ONEACCESS-GDOI-MIB

File: ONEACCESS-GDOI-MIB.mib (22142 bytes)

Imported modules

SNMPv2-CONF SNMPv2-SMI SNMPv2-TC
ONEACCESS-GLOBAL-REG

Imported symbols

MODULE-COMPLIANCE NOTIFICATION-GROUP OBJECT-GROUP
MODULE-IDENTITY NOTIFICATION-TYPE OBJECT-TYPE
Counter32 Unsigned32 TEXTUAL-CONVENTION
DisplayString oacExpIMManagement

Defined Types

OacGdoiIdentificationType  
A textual convention indicating the type of value used to identify a GDOI entity (i.e. Group, or Group Member). Following are the Identification Type Values: ID Type Value ------- ----- ID_KEY_ID 1 -- groupNumber ID_IPV4_ADDR 2 -- ipv4Address Following are the mappings to the type values above: 'keyID' : group number key identifier. 'ipv4' : IPv4 address.
TEXTUAL-CONVENTION    
  INTEGER keyID(1), ipv4(2)  

OacGdoiIdentificationValue  
A textual convention indicating the actual value of used to identify a GDOI entity (i.e. Group or Group Member). The value of the oacGdoiIdentificationValue object can be parsed based on the value of the associated oacGdoiIdentificationType object
TEXTUAL-CONVENTION    
  OCTET STRING Size(0..16)  

OacGdoiSPI  
A textual convention indicating a SPI (Security Parameter Index)
TEXTUAL-CONVENTION    
  OCTET STRING Size(32)  

OacGdoiKEKEncryptionAlgorithm  
A textual convention indicating the identifier of the KEK encryption algorithm being used
TEXTUAL-CONVENTION    
  INTEGER enc-des(1), enc-3des(2), enc-aes(3)  

OacGdoiHashAlogrithm  
A textual convention indicating the identifier of the hash algorithm being used.
TEXTUAL-CONVENTION    
  INTEGER md5(1), sha1(2)  

OacGdoiSignatureMethod  
A textual convention indicating the identifier of the integirty algorithm being used
TEXTUAL-CONVENTION    
  INTEGER rsa(1), dss(2), ecdss(3)  

OacGdoiGroupEntry  
SEQUENCE    
  oacGdoiGroupName DisplayString
  oacGdoiGroupIdType OacGdoiIdentificationType
  oacGdoiGroupIdValue OacGdoiIdentificationValue

OacGdoiGmEntry  
SEQUENCE    
  oacGdoiGmIdType OacGdoiIdentificationType
  oacGdoiGmIdValue OacGdoiIdentificationValue
  oacGdoiGmRegKeyServerIdValue OacGdoiIdentificationValue
  oacGdoiGmActiveKEK OacGdoiSPI
  oacGdoiGmRekeysReceived Counter32

OacGdoiGmKekEntry  
SEQUENCE    
  oacGdoiGmKekSPI OacGdoiSPI
  oacGdoiGmKekSrcIdValue OacGdoiIdentificationValue
  oacGdoiGmKekDstIdValue OacGdoiIdentificationValue
  oacGdoiGmKekEncryptAlg OacGdoiKEKEncryptionAlgorithm
  oacGdoiGmKekEncryptKeyLength Unsigned32
  oacGdoiGmKekSigHashAlg OacGdoiHashAlogrithm
  oacGdoiGmKekSigAlg OacGdoiSignatureMethod
  oacGdoiGmKekSigKeyLength Unsigned32
  oacGdoiGmKekOriginalLifetime Unsigned32
  oacGdoiGmKekRemainingLifetime Unsigned32

Defined Values

oacExpIMGdoiMIB 1.3.6.1.4.1.13191.10.3.4.1224
This MIB module defines objects for managing the GDOI protocol
MODULE-IDENTITY    

oacGdoiMIBObjects 1.3.6.1.4.1.13191.10.3.4.1224.1
OBJECT IDENTIFIER    

oacGdoiGroupTable 1.3.6.1.4.1.13191.10.3.4.1224.1.1
A table of information regarding GDOI Groups in use on the network device being queried.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    OacGdoiGroupEntry

oacGdoiGroupEntry 1.3.6.1.4.1.13191.10.3.4.1224.1.1.1
An entry containing GDOI Group information, uniquely identified by the GDOI Group ID.
Status: current Access: not-accessible
OBJECT-TYPE    
  OacGdoiGroupEntry  

oacGdoiGroupName 1.3.6.1.4.1.13191.10.3.4.1224.1.1.1.1
The string-readable name configured for or given to a GDOI Group.
Status: current Access: read-only
OBJECT-TYPE    
  DisplayString  

