CgmGdoiIdentificationType |
|
A textual convention indicating the type of value used to
identify a GDOI entity (i.e. Group, Key Server, or Group
Member).
Following are the Identification Type Values:
ID Type Value
------- -----
RESERVED 0 -- Not Used
ID_IPV4_ADDR 1 -- ipv4Address
ID_FQDN 2 -- domainName
ID_RFC822_ADDR 3 -- userName
(ID_USER_FQDN)
ID_IPV4_ADDR_SUBNET 4 -- ipv4Subnet - Not in RFC 4306
ID_IPV6_ADDR 5 -- ipv6Address
ID_IPV6_ADDR_SUBNET 6 -- ipv6Subnet - Not in RFC 4306
ID_IPV4_ADDR_RANGE 7 -- ipv4Range - Not in RFC 4306
ID_IPV6_ADDR_RANGE 8 -- ipv6Range - Not in RFC 4306
ID_DER_ASN1_DN 9 -- caDistinguishedName
ID_DER_ASN1_GN 10 -- caGeneralName
ID_KEY_ID 11 -- groupNumber
Following are the mappings to the type values above:
'ipv4Address' : a single four (4) octet IPv4 address.
'domainName' : a fully-qualified domain name string. An
example is, 'example.com'. The string MUST not
contain any terminators (e.g., NULL, CR, etc.).
'userName' : a fully-qualified RFC 822 username or email
address string. An example is, 'jsmith@example.com'.
The string MUST not contain any terminators.
'ipv4Subnet' : a range of IPv4 addresses, represented by
two four (4) octet values concatenated together. The
first value is an IPv4 address. The second is an
IPv4 network mask. Note that ones (1s) in the network
mask indicate that the corresponding bit in the address
is fixed, while zeros (0s) indicate a 'wildcard' bit.
'ipv6Address' : a single sixteen (16) octet IPv6 address.
'ipv6Subnet' : a range of IPv6 addresses, represented by
two sixteen (16) octet values concatenated together.
The first value is an IPv6 address. The second is an
IPv network mask. Note that ones (1s) in the network
mask indicate that the corresponding bit in the address
is fixed, while zeros (0s) indicate a 'wildcard' bit.
'ipv4Range' : a range of IPv4 addresses, represented by
two four (4) octet values. The first value is the
beginning IPv4 address (inclusive) and the second
value is the ending IPv4 address (inclusive). All
addresses falling between the two specified addresses
are considered to be within the list.
'ipv6Range' : a range of IPv6 addresses, represented by
two sixteen (16) octet values. The first value is the
beginning IPv6 address (inclusive) and the second
value is the ending IPv6 address (inclusive). All
addresses falling between the two specified addresses
are considered to be within the list.
'caDistinguishedName' : the binary DER encoding of an ASN.1
X.500 Distinguished Name [X.501].
'caGeneralName' : the binary DER encoding of an ASN.1
X.500 GeneralName [X.509].
'groupNumber' : a four (4) octet group identifier. |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
ipv4Address(1), domainName(2), userName(3), ipv4Subnet(4), ipv6Address(5), ipv6Subnet(6), ipv4Range(7), ipv6Range(8), caDistinguishedName(9), caGeneralName(10), groupNumber(11) |
|
CgmGdoiEncryptionAlgorithm |
|
A textual convention indicating the identifier of the
encryption algorithm being used.
