Network Working Group A. Garcia-Martinez Internet-Draft UC3M Intended status: Standards Track December 18, 2008 Expires: June 21, 2009 Management Information Base for Cryptographically Generated Addresses (CGA) draft-garcia-martinez-cgamib-01 Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on June 21, 2009. Copyright Notice Copyright (c) 2008 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Abstract This memo defines a portion of the Management Information Base (MIB) Garcia-Martinez Expires June 21, 2009 [Page 1] Internet-Draft CGA MIB December 2008 for managing Cryptographically Generated Addresses (CGA). Table of Contents 1. The Internet-Standard Management Framework . . . . . . . . . . 3 2. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 4 4. Security Considerations . . . . . . . . . . . . . . . . . . . 18 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 19 6.1. Normative References . . . . . . . . . . . . . . . . . . . 19 6.2. Informative References . . . . . . . . . . . . . . . . . . 20 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 20 Garcia-Martinez Expires June 21, 2009 [Page 2] Internet-Draft CGA MIB December 2008 1. The Internet-Standard Management Framework For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. 2. Overview This document defines the portion of the Management Information Base (MIB) to be used for managing Cryptographically Generated Addresses (CGA) [RFC3972]. CGA addresses are IPv6 addresses for which the interface identifier is generated by computing a one-way hash function from a public signature key and some auxiliary parameters. The cgaLocalTable includes the information related to the CGA addresses configured as local addresses in the system (i.e. local to the system). These CGA can be used by any protocol requiring CGA configured as local addresses, such as SEND or SHIM6. This table contains CGA-specific information such as the elements of the CGA Parameters data structure. More information related to the address can be obtained from the corresponding entries at the ipAddressTable [RFC4293]. CGA addresses are represented as an InetAddressIPv6 type defined in [RFC4001]. Managers can create new entries in the table to configure the node with new CGA addresses. A discrete spin lock object is used to coordinate the creation of rows by different managers. The table also includes a columnar object that indicates the protocols that are currently using the local CGA. The cgaRemoteTable contains information related to CGA addresses of remote systems. Different protocols (e.g. SEND or SHIM6) or means can be used to convey this information to the managed node, and many of these protocols can be using a given CGA at the same time. The table contains the address represented as an InetAddressIPv6 type, and the elements of the CGA Parameters Data structure. The table also includes a columnar object that indicates the protocols that are currently using the local CGA. Garcia-Martinez Expires June 21, 2009 [Page 3] Internet-Draft CGA MIB December 2008 3. Definitions CGA-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, mib-2 FROM SNMPv2-SMI TEXTUAL-CONVENTION, TestAndIncr, RowStatus, StorageType, TimeStamp FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF InetAddressIPv6 FROM INET-ADDRESS-MIB ipAddressAddrType, ipAddressAddr FROM IP-MIB; cgaMIB MODULE-IDENTITY LAST-UPDATED "200812170000Z" ORGANIZATION "IETF CSI (Cga & Send Maintenance) Working Group" CONTACT-INFO "Editor: Alberto Garcia-Martinez U. Carlos III de Madrid Avenida Universidad, 30 Leganes, Madrid 28911 Spain Email: alberto.garcia@uc3m.es CSI Working Group: cga-ext@ietf.org" DESCRIPTION " The MIB module for managing the CGA Parameters data structure of CGAs local to the managed node. Copyright (c) 2008 IETF Trust and the persons identified as the document authors. All rights reserved. This version of this MIB module is part of RFC yyyy; see the RFC itself for full legal notices." -- RFC Ed.: replace yyyy with actual RFC number & remove this -- note REVISION "200812170000Z" DESCRIPTION "Initial version, published as