oacGdoiGroupIdType 1.3.6.1.4.1.13191.10.3.4.1224.1.1.1.2
The Identification Type Value used to parse a GDOI Group ID. The GDOI RFC 3547 defines the types that can be used as a GDOI Group ID, and RFC 4306 defines all valid types that can be used as an identifier.
Status: current Access: read-only
OBJECT-TYPE    
  OacGdoiIdentificationType  

oacGdoiGroupIdValue 1.3.6.1.4.1.13191.10.3.4.1224.1.1.1.3
The value of a Group ID with its type indicated by the oacGdoiGroupIdType. Use the oacGdoiGroupIdType to parse the Group ID correctly. This Group ID value is sent as the 'Identification Data' field of the Identification Payload for a GDOI GROUPKEY-PULL exchange.
Status: current Access: read-only
OBJECT-TYPE    
  OacGdoiIdentificationValue  

oacGdoiGm 1.3.6.1.4.1.13191.10.3.4.1224.1.2
OBJECT IDENTIFIER    

oacGdoiPolicy 1.3.6.1.4.1.13191.10.3.4.1224.1.3
OBJECT IDENTIFIER    

oacGdoiGmTable 1.3.6.1.4.1.13191.10.3.4.1224.1.2.2
A table of information regarding GDOI Group Members (GMs) locally configured on the network device being queried. Note that Local Group Members may or may not be registered to a Key Server in its GDOI Group on the same network device being queried.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    OacGdoiGmEntry

oacGdoiGmEntry 1.3.6.1.4.1.13191.10.3.4.1224.1.2.2.1
An entry containing Local GDOI Group Member information, uniquely identified by Group & GM IDs. Because the Group Member is Local to the network device being queried, TEKs installed for this Group Member can be queried as well.
Status: current Access: not-accessible
OBJECT-TYPE    
  OacGdoiGmEntry  

oacGdoiGmIdType 1.3.6.1.4.1.13191.10.3.4.1224.1.2.2.1.1
The Identification Type Value used to parse the identity information for a Initiator or Group Member. RFC 4306 defines all valid types that can be used as an identifier. These identification types are sent as the 'SRC ID Type' and 'DST ID Type' of the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges.
Status: current Access: read-only
OBJECT-TYPE    
  OacGdoiIdentificationType  

oacGdoiGmIdValue 1.3.6.1.4.1.13191.10.3.4.1224.1.2.2.1.2
The value of the identity information for a Group Member with its type indicated by the oacGdoiGmIdType. Use the oacGdoiGmIdType to parse the Group Member ID correctly. This Group Member ID value is sent as the 'SRC Identification Data' and 'DST Identification Data' of the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges.
Status: current Access: read-only
OBJECT-TYPE    
  OacGdoiIdentificationValue  

oacGdoiGmRegKeyServerIdValue 1.3.6.1.4.1.13191.10.3.4.1224.1.2.2.1.3
The value of the identity information for this Group Member's registered Key Server with its type indicated by the oacGdoiGmRegKeyServerIdType. Use the oacGdoiGmRegKeyServerIdType to parse the registered Key Server's ID correctly. This Key Server ID value is sent as the 'SRC Identification Data' and 'DST Identification Data' of the KEK and TEK payloads for GDOI GROUPKEY-PULL and GROUPKEY-PUSH exchanges.
Status: current Access: read-only
OBJECT-TYPE    
  OacGdoiIdentificationValue  

oacGdoiGmActiveKEK 1.3.6.1.4.1.13191.10.3.4.1224.1.2.2.1.4
The SPI of the Key Encryption Key (KEK) that is currently being used by the Group Member to authenticate & decrypt a rekey from a GROUPKEY-PUSH message.
Status: current Access: read-only
OBJECT-TYPE    
  OacGdoiSPI  

oacGdoiGmRekeysReceived 1.3.6.1.4.1.13191.10.3.4.1224.1.2.2.1.5
The sequence number of the last rekey successfully received from this Group Member's registered Key Server.
Status: current Access: read-only
OBJECT-TYPE    
  Counter32  

oacGdoiGmKekTable 1.3.6.1.4.1.13191.10.3.4.1224.1.3.2
A table of information regarding GDOI Key Encryption Key (KEK) Security Associations (SAs) currently installed for GDOI entities acting as Group Members on the network device being queried. There is one entry in this table for each KEK SA that has been installed and not yet deleted. Each KEK SA is uniquely identified by a SPI at any given time.
Status: current Access: not-accessible
OBJECT-TYPE    
  SEQUENCE OF  
    OacGdoiGmKekEntry

oacGdoiGmKekEntry 1.3.6.1.4.1.13191.10.3.4.1224.1.3.2.1
An entry containing the attributes associated with a GDOI KEK SA, uniquely identified by the Group ID, Group Member (GM) ID, & SPI value assigned by the GM's registered Key Server to the KEK. There will be at least one KEK SA entry for each GM & two KEK SA entries for a given GM only during a KEK rekey when a new KEK is received & installed. The KEK SPI is unique for every KEK for a given Group Member.
Status: current Access: not-accessible
OBJECT-TYPE    
  OacGdoiGmKekEntry  

