCRIPTION
|
|
"Published as part of IEEE Std 802.1AR-2018"
|
|
REVISION "200906250000Z"
|
|
DESCRIPTION
|
|
"Published as part of IEEE Std 802.1AR-2009"
|
|
|
|
::= { iso (1) iso-identified-organization (3) ieee (111)
|
|
standards-association-numbered-series-standards (2)
|
|
lan-man-stds (802) ieee802dot1(1) ieee802dot1mibs(1) 17 }
|
|
|
|
devIDMIBNotifications OBJECT IDENTIFIER ::= { ieee8021DevIDMIB 0 }
|
|
-- unused (historic)
|
|
|
|
devIDMIBObjects OBJECT IDENTIFIER ::= { ieee8021DevIDMIB 1 }
|
|
|
|
devIDMIBConformance OBJECT IDENTIFIER ::= { ieee8021DevIDMIB 2 }
|
|
|
|
--
|
|
-- Textual Conventions - current
|
|
--
|
|
DevIDFingerprint ::= TEXTUAL-CONVENTION
|
|
DISPLAY-HINT "1x:1x"
|
|
STATUS current
|
|
DESCRIPTION "A Named Information identifier (RFC 6920) comprising a
|
|
single octet (an IANA (iana.org) Named Information Hash Algorithm
|
|
Registry value) followed by the result of applying that identified
|
|
(possibly truncated) hash function to the arbitrary long octet
|
|
string to be fingerprinted. The fingerprint size (including the
|
|
initial identifier) is limited to 49 octets to meet the SNMP oid
|
|
size constraints when used as an INDEX while allowing the use of
|
|
sha3-384, but sha-256-32 or sha-256-64 (5 or 9 octets total) is
|
|
recommended with checking of full, not fingerprint, values in
|
|
sensitive applications. This TEXTUAL-CONVENTION allows a zero-length
|
|
value where the fingerprint value is optional. MIB definitions or
|
|
implementations may refuse to accept a zero-length value."
|
|
SYNTAX OCTET STRING (SIZE (0 .. 49))
|
|
--
|
|
-- DevID Management Objects
|
|
--
|
|
devIDGlobalMIBObjects OBJECT IDENTIFIER ::= { devIDMIBObjects 1 }
|
|
-- unused (historic)
|
|
|
|
devIDMgmtMIBObjects OBJECT IDENTIFIER ::= { devIDMIBObjects 2 }
|
|
|
|
devIDStatsMIBObjects OBJECT IDENTIFIER ::= { devIDMIBObjects 3 }
|
|
-- unused (historic)
|
|
--
|
|
-- devIDMgmtMIBObjects - tables with current objects
|
|
--
|
|
devIDModuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DevIDModuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of DevID module capabilities, which can differ for devices
|
|
managed by the same SNMP agent."
|
|
REFERENCE "IEEE 802.1AR 7.3, 10.2, 10.3"
|
|
::= { devIDMgmtMIBObjects 6 }
|
|
|
|
devIDModuleEntry OBJECT-TYPE
|
|
SYNTAX DevIDModuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "DevID module capabilities, indexed by the ENTITY MIB's
|
|
entPhysicalIndex."
|
|
INDEX { entPhysicalIndex }
|
|
::= { devIDModuleTable 1 }
|
|
|
|
DevIDModuleEntry ::= SEQUENCE {
|
|
devIDModuleSupportsLDevIDs TruthValue,
|
|
devIDModuleGeneratesLDevIDKeys TruthValue,
|
|
devIDModuleInsertsLDevIDKeys TruthValue
|
|
}
|
|
|
|
devIDModuleSupportsLDevIDs OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "True if the module supports the mandatory operations
|
|
for LDevIDs."
|
|
REFERENCE "IEEE 802.1AR 7.2(k)-(n)."
|
|
::= { devIDModuleEntry 1}
|
|
|
|
devIDModuleGeneratesLDevIDKeys OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "True if the module supports LDevID key generation."
|
|
REFERENCE "IEEE 802.1AR 7.2(h), 7.2(j), 7.2.8, 7.2.10."
|
|
::= { devIDModuleEntry 2}
|
|
|
|
devIDModuleInsertsLDevIDKeys OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "True if the module supports LDevID key insertion."