RFC yyyy." -- RFC Ed.: replace yyyy with actual RFC number & remove -- this note Garcia-Martinez Expires June 21, 2009 [Page 4] Internet-Draft CGA MIB December 2008 ::= { mib-2 XXX } -- RFC Ed.: replace XXX with actual number assigned by IANA -- & remove this note -- -- The textual conventions we define and use in this MIB. -- CgaModifier ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "128-bit unsigned integer, which can be any value. Used during CGA generation to implement the hash extension and add randomness to the address." REFERENCE "RFC 3972" SYNTAX OCTET STRING (SIZE (16)) CgaCollisionCount ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Counter that is incremented during CGA generation to recover from an address collision. Up to two collisions are allowed." REFERENCE "RFC 3972" SYNTAX INTEGER { zerocollisions(0), onecollision(1), twocollisions(2) } CgaKeyInfo::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Variable-length field containing the key (either public or private) of the address (CGA) owner. The key MUST be formatted as a DER-encoded [CCITT.X690.2002] ASN.1 structure of the type SubjectPublicKeyInfo, defined in the Internet X.509 certificate profile [RFC3280]. When RSA is used, the algorithm identifier MUST be rsaEncryption, which is 1.2.840.113549.1.1.1, and the RSA public key MUST be formatted by using the RSAPublicKey type as specified in Section 2.3.1 of RFC 3279 [RFC3279]. The length of this field is determined by the ASN.1 encoding." REFERENCE "RFC 3279, RFC 3280, ITU-T Recommendation X.690" Garcia-Martinez Expires June 21, 2009 [Page 5] Internet-Draft CGA MIB December 2008 SYNTAX OCTET STRING (SIZE (0..1024)) CgaProtocolsUsingCga::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "BITS construct to indicate the protocols that are using a CGA. A protocol is using the CGA if the protocol specific part of the system is using this CGA (for example, because its parameters are cached for future use in the protocol) The management system may not support the update of this object, in which case the unknown bit must be set to 1. If the unknown bit is set to 1 no other bit must be set to 1. Several protocols can be using at the same time a CGA, so many bits could be set at the same time (except when the unknown bit is set). It can also occur that no protocol is currently using the CGA, for example, just after the configuration of the CGA in the system. In this case no bits are set. This should be the default value for this object if the management system supports the update of this object." SYNTAX BITS { unknown(0), send(1), shim6(2) } cga OBJECT IDENTIFIER ::= { cgaMIB 1 } -- -- Information related to local CGA -- cgaLocalSpinLock OBJECT-TYPE SYNTAX TestAndIncr MAX-ACCESS read-write STATUS current DESCRIPTION "An advisory lock used to allow cooperating SNMP managers to coordinate their use of the set operation in creating or removing rows within the cgaLocalTable. Note that the rows in the cgaLocalTable must not be modified (except for the RowStatus columnar object). In order to use this lock to coordinate the use of set operations, managers should first retrieve cgaLocalSpinLock. They should then determine the appropriate row to create or remove (setting the appropriate value to the cgaLocalRowStatus object). Finally, they should issue the appropriate set command, Garcia-Martinez Expires June 21, 2009 [Page 6] Internet-Draft CGA MIB December 2008 including the retrieved value of cgaLocalSpinLock. If another manager has created or destroyed the row in the meantime, then the value of cgaLocalSpinLock will have changed, and the creation will fail as it will be specifying an incorrect value for cgaLocalSpinLock. It is suggested, but not required, that the cgaLocalSpinLock be the first var bind for each set of objects representing a 'row' in a PDU." ::= { cga 1 } cgaLocalTable OBJECT-TYPE SYNTAX SEQUENCE OF CgaLocalEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains information relevant to CGA addresses configured as local addresses in the node. The table is intended to allow managers to add