287 lines
12 KiB
Plaintext
287 lines
12 KiB
Plaintext
DOCS-BPI2EXT-MIB DEFINITIONS ::= BEGIN
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE
|
|
FROM SNMPv2-SMI -- RFC 2578
|
|
TEXTUAL-CONVENTION,
|
|
DateAndTime
|
|
FROM SNMPv2-TC -- RFC 2579
|
|
OBJECT-GROUP,
|
|
MODULE-COMPLIANCE
|
|
FROM SNMPv2-CONF -- RFC 2580
|
|
SnmpAdminString
|
|
FROM SNMP-FRAMEWORK-MIB -- RFC 3411
|
|
ifIndex
|
|
FROM IF-MIB -- RFC 2863
|
|
clabProjDocsis
|
|
FROM CLAB-DEF-MIB
|
|
DocsX509ASN1DEREncodedCertificate
|
|
FROM DOCS-IETF-BPI2-MIB;
|
|
|
|
docsBpi2Ext31Mib MODULE-IDENTITY
|
|
LAST-UPDATED "201601130000Z" -- January 13, 2016
|
|
ORGANIZATION "Cable Television Laboratories, Inc."
|
|
CONTACT-INFO
|
|
"
|
|
Postal: Cable Television Laboratories, Inc.
|
|
858 Coal Creek Circle
|
|
Louisville, Colorado 80027-9750
|
|
U.S.A.
|
|
Phone: +1 303-661-9100
|
|
Fax: +1 303-661-9199
|
|
E-mail: mibs@cablelabs.com"
|
|
DESCRIPTION
|
|
"This MIB module adds to the BPI management objects that are defined in
|
|
the DOCS-IETF-BPI2-MIB (RFC-4131). These objects are in addition to and
|
|
separate from RFC-4131 and provide management support for new DOCSIS 3.1
|
|
features. The following MIBs from RFC-4131 are used to support legacy PKI
|
|
CM certificate functions defined in the DOCSIS 3.0 security specification:
|
|
docsBpi2CmDeviceCertTable, docsBpi2CodeMfgOrgName, docsBpi2CodeMfgCodeAccessStart,
|
|
docsBpi2CodeMfgCvcAccessStart, docsBpi2CodeCoSignerOrgName,
|
|
docsBpi2CodeCoSignerCodeAccessStart, docsBpi2CodeCoSignerCvcAccessStart, and
|
|
docsBpi2CodeCvcUpdate. The following MIBs defined in this MIB module are used
|
|
to support new PKI CM certificate functions defined in the DOCSIS 3.1 security
|
|
specification: docsBpi2Ext31CmDeviceCmCert, docsBpi2Ext31CodeUpdateCvcChain,
|
|
docsBpi2Ext31CodeMfgOrgName, docsBpi2Ext31CodeMfgCodeAccessStart,
|
|
docsBpi2Ext31CodeMfgCvcAccessStart, docsBpi2Ext31CodeCoSignerOrgName,
|
|
docsBpi2Ext31CodeCoSignerCodeAccessStart, and docsBpi2Ext31CodeCoSignerCvcAccessStart.
|
|
Copyright 2015 Cable Television Laboratories, Inc.
|
|
All rights reserved."
|
|
REVISION "201601130000Z" -- January 13, 2016
|
|
DESCRIPTION
|
|
"Initial version, per ECN CM-OSSIv3.1-N-15.1393-6."
|
|
::= {clabProjDocsis 29}
|
|
|
|
-- ---------------------------------------------------------------------
|
|
-- Textual Conventions
|
|
-- ---------------------------------------------------------------------
|
|
DocsCvcCaCertificateChain ::= TEXTUAL-CONVENTION
|
|
DISPLAY-HINT "50x"
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A degenerate PKCS7 signedData structure that contains the CVC and the
|
|
CVC CA certificate chain in the certificates field."
|
|
SYNTAX OCTET STRING (SIZE (0..8192))
|
|
|
|
|
|
-- Administrative assignments
|
|
docsBpi2Ext31Notifications OBJECT IDENTIFIER ::= { docsBpi2Ext31Mib 0 }
|
|
docsBpi2Ext31MibObjects OBJECT IDENTIFIER ::= { docsBpi2Ext31Mib 1 }
|
|
docsBpi2Ext31Conformance OBJECT IDENTIFIER ::= { docsBpi2Ext31Mib 2 }
|
|
|
|
docsBpi2Ext31Compliances OBJECT IDENTIFIER ::= { docsBpi2Ext31Conformance 1 }
|
|
docsBpi2Ext31Groups OBJECT IDENTIFIER ::= { docsBpi2Ext31Conformance 2 }
|
|
|
|
-- No Notifications are defined for this MIB
|
|
|
|
docsBpi2Ext31CmObjects OBJECT IDENTIFIER ::= { docsBpi2Ext31MibObjects 1 }
|
|
docsBpi2Ext31CmCertObjects OBJECT IDENTIFIER ::= { docsBpi2Ext31CmObjects 1 }
|
|
|
|
|
|
-- ---------------------------------------------------------------------
|
|
-- The CM Device Cert Table
|
|
-- ---------------------------------------------------------------------
|
|
docsBpi2Ext31CmDeviceCertTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DocsBpi2Ext31CmDeviceCertEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table describes the Baseline Privacy Plus
|
|
device certificates issued from the new PKI defined in DOCSIS 3.1 for
|
|
each CM MAC interface."