|
|
REFERENCE "IEEE 802.1AR 7.2(i), 7.2(j), 7.2.9, 7.2.10, 7.3."
|
|
::= { devIDModuleEntry 3}
|
|
--
|
|
devIDCertTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DevIDCertEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "A table of DevID certificates, indexed by
|
|
entPhysicalIndex (identifying the DevID module to which the
|
|
certificate belongs) and the certificate's fingerprint."
|
|
REFERENCE "IEEE 802.1AR Clause 6, 6.2, 7.2.2, 7.2.3, 7.2.6, 7.2.7,
|
|
7.2.11, 7.2.13, 7.3."
|
|
::= { devIDMgmtMIBObjects 7 }
|
|
|
|
devIDCertEntry OBJECT-TYPE
|
|
SYNTAX DevIDCertEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "DevID certificate objects, indexed by entPhysicalIndex
|
|
and its devIDCertFingerprint."
|
|
INDEX { entPhysicalIndex, devIDCertFingerprint }
|
|
::= { devIDCertTable 1}
|
|
|
|
DevIDCertEntry ::= SEQUENCE {
|
|
devIDCertFingerprint DevIDFingerprint,
|
|
devIDCertPublicKeyInfoFprint DevIDFingerprint,
|
|
devIDCertIDevID TruthValue,
|
|
devIDCertKeyEnabled TruthValue,
|
|
devIDCertEnabled TruthValue,
|
|
devIDCert OCTET STRING
|
|
}
|
|
|
|
devIDCertFingerprint OBJECT-TYPE
|
|
SYNTAX DevIDFingerprint
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "A fingerprint of the DevID certificate, identifying the
|
|
fingerprinting hash."
|
|
REFERENCE "IEEE 802.1AR 10.3"
|
|
::= { devIDCertEntry 1}
|
|
|
|
devIDCertPublicKeyInfoFprint OBJECT-TYPE
|
|
SYNTAX DevIDFingerprint
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "A fingerprint of the DevID certificate's
|
|
subjectPublicKeyInfo field, identifying the fingerprinting hash."
|
|
REFERENCE "IEEE 802.1AR 10.3"
|
|
::= { devIDCertEntry 2}
|
|
|
|
devIDCertIDevID OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "True if this is an IDevID Certificate."
|
|
REFERENCE "IEEE 802.1AR Clause 6, 6.2, 7.3."
|
|
::= { devIDCertEntry 3}
|
|
|
|
devIDCertKeyEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "True if use of the DevID Secret for this certificate is
|
|
enabled, allowing its use."
|
|
REFERENCE "IEEE 802.1AR 7.2.7, 7.3"
|
|
::= { devIDCertEntry 4}
|
|
|
|
devIDCertEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "True if the certificate can be used."
|
|
REFERENCE "IEEE 802.1AR 7.2.6"
|
|
::= { devIDCertEntry 5}
|
|
|
|
devIDCert OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "The X.509 DevID certificate."
|
|
REFERENCE "IEEE 802.1AR 6.2, 7.3, Clause 8"
|
|
::= { devIDCertEntry 6}
|
|
--
|
|
devIDChainTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DevIDChainEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "A table of DevID intermediate certificates, indexed by
|
|
entPhysicalIndex (identifying the DevID module),
|
|
devIDCertFingerprint (identifying the DevID certificate), and
|
|
devIDChainCertIndex (identifying the certificate's position in
|
|
the certificate chain, upwards from the DevID certificate)."
|
|
REFERENCE "IEEE 802.1AR 10.3, 6.3, 7.2.3."
|
|
::= { devIDMgmtMIBObjects 8 }
|
|
|
|
devIDChainEntry OBJECT-TYPE
|
|
SYNTAX DevIDChainEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "DevID intermediate certificate objects, indexed by
|
|
entPhysicalIndex, DevID certificate fingerprint, and the
|
|
certificate's position in the certificate chain."
|
|
INDEX { entPhysicalIndex, devIDCertFingerprint,
|
|
devIDChainCertIndex }
|
|
::= { devIDChainTable 1}
|
|
|
|
DevIDChainEntry ::= SEQUENCE {
|
|
devIDChainCertIndex Unsigned32,
|
|
devIDChainCertFingerprint DevIDFingerprint,
|
|
devIDChainCert OCTET STRING
|
|
}
|
|
|
|
devIDChainCertIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "The position of this intermediate certificate in the
|
|
certificate chain."
