Internet DRAFT - draft-garcia-martinez-cgamib

draft-garcia-martinez-cgamib






Individual Submission                                 A. Garcia-Martinez
Internet-Draft                                                M. Bagnulo
Intended status: Standards Track                                    UC3M
Expires: March 14, 2013                               September 10, 2012


 Management Information Base for Cryptographically Generated Addresses
                                 (CGA)
                    draft-garcia-martinez-cgamib-05

Abstract

   This memo defines a portion of the Management Information Base (MIB)
   for managing Cryptographically Generated Addresses (CGA).

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on March 14, 2013.

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.





Garcia-Martinez & Bagnulo  Expires March 14, 2013               [Page 1]

Internet-Draft                   CGA MIB                  September 2012


Table of Contents

   1.  The Internet-Standard Management Framework . . . . . . . . . .  3
   2.  Overview . . . . . . . . . . . . . . . . . . . . . . . . . . .  3
   3.  Conventions  . . . . . . . . . . . . . . . . . . . . . . . . .  3
   4.  Definitions  . . . . . . . . . . . . . . . . . . . . . . . . .  4
   5.  Security Considerations  . . . . . . . . . . . . . . . . . . . 17
   6.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 18
   7.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 19
   8.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 19
     8.1.  Normative References . . . . . . . . . . . . . . . . . . . 19
     8.2.  Informative References . . . . . . . . . . . . . . . . . . 20
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 20






































Garcia-Martinez & Bagnulo  Expires March 14, 2013               [Page 2]

Internet-Draft                   CGA MIB                  September 2012


1.  The Internet-Standard Management Framework

   For a detailed overview of the documents that describe the current
   Internet-Standard Management Framework, please refer to section 7 of
   RFC 3410 [RFC3410].  Managed objects are accessed via a virtual
   information store, termed the Management Information Base or MIB.
   MIB objects are generally accessed through the Simple Network
   Management Protocol (SNMP).  Objects in the MIB are defined using the
   mechanisms defined in the Structure of Management Information (SMI).
   This memo specifies a MIB module that is compliant to the SMIv2,
   which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579
   [RFC2579] and STD 58, RFC 2580 [RFC2580].


2.  Overview

   This document defines the portion of the Management Information Base
   (MIB) to be used for managing Cryptographically Generated Addresses
   (CGA) [RFC3972].  CGA addresses are IPv6 addresses for which the
   interface identifier is generated by computing a one-way hash
   function from a public signature key and some auxiliary parameters.
   Therefore, CGA are represented in this MIB module as values of the
   InetAddressIPv6 type defined in [RFC4001].

   Two tables are defined, cgaLocalTable for representing the
   information about CGA local to the managed node, and cgaRemoteTable
   for representing CGA of nodes with which the managed node is
   communicating to.

   Rows in the cgaLocalTable may be created by means of the management
   protocol.  Once a row for a CGA has been created in the
   cgaLocalTable, it can be used as a local address by the node when the
   configuration of the corresponding rows in the ipAddressTable
   [RFC4293] is completed.  A discrete spin lock object is used to
   coordinate the creation of rows by different managers.

   Rows in the cgaRemoteTable are created as a result of CGA-aware
   protocol operation, such as SEND [RFC3971] or Shim6 [RFC5533]
   operation.


3.  Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].





Garcia-Martinez & Bagnulo  Expires March 14, 2013               [Page 3]

Internet-Draft                   CGA MIB                  September 2012


4.  Definitions

   CGA-MIB DEFINITIONS ::= BEGIN

   IMPORTS

      MODULE-IDENTITY,
      OBJECT-TYPE,
      mib-2,
      zeroDotZero                                  FROM SNMPv2-SMI
      TEXTUAL-CONVENTION,
      TestAndIncr,
      RowStatus,
      StorageType,
      TimeStamp,
      RowPointer                                   FROM SNMPv2-TC
      MODULE-COMPLIANCE,
      OBJECT-GROUP                                 FROM SNMPv2-CONF
      InetAddressIPv6                      FROM INET-ADDRESS-MIB;

   cgaMIB MODULE-IDENTITY
       LAST-UPDATED "201209100000Z"
       ORGANIZATION "IETF"
       CONTACT-INFO
              "Editor:

              Alberto Garcia-Martinez
              U. Carlos III de Madrid
              Avenida Universidad, 30
              Leganes, Madrid 28911
              Spain
              Email: alberto.garcia@uc3m.es"

       DESCRIPTION
              " The MIB module for managing Cryptographically Generated
              Addresses (CGA) [RFC3972].