|
|
::= { docsBpi2Ext31CmCertObjects 1 }
|
|
|
|
docsBpi2Ext31CmDeviceCertEntry OBJECT-TYPE
|
|
SYNTAX DocsBpi2Ext31CmDeviceCertEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry contains the device certificates of
|
|
one CM MAC interface. An entry in this table exists for
|
|
each ifEntry with an ifType of docsCableMaclayer(127)."
|
|
INDEX { ifIndex }
|
|
::= { docsBpi2Ext31CmDeviceCertTable 1 }
|
|
|
|
DocsBpi2Ext31CmDeviceCertEntry ::= SEQUENCE {
|
|
docsBpi2Ext31CmDeviceCmCert DocsX509ASN1DEREncodedCertificate,
|
|
docsBpi2Ext31CmDeviceManufCert DocsX509ASN1DEREncodedCertificate
|
|
}
|
|
|
|
docsBpi2Ext31CmDeviceCmCert OBJECT-TYPE
|
|
SYNTAX DocsX509ASN1DEREncodedCertificate
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The X509 DER-encoded cable modem certificate.
|
|
Note: This object can be set only when the value is the
|
|
zero-length OCTET STRING; otherwise, an error of
|
|
'inconsistentValue' is returned. Once the object
|
|
contains the certificate, its access MUST be read-only
|
|
and persists after re-initialization of the
|
|
managed system."
|
|
REFERENCE
|
|
"DOCSIS 3.1 Security Specification, CM-SP-SECv3.1-I02-150326"
|
|
::= { docsBpi2Ext31CmDeviceCertEntry 1 }
|
|
|
|
docsBpi2Ext31CmDeviceManufCert OBJECT-TYPE
|
|
SYNTAX DocsX509ASN1DEREncodedCertificate
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The X509 DER-encoded manufacturer certificate that
|
|
signed the cable modem certificate."
|
|
REFERENCE
|
|
"DOCSIS 3.1 Security Specification, CM-SP-SECv3.1-I02-150326"
|
|
::= { docsBpi2Ext31CmDeviceCertEntry 2 }
|
|
|
|
-- ---------------------------------------------------------------------
|
|
-- The Download Control Objects
|
|
-- ---------------------------------------------------------------------
|
|
docsBpi2Ext31CodeDownloadControl OBJECT IDENTIFIER ::= { docsBpi2Ext31MibObjects 2 }
|
|
|
|
|
|
docsBpi2Ext31CodeUpdateCvcChain OBJECT-TYPE
|
|
SYNTAX DocsCvcCaCertificateChain
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of this object is a degenerate PKCS7 signedData
|
|
structure that contains the CVC and the CVC CA
|
|
certificate chain in the certificates field. Setting
|
|
this object triggers the device to verify the CVC and
|
|
update the cvcAccessStart values associated with the new PKI defined by
|
|
DOCSIS 3.1. The content of this object is then discarded. If the device
|
|
is not enabled to upgrade codefiles, or if the CVC verification fails,
|
|
the CVC will be rejected. Reading this object always
|
|
returns the zero-length OCTET STRING."
|
|
REFERENCE
|
|
"DOCSIS 3.1 Security Specification, CM-SP-SECv3.1-I02-150326,
|
|
Secure Software Download Section"
|
|
::= { docsBpi2Ext31CodeDownloadControl 1 }
|
|
|
|
docsBpi2Ext31CodeMfgOrgName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of this object is the device manufacturer's
|
|
organizationName used to validate the code verification certificate
|
|
issued from the new PKI defined in DOCSIS 3.1."
|
|
REFERENCE
|
|
"DOCSIS 3.1 Security Specification, CM-SP-SECv3.1-I02-150326,
|
|
Secure Software Download Section"
|
|
::= { docsBpi2Ext31CodeDownloadControl 2 }
|
|
|
|
docsBpi2Ext31CodeMfgCodeAccessStart OBJECT-TYPE
|
|
SYNTAX DateAndTime (SIZE(11))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of this object is the device manufacturer's
|
|
current codeAccessStart value used with the new PKI defined in
|
|
DOCSIS 3.1. This value will always refer to Greenwich Mean Time (GMT),
|
|
and the value format must contain TimeZone information (fields 8-10)."