|
|
REFERENCE "IEEE 802.1AR 10.3."
|
|
::= { devIDChainEntry 1}
|
|
|
|
devIDChainCertFingerprint OBJECT-TYPE
|
|
SYNTAX DevIDFingerprint
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "A fingerprint of the intermediate certificate, identifying the
|
|
fingerprinting hash."
|
|
REFERENCE "IEEE 802.1AR 10.3."
|
|
::= { devIDChainEntry 2}
|
|
|
|
devIDChainCert OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "The X.509 intermediate certificate in a certificate chain."
|
|
REFERENCE "IEEE 802.1AR 6.3, 7.3, Clause 8."
|
|
::= { devIDChainEntry 3}
|
|
--
|
|
devIDStatisticsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DevIDStatisticsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "Counts of selected operations for each DevID module."
|
|
REFERENCE "IEEE 802.1AR 7.3."
|
|
::= { devIDMgmtMIBObjects 5 }
|
|
|
|
devIDStatisticsEntry OBJECT-TYPE
|
|
SYNTAX DevIDStatisticsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "Counts of selected operations for a DevID module."
|
|
INDEX { entPhysicalIndex }
|
|
::= { devIDStatisticsTable 1 }
|
|
|
|
DevIDStatisticsEntry ::= SEQUENCE {
|
|
devIDStatisticKeyGenerationCount Counter32,
|
|
devIDStatisticKeyInsertionCount Counter32,
|
|
devIDStatisticKeyDeletionCount Counter32,
|
|
devIDStatisticCSRGenerationCount Counter32,
|
|
devIDStatisticCredentialInsertionCount Counter32,
|
|
devIDStatisticCredentialDeletionCount Counter32,
|
|
devIDStatisticCertInsertionCount Counter32,
|
|
devIDStatisticCertDeletionCount Counter32
|
|
}
|
|
|
|
devIDStatisticKeyGenerationCount OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "The number of LDevID key pairs generated by the
|
|
module. Discontinuities at system restart and counter rollover."
|
|
REFERENCE "IEEE 802.1AR 7.2.8, 7.3."
|
|
::= { devIDStatisticsEntry 1 }
|
|
|
|
devIDStatisticKeyInsertionCount OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "The number of LDevID key pairs inserted into the module.
|
|
Discontinuities occur at system restart and counter rollover."
|
|
REFERENCE "IEEE 802.1AR 7.2.9, 7.3."
|
|
::= { devIDStatisticsEntry 2 }
|
|
|
|
devIDStatisticKeyDeletionCount OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "The number of LDevID key pairs deleted by the module.
|
|
Discontinuities occur at system restart and counter rollover."
|
|
REFERENCE "IEEE 802.1AR 7.2.10, 7.3."
|
|
::= { devIDStatisticsEntry 3 }
|
|
|
|
devIDStatisticCSRGenerationCount OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS deprecated
|
|
DESCRIPTION "The number of Certificate Signing Requests (CSR,
|
|
RFC2986) generated by the module. Discontinuities occur at system
|
|
restart and counter rollover. Deprecated: the module does not
|
|
necessarily have all the information to generate a meaningful CSR,
|
|
and key and certificate insertion is not tied to prior CSR
|
|
generation. If required the signing operation can generate a CSR
|
|
though this is not required for LDevID insertion."
|
|
REFERENCE "IEEE 802.1AR-2009 6.4, and 6.3.11"
|
|
::= { devIDStatisticsEntry 4 }
|
|
|
|
devIDStatisticCredentialInsertionCount OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION "The number of LDevID credential insertions.
|
|
Discontinuities occur at system restart and counter rollover."
|
|
REFERENCE "IEEE 802.1AR-2009 6.4, and 6.3.12."
|
|
::= { devIDStatisticsEntry 5 }
|
|
|
|
devIDStatisticCredentialDeletionCount OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION "The number of LDevID credential deletions.
|
|
Discontinuities occur at system restart and counter rollover."
|
|
REFERENCE "IEEE 802.1AR-2009 6.4, and 6.3.14."
|
|
::= { devIDStatisticsEntry 6 }
|
|
|
|
devIDStatisticCertInsertionCount OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "The number of LDevID certificate insertions.