              Copyright (c) 2012 IETF Trust and the persons identified
              as the document authors.  All rights reserved.
              This version of this MIB module is part of RFC yyyy; see
              the RFC itself for full legal notices."

       -- RFC Ed.: replace yyyy with actual RFC number & remove this
       -- note

       REVISION "201209100000Z"





Garcia-Martinez & Bagnulo  Expires March 14, 2013               [Page 4]

Internet-Draft                   CGA MIB                  September 2012


       DESCRIPTION
              "Initial version, published as RFC yyyy."

                 -- RFC Ed.: replace yyyy with actual RFC number & remove
                 -- this note

       ::= { mib-2 XXX }

          -- RFC Ed.: replace XXX with actual number assigned by IANA
          -- & remove this note


   --
   -- The textual conventions we define and use in this MIB.
   --

   CgaModifier ::= TEXTUAL-CONVENTION
       DISPLAY-HINT "16x"
       STATUS current
       DESCRIPTION
              "This is a binary string of 16 octets in network byte-
              order representing a 128-bit unsigned integer, which
              models the 'Modifier' parameter of the CGA."
       SYNTAX OCTET STRING (SIZE (16))

   CgaCollisionCount ::= TEXTUAL-CONVENTION
       STATUS current
       DESCRIPTION
              "This enumerated integer models the 'Collision Count'
              parameter of the CGA."
       SYNTAX INTEGER {
           zerocollisions(0),
           onecollision(1),
           twocollisions(2)
       }

   CgaKeyInfo::= TEXTUAL-CONVENTION
       DISPLAY-HINT "1024x"
       STATUS current
       DESCRIPTION
              "Variable-length field containing the key (either public
              or private) of the address (CGA) owner.  The key MUST be
              formatted as a DER-encoded [CCITT.X690.2002] ASN.1
              structure of the type SubjectPublicKeyInfo, defined in the
              Internet X.509 certificate profile [RFC5280].  When RSA is
              used, the algorithm identifier MUST be 'rsaEncryption',
              which is 1.2.840.113549.1.1.1, and the RSA public key MUST
              be formatted by using the RSAPublicKey type as specified



Garcia-Martinez & Bagnulo  Expires March 14, 2013               [Page 5]

Internet-Draft                   CGA MIB                  September 2012


              in Section 2.3.1 of RFC 3279 [RFC3279].
              The length of this field is determined by the ASN.1
              encoding."
       REFERENCE "RFC 3279, RFC 5280, ITU-T Recommendation X.690"
       SYNTAX OCTET STRING (SIZE (0..1024))

   cga OBJECT IDENTIFIER ::= { cgaMIB 1 }

   --
   -- Information related to local CGA
   --

   cgaLocalSpinLock OBJECT-TYPE
       SYNTAX TestAndIncr
       MAX-ACCESS read-write
       STATUS current
       DESCRIPTION
              "An advisory lock used to allow cooperating SNMP managers
              to coordinate their use of the set operation in creating
              or removing rows within the cgaLocalTable.  Note that the
              rows in the cgaLocalTable MUST remain unmodified (except
              for the RowStatus columnar object) once the cgaLocalStatus
              columnar object has been set to enabled(2).
              In order to use this lock to coordinate the use of set
              operations, managers SHOULD first retrieve
              cgaLocalSpinLock.  They SHOULD then determine the
              appropriate row to create or remove (setting the
              appropriate value to the cgaLocalRowStatus object).
              Finally, they SHOULD issue the appropriate set command,
              including the retrieved value of cgaLocalSpinLock.  If
              another manager has created or destroyed the row in the
              meantime, then the value of cgaLocalSpinLock will have
              changed, and the creation will fail as it will be
              specifying an incorrect value for cgaLocalSpinLock.  It is
              suggested, but not required, that the cgaLocalSpinLock be
              the first var bind for each set of objects representing a
              'row' in a PDU."
       ::= { cga 1 }

   cgaLocalTable OBJECT-TYPE
       SYNTAX SEQUENCE OF CgaLocalEntry
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
              "This table contains information describing the CGA
              parameters which can be used to configure local addresses
              in the managed system."




