585 lines
22 KiB
Plaintext
585 lines
22 KiB
Plaintext
-- *****************************
|
|
-- * *
|
|
-- * ONEOS MIB *
|
|
-- * *
|
|
-- *****************************
|
|
--
|
|
-- ONEOS_MIB_STD_V05.2.R001_E001
|
|
--
|
|
-- Creation date : 15/04/2014
|
|
|
|
ONEACCESS-GDOI-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-COMPLIANCE,
|
|
NOTIFICATION-GROUP,
|
|
OBJECT-GROUP
|
|
FROM SNMPv2-CONF
|
|
MODULE-IDENTITY,
|
|
NOTIFICATION-TYPE,
|
|
OBJECT-TYPE,
|
|
Counter32,
|
|
Unsigned32
|
|
FROM SNMPv2-SMI
|
|
TEXTUAL-CONVENTION,
|
|
DisplayString
|
|
FROM SNMPv2-TC
|
|
oacExpIMManagement
|
|
FROM ONEACCESS-GLOBAL-REG;
|
|
|
|
|
|
-- ------------------------------------------------------------------ --
|
|
-- GDOI MIB Module Identity
|
|
-- ------------------------------------------------------------------ --
|
|
|
|
oacExpIMGdoiMIB MODULE-IDENTITY
|
|
LAST-UPDATED "1404151200Z"
|
|
ORGANIZATION "ONE ACCESS"
|
|
CONTACT-INFO
|
|
"Pascal KESTELOOT
|
|
Postal: ONE ACCESS
|
|
92140 Clamart, France
|
|
FRANCE
|
|
|
|
Tel: (+33) 01 41 87 70 54
|
|
Fax: (+33) 01 41 87 74 39
|
|
|
|
E-mail: pascal.kesteloot@oneaccess-net.com"
|
|
|
|
DESCRIPTION
|
|
"This MIB module defines objects for managing the GDOI protocol"
|
|
::= { oacExpIMManagement 1224 }
|
|
|
|
-- ------------------------------------------------------------------ --
|
|
-- GDOI MIB Textual Conventions
|
|
-- ------------------------------------------------------------------ --
|
|
OacGdoiIdentificationType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A textual convention indicating the type of value used to
|
|
identify a GDOI entity (i.e. Group, or Group Member).
|
|
|
|
Following are the Identification Type Values:
|
|
|
|
ID Type Value
|
|
------- -----
|
|
ID_KEY_ID 1 -- groupNumber
|
|
ID_IPV4_ADDR 2 -- ipv4Address
|
|
|
|
Following are the mappings to the type values above:
|
|
|
|
'keyID' : group number key identifier.
|
|
'ipv4' : IPv4 address."
|
|
|
|
REFERENCE
|
|
"IANA ISAKMP Registry - 'Magic Numbers' for ISAKMP Protocol
|
|
Section: IPSEC Identification Type
|
|
http://www.iana.org/assignments/isakmp-registry"
|
|
|
|
SYNTAX INTEGER {
|
|
keyID(1),
|
|
ipv4(2)
|
|
}
|
|
|
|
OacGdoiIdentificationValue ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A textual convention indicating the actual value of used to
|
|
identify a GDOI entity (i.e. Group or Group Member).
