draft-ietf-isms-dtls-tm-04.txt   draft-ietf-isms-dtls-tm-05.txt 
ISMS W. Hardaker ISMS W. Hardaker
Internet-Draft Sparta, Inc. Internet-Draft Sparta, Inc.
Intended status: Standards Track December 30, 2009 Intended status: Standards Track January 8, 2010
Expires: July 3, 2010 Expires: July 12, 2010
Transport Layer Security (TLS) Transport Model for SNMP Transport Layer Security (TLS) Transport Model for SNMP
draft-ietf-isms-dtls-tm-04.txt draft-ietf-isms-dtls-tm-05.txt
Abstract Abstract
This document describes a Transport Model for the Simple Network This document describes a Transport Model for the Simple Network
Management Protocol (SNMP), that uses either the Transport Layer Management Protocol (SNMP), that uses either the Transport Layer
Security protocol or the Datagram Transport Layer Security (DTLS) Security protocol or the Datagram Transport Layer Security (DTLS)
protocol. The TLS and DTLS protocols provide authentication and protocol. The TLS and DTLS protocols provide authentication and
privacy services for SNMP applications. This document describes how privacy services for SNMP applications. This document describes how
the TLS Transport Model (TLSTM) implements the needed features of a the TLS Transport Model (TLSTM) implements the needed features of a
SNMP Transport Subsystem to make this protection possible in an SNMP Transport Subsystem to make this protection possible in an
skipping to change at page 2, line 9 skipping to change at page 2, line 9
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on July 3, 2010. This Internet-Draft will expire on July 12, 2010.
Copyright Notice Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 3, line 45 skipping to change at page 3, line 45
5.4. Closing a Session . . . . . . . . . . . . . . . . . . . . 27 5.4. Closing a Session . . . . . . . . . . . . . . . . . . . . 27
6. MIB Module Overview . . . . . . . . . . . . . . . . . . . . . 28 6. MIB Module Overview . . . . . . . . . . . . . . . . . . . . . 28
6.1. Structure of the MIB Module . . . . . . . . . . . . . . . 28 6.1. Structure of the MIB Module . . . . . . . . . . . . . . . 28
6.2. Textual Conventions . . . . . . . . . . . . . . . . . . . 28 6.2. Textual Conventions . . . . . . . . . . . . . . . . . . . 28
6.3. Statistical Counters . . . . . . . . . . . . . . . . . . . 28 6.3. Statistical Counters . . . . . . . . . . . . . . . . . . . 28
6.4. Configuration Tables . . . . . . . . . . . . . . . . . . . 28 6.4. Configuration Tables . . . . . . . . . . . . . . . . . . . 28
6.4.1. Notifications . . . . . . . . . . . . . . . . . . . . 29 6.4.1. Notifications . . . . . . . . . . . . . . . . . . . . 29
6.5. Relationship to Other MIB Modules . . . . . . . . . . . . 29 6.5. Relationship to Other MIB Modules . . . . . . . . . . . . 29
6.5.1. MIB Modules Required for IMPORTS . . . . . . . . . . . 29 6.5.1. MIB Modules Required for IMPORTS . . . . . . . . . . . 29
7. MIB Module Definition . . . . . . . . . . . . . . . . . . . . 29 7. MIB Module Definition . . . . . . . . . . . . . . . . . . . . 29
8. Operational Considerations . . . . . . . . . . . . . . . . . . 51 8. Operational Considerations . . . . . . . . . . . . . . . . . . 50
8.1. Sessions . . . . . . . . . . . . . . . . . . . . . . . . . 51 8.1. Sessions . . . . . . . . . . . . . . . . . . . . . . . . . 51
8.2. Notification Receiver Credential Selection . . . . . . . . 51 8.2. Notification Receiver Credential Selection . . . . . . . . 51
8.3. contextEngineID Discovery . . . . . . . . . . . . . . . . 52 8.3. contextEngineID Discovery . . . . . . . . . . . . . . . . 52
8.4. Transport Considerations . . . . . . . . . . . . . . . . . 52 8.4. Transport Considerations . . . . . . . . . . . . . . . . . 52
9. Security Considerations . . . . . . . . . . . . . . . . . . . 52 9. Security Considerations . . . . . . . . . . . . . . . . . . . 52