Garcia-Martinez & Bagnulo  Expires March 14, 2013               [Page 6]

Internet-Draft                   CGA MIB                  September 2012


              ::= { cga 2 }

   cgaLocalEntry OBJECT-TYPE
       SYNTAX CgaLocalEntry
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
              "Each row defines the information required to configure
              and use a CGA as a local address in the managed system.
              In order to have a local IP address configured as a CGA,
              two conditions MUST be fulfilled:
              +      A row in the cgaLocalTable with cgaLocalStatus set
                     to enabled(2).  The enabled(2) value can only be
                     set if the information held in the columnar objects
                     of the row is valid according to the verification
                     process defined in section 5 of [RFC3972].
              +      A row IP-MIB:ipAddressTable with a IP-
                     MIB:ipAddressAddr value equal to the cgaLocalAddr,
                     with a IP-MIB:ipAddressRowStatus value set to
                     active(1), and with an appropriate IP-
                     MIB:ipAddressStatus value - for example, not
                     invalid(3) or inaccessible(4).
              If the cgaLocalStatus of a row is set to enabled(2) when
              the corresponding row in IP-MIB:ipAddressTable does not
              exist, this row SHOULD be created and its IP-
              MIB:ipAddressRowStatus value should be set to active(1).
              In this case, the address MUST behave as a CGA since its
              very activation as an IP address: For example, in a node
              with SEND operation enabled, the Duplicate Address
              Detection procedure for this address will be performed as
              described in the SEND specification [RFC3971], using the
              CGA-specific information.
              If a local IP address is configured as a CGA, but the
              corresponding row in the cgaLocalTable is made unusable or
              the cgaLocalStatus value is set to a value different to
              enabled(2), the CGA SHOULD continue to be usable as an IP
              address, although CGA-aware protocols SHOULD stop using it
              as a CGA.  For example, Shim6 could keep the
              communications established, although may not use the CGA
              information for new communications; or could tear down all
              communications using Shim6, and stop using the CGA.
              If a row in the IP-MIB:ipAddressTable exists with its IP-
              MIB:ipAddressRowStatus set to active(1) exists, but there
              is no correspondent entry in the cgaLocalTable or the
              corresponding entry has a cgaLocalStatus object set to a
              value different to enabled(2), then the IP address is
              configured, but it does not behave as a CGA.  Then,
              cgaLocalStatus value of the corresponding row in the



Garcia-Martinez & Bagnulo  Expires March 14, 2013               [Page 7]

Internet-Draft                   CGA MIB                  September 2012


              cgaLocalTable is set to to enabled(2), the node SHOULD
              start using the address as a CGA for the operation of the
              CGA-aware protocols.
              If a row in the cgaLocalTable with the cgaLocalStatus
              object set to enabled(2) exists, but the IP address is not
              configured because there is no correspondent row in the
              IP-MIB:ipAddressTable (for example, because it has been
              removed after creation of the CGA) or the IP-
              MIB:ipAddressRowStatus is not set to active(1), and then
              the value IP-MIB:ipAddressRowStatus is set to active(1),
              the node SHOULD start using the address as a CGA for the
              operation of the CGA-aware protocols.
              Once the value of the cgaLocalStatus of an entry has been
              set once to enabled(2), the cgaLocalModifier,
              cgaLocalCollisionCount, cgaLocalPublicKey,
              cgaLocalPrivateKey and cgaLocalExtensionFields columnar
              objects of the entry MUST remain unmodified.
              The agent may generate new entries by other means than
              network management."
       INDEX { cgaLocalAddr }
       ::= { cgaLocalTable 1 }

   CgaLocalEntry ::= SEQUENCE {
           cgaLocalAddr InetAddressIPv6,
           cgaLocalModifier CgaModifier,
           cgaLocalCollisionCount CgaCollisionCount,
           cgaLocalPublicKey CgaKeyInfo,
           cgaLocalPrivateKey CgaKeyInfo,
           cgaLocalExtensionFields OCTET STRING,
           cgaLocalStatus INTEGER,
           cgaLocalAddrInfo RowPointer,
           cgaLocalRowStatus RowStatus,
           cgaLocalStorageType StorageType
       }

   cgaLocalAddr OBJECT-TYPE
       SYNTAX InetAddressIPv6
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
              "The CGA address to which this entry's information
              pertains."
       ::= { cgaLocalEntry 1 }

   cgaLocalModifier OBJECT-TYPE
       SYNTAX CgaModifier





Garcia-Martinez & Bagnulo  Expires March 14, 2013               [Page 8]