|
|
The value of the oacGdoiIdentificationValue object can
|
|
be parsed based on the value of the associated
|
|
oacGdoiIdentificationType object"
|
|
|
|
REFERENCE
|
|
"IANA ISAKMP Registry - 'Magic Numbers' for ISAKMP Protocol
|
|
Section: IPSEC Identification Type
|
|
http://www.iana.org/assignments/isakmp-registry"
|
|
|
|
|
|
SYNTAX OCTET STRING (SIZE (0..16))
|
|
|
|
OacGdoiSPI ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A textual convention indicating a SPI (Security Parameter Index)"
|
|
REFERENCE "RFC 3547 - Section: 5.3. SA KEK Payload"
|
|
SYNTAX OCTET STRING (SIZE (32))
|
|
|
|
OacGdoiKEKEncryptionAlgorithm ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A textual convention indicating the identifier of the
|
|
KEK encryption algorithm being used"
|
|
|
|
|
|
REFERENCE
|
|
"IANA IKEv2 Parameters
|
|
Section: Encryption Algorithm Transform IDs
|
|
http://www.iana.org/assignments/ikev2-parameters
|
|
|
|
IANA 'Magic Numbers' for ISAMP Protocol
|
|
Section: IPSEC ESP Transform Identifiers
|
|
http://www.iana.org/assignments/isakmp-registry
|
|
|
|
RFC 2407 - Section: 4.4.4. IPSEC ESP Transform Identifiers
|
|
RFC 3547 - Section: 5.3.3. KEK_ALGORITHM
|
|
RFC 4306 - Section: 3.3.2. Transform Substructure
|
|
RFC 4106, 4309, 4543, 5282, 5529"
|
|
SYNTAX INTEGER {
|
|
enc-des(1),
|
|
enc-3des(2),
|
|
enc-aes(3)
|
|
}
|
|
|
|
|
|
OacGdoiHashAlogrithm ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A textual convention indicating the identifier of the
|
|
hash algorithm being used."
|
|
|
|
|
|
REFERENCE
|
|
"IANA IKEv2 Parameters
|
|
Section: Pseudo-random Function Transform IDs
|
|
http://www.iana.org/assignments/ikev2-parameters
|
|
|
|
RFC 3547 - Section: 5.3.6. SIG_HASH_ALGORITHM
|
|
RFC 4306 - Section: 3.3.2. Transform Substructure
|
|
RFC 4615, 4868"
|
|
SYNTAX INTEGER {
|
|
md5(1),
|
|
sha1(2)
|
|
}
|
|
|
|
OacGdoiSignatureMethod ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A textual convention indicating the identifier of the
|
|
integirty algorithm being used"
|
|
|
|
|
|
REFERENCE
|
|
"IANA IKEv2 Parameters
|
|
Section: Integrity Algorithm Transform IDs
|
|
http://www.iana.org/assignments/ikev2-parameters
|
|
|
|
RFC 2407 - Section: 4.5. IPSEC Security Assoc. Attributes
|
|
RFC 3547 - Section: 5.3.6. SIG_HASH_ALGORITHM
|
|
RFC 4306 - Section: 3.3.2. Transform Substructure
|
|
RFC 4494, 4543, 4595, 4868"
|
|
SYNTAX INTEGER {
|
|
rsa(1),
|
|
dss(2),
|
|
ecdss(3)
|
|
}
|
|
|
|
|
|
|
|
-- ------------------------------------------------------------------ --
|
|
-- GDOI MIB Groups
|
|
-- ------------------------------------------------------------------ --
|
|
oacGdoiMIBObjects OBJECT IDENTIFIER
|
|
::= { oacExpIMGdoiMIB 1 }
|
|
|
|
-- ------------------------------------------------------------------ --
|
|
-- GDOI MIB Management Objects
|
|
-- ------------------------------------------------------------------ --
|
|
--
|
|
-- *---------------------------------------------------------------- --
|
|
-- * The GDOI "Group" Table
|
|
-- *---------------------------------------------------------------- --
|
|
oacGdoiGroupTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF OacGdoiGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of information regarding GDOI Groups in use on
|
|
the network device being queried."
|
|
::= { oacGdoiMIBObjects 1 }
|
|
|
|
oacGdoiGroupEntry OBJECT-TYPE
|
|
SYNTAX OacGdoiGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry containing GDOI Group information, uniquely
|
|
identified by the GDOI Group ID."