or remove entries as a whole. The modification of the parameters that are used to calculate the CGA would generate inconsistencies, so it is not allowed. Entries in this table have a corresponding entry in the ipAddressTable [RFC4293], which provides information such as the interface in which it is configured, its status, the time at which it was created, or changed, etc." ::= { cga 2 } cgaLocalEntry OBJECT-TYPE SYNTAX CgaLocalEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in this table must exist for each CGA address configured as a local address. Each entry in the cgaLocalTable with cgaLocalAdminStatus equal to validAndEnabled(1) must have a corresponding entry in the IP-MIB:ipAddressTable [RFC4293], and the value for the INDEX of an entry of the cgaLocalTable is the same as the value of the INDEX for the corresponding entry of the IP- MIB:ipAddressTable. The value of the ipAddressAddr must be the result of the computation of the Hash1 operation defined in [RFC3972]. The value of the ipAddressAddrType must be ipv6(2) or ipv6z. The IP-MIB:ipAddressLastChanged object must be changed to reflect any update in the corresponding cgaLocalTable row. The values of the cgaLocalStorageType and of the corresponding IP-MIB:ipAddressStorageType should be the same. Garcia-Martinez Expires June 21, 2009 [Page 7] Internet-Draft CGA MIB December 2008 The administrator can create a new row by setting appropriate values to the parameters that are used to build the CGA: cgaLocalModifier, cgaLocalCollisionCount, cgaLocalPublicKey, cgaLocalPrivateKey and cgaLocalExtensionFields. Additionally the corresponding entry in the IP-MIB:ipAddressTable must have the IP- MIB:ipAddressRowStatus set to active(1) before or at the same time as the cgaLocalOperStatus object of the entry is set to validAndEnabled(1). Note that if the address should only be used as a CGA, the operations of setting the IP-MIB:ipAddressRowStatus columnar object to active(1) and the cgaLocalOperStatus to validAndEnabled(1) should be performed atomically. The removal of an entry in the cgaLocalTable does not automatically require the removal of the corresponding entry in the IP- MIB:ipAddressAddrType, because the address may remain operational even if it is not usable as a CGA. Once the value of the cgaLocalOperStatus of an entry has been set once to validAndEnabled(1), the cgaLocalModifier, cgaLocalCollisionCount, cgaLocalPublicKey, cgaLocalPrivateKey and cgaLocalExtensionFields columnar objects of the entry must remain unmodified. The removal of an entry of the IP-MIB:ipAddressTable must result in the removal of the corresponding entry in the cgaLocalTable. The agent may generate new entries if they are configured by other means than network management." INDEX { ipAddressAddrType, ipAddressAddr } ::= { cgaLocalTable 1 } CgaLocalEntry ::= SEQUENCE { cgaLocalModifier CgaModifier, cgaLocalCollisionCount CgaCollisionCount, cgaLocalPublicKey CgaKeyInfo, cgaLocalPrivateKey CgaKeyInfo, cgaLocalExtensionFields OCTET STRING, cgaLocalProtocolsUsingCga CgaProtocolsUsingCga, cgaLocalAdminStatus INTEGER, cgaLocalOperStatus INTEGER, cgaLocalRowStatus RowStatus, cgaLocalStorageType StorageType } cgaLocalModifier OBJECT-TYPE SYNTAX CgaModifier MAX-ACCESS read-create Garcia-Martinez Expires June 21, 2009 [Page 8] Internet-Draft CGA MIB December 2008 STATUS current DESCRIPTION "128-bit unsigned integer, which can be any value. Used during CGA generation to implement the hash extension and add randomness to the address. This object should not be modified once the cgaLocalRowStatus object has been set to validAndEnabled(1) for the first time." ::= { cgaLocalEntry 1 } cgaLocalCollisionCount OBJECT-TYPE SYNTAX CgaCollisionCount MAX-ACCESS read-create STATUS current DESCRIPTION "Counter that is incremented during CGA generation to recover from an address collision. This object should not be modified once the cgaLocalRowStatus object has been set to validAndEnabled(1) for the first time." ::= { cgaLocalEntry 2 } cgaLocalPublicKey OBJECT-TYPE SYNTAX CgaKeyInfo MAX-ACCESS read-create STATUS current