Internet-Draft                   CGA MIB                  September 2012


       MAX-ACCESS read-create
       STATUS current
       DESCRIPTION
              "Binary string of 16 octets in network byte-order
              representing a 128-bit unsigned integer, which models the
              'Modifier' parameter.
              This object MUST NOT be modified once the
              cgaLocalRowStatus object has been set to enabled(2)."
       ::= { cgaLocalEntry 2 }

   cgaLocalCollisionCount OBJECT-TYPE
       SYNTAX CgaCollisionCount
       MAX-ACCESS read-create
       STATUS current
       DESCRIPTION
              "This enumerated integer models the 'Collision Count'
              parameter of the CGA.
              This object MUST NOT be modified once the
              cgaLocalRowStatus object has been set to enabled(2)."
       ::= { cgaLocalEntry 3 }

   cgaLocalPublicKey OBJECT-TYPE
       SYNTAX CgaKeyInfo
       MAX-ACCESS read-create
       STATUS current
       DESCRIPTION
              "Variable-length field containing the public key of the
              address owner which models the 'Public Key' parameter of
              the CGA.
              Upon a set operation, an 'inconsistentValue' error MUST be
              returned if the value is not a DER-encoded ASN.1 structure
              of the type SubjectPublicKeyInfo.
              This object MUST NOT be modified once the
              cgaLocalRowStatus object has been set to enabled(2)."
       REFERENCE "RFC 3279, RFC 5280, ITU-T Recommendation X.690"
       ::= { cgaLocalEntry 4 }

   cgaLocalPrivateKey OBJECT-TYPE
       SYNTAX CgaKeyInfo
       MAX-ACCESS read-create
       STATUS current
       DESCRIPTION
              "Variable-length field containing the private key of the
              address owner which corresponds to the public key in
              cgaLocalPublicKey.
              Upon a set operation, an 'inconsistentValue' error MUST be
              returned if the value is not a DER-encoded ASN.1 structure
              of the type SubjectPublicKeyInfo.



Garcia-Martinez & Bagnulo  Expires March 14, 2013               [Page 9]

Internet-Draft                   CGA MIB                  September 2012


              This object MUST NOT be modified once the
              cgaLocalRowStatus object has been set to enabled(2).
              Note that read access to this object by an unintended
              party allows this party to impersonate the identity
              defined by any CGA of the node."
       REFERENCE "RFC 3279, RFC 5280, ITU-T Recommendation X.690"
       ::= { cgaLocalEntry 5 }

   cgaLocalExtensionFields OBJECT-TYPE
       SYNTAX OCTET STRING (SIZE (0..1024))
       MAX-ACCESS read-create
       STATUS current
       DESCRIPTION
              "Optional variable-length field, defined as an opaque
              type, modeling the 'Extension Fields' field of the CGA.
              This object MUST NOT be modified once the
              cgaLocalRowStatus object has been set to enabled(2)."
       ::= { cgaLocalEntry 6 }

   cgaLocalStatus OBJECT-TYPE
       SYNTAX INTEGER {
           notReady(1),
           enabled(2),
           invalid(3) }
       MAX-ACCESS read-create
       STATUS current
       DESCRIPTION
              "This columnar object indicates whether the row can be
              used as a CGA in the managed system or not.
              If the row is created but this object has not been set,
              its value is notReady(1).  In this state, the information
              of the row MUST NOT be used for address configuration.  In
              addition, it cannot be assumed that the information is
              valid according to the rules stated in section 5 of
              [RFC3972]
              If the administrator wants to made the CGA information in
              this row ready to be used, he MUST set this columnar
              object to enabled(2).  The managed node MUST then check
              the validity of the CGA according to the rules stated in
              section 5 of [RFC3972].  If the validation is successful,
              the state is changed to enabled(2).  Otherwise, an
              'inconsistentValue' error is returned, and the state is
              set to invalid(3).
              The administrator can set this columnar object to
              notReady(1) to indicate that the information of the CGA is
              no longer usable.