|
|
Discontinuities occur at system restart and counter rollover."
|
|
REFERENCE "IEEE 802.1AR 7.2.11, 7.3."
|
|
::= { devIDStatisticsEntry 7 }
|
|
|
|
devIDStatisticCertDeletionCount OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This number of LDevID certificate deletions.
|
|
Discontinuities occur at system restart and counter rollover."
|
|
REFERENCE "IEEE 802.1AR 7.2.13."
|
|
::= { devIDStatisticsEntry 8 }
|
|
--
|
|
-- devIDMIBConformance - current
|
|
--
|
|
devIDMIBCompliances OBJECT IDENTIFIER
|
|
::= { devIDMIBConformance 1 }
|
|
|
|
devIDMIBGroups OBJECT IDENTIFIER
|
|
::= { devIDMIBConformance 2 }
|
|
|
|
devIDMIBModuleCompliance2 MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION "Module Compliance for DevID MIB-2018."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
devIDMIBModuleGroup,
|
|
devIDMIBCertificateGroup,
|
|
devIDMIBAuditGroup
|
|
}
|
|
::= { devIDMIBCompliances 2 }
|
|
|
|
|
|
devIDMIBModuleGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
devIDModuleSupportsLDevIDs,
|
|
devIDModuleGeneratesLDevIDKeys,
|
|
devIDModuleInsertsLDevIDKeys
|
|
}
|
|
STATUS current
|
|
DESCRIPTION "DevID MIB objects describing module capabilities."
|
|
::= { devIDMIBGroups 2 }
|
|
|
|
devIDMIBCertificateGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
devIDCertPublicKeyInfoFprint,
|
|
devIDCertIDevID,
|
|
devIDCertKeyEnabled,
|
|
devIDCertEnabled,
|
|
devIDCert,
|
|
devIDChainCertFingerprint,
|
|
devIDChainCert
|
|
}
|
|
STATUS current
|
|
DESCRIPTION "DevID MIB objects for DevID public key,
|
|
certificate, and certificate chain inventory operations."
|
|
::= { devIDMIBGroups 3 }
|
|
|
|
devIDMIBAuditGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
devIDStatisticKeyGenerationCount,
|
|
devIDStatisticKeyInsertionCount,
|
|
devIDStatisticKeyDeletionCount,
|
|
devIDStatisticCertInsertionCount,
|
|
devIDStatisticCertDeletionCount
|
|
}
|
|
STATUS current
|
|
DESCRIPTION "DevID MIB objects supporting DevID operation auditing."
|
|
::= { devIDMIBGroups 4 }
|
|
--**********************************************************************
|
|
-- Textual Conventions - obsolete
|
|
--
|
|
DevIDErrorStatus ::= TEXTUAL-CONVENTION
|
|
STATUS obsolete
|
|
DESCRIPTION "The error state of a DevID operation."
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
internalError(2)
|
|
}
|
|
|
|
DevIDAlgorithmIdentifier::= TEXTUAL-CONVENTION
|
|
STATUS obsolete
|
|
DESCRIPTION "The algorithm type for the public key."
|
|
SYNTAX INTEGER {
|
|
rsaEncryption(1),
|
|
idecPublicKey(2)
|
|
}
|
|
--
|
|
-- devIDMgmtMIBObjects - obsolete tables and individual objects
|
|
--
|
|
devIDPublicKeyCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"The total number of DevID public keys installed in the module.
|
|
Obsolete: the number of currently installed keys is the number of
|
|
DevIDCertEntry's with the module's entPhysicalIndex and distinct
|
|
devIDCertPublicKeyInfoFprint values, the maximum number can be an
|
|
implementation dependent function of the keys' signature suites and
|
|
the storage occupied by certificates and certificate chains."
|
|
REFERENCE "IEEE 802.1AR-2009 6.4, and 6.3.2"
|
|
::= { devIDMgmtMIBObjects 1 }
|
|
--
|
|
devIDPublicKeyTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DevIDPublicKeyEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"A table containing the public key, the keys keyIndex, a value
|
|
indicating if the key is enabled. This allows the administrator
|
|
to determine the DevID keys installed in the DevID module. The
|
|
maximum number of entries in this table is limited by the value
|
|
of devIDPublicKeyCount.