Following are the possible updated encryption algorithm
values & CgmGdoiEncryptionAlgorithm mappings after RFC 4306:
Encryption Algorithm Type Value
--------------------------------- -----
ENCR_DES_IV64 1 -- encrAlgDes64
ENCR_DES 2 -- encrAlgDes
ENCR_3DES 3 -- encrAlg3Des
ENCR_RC5 4 -- encrAlgRc5
ENCR_IDEA 5 -- encrAlgIdea
ENCR_CAST 6 -- encrAlgCast
ENCR_BLOWFISH 7 -- encrAlgBlowfish
ENCR_3IDEA 8 -- encrAlg3Idea
ENCR_DES_IV32 9 -- encrAlgDes32
ENCR_NULL 11 -- encrAlgNull
ENCR_AES_CBC 12 -- encrAlgAesCbc
ENCR_AES_CTR 13 -- encrAlgAesCtr
ENCR_AES-CCM_8 14 -- encrAlgAesCcm8
ENCR_AES-CCM_12 15 -- encrAlgAesCcm12
ENCR_AES-CCM_16 16 -- encrAlgAesCcm16
AES-GCM (8-octet ICV) 18 -- encrAlgAesGcm8
AES-GCM (12-octet ICV) 19 -- encrAlgAesGcm12
AES-GCM (16-octet ICV) 20 -- encrAlgAesGcm16
ENCR_NULL_AUTH_AES_GMAC 21
-- encrAlgNullAuthAesGmac
ENCR_CAMELLIA_CBC 23
-- encrAlgCamelliaCbc
ENCR_CAMELLIA_CTR 24
-- encrAlgCamelliaCtr
ENCR_CAMELLIA_CCM (8-octet ICV) 25
-- encrAlgCamelliaCcm8
ENCR_CAMELLIA_CCM (12-octet ICV) 26
-- encrAlgCamelliaCcm12
ENCR_CAMELLIA_CCM (16-octet ICV) 27
-- encrAlgCamelliaCcm16
Following are the possible ESP transform identifiers &
CgmGdoiEncryptionAlgorithm mappings from RFC 2407:
IPsec ESP Transform ID Value
------------------------ -----
ESP_DES_IV64 1 -- encrAlgDes64
ESP_DES 2 -- encrAlgDes
ESP_3DES 3 -- encrAlg3Des
ESP_RC5 4 -- encrAlgRc5
ESP_IDEA 5 -- encrAlgIdea
ESP_CAST 6 -- encrAlgCast
ESP_BLOWFISH 7 -- encrAlgBlowfish
ESP_3IDEA 8 -- encrAlg3Idea
ESP_DES_IV32 9 -- encrAlgDes32
ESP_RC4 10 -- encrAlgRc4
ESP_NULL 11 -- encrAlgNull
ESP_AES-CBC 12 -- encrAlgAesCbc
ESP_AES-CTR 13 -- encrAlgAesCtr
ESP_AES-CCM_8 14 -- encrAlgAesCcm8
ESP_AES-CCM_12 15 -- encrAlgAesCcm12
ESP_AES-CCM_16 16 -- encrAlgAesCcm16
ESP_AES-GCM_8 18 -- encrAlgAesGcm8
ESP_AES-GCM_12 19 -- encrAlgAesGcm12
ESP_AES-GCM_16 20 -- encrAlgAesGcm16
ESP_SEED_CBC 21 -- encrAlgSeedCbc
ESP_CAMELLIA 22
-- encrAlgCamelliaCbc, Ctr, Ccm8, Ccm12, Ccm16
ESP_NULL_AUTH_AES-GMAC 23
-- encrAlgNullAuthAesGmac
Following are the possible KEK_ALGORITHM values specifying
the encryption algorithm used with a KEK &
CgmGdoiEncryptionAlgorithm mappings from the GDOI RFC 3547:
Algorithm Type Value
-------------- -----
KEK_ALG_DES 1 -- encrAlgDes
KEK_ALG_3DES 2 -- encrAlg3Des
KEK_ALG_AES 3 -- encrAlgAesCbc |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
encrAlgNone(0), encrAlgDes64(1), encrAlgDes(2), encrAlg3Des(3), encrAlgRc5(4), encrAlgIdea(5), encrAlgCast(6), encrAlgBlowfish(7), encrAlg3Idea(8), encrAlgDes32(9), encrAlgRc4(10), encrAlgNull(11), encrAlgAesCbc(12), encrAlgAesCtr(13), encrAlgAesCcm8(14), encrAlgAesCcm12(15), encrAlgAesCcm16(16), encrAlgAesGcm8(18), encrAlgAesGcm12(19), encrAlgAesGcm16(20), encrAlgNullAuthAesGmac(21), encrAlgCamelliaCbc(23), encrAlgCamelliaCtr(24), encrAlgCamelliaCcm8(25), encrAlgCamelliaCcm12(26), encrAlgCamelliaCcm1(27), encrAlgSeedCbc(28) |
|
CgmGdoiIntegrityAlgorithm |
|
A textual convention indicating the identifier of the
integirty algorithm being used.