9.1. Certificates, Authentication, and Authorization . . . . . 53 9.1. Certificates, Authentication, and Authorization . . . . . 52
9.2. Use with SNMPv1/SNMPv2c Messages . . . . . . . . . . . . . 53 9.2. Use with SNMPv1/SNMPv2c Messages . . . . . . . . . . . . . 53
9.3. MIB Module Security . . . . . . . . . . . . . . . . . . . 54 9.3. MIB Module Security . . . . . . . . . . . . . . . . . . . 54
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 55 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 55
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 57 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 56
12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 57 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 57
12.1. Normative References . . . . . . . . . . . . . . . . . . . 57 12.1. Normative References . . . . . . . . . . . . . . . . . . . 57
12.2. Informative References . . . . . . . . . . . . . . . . . . 58 12.2. Informative References . . . . . . . . . . . . . . . . . . 58
Appendix A. (D)TLS Overview . . . . . . . . . . . . . . . . . . . 59 Appendix A. (D)TLS Overview . . . . . . . . . . . . . . . . . . . 59
A.1. The (D)TLS Record Protocol . . . . . . . . . . . . . . . . 60 A.1. The (D)TLS Record Protocol . . . . . . . . . . . . . . . . 59
A.2. The (D)TLS Handshake Protocol . . . . . . . . . . . . . . 60 A.2. The (D)TLS Handshake Protocol . . . . . . . . . . . . . . 60
Appendix B. PKIX Certificate Infrastructure . . . . . . . . . . . 61 Appendix B. PKIX Certificate Infrastructure . . . . . . . . . . . 61
Appendix C. Target and Notificaton Configuration Example . . . . 62 Appendix C. Target and Notificaton Configuration Example . . . . 62
C.1. Configuring the Notification Generator . . . . . . . . . . 63 C.1. Configuring the Notification Generator . . . . . . . . . . 63
C.2. Configuring the Command Responder . . . . . . . . . . . . 63 C.2. Configuring the Command Responder . . . . . . . . . . . . 63
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 64 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 64
1. Introduction 1. Introduction
It is important to understand the modular SNMPv3 architecture as It is important to understand the modular SNMPv3 architecture as
skipping to change at page 8, line 11 skipping to change at page 8, line 11
the statement applies to either or both protocols as appropriate. the statement applies to either or both protocols as appropriate.
When a distinction between the protocols is needed they are referred When a distinction between the protocols is needed they are referred
to independently through the use of "TLS" or "DTLS". The Transport to independently through the use of "TLS" or "DTLS". The Transport
Model, however, is named "TLS Transport Model" and refers not to the Model, however, is named "TLS Transport Model" and refers not to the
TLS or DTLS protocol but to the standard defined in this document, TLS or DTLS protocol but to the standard defined in this document,
which includes support for both TLS and DTLS. which includes support for both TLS and DTLS.
Throughout this document, the terms "client" and "server" are used to Throughout this document, the terms "client" and "server" are used to
refer to the two ends of the (D)TLS transport connection. The client refer to the two ends of the (D)TLS transport connection. The client
actively opens the (D)TLS connection, and the server passively actively opens the (D)TLS connection, and the server passively
listens for the incoming (D)TLS connection. Either SNMP entity may listens for the incoming (D)TLS connection. An SNMP entity may act
act as client or as server. as a (D)TLS client or server or both, depending on the SNMP
applications supported.