|
|
Obsolete: the public keys that have been installed and may be
|
|
used can be obtained from the subjectPublicKeyInfo field in each of
|
|
the DevIDCertEntry's devIDCert object."
|
|
REFERENCE "IEEE 802.1AR-2009 6.4, and 6.3.2"
|
|
::= { devIDMgmtMIBObjects 2 }
|
|
|
|
devIDPublicKeyEntry OBJECT-TYPE
|
|
SYNTAX DevIDPublicKeyEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"An entry containing DevID public key, the keys keyIndex, a value
|
|
indicating if the key is enabled.
|
|
Obsolete: the public keys that have been installed and may be
|
|
used can be obtained from the subjectPublicKeyInfo field in each of
|
|
the DevIDCertEntry's devIDCert object. The table entry indexing did
|
|
not support multiple key pairs per entPhysicalIndex."
|
|
INDEX { entPhysicalIndex }
|
|
::= { devIDPublicKeyTable 1 }
|
|
|
|
DevIDPublicKeyEntry ::= SEQUENCE {
|
|
devIDPublicKeyIndex Unsigned32,
|
|
devIDPublicKeyEnabled TruthValue,
|
|
devIDPublicKeyAlgorithm DevIDAlgorithmIdentifier,
|
|
devIDPublicKeyPubkeySHA1Hash SnmpAdminString,
|
|
devIDPublicKeyErrStatus DevIDErrorStatus
|
|
}
|
|
|
|
devIDPublicKeyIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..4294967295 )
|
|
MAX-ACCESS not-accessible
|
|
STATUS obsolete
|
|
DESCRIPTION "All keys are indexed internally with this object. The
|
|
value of this object is within 0..devIDPublicKeyCount. This is the
|
|
keyIndex and operations on keys will use the keyIndex to address a
|
|
specific key. The IDevID key shall only be at index 0. Any error
|
|
retrieving a key will be displayed in devIDPublicKeyErrStatus.
|
|
Obsolete: the potential indexes are close packed forcing index
|
|
reuse not under the agents control so reading the index from the
|
|
devIDCredentialTable and then using it with this object may not
|
|
retrieve the intended key."
|
|
REFERENCE "IEEE 802.1AR-2009 6.4, and 6.3.2"
|
|
::= { devIDPublicKeyEntry 1 }
|
|
|
|
devIDPublicKeyEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS obsolete
|
|
DESCRIPTION "The enable/disable state of this public key. This
|
|
setting persists across restarts. Obsolete with table."
|
|
REFERENCE "IEEE 802.1AR-2009 6.4, and 6.3.2"
|
|
::= { devIDPublicKeyEntry 2 }
|
|
|
|
devIDPublicKeyAlgorithm OBJECT-TYPE
|
|
SYNTAX DevIDAlgorithmIdentifier
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"The DevID PublicKey Algorithm field shall indicate the public key
|
|
algorithm identifier. This object identifies the public key
|
|
algorithm as either rsaEncryption or idecPublicKey.
|
|
Obsolete along with table. The AlgorithmIdentifier is not
|
|
necessarily a complete description of the signature suite
|
|
(parameters in subjectPublicKeyInfo may also be required), full
|
|
information is in the devIDCert in the devIDCertTable using X.509
|
|
OIDs so avoiding generating new OIDs for this MIB and removing the
|
|
need for future MIB updates as new signature suites are added."
|
|
REFERENCE
|
|
"IEEE 802.1AR-2009 6.4, 6.3.2 and 7.2.9"
|
|
::= { devIDPublicKeyEntry 3 }
|
|
|
|
devIDPublicKeyPubkeySHA1Hash OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION "The SHA1 Hash of this DevID public key.
|
|
Obsolete with table. DevIDFingerprint used in new table objects
|
|
to provided allow hash flexibility without MIB update."
|
|
REFERENCE
|
|
"IEEE 802.1AR-2009 6.4, 6.3.2 and 7.2.9"
|
|
::= { devIDPublicKeyEntry 4 }
|
|
|
|
devIDPublicKeyErrStatus OBJECT-TYPE
|
|
SYNTAX DevIDErrorStatus
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION "Displays the status of an operation on the public key.