Garcia-Martinez & Bagnulo  Expires March 14, 2013              [Page 10]

Internet-Draft                   CGA MIB                  September 2012


              Note that the invalid(3) value cannot be requested to be
              set."
       DEFVAL { notReady }
       ::= { cgaLocalEntry 7 }

   cgaLocalAddrInfo OBJECT-TYPE
       SYNTAX RowPointer
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
              "Points to the corresponding row in IP-MIB:ipAddressTable
              if the CGA address is locally configured in the managed
              system.
              If the CGA is not configured as a local address of the
              node, it contains { 0 0 }."
       DEFVAL { zeroDotZero }
       ::= { cgaLocalEntry 8 }

   cgaLocalRowStatus OBJECT-TYPE
       SYNTAX RowStatus
       MAX-ACCESS read-create
       STATUS current
       DESCRIPTION
              "The status of this conceptual row.
              A conceptual row can not be made active until all the
              columnar objects, except for the cgaLocalStatus, have been
              assigned a value.  Note that validity of the CGA
              information (according to to the rules stated in section 5
              of [RFC3972]) is not required for this object to be
              active(1)"
       ::= { cgaLocalEntry 9 }

   cgaLocalStorageType OBJECT-TYPE
       SYNTAX StorageType
       MAX-ACCESS read-create
       STATUS current
       DESCRIPTION
              "The storage type for this conceptual row.  If this object
              has a value of 'permanent', then no other objects are
              required to be able to be modified.
              The values of the cgaLocalStorageType and of the
              corresponding IP-MIB:ipAddressStorageType SHOULD be the
              same."
       DEFVAL { volatile }
       ::= { cgaLocalEntry 10 }






Garcia-Martinez & Bagnulo  Expires March 14, 2013              [Page 11]

Internet-Draft                   CGA MIB                  September 2012


   --
   -- table to store information about the valid CGAs corresponding
   -- to remote nodes
   --

   cgaRemoteTable OBJECT-TYPE
       SYNTAX SEQUENCE OF CgaRemoteEntry
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
              "List of valid CGA addresses of remote nodes.  Only valid
              CGAs, according to the validation rules of section 5 of
              [RFC3972], MUST appear in this table.
              The agent populates the entries in this table with the
              information obtained using a CGA-aware protocol (i.e.
              SEND or Shim6), and operation with these protocols is
              responsible for deleting the entry according to the rules
              defined for their operation.  Protocol-specific
              information associated with the CGA MUST be managed in a
              MIB specific for the considered protocol.  Note that many
              protocols could be using the same remote CGA.
              Note in addition that each protocol may require different
              rules for validating a CGA (for example, may vary in the
              minimum bits required for the key length).
              All the objects in this table are defined as read-only."
       ::= { cga 3 }

   cgaRemoteEntry OBJECT-TYPE
       SYNTAX CgaRemoteEntry
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
              "Information related with a remote CGA."
       INDEX { cgaRemoteAddr }
       ::= { cgaRemoteTable 1 }

   CgaRemoteEntry ::= SEQUENCE {
           cgaRemoteAddr InetAddressIPv6,
           cgaRemoteModifier CgaModifier,
           cgaRemoteCollisionCount CgaCollisionCount,
           cgaRemotePublicKey CgaKeyInfo,
           cgaRemoteExtensionFields OCTET STRING,
           cgaRemoteCreated TimeStamp
       }

   cgaRemoteAddr OBJECT-TYPE





Garcia-Martinez & Bagnulo  Expires March 14, 2013              [Page 12]

Internet-Draft                   CGA MIB                  September 2012


       SYNTAX InetAddressIPv6
       MAX-ACCESS not-accessible
       STATUS current
       DESCRIPTION
              "The CGA IPv6 address of a remote node to which this
              entry's information is associated."
       ::= { cgaRemoteEntry 1 }

   cgaRemoteModifier OBJECT-TYPE
       SYNTAX CgaModifier
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
              "Binary string of 16 octets in network byte-order
              representing a 128-bit unsigned integer, which models the
              'Modifier' parameter."
       ::= { cgaRemoteEntry 2 }

   cgaRemoteCollisionCount OBJECT-TYPE
       SYNTAX CgaCollisionCount
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
              "Enumerated integer which models the 'Collision Count'
              parameter of the CGA."
       ::= { cgaRemoteEntry 3 }

   cgaRemotePublicKey OBJECT-TYPE
       SYNTAX CgaKeyInfo
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
              "Variable-length field containing the public key of the
              remote node owner of the address, which models the 'Public
              Key' parameter of the CGA."
       ::= { cgaRemoteEntry 4 }

   cgaRemoteExtensionFields OBJECT-TYPE
       SYNTAX OCTET STRING (SIZE (0..1024))
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
              "Optional variable-length field.  Defined as an opaque
              type, containing the 'Extension Fields' of the CGA."
       ::= { cgaRemoteEntry 5 }

   cgaRemoteCreated OBJECT-TYPE




Garcia-Martinez & Bagnulo  Expires March 14, 2013              [Page 13]