oacGdoiGmKekSPI 1.3.6.1.4.1.13191.10.3.4.1224.1.3.2.1.1
The value of the Security Parameter Index (SPI) of a KEK SA. The SPI must be the ISAKMP Header cookie pair where the first 8 octets become the 'Initiator Cookie' field of the GROUPKEY-PUSH message ISAKMP HDR, and the second 8 octets become the 'Responder Cookie' in the same HDR. As described above, these cookies are assigned by the GCKS.
Status: current Access: read-only
OBJECT-TYPE    
  OacGdoiSPI  

oacGdoiGmKekSrcIdValue 1.3.6.1.4.1.13191.10.3.4.1224.1.3.2.1.2
The value of the identity information for the source of a KEK SA with its type indicated by the oacGdoiGmKekSrcIdType. Use the oacGdoiGmKekSrcIdType to parse the KEK Source ID correctly. This ID value is sent as the 'SRC Identification Data' of a KEK payload.
Status: current Access: read-only
OBJECT-TYPE    
  OacGdoiIdentificationValue  

oacGdoiGmKekDstIdValue 1.3.6.1.4.1.13191.10.3.4.1224.1.3.2.1.3
The value of the identity information for the destination of a KEK SA (multicast rekey address) with its type indicated by oacGdoiGmKekDstIdType. Use the oacGdoiGmKekDstIdType to parse the KEK Dest. ID correctly. This ID value is sent as the 'DST Identification Data' of a KEK payload.
Status: current Access: read-only
OBJECT-TYPE    
  OacGdoiIdentificationValue  

oacGdoiGmKekEncryptAlg 1.3.6.1.4.1.13191.10.3.4.1224.1.3.2.1.4
The value of the KEK_ALGORITHM which specifies the encryption algorithm used with the KEK SA. A GDOI implementaiton must support KEK_ALG_3DES. Following are the KEK encryption algoritm values defined in the GDOI RFC 3547, however the oacGdoiEncryptionAlgorithm TC defines all possible values. Algorithm Type Value -------------- ----- KEK_ALG_DES 1 KEK_ALG_3DES 2 KEK_ALG_AES 3
Status: current Access: read-only
OBJECT-TYPE    
  OacGdoiKEKEncryptionAlgorithm  

oacGdoiGmKekEncryptKeyLength 1.3.6.1.4.1.13191.10.3.4.1224.1.3.2.1.5
The value of the KEK_KEY_LENGTH which specifies the KEK Algorithm key length (in bits).
Status: current Access: read-only
OBJECT-TYPE    
  Unsigned32  

oacGdoiGmKekSigHashAlg 1.3.6.1.4.1.13191.10.3.4.1224.1.3.2.1.6
The value of the SIG_HASH_ALGORITHM which specifies the SIG payload hash algorithm. This is not required (i.e. could have a value of zero) if the SIG_ALGORITHM is SIG_ALG_DSS or SIG_ALG_ECDSS, which imply SIG_HASH_SHA1 (i.e. must have a value of zero or SIG_HASH_SHA1)
Status: current Access: read-only
OBJECT-TYPE    
  OacGdoiHashAlogrithm  

oacGdoiGmKekSigAlg 1.3.6.1.4.1.13191.10.3.4.1224.1.3.2.1.7
The value of the SIG_ALGORITHM which specifies the SIG payload signature algorithm. A GDOI implementation must support SIG_ALG_RSA
Status: current Access: read-only
OBJECT-TYPE    
  OacGdoiSignatureMethod  

oacGdoiGmKekSigKeyLength 1.3.6.1.4.1.13191.10.3.4.1224.1.3.2.1.8
The value of the SIG_KEY_LENGTH which specifies the length of the SIG payload key.
Status: current Access: read-only
OBJECT-TYPE    
  Unsigned32  

oacGdoiGmKekOriginalLifetime 1.3.6.1.4.1.13191.10.3.4.1224.1.3.2.1.9
The value of the KEK_KEY_LIFETIME which specifies the maximum time for which a KEK is valid. The GCKS may refresh the KEK at any time before the end of the valid period. The value is a four (4) octet (32-bit) number defining a valid time period in seconds.
Status: current Access: read-only
OBJECT-TYPE    
  Unsigned32  

oacGdoiGmKekRemainingLifetime 1.3.6.1.4.1.13191.10.3.4.1224.1.3.2.1.10
The value of the remaining time for which a KEK is valid. The value is a four (4) octet (32-bit) number which begins at the value of oacGdoiGmKekOriginalLifetime and counts down to 0 in seconds. If the lifetime has already expired, this value should remain at zero (0) until the GCKS refreshes the KEK.
Status: current Access: read-only
OBJECT-TYPE    
  Unsigned32