|
|
The default value is none which means no error, indicating a
|
|
successful operation. Obsolete: DevID module service interface
|
|
operations are not visible in this MIB so this object provides no
|
|
clue as to what has failed and does not specify whether it is
|
|
cleared by subsequent successful operations. If keys or certs are
|
|
unusable they should not be visible to SNMP or appear not enabled. In
|
|
both cases this read-only MIB cannot diagnose or repair. SNMP
|
|
operations already have their own error codes."
|
|
REFERENCE "IEEE 802.1AR-2009 6.4, and 6.3.2"
|
|
DEFVAL { none }
|
|
::= { devIDPublicKeyEntry 5 }
|
|
--
|
|
devIDCredentialCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION "This gives the total number of DevID credentials
|
|
installed in the DevID module. Obsolete: Object is not indexed by
|
|
entPhysicalIndex so is not a per module count if the agent is
|
|
managing multiple devices. Changes as component devices are added
|
|
or removed are not meaningful without other information. Per module
|
|
counts can be obtained by interrogating the devIDCertTable."
|
|
REFERENCE "IEEE 802.1AR-2009 6.4, and 6.3.2"
|
|
::= { devIDMgmtMIBObjects 3 }
|
|
--
|
|
devIDCredentialTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DevIDCredentialEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS obsolete
|
|
DESCRIPTION "A table of current DevID credentials, where for each
|
|
certificate the following are indicated: sha1 hash of the
|
|
certificate, section7 defined fields of cert serial number, issuer,
|
|
subject, HardwareModuleName, and public key.
|
|
Obsolete: the ASN.1 encoding of a certificate is already defined
|
|
elsewhere, there is no need to require a device to decode the
|
|
certificate into a different ASN.1 structure, and picking particular
|
|
field might omit problematic extensions in particular certificates."
|
|
REFERENCE "IEEE 802.1AR-2009 6.4, and 6.3.3"
|
|
::= { devIDMgmtMIBObjects 4 }
|
|
|
|
devIDCredentialEntry OBJECT-TYPE
|
|
SYNTAX DevIDCredentialEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS obsolete
|
|
DESCRIPTION "An entry containing DevID Credential information.
|
|
Obsolete: Table entries are not indexed by entPhysicalIndex."
|
|
INDEX { devIDCredentialIndex }
|
|
::= { devIDCredentialTable 1 }
|
|
|
|
DevIDCredentialEntry ::= SEQUENCE {
|
|
devIDCredentialIndex Unsigned32,
|
|
devIDCredentialEnabled TruthValue,
|
|
devIDCredentialSHA1Hash SnmpAdminString,
|
|
devIDCredentialSerialNumber SnmpAdminString,
|
|
devIDCredentialIssuer SnmpAdminString,
|
|
devIDCredentialSubject SnmpAdminString,
|
|
devIDCredentialSubjectAltName SnmpAdminString,
|
|
devIDCredentialEntityIndex PhysicalIndex,
|
|
devIDCredentialPubkeyIndex Unsigned32,
|
|
devIDCredentialErrStatus DevIDErrorStatus
|
|
}
|
|
|
|
devIDCredentialIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..4294967295 )
|
|
MAX-ACCESS not-accessible
|
|
STATUS obsolete
|
|
DESCRIPTION "All credentials are indexed internally with this
|
|
object. The value of this object is in [0..devIDCredentialCount].
|
|
Operations on credentials will use the credentialIndex to address a
|
|
specific credential. The IDevID credential shall only be at index 0.
|
|
Additional operations on credentials use the credentialIndex to
|
|
address a specific credential.
|
|
Obsolete: The SNP agent does not control or monitor individual
|
|
DevID service operations, an SNMP agent can manage a system that
|
|
comprises multiple devices identified by the ENTITY-MIB and more
|
|
than one of those devices can have a DevID module with an IDevID. "
|
|
REFERENCE "IEEE 802.1AR-2009 6.4, and 6.3.2"
|
|
::= { devIDCredentialEntry 1 }
|
|
|
|
devIDCredentialEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS obsolete
|
|
DESCRIPTION "The enable/disable state of this credential. This
|
|
setting persists across restarts. Obsolete with table."
|
|
REFERENCE "IEEE 802.1AR-2009 6.3.6"
|
|
::= { devIDCredentialEntry 2 }
|
|
|
|
devIDCredentialSHA1Hash OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION "The SHA1 Hash of this DevID credential.