|
|
REFERENCE
|
|
"RFC 3547 - Sections: 5.1.1. Identification Type Values
|
|
5.1.1.1. ID_KEY_ID
|
|
RFC 4306 - Section: 3.5. Identification Payloads"
|
|
INDEX {
|
|
oacGdoiGroupName
|
|
}
|
|
::= { oacGdoiGroupTable 1 }
|
|
|
|
OacGdoiGroupEntry ::= SEQUENCE {
|
|
oacGdoiGroupName DisplayString,
|
|
oacGdoiGroupIdType OacGdoiIdentificationType,
|
|
oacGdoiGroupIdValue OacGdoiIdentificationValue
|
|
}
|
|
|
|
oacGdoiGroupName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The string-readable name configured for or given to a GDOI
|
|
Group."
|
|
::= { oacGdoiGroupEntry 1 }
|
|
|
|
oacGdoiGroupIdType OBJECT-TYPE
|
|
SYNTAX OacGdoiIdentificationType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Identification Type Value used to parse a GDOI Group ID.
|
|
The GDOI RFC 3547 defines the types that can be used as a
|
|
GDOI Group ID, and RFC 4306 defines all valid types that can
|
|
be used as an identifier."
|
|
REFERENCE
|
|
"RFC 3547 - Sections: 5.1.1. Identification Type Values
|
|
5.1.1.1. ID_KEY_ID
|
|
RFC 4306 - Section: 3.5. Identification Payloads"
|
|
::= { oacGdoiGroupEntry 2 }
|
|
|
|
oacGdoiGroupIdValue OBJECT-TYPE
|
|
SYNTAX OacGdoiIdentificationValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of a Group ID with its type indicated by the
|
|
oacGdoiGroupIdType. Use the oacGdoiGroupIdType to parse the
|
|
Group ID correctly. This Group ID value is sent as the
|
|
'Identification Data' field of the Identification Payload
|
|
for a GDOI GROUPKEY-PULL exchange."
|
|
REFERENCE
|
|
"RFC 3547 - Sections: 5.1.1. Identification Type Values
|
|
5.1.1.1. ID_KEY_ID
|
|
RFC 4306 - Section: 3.5. Identification Payloads"
|
|
::= { oacGdoiGroupEntry 3 }
|
|
|
|
-- *---------------------------------------------------------------- --
|
|
-- * GDOI MIB Management Object Groups
|
|
-- *---------------------------------------------------------------- --
|
|
oacGdoiGm OBJECT IDENTIFIER
|
|
::= { oacGdoiMIBObjects 2 }
|
|
|
|
oacGdoiPolicy OBJECT IDENTIFIER
|
|
::= { oacGdoiMIBObjects 3 }
|
|
|
|
-- #-------------------------------------------------------------- --
|
|
-- # The GDOI "Group Members" Table
|
|
-- #-------------------------------------------------------------- --
|
|
oacGdoiGmTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF OacGdoiGmEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of information regarding GDOI Group Members (GMs)
|
|
locally configured on the network device being queried. Note
|
|
that Local Group Members may or may not be registered to a
|
|
Key Server in its GDOI Group on the same network device being
|
|
queried."
|
|
::= { oacGdoiGm 2 }
|
|
|
|
oacGdoiGmEntry OBJECT-TYPE
|
|
SYNTAX OacGdoiGmEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry containing Local GDOI Group Member information,
|
|
uniquely identified by Group & GM IDs. Because the Group
|
|
Member is Local to the network device being queried, TEKs
|
|
installed for this Group Member can be queried as well."
|
|
REFERENCE
|
|
"RFC 3547 - Sections: 1. Introduction
|
|
3.3. Initiator Operations
|
|
4.8. Group Member Operations"
|
|
INDEX {
|
|
oacGdoiGroupName,
|
|
oacGdoiGmActiveKEK
|
|
}
|
|
::= { oacGdoiGmTable 1 }
|
|
|
|
OacGdoiGmEntry ::= SEQUENCE {
|
|
oacGdoiGmIdType OacGdoiIdentificationType,
|
|
oacGdoiGmIdValue OacGdoiIdentificationValue,
|
|
oacGdoiGmRegKeyServerIdValue OacGdoiIdentificationValue,
|
|
oacGdoiGmActiveKEK OacGdoiSPI,
|
|
oacGdoiGmRekeysReceived Counter32
|
|
}
|
|
|
|
oacGdoiGmIdType OBJECT-TYPE
|
|
SYNTAX OacGdoiIdentificationType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Identification Type Value used to parse the identity
|
|
information for a Initiator or Group Member. RFC 4306
|
|
defines all valid types that can be used as an identifier.