The User-Based Security Model (USM) [RFC3414] is a mandatory-to- The User-Based Security Model (USM) [RFC3414] is a mandatory-to-
implement Security Model in STD 62. While (D)TLS and USM frequently implement Security Model in STD 62. While (D)TLS and USM frequently
refer to a user, the terminology preferred in RFC3411 and in this refer to a user, the terminology preferred in RFC3411 and in this
memo is "principal". A principal is the "who" on whose behalf memo is "principal". A principal is the "who" on whose behalf
services are provided or processing takes place. A principal can be, services are provided or processing takes place. A principal can be,
among other things, an individual acting in a particular role; a set among other things, an individual acting in a particular role; a set
of individuals, with each acting in a particular role; an application of individuals, with each acting in a particular role; an application
or a set of applications, or a combination of these within an or a set of applications, or a combination of these within an
administrative domain. administrative domain.
skipping to change at page 11, line 12 skipping to change at page 11, line 12
message has not been modified during its transmission through the message has not been modified during its transmission through the
network, data has not been altered or destroyed in an network, data has not been altered or destroyed in an
unauthorized manner, and data sequences have not been altered to unauthorized manner, and data sequences have not been altered to
an extent greater than can occur non-maliciously. an extent greater than can occur non-maliciously.
2. Masquerade - The masquerade threat is the danger that management 2. Masquerade - The masquerade threat is the danger that management
operations unauthorized for a given principal may be attempted by operations unauthorized for a given principal may be attempted by
assuming the identity of another principal that has the assuming the identity of another principal that has the
appropriate authorizations. appropriate authorizations.
The TLSTM provides for verification of the identity of the (D)TLS The TLSTM verifies of the identity of the (D)TLS server through
server through the use of the (D)TLS protocol and the X.509 the use of the (D)TLS protocol and X.509 certificates. The TLS
certificates. The TLS Transport Model MUST support Transport Model MUST support authentication of both the server
authentication of both the server and the client. and the client.
3. Message stream modification - The re-ordering, delay or replay of 3. Message stream modification - The re-ordering, delay or replay of
messages can and does occur through the natural operation of many messages can and does occur through the natural operation of many
connectionless transport services. The message stream connectionless transport services. The message stream
modification threat is the danger that messages may be modification threat is the danger that messages may be
maliciously re-ordered, delayed or replayed to an extent which is maliciously re-ordered, delayed or replayed to an extent which is
greater than can occur through the natural operation of greater than can occur through the natural operation of
connectionless transport services, in order to effect connectionless transport services, in order to effect
unauthorized management operations. unauthorized management operations.
skipping to change at page 11, line 44 skipping to change at page 11, line 44
(D)TLS provides protection against the disclosure of information (D)TLS provides protection against the disclosure of information
to unauthorized recipients or eavesdroppers by allowing for to unauthorized recipients or eavesdroppers by allowing for
encryption of all traffic between SNMP engines. The TLS encryption of all traffic between SNMP engines. The TLS
Transport Model SHOULD support the message encryption to protect Transport Model SHOULD support the message encryption to protect
sensitive data from eavesdropping attacks. sensitive data from eavesdropping attacks.
5. Denial of Service - the RFC 3411 architecture [RFC3411] states 5. Denial of Service - the RFC 3411 architecture [RFC3411] states
that denial of service (DoS) attacks need not be addressed by an that denial of service (DoS) attacks need not be addressed by an
SNMP security protocol. However, datagram-based security SNMP security protocol. However, datagram-based security
protocols like DTLS are susceptible to a variety of denial of protocols like DTLS are susceptible to a variety of denial of
service attacks because it is more vulnerable to spoofed service attacks because they are more vulnerable to spoofed
messages. messages.
In order to counter these attacks, DTLS borrows the stateless In order to counter these attacks, DTLS borrows the stateless
cookie technique used by Photuris [RFC2522] and IKEv2 [RFC4306] cookie technique used by Photuris [RFC2522] and IKEv2 [RFC4306]
and is described fully in section 4.2.1 of [RFC4347]. This and is described fully in section 4.2.1 of [RFC4347]. This
mechanism, though, does not provide any defense against denial of mechanism, though, does not provide any defense against denial of
service attacks mounted from valid IP addresses. DTLS Transport service attacks mounted from valid IP addresses. DTLS Transport
Model server implementations MUST support DTLS cookies. Model server implementations MUST support DTLS cookies.