|
|
Obsolete with table."
|
|
REFERENCE "IEEE 802.1AR 7.2.2"
|
|
::= { devIDCredentialEntry 3 }
|
|
|
|
devIDCredentialSerialNumber OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (0..20))
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION "The serial number of the credential.
|
|
Obsolete with table."
|
|
REFERENCE "IEEE 802.1AR-2009 7.2.2"
|
|
::= { devIDCredentialEntry 4 }
|
|
|
|
devIDCredentialIssuer OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION "The issuer field of the credential.
|
|
Obsolete with table."
|
|
REFERENCE "IEEE 802.1AR-2009 7.2.4"
|
|
::= { devIDCredentialEntry 5 }
|
|
|
|
devIDCredentialSubject OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION "The subject field of the credential.
|
|
Obsolete with table."
|
|
REFERENCE "IEEE 802.1AR-2009 7.2.8"
|
|
::= { devIDCredentialEntry 6 }
|
|
|
|
devIDCredentialSubjectAltName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION "The subjectaltname field of the credential.
|
|
Obsolete with table."
|
|
REFERENCE "IEEE 802.1AR-2009 7.2.8"
|
|
::= { devIDCredentialEntry 7 }
|
|
|
|
devIDCredentialEntityIndex OBJECT-TYPE
|
|
SYNTAX PhysicalIndex
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION "This refers to the entPhysicalIndex in entPhysicalTable
|
|
to identify the associated physical entity.
|
|
Obsolete with table."
|
|
REFERENCE "IEEE 802.1AR-2009 6.4"
|
|
::= { devIDCredentialEntry 8 }
|
|
|
|
devIDCredentialPubkeyIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION "Has the appropriate devIDPublicKeyIndex value from
|
|
devIDPublicKeyTable to identify the public key information.
|
|
Obsolete with table."
|
|
REFERENCE "IEEE 802.1AR-2009 7.2.9"
|
|
::= { devIDCredentialEntry 9 }
|
|
|
|
devIDCredentialErrStatus OBJECT-TYPE
|
|
SYNTAX DevIDErrorStatus
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION "The displays the status of an operation on the
|
|
credential. The default value is none which means no error,
|
|
indicating a successful operation.
|
|
Obsolete with table."
|
|
REFERENCE "IEEE 802.1AR-2009 6.4, and 6.3.2"
|
|
DEFVAL { none }
|
|
::= { devIDCredentialEntry 10 }
|
|
--
|
|
-- devIDMIBConformance - obsolete
|
|
--
|
|
devIDMIBModuleCompliance MODULE-COMPLIANCE
|
|
STATUS obsolete
|
|
DESCRIPTION "Module Compliance for DevID MIB-2009."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
devIDMIBObjectGroup
|
|
}
|
|
::= { devIDMIBCompliances 1 }
|
|
--
|
|
devIDMIBObjectGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
devIDPublicKeyCount,
|
|
devIDPublicKeyEnabled,
|
|
devIDPublicKeyAlgorithm,
|
|
devIDPublicKeyPubkeySHA1Hash,
|
|
devIDPublicKeyErrStatus,
|
|
devIDCredentialCount,
|
|
devIDCredentialEnabled,
|
|
devIDCredentialSHA1Hash,
|
|
devIDCredentialSerialNumber,
|
|
devIDCredentialIssuer,
|
|
devIDCredentialSubject,
|
|
devIDCredentialSubjectAltName,
|
|
devIDCredentialEntityIndex,
|
|
devIDCredentialPubkeyIndex,
|
|
devIDCredentialErrStatus,
|
|
devIDStatisticKeyGenerationCount,
|
|
devIDStatisticKeyInsertionCount,
|
|
devIDStatisticKeyDeletionCount,
|
|
devIDStatisticCSRGenerationCount,
|
|
devIDStatisticCredentialInsertionCount,
|
|
devIDStatisticCredentialDeletionCount
|
|
}
|
|
STATUS obsolete
|
|
DESCRIPTION "A collection of objects providing public key
|
|
manageability, credential manageability and stats."
|
|
::= { devIDMIBGroups 1 }
|
|
|
|
--**********************************************************************
|
|
END
|