Following are the possible updated integrity algorithm
values & CgmGdoiIntegrityAlgorithm mappings after RFC 4306:
Integrity Algorithm Type Value
------------------------ -----
AUTH_HMAC_MD5_96 1 -- authAlgMd5Hmac96
AUTH_HMAC_SHA1_96 2 -- authAlgSha1Hmac96
AUTH_DES_MAC 3 -- authAlgDesMac
AUTH_KPDK_MD5 4 -- authAlgMd5Kpdk
AUTH_AES_XCBC_96 5 -- authAlgAesXcbc96
AUTH_HMAC_MD5_128 6 -- authAlgMd5Hmac128
AUTH_HMAC_SHA1_160 7 -- authAlgSha1Hmac160
AUTH_AES_CMAC_96 8 -- authAlgAesCmac96
AUTH_AES_128_GMAC 9 -- authAlgAes128Gmac
AUTH_AES_192_GMAC 10 -- authAlgAes192Gmac
AUTH_AES_256_GMAC 11 -- authAlgAes256Gmac
AUTH_HMAC_SHA2_256_128 12 -- authAlgSha2Hmac256to128
AUTH_HMAC_SHA2_384_192 13 -- authAlgSha2Hmac384to192
AUTH_HMAC_SHA2_512_256 14 -- authAlgSha2Hmac512to256
Following are the possible legacy authentication algorithm
values & CgmGdoIntegrityAlgorithm mappings from RFC 2407:
Algorithm Type Value
-------------- -----
HMAC-MD5 1 -- authAlgMd5Hmac96
HMAC-SHA 2 -- authAlgSha1Hmac96
DES-MAC 3 -- authAlgDesMac
KPDK 4 -- authAlgMd5Kpdk |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
authAlgNone(0), authAlgMd5Hmac96(1), authAlgSha1Hmac96(2), authAlgDesMac(3), authAlgMd5Kpdk(4), authAlgAesXcbc96(5), authAlgMd5Hmac128(6), authAlgSha1Hmac160(7), authAlgAesCmac96(8), authAlgAes128Gmac(9), authAlgAes192Gmac(10), authAlgAes256Gmac(11), authAlgSha2Hmac256to128(12), authAlgSha2Hmac384to192(13), authAlgSha2Hmac512to256(14) |
|
CgmGdoiSignatureMethod |
|
A textual convention indicating the identifier of the
integirty algorithm being used.
Following are the possible updated authentication method
values & CgmGdoiSignatureMethod mappings after RFC 4306:
Authentication Method Value
----------------------------------- -----
RSA Digital Signature 1 -- sigRsa
Shared Key Message Integrity Code 2 -- sigSharedKey
DSS Digital Signature 3 -- sigDss
ECDSA w/ SHA-256 (P-256 curve) 9 -- sigEcdsa256
ECDSA w/ SHA-384 (P-384 curve) 10 -- sigEcdsa384
ECDSA w/ SHA-512 (P-521 curve) 11 -- sigEcdsa512
Following are the possible legacy IPsec authentication method
values & CgmGdoiSignatureMethod mappings from RFC 2409:
Authentication Method Value
-------------------------------- -----
Pre-Shared Key 1 -- sigSharedKey
DSS Signature 2 -- sigDss
RSA Signature 3 -- sigRsa
Encryption w/ RSA 4 -- sigEncryptRsa
Revised Encryption w/ RSA 5 -- sigRevEncryptRsa
ECDSA w/ SHA-256 (P-256 curve) 9 -- sigEcdsa256
ECDSA w/ SHA-384 (P-384 curve) 10 -- sigEcdsa384
ECDSA w/ SHA-512 (P-521 curve) 11 -- sigEcdsa512
Following are the possible POP algorithm values &
CgmGdoiSignatureMethod mappings from the GDOI RFC 3547:
Algorithm Type Value
-------------- -----
POP_ALG_RSA 1 -- sigRsa
POP_ALG_DSS 2 -- sigDss
POP_ALG_ECDSS 3 -- sigEcdsa256, 384, 512
Following are the possible SIG_ALGORITHM values &
CgmGdoiSignatureMethod mappings from the GDOI RFC 3547:
Algorithm Type Value
-------------- -----
SIG_ALG_RSA 1 -- sigRsa
SIG_ALG_DSS 2 -- sigDss
SIG_ALG_ECDSS 3 -- sigEcdsa256, 384, 512 |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
sigNone(0), sigRsa(1), sigSharedKey(2), sigDss(3), sigEncryptRsa(4), sigRevEncryptRsa(5), sigEcdsa256(9), sigEcdsa384(10), sigEcdsa512(11) |
|
CgmGdoiDiffieHellmanGroup |
|
A textual convention indicating the identifier of the
Diffie-Hellman Group being used.