Implementations are not required to perform the stateless cookie Implementations are not required to perform the stateless cookie
skipping to change at page 12, line 26 skipping to change at page 12, line 26
The RFC 3411 architecture recognizes three levels of security: The RFC 3411 architecture recognizes three levels of security:
o without authentication and without privacy (noAuthNoPriv) o without authentication and without privacy (noAuthNoPriv)
o with authentication but without privacy (authNoPriv) o with authentication but without privacy (authNoPriv)
o with authentication and with privacy (authPriv) o with authentication and with privacy (authPriv)
The TLS Transport Model determines from (D)TLS the identity of the The TLS Transport Model determines from (D)TLS the identity of the
authenticated principal, and the type and address associated with an authenticated principal, the transport type and the transport address
incoming message. The TLS Transport Model provides the identity and associated with an incoming message. The TLS Transport Model
destination type and address to (D)TLS for outgoing messages. provides the identity and destination type and address to (D)TLS for
outgoing messages.
When an application requests a session for a message, through the When an application requests a session for a message, through the
cache, the application requests a security level for that session. cache, the application requests a security level for that session.
The TLS Transport Model MUST ensure that the (D)TLS session provides The TLS Transport Model MUST ensure that the (D)TLS session provides
security at least as high as the requested level of security. How security at least as high as the requested level of security. How
the security level is translated into the algorithms used to provide the security level is translated into the algorithms used to provide
data integrity and privacy is implementation-dependent. However, the data integrity and privacy is implementation-dependent. However, the
NULL integrity and encryption algorithms MUST NOT be used to fulfill NULL integrity and encryption algorithms MUST NOT be used to fulfill
security level requests for authentication or privacy. security level requests for authentication or privacy.
Implementations MAY choose to force (D)TLS to only allow Implementations MAY choose to force (D)TLS to only allow
skipping to change at page 13, line 26 skipping to change at page 13, line 27
anticipation of outgoing messages. This approach might be useful to anticipation of outgoing messages. This approach might be useful to
ensure that a (D)TLS session to a given target can be established ensure that a (D)TLS session to a given target can be established
before it becomes important to send a message over the (D)TLS before it becomes important to send a message over the (D)TLS
session. Of course, there is no guarantee that a pre-established session. Of course, there is no guarantee that a pre-established
session will still be valid when needed. session will still be valid when needed.
DTLS sessions, when used over UDP, are uniquely identified within the DTLS sessions, when used over UDP, are uniquely identified within the
TLS Transport Model by the combination of transportDomain, TLS Transport Model by the combination of transportDomain,
transportAddress, tmSecurityName, and requestedSecurityLevel transportAddress, tmSecurityName, and requestedSecurityLevel
associated with each session. Each unique combination of these associated with each session. Each unique combination of these
parameters MUST have a locally-chosen unique tlstmSessionID parameters MUST have a locally-chosen unique tlstmSessionID for each
associated for active sessions. For further information see active session. For further information see Section 5. TLS over TCP
Section 5. TLS and DTLS over SCTP sessions, on the other hand, do and DTLS over SCTP sessions, on the other hand, do not require a
not require a unique pairing of address and port attributes since unique pairing of address and port attributes since their lower layer
their lower layer protocols (TCP and SCTP) already provide adequate protocols (TCP and SCTP) already provide adequate session framing.
session framing. But they must still provide a unique tlstmSessionID But they must still provide a unique tlstmSessionID for referencing
for referencing the session. the session.
The tlstmSessionID MAY be the same as the (D)TLS internal SessionID As an implementation hint: although the tlstmSessionID may be the
but caution must be exercised since the (D)TLS internal SessionID may same as the (D)TLS internal SessionID caution must be exercised since
change over the life of the connection as seen by the TLSTM (for the (D)TLS internal SessionID may change over the life of the
example during renegotiation). The tlstmSessionID identifier MUST connection as seen by the TLSTM (for example during renegotiation).
NOT change during the entire duration of the connection from the The tlstmSessionID identifier MUST NOT change during the entire
TLSTM's perspective. duration of the session from the TLSTM's perspective even if the TLS
internal session identifier does change.