DESCRIPTION "Variable-length field containing the public key of the address owner. This object should not be modified once the cgaLocalRowStatus object has been set to validAndEnabled(1) for the first time." REFERENCE "RFC 3279, RFC 3280, ITU-T Recommendation X.690" ::= { cgaLocalEntry 3 } cgaLocalPrivateKey OBJECT-TYPE SYNTAX CgaKeyInfo MAX-ACCESS read-create STATUS current DESCRIPTION "Variable-length field containing the private key of the address owner. This object should not be modified once the cgaLocalRowStatus object has been set to validAndEnabled(1) for the first time." REFERENCE "RFC 3279, RFC 3280, ITU-T Recommendation X.690" Garcia-Martinez Expires June 21, 2009 [Page 9] Internet-Draft CGA MIB December 2008 ::= { cgaLocalEntry 4 } cgaLocalExtensionFields OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..1024)) MAX-ACCESS read-create STATUS current DESCRIPTION "Optional variable-length field. Defined as an opaque type. This object should not be modified once the cgaLocalRowStatus object has been set to validAndEnabled(1) for the first time." ::= { cgaLocalEntry 5 } cgaLocalProtocolsUsingCga OBJECT-TYPE SYNTAX CgaProtocolsUsingCga MAX-ACCESS read-only STATUS current DESCRIPTION "Protocols currently using this CGA." ::= { cgaLocalEntry 6 } cgaLocalAdminStatus OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The desired state of the CGA. When set to enabled(1), the administrator requires the CGA to be available as a valid local address of the system. Conversely, when set to disabled, the administrator requires the CGA not to be available as an address for the system." DEFVAL { disabled } ::= { cgaLocalEntry 7 } cgaLocalOperStatus OBJECT-TYPE SYNTAX INTEGER { validAndEnabled(1), disabled(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The current operational state of the CGA. The state validAndEnabled(1) indicates that this entry is both valid and operational as a local address in the system. Garcia-Martinez Expires June 21, 2009 [Page 10] Internet-Draft CGA MIB December 2008 A CGA is valid if it fulfills the conditions stated in in RFC 3972, i.e. the computation of the Hash1 function to a bit string that includes information from the objects cgaLocalModifier, cgaLocalCollisionCount, cgaLocalPublicKey, cgaLocalExtensionFields, along with the prefix of the ipAddressAddr object, results in the interface identifier of the ipAddressAddr; and the computation of another hash function, Hash2, defined to operate with the same input data as for Hash2, results in 16*sec bits equal to zero (being sec the three leftmost bits of the interface identifier of the address)." ::= { cgaLocalEntry 8 } cgaLocalRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this conceptual row. A conceptual row can not be made active until all the columnar objects, except may be the cgaLocalAdminStatus y cgaLocalOperStatus, have been assigned a value." ::= { cgaLocalEntry 9 } cgaLocalStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this conceptual row. If this object has a value of 'permanent', then no other objects are required to be able to be modified. The values of the cgaLocalStorageType and of the corresponding IP-MIB:ipAddressStorageType should be the same." DEFVAL { volatile } ::= { cgaLocalEntry 10 } -- -- table to store information about the valid CGAs corresponding -- to remote nodes -- cgaRemoteTable OBJECT-TYPE SYNTAX SEQUENCE OF CgaRemoteEntry Garcia-Martinez Expires June 21, 2009 [Page 11] Internet-Draft CGA MIB December 2008 MAX-ACCESS not-accessible STATUS current DESCRIPTION "List of valid CGA addresses of remote nodes. A CGA is valid if it fulfills the conditions stated in in RFC 3972, i.e. the computation of the Hash1 function to a bit string that includes information from the objects cgaRemoteModifier, cgaRemoteCollisionCount, cgaRemotePublicKey, cgaRemoteExtensionFields, along with the prefix of the cgaRemoteAddr object, results in the interface identifier of the cgaRemoteAddr; and the computation of another hash function, Hash2, defined to operate with the same input data as for Hash2, results in 16*sec bits