Following are the possible updated Diffie-Hellman Group
values & CgmGdoiDiffieHellmanGroup mappings after RFC 4306:
Diffie-Hellman Group Type Value
------------------------- -----
NONE 0 -- dhNone
Group 1 - 768 Bit MODP 1 -- dhGroup1
Group 2 - 1024 Bit MODP 2 -- dhGroup2
1536-bit MODP Group 5 -- dh1536Modp
2048-bit MODP Group 14 -- dh2048Modp
3072-bit MODP Group 15 -- dh3072Modp
4096-bit MODP Group 16 -- dh4096Modp
6144-bit MODP Group 17 -- dh6144Modp
8192-bit MODP Group 18 -- dh8192Modp
256-bit random ECP group 19 -- dhEcp256
84-bit random ECP group 20 -- dhEcp84
521-bit random ECP group 21 -- dhEcp521
1024-bit MODP w/ 160-bit 22 -- dh1024Modp160
Prime Order Subgroup
2048-bit MODP w/ 224-bit 23 -- dh2048Modp224
Prime Order Subgroup
2048-bit MODP w/ 256-bit 24 -- dh2048Modp256
Prime Order Subgroup
192-bit Random ECP Group 25 -- dhEcp192
224-bit Random ECP Group 26 -- dhEcp224
Following are the possible legacy Diffie-Hellman Group
values & CgmGdoiDiffieHellmanGroup mappings from RFC 2409:
Diffie-Hellman Group Type Value
------------------------- -----
Group 1 - 768 Bit MODP 1 -- dhGroup1
Group 2 - 1024 Bit MODP 2 -- dhGroup2
EC2N group on GP[2^155] 3 -- dhEc2nGp155
EC2N group on GP[2^185] 4 -- dhEc2nGp185 |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
dhNone(0), dhGroup1(1), dhGroup2(2), dhEc2nGp155(3), dhEc2nGp185(4), dh1536Modp(5), dh2048Modp(14), dh3072Modp(15), dh4096Modp(16), dh6144Modp(17), dh8192Modp(18), dhEcp256(19), dhEcp84(20), dhEcp521(21), dh1024Modp160(22), dh2048Modp224(23), dh2048Modp256(24), dhEcp192(25), dhEcp224(26) |
|
CgmGdoiGroupEntry |
|
SEQUENCE |
|
|
|
|
cgmGdoiGroupIdType |
CgmGdoiIdentificationType |
|
|
cgmGdoiGroupIdLength |
Unsigned32 |
|
|
cgmGdoiGroupIdValue |
CgmGdoiIdentificationValue |
|
|
cgmGdoiGroupName |
DisplayString |
|
|
cgmGdoiGroupMemberCount |
Unsigned32 |
|
|
cgmGdoiGroupActivePeerKeyServerCount |
Unsigned32 |
|
|
cgmGdoiGroupLastRekeyRetransmits |
Unsigned32 |
|
|
cgmGdoiGroupLastRekeyTimeTaken |
CiscoMilliSeconds |
|
CgmGdoiKeyServerEntry |
|
SEQUENCE |
|
|
|
|
cgmGdoiKeyServerIdType |
CgmGdoiIdentificationType |
|
|
cgmGdoiKeyServerIdLength |
Unsigned32 |
|
|
cgmGdoiKeyServerIdValue |
CgmGdoiIdentificationValue |
|
|
cgmGdoiKeyServerActiveKEK |
CgmGdoiKekSPI |
|
|
cgmGdoiKeyServerRekeysPushed |
Counter32 |
|
|
cgmGdoiKeyServerRole |
CgmGdoiKsRole |
|
|