|
|
REFERENCE
|
|
"DOCSIS 3.1 Security Specification, CM-SP-SECv3.1-I02-150326,
|
|
Secure Software Download Section "
|
|
::= { docsBpi2Ext31CodeDownloadControl 3 }
|
|
|
|
docsBpi2Ext31CodeMfgCvcAccessStart OBJECT-TYPE
|
|
SYNTAX DateAndTime (SIZE(11))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of this object is the device manufacturer's
|
|
current cvcAccessStart value used with the new PKI defined in
|
|
DOCSIS 3.1. This value will always refer to Greenwich Mean Time (GMT),
|
|
and the value format must contain TimeZone information (fields 8-10)."
|
|
REFERENCE
|
|
"DOCSIS 3.1 Security Specification, CM-SP-SECv3.1-I02-150326,
|
|
Secure Software Download Section "
|
|
::= { docsBpi2Ext31CodeDownloadControl 4 }
|
|
|
|
docsBpi2Ext31CodeCoSignerOrgName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of this object is the co-signer's
|
|
organizationName used to validate the code verification certificate
|
|
issued from the new PKI defined in DOCSIS 3.1. The value is a zero
|
|
length string if the co-signer is not specified."
|
|
REFERENCE
|
|
"DOCSIS 3.1 Security Specification, CM-SP-SECv3.1-I02-150326,
|
|
Secure Software Download Section "
|
|
::= { docsBpi2Ext31CodeDownloadControl 5 }
|
|
|
|
docsBpi2Ext31CodeCoSignerCodeAccessStart OBJECT-TYPE
|
|
SYNTAX DateAndTime (SIZE(11))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of this object is the co-signer's current
|
|
codeAccessStart value used with the new PKI defined in DOCSIS 3.1.
|
|
This value will always refer to Greenwich Mean Time (GMT), and the
|
|
value format must contain TimeZone information (fields 8-10).
|
|
If docsBpi2CodeCoSignerOrgName is a zero
|
|
length string, the value of this object is meaningless."
|
|
REFERENCE
|
|
"DOCSIS 3.1 Security Specification, CM-SP-SECv3.1-I02-150326,
|
|
Secure Software Download Section "
|
|
::= { docsBpi2Ext31CodeDownloadControl 6 }
|
|
|
|
docsBpi2Ext31CodeCoSignerCvcAccessStart OBJECT-TYPE
|
|
SYNTAX DateAndTime (SIZE(11))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of this object is the co-signer's current
|
|
cvcAccessStart value used with the new PKI defined in DOCSIS 3.1.
|
|
This value will always refer to Greenwich Mean Time (GMT), and the
|
|
value format must contain TimeZone information (fields 8-10).
|
|
If docsBpi2CodeCoSignerOrgName is a zero-length string, the value of
|
|
this object is meaningless."
|
|
REFERENCE
|
|
"DOCSIS 3.1 Security Specification, CM-SP-SECv3.1-I02-150326,
|
|
Secure Software Download Section "
|
|
::= { docsBpi2Ext31CodeDownloadControl 7 }
|
|
|
|
-- ---------------------------------------------------------------------
|
|
-- Compliance Statements
|
|
-- ---------------------------------------------------------------------
|
|
|
|
docsBpi2Ext31MIBCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for implementations of the DOC-BPI2EXT-MIB."
|
|
MODULE -- this MODULE
|
|
MANDATORY-GROUPS {
|
|
docsBpi2Ext31CmGroup
|
|
}
|
|
::= { docsBpi2Ext31Compliances 1 }
|
|
|
|
--
|
|
-- Compliance Groups
|
|
--
|
|
|
|
docsBpi2Ext31CmGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
docsBpi2Ext31CmDeviceCmCert,
|
|
docsBpi2Ext31CmDeviceManufCert,
|
|
|
|
docsBpi2Ext31CodeUpdateCvcChain,
|
|
docsBpi2Ext31CodeMfgOrgName,
|
|
docsBpi2Ext31CodeMfgCodeAccessStart,
|
|
docsBpi2Ext31CodeMfgCvcAccessStart,
|
|
docsBpi2Ext31CodeCoSignerOrgName,
|
|
docsBpi2Ext31CodeCoSignerCodeAccessStart,
|
|
docsBpi2Ext31CodeCoSignerCvcAccessStart
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The group of objects implemented by the CM"
|
|
::= { docsBpi2Ext31Groups 1 }
|
|
|
|
END
|
|
|