equal to zero (being sec the three leftmost bits of the interface identifier of the address). In general, the agent populates the entries in this table with the information obtained using a CGA-aware protocol (i.e. SEND or SHIM6), and these protocols can be responsible for deleting the entry according to the rules defined for their operation. The information that could be associated with the CGA specific to a protocol (for example, the link layer address associated to the CGA) must be managed in a MIB specific for the considered protocol. Note that many protocols could be using the same remote CGA. All the objects in this table are defined as read-only." ::= { cga 3 } cgaRemoteEntry OBJECT-TYPE SYNTAX CgaRemoteEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information related with a remote CGA." INDEX { cgaRemoteAddr } ::= { cgaRemoteTable 1 } CgaRemoteEntry ::= SEQUENCE { cgaRemoteAddr InetAddressIPv6, cgaRemoteModifier CgaModifier, cgaRemoteCollisionCount CgaCollisionCount, cgaRemotePublicKey CgaKeyInfo, cgaRemoteExtensionFields OCTET STRING, cgaRemoteProtocolsUsingCga CgaProtocolsUsingCga, cgaRemoteOrigin INTEGER, cgaRemoteCreated TimeStamp Garcia-Martinez Expires June 21, 2009 [Page 12] Internet-Draft CGA MIB December 2008 } cgaRemoteAddr OBJECT-TYPE SYNTAX InetAddressIPv6 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The CGA IPv6 address to which this entry's addressing information is associated." ::= { cgaRemoteEntry 1 } cgaRemoteModifier OBJECT-TYPE SYNTAX CgaModifier MAX-ACCESS read-only STATUS current DESCRIPTION "128-bit unsigned integer, which can be any value. Used during CGA generation to implement the hash extension and add randomness to the address." ::= { cgaRemoteEntry 2 } cgaRemoteCollisionCount OBJECT-TYPE SYNTAX CgaCollisionCount MAX-ACCESS read-only STATUS current DESCRIPTION "Counter that is incremented during CGA generation to recover from an address collision." ::= { cgaRemoteEntry 3 } cgaRemotePublicKey OBJECT-TYPE SYNTAX CgaKeyInfo MAX-ACCESS read-only STATUS current DESCRIPTION "Variable-length field containing the public key of the remote node owner of the address." ::= { cgaRemoteEntry 4 } cgaRemoteExtensionFields OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..1024)) MAX-ACCESS read-only STATUS current DESCRIPTION "Optional variable-length field. Defined as an opaque type." Garcia-Martinez Expires June 21, 2009 [Page 13] Internet-Draft CGA MIB December 2008 ::= { cgaRemoteEntry 5 } cgaRemoteProtocolsUsingCga OBJECT-TYPE SYNTAX CgaProtocolsUsingCga MAX-ACCESS read-only STATUS current DESCRIPTION "Protocols currently using this CGA." ::= { cgaRemoteEntry 6 } cgaRemoteOrigin OBJECT-TYPE SYNTAX INTEGER { other(1), manual(2), send(3), shim6(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "The origin of the CGA entry. manual(2) indicates that the CGA was manually configured, e.g. by user configuration. send(3) indicates that the CGA was received through the SEND protocol [RFC3971]. shim6 indicates that the CGA was received through the SEND protocol. Note that each protocol may require different rules for validating the CGA (for example, different number of minimum bits for the key). Note also that although created by a particular mean, the CGA could be used at the same time by many protocols." ::= { cgaRemoteEntry 7 } cgaRemoteCreated OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime at the time this entry was created. If this entry was created prior to the last re- initialization of the local network management subsystem, then this object contains a zero value." ::= { cgaRemoteEntry 8 } -- -- conformance information Garcia-Martinez Expires June 21, 2009 [Page 14] Internet-Draft CGA MIB December 2008 -- cgaMIBConformance OBJECT IDENTIFIER ::= { cgaMIB 2 } cgaMIBCompliances OBJECT IDENTIFIER ::= { cgaMIBConformance 1 } cgaMIBGroups OBJECT IDENTIFIER ::= { cgaMIBConformance 2 } cgaMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for systems with CGA addresses." MODULE -- this module -- neither of the groups defined here are mandatory. Any of them -- can be implemented, depending