cgmGdoiKeyServerRegisteredGMs |
Unsigned32 |
|
CgmGdoiGmEntry |
|
SEQUENCE |
|
|
|
|
cgmGdoiGmIdType |
CgmGdoiIdentificationType |
|
|
cgmGdoiGmIdLength |
Unsigned32 |
|
|
cgmGdoiGmIdValue |
CgmGdoiIdentificationValue |
|
|
cgmGdoiGmRegKeyServerIdType |
CgmGdoiIdentificationType |
|
|
cgmGdoiGmRegKeyServerIdLength |
Unsigned32 |
|
|
cgmGdoiGmRegKeyServerIdValue |
CgmGdoiIdentificationValue |
|
|
cgmGdoiGmActiveKEK |
CgmGdoiKekSPI |
|
|
cgmGdoiGmRekeysReceived |
Counter32 |
|
|
cgmGdoiGmActiveTEKNum |
Counter32 |
|
CgmGdoiCoopPeerEntry |
|
SEQUENCE |
|
|
|
|
cgmGdoiCoopPeerIdType |
CgmGdoiIdentificationType |
|
|
cgmGdoiCoopPeerIdLength |
Unsigned32 |
|
|
cgmGdoiCoopPeerIdValue |
CgmGdoiIdentificationValue |
|
|
cgmGdoiCoopPeerRole |
CgmGdoiKsRole |
|
|
cgmGdoiCoopPeerStatus |
CgmGdoiKsStatus |
|
|
cgmGdoiCoopPeerRegisteredGMs |
Unsigned32 |
|
CgmGdoiKsKekEntry |
|
SEQUENCE |
|
|
|
|
cgmGdoiKsKekIndex |
Unsigned32 |
|
|
cgmGdoiKsKekSPI |
CgmGdoiKekSPI |
|
|
cgmGdoiKsKekSrcIdType |
CgmGdoiIdentificationType |
|
|
cgmGdoiKsKekSrcIdLength |
Unsigned32 |
|
|
cgmGdoiKsKekSrcIdValue |
CgmGdoiIdentificationValue |
|
|
cgmGdoiKsKekSrcIdPort |
CgmGdoiUnsigned16 |
|
|
cgmGdoiKsKekDstIdType |
CgmGdoiIdentificationType |
|
|
cgmGdoiKsKekDstIdLength |
Unsigned32 |
|
|
cgmGdoiKsKekDstIdValue |
CgmGdoiIdentificationValue |
|
|
cgmGdoiKsKekDstIdPort |
CgmGdoiUnsigned16 |
|
|
cgmGdoiKsKekIpProtocol |
CgmGdoiIpProtocolId |
|
|
cgmGdoiKsKekMgmtAlg |
CgmGdoiKeyManagementAlgorithm |
|
|
cgmGdoiKsKekEncryptAlg |
CgmGdoiEncryptionAlgorithm |
|
|
cgmGdoiKsKekEncryptKeyLength |
Unsigned32 |
|
|
cgmGdoiKsKekSigHashAlg |
CgmGdoiPseudoRandomFunction |
|
|
cgmGdoiKsKekSigAlg |
CgmGdoiSignatureMethod |
|
|
cgmGdoiKsKekSigKeyLength |
Unsigned32 |
|
|
cgmGdoiKsKekOakleyGroup |
CgmGdoiDiffieHellmanGroup |
|
|
cgmGdoiKsKekOriginalLifetime |
Unsigned32 |
|
|
cgmGdoiKsKekRemainingLifetime |
Unsigned32 |
|
|
cgmGdoiKsKekStatus |
CgmGdoiKekStatus |
|
CgmGdoiGmKekEntry |
|
SEQUENCE |
|
|
|
|
cgmGdoiGmKekIndex |
Unsigned32 |
|
|
cgmGdoiGmKekSPI |
CgmGdoiKekSPI |
|
|
cgmGdoiGmKekSrcIdType |
CgmGdoiIdentificationType |
|
|
cgmGdoiGmKekSrcIdLength |
Unsigned32 |
|
|
cgmGdoiGmKekSrcIdValue |
CgmGdoiIdentificationValue |
|
|
cgmGdoiGmKekSrcIdPort |
CgmGdoiUnsigned16 |
|
|
cgmGdoiGmKekDstIdType |
CgmGdoiIdentificationType |
|
|
cgmGdoiGmKekDstIdLength |
Unsigned32 |
|
|