3.2. Security Parameter Passing 3.2. Security Parameter Passing
For the (D)TLS server-side, (D)TLS-specific security parameters For the (D)TLS server-side, (D)TLS-specific security parameters
(i.e., cipher_suites, X.509 certificate fields, IP address and port) (i.e., cipher_suites, X.509 certificate fields, IP address and port)
are translated by the TLS Transport Model into security parameters are translated by the TLS Transport Model into security parameters
for the TLS Transport Model and security model (e.g.., for the TLS Transport Model and security model (e.g.,
tmSecurityLevel, tmSecurityName, transportDomain, transportAddress). tmSecurityLevel, tmSecurityName, transportDomain, transportAddress).
The transport- related and (D)TLS-security-related information, The transport- related and (D)TLS-security-related information,
including the authenticated identity, are stored in a cache including the authenticated identity, are stored in a cache
referenced by tmStateReference. referenced by tmStateReference.
For the (D)TLS client-side, the TLS Transport Model takes input For the (D)TLS client-side, the TLS Transport Model takes input
provided by the Dispatcher in the sendMessage() Abstract Service provided by the Dispatcher in the sendMessage() Abstract Service
Interface (ASI) and input from the tmStateReference cache. The Interface (ASI) and input from the tmStateReference cache. The
(D)TLS Transport Model converts that information into suitable (D)TLS Transport Model converts that information into suitable
security parameters for (D)TLS and establishes sessions as needed. security parameters for (D)TLS and establishes sessions as needed.
skipping to change at page 15, line 50 skipping to change at page 15, line 50
tlstmCertToTSNTable. This table allows mapping of incoming tlstmCertToTSNTable. This table allows mapping of incoming
connections to tmSecurityNames through defined transformations. The connections to tmSecurityNames through defined transformations. The
transformations defined in the TLSTM-MIB include: transformations defined in the TLSTM-MIB include:
o Mapping a certificate's fingerprint type and value to a directly o Mapping a certificate's fingerprint type and value to a directly
specified tmSecurityName, or specified tmSecurityName, or
o Mapping a certificate's subjectAltName or CommonName components to o Mapping a certificate's subjectAltName or CommonName components to
a tmSecurityName. a tmSecurityName.
Implementations MAY choose to discard any connections for which no As an implementation hint: implementations may choose to discard any
potential tlstmCertToTSNTable mapping exists before performing connections for which no potential tlstmCertToTSNTable mapping exists
certificate verification to avoid expending computational resources before performing certificate verification to avoid expending
associated with certificate verification. computational resources associated with certificate verification.
Enterprise configurations are encouraged to map a "subjectAltName" Enterprise configurations are encouraged to map a "subjectAltName"
component of the X.509 certificate to the TLSTM specific component of the X.509 certificate to the TLSTM specific
tmSecurityName. The authenticated identity can be obtained by the tmSecurityName. The authenticated identity can be obtained by the
TLS Transport Model by extracting the subjectAltName(s) from the TLS Transport Model by extracting the subjectAltName(s) from the
peer's certificate. The receiving application will then have an peer's certificate. The receiving application will then have an
appropriate tmSecurityName for use by other SNMPv3 components like an appropriate tmSecurityName for use by other SNMPv3 components like an
access control model. access control model.
An example of this type of mapping setup can be found in Appendix C. An example of this type of mapping setup can be found in Appendix C.
skipping to change at page 19, line 10 skipping to change at page 19, line 10
a request-response pair, and potentially longer-term state relating a request-response pair, and potentially longer-term state relating
to transport and security. "Transport Subsystem for the Simple to transport and security. "Transport Subsystem for the Simple
Network Management Protocol" [RFC5590] defines general requirements Network Management Protocol" [RFC5590] defines general requirements
for caches and references. for caches and references.
4.4.1. TLS Transport Model Cached Information 4.4.1. TLS Transport Model Cached Information
The TLS Transport Model has specific responsibilities regarding the The TLS Transport Model has specific responsibilities regarding the
cached information. See the Elements of Procedure in Section 5 for cached information. See the Elements of Procedure in Section 5 for
detailed processing instructions on the use of the tmStateReference detailed processing instructions on the use of the tmStateReference
fields by the TLS Transport Model fields by the TLS Transport Model.