on the use of the CGAs. For -- example, it could be acceptable not implementing local CGA -- addresses, but being able to store remote CGA addresses. -- MANDATORY-GROUPS { } GROUP cgaLocalGroup DESCRIPTION "This group is mandatory for nodes that support the use of CGA as local addresses." GROUP cgaRemoteGroup DESCRIPTION "This group is mandatory for nodes that implement protocols that may rely on the identification of remote nodes as CGA addresses, such as SEND or Shim6." OBJECT cgaLocalSpinLock MIN-ACCESS not-accessible DESCRIPTION "An agent is not required to implement this object. However, if an agent provides write access to any of the other objects in the cgaLocalGroup, it SHOULD provide write access to this object as well." OBJECT cgaLocalModifier MIN-ACCESS read-only DESCRIPTION "An agent is not required to provide write or create access to this object." Garcia-Martinez Expires June 21, 2009 [Page 15] Internet-Draft CGA MIB December 2008 OBJECT cgaLocalCollisionCount MIN-ACCESS read-only DESCRIPTION "An agent is not required to provide write or create access to this object." OBJECT cgaLocalPublicKey MIN-ACCESS read-only DESCRIPTION "An agent is not required to provide write or create access to this object." OBJECT cgaLocalPrivateKey MIN-ACCESS not-accessible DESCRIPTION "An agent is not required to provide write or create access to this object. However, if an agent provides write access to any other objects in the cgaLocalGroup, it SHOULD provide write (and read) access to this object as well. Read access to this object is not required. If write access is not provided to other objects in the cgaLocalGroup, the cgaLocalPrivateKey may be not readable." OBJECT cgaLocalExtensionFields MIN-ACCESS read-only DESCRIPTION "An agent is not required to provide write or create access to this object." OBJECT cgaLocalProtocolsUsingCga SYNTAX BITS { unknown(0) } DESCRIPTION "An agent is not required to update the protocols currently using the CGA. In this case, the unknown(0) value is shown." OBJECT cgaLocalAdminStatus MIN-ACCESS read-only DESCRIPTION "An agent is not required to provide write or create access to this object." OBJECT cgaLocalRowStatus SYNTAX RowStatus { active(1) } MIN-ACCESS read-only Garcia-Martinez Expires June 21, 2009 [Page 16] Internet-Draft CGA MIB December 2008 DESCRIPTION "An agent is not required to provide write or create access to this object. In this case, the only value permitted is active(1)." OBJECT cgaLocalStorageType MIN-ACCESS read-only DESCRIPTION "An agent is not required to provide write or create access to this object. If an agent allows this object to be written or created, it is not required to allow this object to be set to readOnly, permanent, or nonVolatile." OBJECT cgaRemoteProtocolsUsingCga SYNTAX BITS { unknown(0) } DESCRIPTION "An agent is not required to update the protocols currently using the CGA. In this case, the unknown(0) value is shown." ::= { cgaMIBCompliances 1 } -- group definitions cgaLocalGroup OBJECT-GROUP OBJECTS { cgaLocalSpinLock, cgaLocalModifier, cgaLocalCollisionCount, cgaLocalPublicKey, cgaLocalPrivateKey, cgaLocalExtensionFields, cgaLocalProtocolsUsingCga, cgaLocalAdminStatus, cgaLocalOperStatus, cgaLocalRowStatus, cgaLocalStorageType } STATUS current DESCRIPTION "The group of the elements representing the components of the CGA Parameters data structure for the local node." ::= { cgaMIBGroups 1 } cgaRemoteGroup OBJECT-GROUP OBJECTS { cgaRemoteModifier, cgaRemoteCollisionCount, cgaRemotePublicKey, cgaRemoteExtensionFields, cgaRemoteProtocolsUsingCga, cgaRemoteOrigin, cgaRemoteCreated } Garcia-Martinez Expires June 21, 2009 [Page 17] Internet-Draft CGA MIB December 2008 STATUS current DESCRIPTION "The group of the elements representing the components of the CGA Parameters data structure for remote nodes." ::= { cgaMIBGroups 2 } END 4. Security Considerations Some of the management objects of this MIB module have been defined with either a MAX-ACCESS clause of read-create (for the columnar objects belonging to the cgaLocalTable) or read-write (for the spinlock