Internet-Draft                   CGA MIB                  September 2012


       SYNTAX TimeStamp
       MAX-ACCESS read-only
       STATUS current
       DESCRIPTION
              "The value of the sysUpTime object at the time this entry
              was created.  If this entry was created prior to the last
              re-initialization of the local network management
              subsystem, then this object contains a zero value."
       ::= { cgaRemoteEntry 6 }


   --
   -- conformance information
   --


   cgaMIBConformance OBJECT IDENTIFIER ::= { cgaMIB 2 }

   cgaMIBCompliances OBJECT IDENTIFIER ::= { cgaMIBConformance 1 }

   cgaMIBGroups OBJECT IDENTIFIER ::= { cgaMIBConformance 2 }

   cgaMIBFullCompliance MODULE-COMPLIANCE
       STATUS current
       DESCRIPTION
              "When this MIB is implemented for read-create access to
              the information related to the local CGA, the
              implementation can claim full compliance."
       MODULE -- this module
       MANDATORY-GROUPS { cgaLocalGroup, cgaRemoteGroup }

       OBJECT cgaLocalRowStatus
       SYNTAX RowStatus { active(1) }
       WRITE-SYNTAX RowStatus { active(1),
              createAndGo(4), destroy(6) }
       DESCRIPTION
              "Support for createAndWait and notInService is not
              required."

       ::= { cgaMIBCompliances 1 }

   cgaMIBReadOnlyCompliance MODULE-COMPLIANCE
       STATUS current
       DESCRIPTION
              "When this MIB is implemented without read-create access
              to the information related to the local CGA, the
              implementation can claim read-only compliance.




Garcia-Martinez & Bagnulo  Expires March 14, 2013              [Page 14]

Internet-Draft                   CGA MIB                  September 2012


              In this case the cgaLocalPrivateKey may or may not be
              accessible."
       MODULE -- this module
       MANDATORY-GROUPS { cgaLocalGroup, cgaRemoteGroup }

       OBJECT cgaLocalSpinLock
       MIN-ACCESS not-accessible
       DESCRIPTION
              "An agent is not required to implement this object.
              However, if an agent provides write access to any of the
              other objects in the cgaLocalGroup, it SHOULD provide
              write access to this object as well."

       OBJECT cgaLocalModifier
       MIN-ACCESS read-only
       DESCRIPTION
              "An agent is not required to provide write or create
              access to this object."

       OBJECT cgaLocalCollisionCount
       MIN-ACCESS read-only
       DESCRIPTION
              "An agent is not required to provide write or create
              access to this object."

       OBJECT cgaLocalPublicKey
       MIN-ACCESS read-only
              DESCRIPTION
              "An agent is not required to provide write or create
              access to this object."

       OBJECT cgaLocalPrivateKey
       MIN-ACCESS not-accessible
       DESCRIPTION
              "An agent is not required to provide write or create
              access to this object.  Read access to this object is also
              not required.  If write access is not provided to other
              objects in the cgaLocalGroup, or for security reasons, the
              cgaLocalPrivateKey MAY not be readable."

       OBJECT cgaLocalExtensionFields
       MIN-ACCESS read-only
       DESCRIPTION
              "An agent is not required to provide write or create
              access to this object."






Garcia-Martinez & Bagnulo  Expires March 14, 2013              [Page 15]

Internet-Draft                   CGA MIB                  September 2012


       OBJECT cgaLocalStatus
       MIN-ACCESS read-only
       DESCRIPTION
              "An agent is not required to provide write or create
              access to this object."

       OBJECT cgaLocalRowStatus
       SYNTAX RowStatus { active(1) }
       MIN-ACCESS read-only
       DESCRIPTION
              "An agent is not required to provide write or create
              access to this object.  In this case, the only value
              permitted is active(1)."

       OBJECT cgaLocalStorageType
       MIN-ACCESS read-only
       DESCRIPTION
              "An agent is not required to provide write or create
              access to this object.  If an agent allows this object to
              be written or created, it is not required to allow this
              object to be set to readOnly, permanent, or nonVolatile."