|
|
These identification types are sent as the 'SRC ID Type' and
|
|
'DST ID Type' of the KEK and TEK payloads for GDOI
|
|
GROUPKEY-PULL and GROUPKEY-PUSH exchanges."
|
|
REFERENCE
|
|
"RFC 3547 - Sections: 5.3. SA KEK payload
|
|
5.4.1. PROTO_IPSEC_ESP
|
|
RFC 4306 - Section: 3.5. Identification Payloads"
|
|
::= { oacGdoiGmEntry 1 }
|
|
|
|
oacGdoiGmIdValue OBJECT-TYPE
|
|
SYNTAX OacGdoiIdentificationValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the identity information for a Group Member with
|
|
its type indicated by the oacGdoiGmIdType. Use the
|
|
oacGdoiGmIdType to parse the Group Member ID correctly.
|
|
This Group Member ID value is sent as the 'SRC
|
|
Identification Data' and 'DST Identification Data' of the
|
|
KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH
|
|
exchanges."
|
|
REFERENCE
|
|
"RFC 3547 - Sections: 5.3. SA KEK payload
|
|
5.4.1. PROTO_IPSEC_ESP"
|
|
::= { oacGdoiGmEntry 2 }
|
|
|
|
oacGdoiGmRegKeyServerIdValue OBJECT-TYPE
|
|
SYNTAX OacGdoiIdentificationValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the identity information for this Group Member's
|
|
registered Key Server with its type indicated by the
|
|
oacGdoiGmRegKeyServerIdType. Use the
|
|
oacGdoiGmRegKeyServerIdType to parse the registered Key
|
|
Server's ID correctly. This Key Server ID value is sent as
|
|
the 'SRC Identification Data' and 'DST Identification Data'
|
|
of the KEK and TEK payloads for GDOI GROUPKEY-PULL and
|
|
GROUPKEY-PUSH exchanges."
|
|
REFERENCE
|
|
"RFC 3547 - Sections: 5.3. SA KEK payload
|
|
5.4.1. PROTO_IPSEC_ESP"
|
|
::= { oacGdoiGmEntry 3 }
|
|
|
|
oacGdoiGmActiveKEK OBJECT-TYPE
|
|
SYNTAX OacGdoiSPI
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The SPI of the Key Encryption Key (KEK) that is currently
|
|
being used by the Group Member to authenticate & decrypt a
|
|
rekey from a GROUPKEY-PUSH message."
|
|
::= { oacGdoiGmEntry 4 }
|
|
|
|
oacGdoiGmRekeysReceived OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
UNITS "GROUPKEY-PUSH Messages"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The sequence number of the last rekey successfully received
|
|
from this Group Member's registered Key Server."
|
|
REFERENCE
|
|
"RFC 3547 - Sections: 3.2. Messages
|
|
3.3. Initiator Operations
|
|
4. GROUPKEY-PUSH Message
|
|
4.8. Group Member Operations
|
|
5.6. Sequence Number Payload"
|
|
::= { oacGdoiGmEntry 5 }
|
|
|
|
-- #-------------------------------------------------------------- --
|
|
-- # The GDOI "Group Member (GM) KEK SA" Table
|
|
-- #-------------------------------------------------------------- --
|
|
oacGdoiGmKekTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF OacGdoiGmKekEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of information regarding GDOI Key Encryption Key
|
|
(KEK) Security Associations (SAs) currently installed for
|
|
GDOI entities acting as Group Members on the network device
|
|
being queried. There is one entry in this table for each
|
|
KEK SA that has been installed and not yet deleted. Each
|
|
KEK SA is uniquely identified by a SPI at any given time."