cgmGdoiGmKekDstIdValue |
CgmGdoiIdentificationValue |
|
|
cgmGdoiGmKekDstIdPort |
CgmGdoiUnsigned16 |
|
|
cgmGdoiGmKekIpProtocol |
CgmGdoiIpProtocolId |
|
|
cgmGdoiGmKekMgmtAlg |
CgmGdoiKeyManagementAlgorithm |
|
|
cgmGdoiGmKekEncryptAlg |
CgmGdoiEncryptionAlgorithm |
|
|
cgmGdoiGmKekEncryptKeyLength |
Unsigned32 |
|
|
cgmGdoiGmKekSigHashAlg |
CgmGdoiPseudoRandomFunction |
|
|
cgmGdoiGmKekSigAlg |
CgmGdoiSignatureMethod |
|
|
cgmGdoiGmKekSigKeyLength |
Unsigned32 |
|
|
cgmGdoiGmKekOakleyGroup |
CgmGdoiDiffieHellmanGroup |
|
|
cgmGdoiGmKekOriginalLifetime |
Unsigned32 |
|
|
cgmGdoiGmKekRemainingLifetime |
Unsigned32 |
|
|
cgmGdoiGmKekStatus |
CgmGdoiKekStatus |
|
CgmGdoiKsTekSelectorEntry |
|
SEQUENCE |
|
|
|
|
cgmGdoiKsTekSelectorIndex |
Unsigned32 |
|
|
cgmGdoiKsTekSrcIdType |
CgmGdoiIdentificationType |
|
|
cgmGdoiKsTekSrcIdLength |
Unsigned32 |
|
|
cgmGdoiKsTekSrcIdValue |
CgmGdoiIdentificationValue |
|
|
cgmGdoiKsTekSrcIdPort |
CgmGdoiUnsigned16 |
|
|
cgmGdoiKsTekDstIdType |
CgmGdoiIdentificationType |
|
|
cgmGdoiKsTekDstIdLength |
Unsigned32 |
|
|
cgmGdoiKsTekDstIdValue |
CgmGdoiIdentificationValue |
|
|
cgmGdoiKsTekDstIdPort |
CgmGdoiUnsigned16 |
|
|
cgmGdoiKsTekSecurityProtocol |
CgmGdoiSecurityProtocol |
|
CgmGdoiKsTekPolicyEntry |
|
SEQUENCE |
|
|
|
|
cgmGdoiKsTekPolicyIndex |
Unsigned32 |
|
|
cgmGdoiKsTekSPI |
CgmGdoiTekSPI |
|
|
cgmGdoiKsTekEncapsulationMode |
CgmGdoiEncapsulationMode |
|
|
cgmGdoiKsTekEncryptionAlgorithm |
CgmGdoiEncryptionAlgorithm |
|
|
cgmGdoiKsTekEncryptionKeyLength |
Unsigned32 |
|
|
cgmGdoiKsTekIntegrityAlgorithm |
CgmGdoiIntegrityAlgorithm |
|
|
cgmGdoiKsTekIntegrityKeyLength |
Unsigned32 |
|
|
cgmGdoiKsTekWindowSize |
Unsigned32 |
|
|
cgmGdoiKsTekOriginalLifetime |
Unsigned32 |
|
|
cgmGdoiKsTekRemainingLifetime |
Unsigned32 |
|
|
cgmGdoiKsTekStatus |
CgmGdoiTekStatus |
|
CgmGdoiGmTekSelectorEntry |
|
SEQUENCE |
|
|
|
|
cgmGdoiGmTekSelectorIndex |
Unsigned32 |
|
|
cgmGdoiGmTekSrcIdType |
CgmGdoiIdentificationType |
|
|
cgmGdoiGmTekSrcIdLength |
Unsigned32 |
|
|
cgmGdoiGmTekSrcIdValue |
CgmGdoiIdentificationValue |
|
|
cgmGdoiGmTekSrcIdPort |
CgmGdoiUnsigned16 |
|
|
cgmGdoiGmTekDstIdType |
CgmGdoiIdentificationType |
|
|
cgmGdoiGmTekDstIdLength |
Unsigned32 |
|
|
cgmGdoiGmTekDstIdValue |
CgmGdoiIdentificationValue |
|
|
cgmGdoiGmTekDstIdPort |
CgmGdoiUnsigned16 |
|
|
cgmGdoiGmTekSecurityProtocol |