       ::= { cgaMIBCompliances 2 }



   -- group definitions


   cgaLocalGroup OBJECT-GROUP
       OBJECTS {
           cgaLocalSpinLock, cgaLocalModifier, cgaLocalCollisionCount,
           cgaLocalPublicKey, cgaLocalPrivateKey,
           cgaLocalExtensionFields, cgaLocalStatus, cgaLocalAddrInfo,
           cgaLocalRowStatus, cgaLocalStorageType }
       STATUS current
       DESCRIPTION
              "The group of the elements representing the components of
              the CGA Parameters data structure for the local node."
       ::= { cgaMIBGroups 1 }

   cgaRemoteGroup OBJECT-GROUP
       OBJECTS {
           cgaRemoteModifier, cgaRemoteCollisionCount,
           cgaRemotePublicKey, cgaRemoteExtensionFields,
           cgaRemoteCreated }





Garcia-Martinez & Bagnulo  Expires March 14, 2013              [Page 16]

Internet-Draft                   CGA MIB                  September 2012


       STATUS current
       DESCRIPTION
              "The group of the elements representing the components of
              the CGA Parameters data structure for remote nodes."
       ::= { cgaMIBGroups 2 }

   END


5.  Security Considerations

   This document defines a MIB module which could be used to configure
   CGA local to a node, which provides address ownership capabilities.
   Since this configuration affects to the security services provided by
   other protocols (such as SEND or Shim6), access through a management
   protocol to this configuration data has to be carefully considered.

   This document specifies two MODULE-COMPLIANCE statements,
   cgaMIBFullCompliance allowing read-create access to local CGA
   configuration, and cgaMIBReadOnlyCompliance allowing read-only access
   to local CGA configuration and (optionally) no access to the private
   key of the local CGA, cgaLocalPrivateKey.  Therefore:
   1.  If read-only access is provided and cgaLocalPrivateKey is not-
       accessible, the information disclosed in the cgaLocalTable is the
       one provided by protocols using CGA to prove the identity of the
       node considered to other nodes communicating with it.  An
       attacker could obtain in general this information by using a CGA-
       aware protocol to request the CGA of the node.  However,
       filtering restrictions configured for these CGA-aware protocols
       may not be enforced in the same way at the management protocol.
       An additional concern is that an attacker could obtain the
       information about a CGA (or many CGAs) without knowing any (all)
       of them, since the attacker could use one of the addresses (may
       be even not a CGA) to retrieve information from all the CGAs of
       the node.  In any case it must be noted that the information
       disclosed when this configuration is in use cannot be used to
       impersonate the identity of the node unless the CGA itself
       becomes vulnerable to factoring attacks, since the private key is
       not made available.
   2.  If read-only access is provided for all the objects of the
       cgaLocalTable, including the cgaLocalPrivateKey columnar object,
       higher risks arise, since in this case any node accessing to this
       information could impersonate the node even if CGA-aware security
       protocols are used.
   3.  If read-create access is provided to the rows of the
       cgaLocalTable, besides the risks of accessing to
       cgaLocalPrivateKey, an attacker can delete or disable the entry
       associated to a CGA to prevent the node to benefit from the



Garcia-Martinez & Bagnulo  Expires March 14, 2013              [Page 17]

Internet-Draft                   CGA MIB                  September 2012


       authentication facilities provided by the combination of the CGA
       addresses and CGA-aware protocols.  New CGAs can be introduced in
       the node, either to impersonate other nodes or to exhaust the
       resources of the node.

   The risks associated to the last two configuration scenarios are so
   high that the following statement is made: the access to the managed
   node SHOULD be as secure or more secure than the services which are
   provided by the CGA.  Only authorized administrators SHOULD be
   allowed to configure a device.

   The risks associated to the access to the cgaRemoteTable are similar
   to the first case described when discussing the access to
   cgaLocalTable.

   SNMP versions prior to SNMPv3 did not include adequate security.
   Even if the network itself is secure (for example by using IPSec),
   even then, there is no control as to who on the secure network is
   allowed to access and GET/SET (read/change/create/delete) the objects
   in this MIB module.

   It is RECOMMENDED that implementers consider the security features as
   provided by the SNMPv3 framework (see [RFC3410], section 8),
   including full support for the SNMPv3 cryptographic mechanisms (for
   authentication and privacy).

   Further, deployment of SNMP versions prior to SNMPv3 is NOT
   RECOMMENDED.  Instead, it is RECOMMENDED to deploy SNMPv3 and to
   enable cryptographic security.  It is then a customer/operator
   responsibility to ensure that the SNMP entity giving access to an
   instance of this MIB module, is properly configured to give access to
   the objects only to those principals (users) that have legitimate
   rights to indeed GET or SET (change/create/delete) them.