|
|
::= { oacGdoiPolicy 2 }
|
|
|
|
oacGdoiGmKekEntry OBJECT-TYPE
|
|
SYNTAX OacGdoiGmKekEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry containing the attributes associated with a GDOI KEK
|
|
SA, uniquely identified by the Group ID, Group Member (GM)
|
|
ID, & SPI value assigned by the GM's registered Key Server to
|
|
the KEK. There will be at least one KEK SA entry for each GM
|
|
& two KEK SA entries for a given GM only during a KEK rekey
|
|
when a new KEK is received & installed. The KEK SPI is
|
|
unique for every KEK for a given Group Member."
|
|
REFERENCE
|
|
"RFC 3547 - Sections: 1. Introduction
|
|
3.2. Messages
|
|
4. GROUPKEY-PUSH Message
|
|
5.3. SA KEK Payload
|
|
5.3.1. KEK Attributes
|
|
5.5. Key Download Payload"
|
|
INDEX {
|
|
oacGdoiGroupName,
|
|
oacGdoiGmKekSPI
|
|
}
|
|
::= { oacGdoiGmKekTable 1 }
|
|
|
|
OacGdoiGmKekEntry ::= SEQUENCE {
|
|
oacGdoiGmKekSPI OacGdoiSPI,
|
|
oacGdoiGmKekSrcIdValue OacGdoiIdentificationValue,
|
|
oacGdoiGmKekDstIdValue OacGdoiIdentificationValue,
|
|
oacGdoiGmKekEncryptAlg OacGdoiKEKEncryptionAlgorithm,
|
|
oacGdoiGmKekEncryptKeyLength Unsigned32,
|
|
oacGdoiGmKekSigHashAlg OacGdoiHashAlogrithm,
|
|
oacGdoiGmKekSigAlg OacGdoiSignatureMethod,
|
|
oacGdoiGmKekSigKeyLength Unsigned32,
|
|
oacGdoiGmKekOriginalLifetime Unsigned32,
|
|
oacGdoiGmKekRemainingLifetime Unsigned32
|
|
|
|
}
|
|
|
|
oacGdoiGmKekSPI OBJECT-TYPE
|
|
SYNTAX OacGdoiSPI
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the Security Parameter Index (SPI) of a KEK
|
|
SA. The SPI must be the ISAKMP Header cookie pair
|
|
where the first 8 octets become the 'Initiator Cookie' field
|
|
of the GROUPKEY-PUSH message ISAKMP HDR, and the second 8
|
|
octets become the 'Responder Cookie' in the same HDR. As
|
|
described above, these cookies are assigned by the GCKS."
|
|
::= { oacGdoiGmKekEntry 1 }
|
|
|
|
oacGdoiGmKekSrcIdValue OBJECT-TYPE
|
|
SYNTAX OacGdoiIdentificationValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the identity information for the source of
|
|
a KEK SA with its type indicated by the
|
|
oacGdoiGmKekSrcIdType. Use the oacGdoiGmKekSrcIdType to parse
|
|
the KEK Source ID correctly. This ID value is sent as the 'SRC
|
|
Identification Data' of a KEK payload."
|
|
REFERENCE "RFC 3547 - Sections: 5.3. SA KEK payload"
|
|
::= { oacGdoiGmKekEntry 2 }
|
|
|
|
oacGdoiGmKekDstIdValue OBJECT-TYPE
|
|
SYNTAX OacGdoiIdentificationValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the identity information for the destination of
|
|
a KEK SA (multicast rekey address) with its type indicated by
|
|
oacGdoiGmKekDstIdType. Use the oacGdoiGmKekDstIdType to parse
|
|
the KEK Dest. ID correctly. This ID value is sent as the 'DST
|
|
Identification Data' of a KEK payload."