CgmGdoiSecurityProtocol |
|
CgmGdoiGmTekPolicyEntry |
|
SEQUENCE |
|
|
|
|
cgmGdoiGmTekPolicyIndex |
Unsigned32 |
|
|
cgmGdoiGmTekSPI |
CgmGdoiTekSPI |
|
|
cgmGdoiGmTekEncapsulationMode |
CgmGdoiEncapsulationMode |
|
|
cgmGdoiGmTekEncryptionAlgorithm |
CgmGdoiEncryptionAlgorithm |
|
|
cgmGdoiGmTekEncryptionKeyLength |
Unsigned32 |
|
|
cgmGdoiGmTekIntegrityAlgorithm |
CgmGdoiIntegrityAlgorithm |
|
|
cgmGdoiGmTekIntegrityKeyLength |
Unsigned32 |
|
|
cgmGdoiGmTekWindowSize |
Unsigned32 |
|
|
cgmGdoiGmTekOriginalLifetime |
Unsigned32 |
|
|
cgmGdoiGmTekRemainingLifetime |
Unsigned32 |
|
|
cgmGdoiGmTekStatus |
CgmGdoiTekStatus |
|
cgmGdoiGroupEntry |
1.3.6.1.4.1.9.9.759.1.1.1 |
An entry containing GDOI Group information, uniquely
identified by the GDOI Group ID. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CgmGdoiGroupEntry |
|
|
cgmGdoiKeyServerEntry |
1.3.6.1.4.1.9.9.759.1.2.1.1 |
An entry containing GDOI Key Server (KS) information,
uniquely identified by the Group & Key Server IDs. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CgmGdoiKeyServerEntry |
|
|
cgmGdoiGmEntry |
1.3.6.1.4.1.9.9.759.1.2.2.1 |
An entry containing Local GDOI Group Member information,
uniquely identified by Group & GM IDs. Because the Group
Member is Local to the network device being queried, TEKs
installed for this Group Member can be queried as well. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CgmGdoiGmEntry |
|
|
cgmGdoiCoopPeerEntry |
1.3.6.1.4.1.9.9.759.1.2.3.1 |
An entry containing COOP Peer Key Server's (KS) information,
uniquely identified by the Group & Peer Key Server IDs. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CgmGdoiCoopPeerEntry |
|
|
cgmGdoiKsKekEntry |
1.3.6.1.4.1.9.9.759.1.3.1.1 |
An entry containing the attributes associated with a GDOI KEK
Policy/SA, uniquely identified by the Group ID, Key Server
ID, & SPI value assigned by the given Key Server to the KEK.
There will be at least one KEK Policy/SA entry for each Key
Server & two KEK Policy/SA entries for a given Key Server
only during a KEK rekey when a new KEK is created/installed.
The KEK SPI is unique for every KEK for a given Key Server. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CgmGdoiKsKekEntry |
|
|
cgmGdoiKsKekRemainingLifetime |
1.3.6.1.4.1.9.9.759.1.3.1.1.20 |
The value of the remaining time for which a KEK is valid.