6.  IANA Considerations

   The MIB module in this document uses the following IANA-assigned
   OBJECT IDENTIFIER values recorded in the SMI Numbers registry:


         Descriptor        OBJECT IDENTIFIER value
         ----------        -----------------------

         cga-MIB   { mib-2 XXX }


   Editor's Note (to be removed prior to publication): the IANA is



Garcia-Martinez & Bagnulo  Expires March 14, 2013              [Page 18]

Internet-Draft                   CGA MIB                  September 2012


   requested to assign a value for "XXX" under the 'mib-2' subtree and
   to record the assignment in the SMI Numbers registry.  When the
   assignment has been made, the RFC Editor is asked to replace "XXX"
   (here and in the MIB module) with the assigned value and to remove
   this note.


7.  Acknowledgements

   The work of Alberto Garcia-Martinez was supported in part by T2C2
   project (TIN2008-06739-C04-01, granted by the Spanish Science and
   Innovation Ministry).

   The authors would like to thank Suresh Krishnan for reviewing the
   document.


8.  References

8.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2578]  McCloghrie, K., Ed., Perkins, D., Ed., and J.
              Schoenwaelder, Ed., "Structure of Management Information
              Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.

   [RFC2579]  McCloghrie, K., Ed., Perkins, D., Ed., and J.
              Schoenwaelder, Ed., "Textual Conventions for SMIv2",
              STD 58, RFC 2579, April 1999.

   [RFC2580]  McCloghrie, K., Perkins, D., and J. Schoenwaelder,
              "Conformance Statements for SMIv2", STD 58, RFC 2580,
              April 1999.

   [RFC3279]  Bassham, L., Polk, W., and R. Housley, "Algorithms and
              Identifiers for the Internet X.509 Public Key
              Infrastructure Certificate and Certificate Revocation List
              (CRL) Profile", RFC 3279, April 2002.

   [RFC5280]  Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
              Housley, R., and W. Polk, "Internet X.509 Public Key
              Infrastructure Certificate and Certificate Revocation List
              (CRL) Profile", RFC 5280, May 2008.

   [RFC3971]  Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure
              Neighbor Discovery (SEND)", RFC 3971, March 2005.



Garcia-Martinez & Bagnulo  Expires March 14, 2013              [Page 19]

Internet-Draft                   CGA MIB                  September 2012


   [RFC3972]  Aura, T., "Cryptographically Generated Addresses (CGA)",
              RFC 3972, March 2005.

   [RFC4001]  Daniele, M., Haberman, B., Routhier, S., and J.
              Schoenwaelder, "Textual Conventions for Internet Network
              Addresses", RFC 4001, February 2005.

   [RFC4293]  Routhier, S., "Management Information Base for the
              Internet Protocol (IP)", RFC 4293, April 2006.

   [RFC5533]  Nordmark, E. and M. Bagnulo, "Shim6: Level 3 Multihoming
              Shim Protocol for IPv6", RFC 5533, June 2009.

   [CCITT.X690.2002]
              International International Telephone and Telegraph
              Consultative Committee, "ASN.1 encoding rules:
              Specification of basic encoding Rules (BER), Canonical
              encoding rules (CER) and Distinguished encoding rules
              (DER)", CCITT Recommendation X.690, July 2002.

8.2.  Informative References

   [RFC3410]  Case, J., Mundy, R., Partain, D., and B. Stewart,
              "Introduction and Applicability Statements for Internet-
              Standard Management Framework", RFC 3410, December 2002.


Authors' Addresses

   Alberto Garcia-Martinez
   Universidad Carlos III de Madrid
   Av. Universidad 30
   Leganes, Madrid  28911
   SPAIN

   Phone: 34 91 6249500
   Email: alberto@it.uc3m.es
   URI:   http://www.it.uc3m.es













Garcia-Martinez & Bagnulo  Expires March 14, 2013              [Page 20]

Internet-Draft                   CGA MIB                  September 2012


   Marcelo Bagnulo
   U. Carlos III de Madrid
   Av. Universidad 30
   Leganes, Madrid  28911
   Spain

   Phone: +34 91 6248814
   Email: marcelo@it.uc3m.es
   URI:   http://www.it.uc3m.es/










































Garcia-Martinez & Bagnulo  Expires March 14, 2013              [Page 21]