|
|
REFERENCE "RFC 3547 - Sections: 5.3. SA KEK payload"
|
|
::= { oacGdoiGmKekEntry 3 }
|
|
|
|
oacGdoiGmKekEncryptAlg OBJECT-TYPE
|
|
SYNTAX OacGdoiKEKEncryptionAlgorithm
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the KEK_ALGORITHM which specifies the
|
|
encryption algorithm used with the KEK SA. A GDOI
|
|
implementaiton must support KEK_ALG_3DES.
|
|
|
|
Following are the KEK encryption algoritm values defined in
|
|
the GDOI RFC 3547, however the oacGdoiEncryptionAlgorithm TC
|
|
defines all possible values.
|
|
|
|
Algorithm Type Value
|
|
-------------- -----
|
|
KEK_ALG_DES 1
|
|
KEK_ALG_3DES 2
|
|
KEK_ALG_AES 3"
|
|
REFERENCE "RFC 3547 - Section 5.3.3. KEK_ALGORITHM"
|
|
::= { oacGdoiGmKekEntry 4 }
|
|
|
|
oacGdoiGmKekEncryptKeyLength OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "Bits"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the KEK_KEY_LENGTH which specifies the KEK
|
|
Algorithm key length (in bits)."
|
|
REFERENCE "RFC 3547 - Section: 5.3.4. KEK_KEY_LENGTH"
|
|
::= { oacGdoiGmKekEntry 5 }
|
|
|
|
oacGdoiGmKekSigHashAlg OBJECT-TYPE
|
|
SYNTAX OacGdoiHashAlogrithm
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the SIG_HASH_ALGORITHM which specifies the SIG
|
|
payload hash algorithm. This is not required (i.e. could
|
|
have a value of zero) if the SIG_ALGORITHM is SIG_ALG_DSS or
|
|
SIG_ALG_ECDSS, which imply SIG_HASH_SHA1 (i.e. must have a
|
|
value of zero or SIG_HASH_SHA1)"
|
|
|
|
REFERENCE "RFC 3547 - Section: 5.3.6. SIG_HASH_ALGORITHM"
|
|
::= { oacGdoiGmKekEntry 6 }
|
|
|
|
oacGdoiGmKekSigAlg OBJECT-TYPE
|
|
SYNTAX OacGdoiSignatureMethod
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the SIG_ALGORITHM which specifies the SIG
|
|
payload signature algorithm. A GDOI implementation must
|
|
support SIG_ALG_RSA"
|
|
|
|
REFERENCE "RFC 3547 - Section: 5.3.7. SIG_ALGORITHM"
|
|
::= { oacGdoiGmKekEntry 7 }
|
|
|
|
oacGdoiGmKekSigKeyLength OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "Bits"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the SIG_KEY_LENGTH which specifies the length
|
|
of the SIG payload key."
|
|
REFERENCE "RFC 3547 - Section 5.3.8. SIG_KEY_LENGTH"
|
|
::= { oacGdoiGmKekEntry 8 }
|
|
|
|
oacGdoiGmKekOriginalLifetime OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "Seconds"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the KEK_KEY_LIFETIME which specifies the maximum
|
|
time for which a KEK is valid. The GCKS may refresh the KEK
|
|
at any time before the end of the valid period. The value is
|
|
a four (4) octet (32-bit) number defining a valid time period
|
|
in seconds."
|
|
REFERENCE "RFC 3547 - Section 5.3.5. KEK_KEY_LIFETIME"
|
|
::= { oacGdoiGmKekEntry 9 }
|
|
|
|
oacGdoiGmKekRemainingLifetime OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
UNITS "Seconds"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the remaining time for which a KEK is valid.
|
|
The value is a four (4) octet (32-bit) number which begins at
|
|
the value of oacGdoiGmKekOriginalLifetime and counts down to 0
|
|
in seconds. If the lifetime has already expired, this value
|
|
should remain at zero (0) until the GCKS refreshes the KEK."
|
|
REFERENCE "RFC 3547 - Section 5.3.5. KEK_KEY_LIFETIME"
|
|
::= { oacGdoiGmKekEntry 10 }
|
|
|
|
END
|
|
|