The value is a four (4) octet (32-bit) number which begins at
the value of cgmGdoiKsKekOriginalLifetime when the KEK is sent
and counts down to zero in seconds. If the lifetime has
already expired, this value should remain at zero (0) until
the Key Server refreshes the KEK. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
cgmGdoiGmKekEntry |
1.3.6.1.4.1.9.9.759.1.3.2.1 |
An entry containing the attributes associated with a GDOI KEK
SA, uniquely identified by the Group ID, Group Member (GM)
ID, & SPI value assigned by the GM's registered Key Server to
the KEK. There will be at least one KEK SA entry for each GM
& two KEK SA entries for a given GM only during a KEK rekey
when a new KEK is received & installed. The KEK SPI is
unique for every KEK for a given Group Member. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CgmGdoiGmKekEntry |
|
|
cgmGdoiGmKekRemainingLifetime |
1.3.6.1.4.1.9.9.759.1.3.2.1.20 |
The value of the remaining time for which a KEK is valid.
The value is a four (4) octet (32-bit) number which begins at
the value of cgmGdoiGmKekOriginalLifetime and counts down to 0
in seconds. If the lifetime has already expired, this value
should remain at zero (0) until the GCKS refreshes the KEK. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
cgmGdoiKsTekSelectorEntry |
1.3.6.1.4.1.9.9.759.1.3.3.1 |
An entry containing the Source/Destination attributes
associated with a GDOI TEK Policy, uniquely identified by the
Group ID, Key Server ID and TEK Selector index. There will be
one entry for each Source/Destination Policy sent by the given
Key Server to its registered Group Members, each with
a unique 5-tuple.
However, due to the 255-octet constraint placed on an OID,
the 4-tuple cannot be
used to INDEX a TEK entry for a given Group ID & Key Server
ID. Therefore, the TEK Selector index for a given Group ID &
Key Server ID MUST be unique. The TEK SPI is part of the TEK
Policy Table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CgmGdoiKsTekSelectorEntry |
|
|
cgmGdoiKsTekPolicyEntry |
1.3.6.1.4.1.9.9.759.1.3.4.1 |
An entry containing the attributes associated with a GDOI TEK
Policy, uniquely identified by the Group ID, Key Server ID,
TEK Selector Index (Source/Destination IDs & Ports), and TEK
Policy Index (TEK SPI and direction). There will be one or
more TEK entries for each TEK Policy sent by the given Key
Server to its registered Group Members, each with a unique
5-tuple. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CgmGdoiKsTekPolicyEntry |
|
|
cgmGdoiKsTekRemainingLifetime |
1.3.6.1.4.1.9.9.759.1.3.4.1.10 |
The value of the remaining time for which a TEK is valid.
The value is a four (4) octet (32-bit) number which begins at
the value of cgmGdoiKsTekOriginalLifetime when the TEK is sent
and counts down to zero in seconds. If the lifetime has
already expired, this value should remain at zero (0) until
the Key Server refreshes the TEK. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
cgmGdoiGmTekSelectorEntry |
1.3.6.1.4.1.9.9.759.1.3.5.1 |
An entry containing the attributes associated with a GDOI TEK
Policy/SA, uniquely identified by the Group ID, Group Member
ID, Source/Destination IDs & Ports, and TEK SPI. There will
be one or more TEK entries for each TEK Policy/SA received
and installed by the given Group Member from its registered
Key Server, each with a unique 5-tuple. This table does not contain the SPI
which is part of the TEK policy table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CgmGdoiGmTekSelectorEntry |
|
|
cgmGdoiGmTekPolicyEntry |
1.3.6.1.4.1.9.9.759.1.3.6.1 |
An entry containing the attributes associated with a GDOI TEK
Policy/SA, uniquely identified by the Group ID, Group Member
ID, TEK Selector (Source/Destination IDs & Ports), and TEK
Policy index (TEK SPI and direction). There will be one or
more TEK entries for each TEK Policy/SA received and installed
by the given Group Member from its registered Key Server, each
with a unique tuple.
This table contains the SPI information corresponding to a TEK
Selector index. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CgmGdoiGmTekPolicyEntry |
|
|
cgmGdoiGmTekRemainingLifetime |
1.3.6.1.4.1.9.9.759.1.3.6.1.10 |
The value of the remaining time for which a TEK is valid.
The value is a four (4) octet (32-bit) number which begins at
the value of cgmGdoiGmTekOriginalLifetime and counts down to 0
in seconds. If the lifetime has already expired, this value
should remain at zero (0) until the GCKS refreshes the TEK. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|