object to control access to that table). Such access capability may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. The objects of the cgaLocalTable specify the CGA addresses configured in this node. An attacker could delete or disable the entry associated to a CGA to prevent the node to benefit from the authentication and certification facilities provided by the combination of the CGA addresses and protocols such as SeND (RFC3972) or SHIM6. The addition by an attacker of a row composed of consistent information about a CGA could allow the node to be able to impersonate the identity of another node. Regarding to the risks of providing GET access to the tables defined in this MIB, relevant risks arise from the fact that the private key (contained in the cgaLocalPrivateKey object) could be disclosed. Some implementations not providing write access to the CGA elements may also disable read access to the cgaLocalPrivateKey object. The rest of the information contained in the cgaLocalTable is used to prove the identity of the node considered to other nodes communicating with it. Therefore, the disclosure of this information does not provide great advantage for an attacker in order to impersonate the identity of the node (unless factoring attacks become practical, and the private key could be derived from the public one, in which case the CGA should be changed). Other risks are essentially the same as faced by the knowledge of a set of non-CGA, i.e. being able to correlate traffic from different addresses. Analogous considerations can be stated for the information contained in the cgaRemoteTable. Garcia-Martinez Expires June 21, 2009 [Page 18] Internet-Draft CGA MIB December 2008 SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy). Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module, is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. 5. IANA Considerations The MIB module in this document uses the following IANA-assigned OBJECT IDENTIFIER values recorded in the SMI Numbers registry: Descriptor OBJECT IDENTIFIER value ---------- ----------------------- send-MIB { mib-2 XXX } Editor's Note (to be removed prior to publication): the IANA is requested to assign a value for "XXX" under the 'mib-2' subtree and to record the assignment in the SMI Numbers registry. When the assignment has been made, the RFC Editor is asked to replace "XXX" (here and in the MIB module) with the assigned value and to remove this note. 6. References 6.1. Normative References [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. Garcia-Martinez Expires June 21, 2009 [Page 19] Internet-Draft CGA MIB December 2008 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. [RFC3279] Bassham, L., Polk, W., and R. Housley, "Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3279, April 2002. [RFC3280] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3280, April 2002. [RFC3972] Aura, T., "Cryptographically Generated Addresses (CGA)", RFC 3972, March 2005. [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. Schoenwaelder, "Textual Conventions for Internet Network Addresses", RFC 4001, February 2005. [RFC4293] Routhier, S., "Management Information Base for the Internet Protocol (IP)", RFC 4293, April 2006. [CCITT.X690.2002] International International Telephone and Telegraph Consultative Committee, "ASN.1 encoding rules: Specification of basic encoding Rules (BER), Canonical encoding rules (CER) and Distinguished encoding rules (DER)", CCITT Recommendation X.690, July 2002. 6.2. Informative References [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet- Standard Management Framework", RFC 3410, December 2002. [RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure Neighbor Discovery (SEND)", RFC 3971, March 2005. Garcia-Martinez Expires June 21, 2009 [Page 20] Internet-Draft CGA MIB December 2008 Author's Address Alberto Garcia-Martinez Universidad Carlos III de Madrid Av. Universidad 30 Leganes, Madrid 28911 SPAIN Phone: 34 91 6249500 Email: alberto@it.uc3m.es URI: http://www.it.uc3m.es Garcia-Martinez Expires June 21, 2009 [Page 21]