4.4.1.1. tmSecurityName 4.4.1.1. tmSecurityName
The tmSecurityName MUST be a human-readable name (in snmpAdminString The tmSecurityName MUST be a human-readable name (in snmpAdminString
format) representing the identity that has been set according to the format) representing the identity that has been set according to the
procedures in Section 5. The tmSecurityName MUST be constant for all procedures in Section 5. The tmSecurityName MUST be constant for all
traffic passing through an TLSTM session. Messages MUST NOT be sent traffic passing through an TLSTM session. Messages MUST NOT be sent
through an existing (D)TLS session that was established using a through an existing (D)TLS session that was established using a
different tmSecurityName. different tmSecurityName.
skipping to change at page 22, line 14 skipping to change at page 22, line 14
3) Retrieve the tlstmSessionID from the LCD. 3) Retrieve the tlstmSessionID from the LCD.
4) The UDP packet and the tlstmSessionID are passed to DTLS for 4) The UDP packet and the tlstmSessionID are passed to DTLS for
integrity checking and decryption. integrity checking and decryption.
If the message fails integrity checks or other (D)TLS security If the message fails integrity checks or other (D)TLS security
processing then increment the tlstmDTLSProtectionErrors counter, processing then increment the tlstmDTLSProtectionErrors counter,
discard and stop processing the message. discard and stop processing the message.
5) (D)TLS should return an incomingMessage and an 5) DTLS should return an incomingMessage and an
incomingMessageLength. These results and the tlstmSessionID are incomingMessageLength. These results and the tlstmSessionID are
used below in the Section 5.1.2 to complete the processing of the used below in the Section 5.1.2 to complete the processing of the
incoming message. incoming message.
5.1.2. Transport Processing for Incoming SNMP Messages 5.1.2. Transport Processing for Incoming SNMP Messages
The procedures in this section describe how the TLS Transport Model The procedures in this section describe how the TLS Transport Model
should process messages that have already been properly extracted should process messages that have already been properly extracted
from the (D)TLS stream. Note that care must be taken when processing from the (D)TLS stream. Note that care must be taken when processing
messages originating from either TLS or DTLS to ensure they're messages originating from either TLS or DTLS to ensure they're
skipping to change at page 24, line 29 skipping to change at page 24, line 29
new session using the openSession() ASI (described in greater new session using the openSession() ASI (described in greater
detail in step 4b). Instead of opening a new session an detail in step 4b). Instead of opening a new session an
implementation MAY return a snmpTlstmSessionNoSessions error to implementation MAY return a snmpTlstmSessionNoSessions error to
the calling module and stop processing of the message. the calling module and stop processing of the message.
5) If tmSessionID is undefined, then use tmTransportDomain, 5) If tmSessionID is undefined, then use tmTransportDomain,
tmTransportAddress, tmSecurityName and tmRequestedSecurityLevel tmTransportAddress, tmSecurityName and tmRequestedSecurityLevel
to see if there is a corresponding entry in the LCD suitable to to see if there is a corresponding entry in the LCD suitable to
send the message over. send the message over.
4a) If there is a corresponding LCD entry, then this session 5a) If there is a corresponding LCD entry, then this session
will be used to send the message. will be used to send the message.
4b) If there is not a corresponding LCD entry, then open a 5b) If there is not a corresponding LCD entry, then open a
session using the openSession() ASI (discussed further in session using the openSession() ASI (discussed further in
Section 5.3). Implementations MAY wish to offer message Section 5.3). Implementations MAY wish to offer message
buffering to prevent redundant openSession() calls for the buffering to prevent redundant openSession() calls for the
same cache entry. If an error is returned from same cache entry. If an error is returned from
openSession(), then discard the message, discard the openSession(), then discard the message, discard the
tmStateReferenc, increment the snmpTlstmSessionOpenErrors, tmStateReference, increment the snmpTlstmSessionOpenErrors,
return an error indication to the calling module and stop return an error indication to the calling module and stop
processing of the message. processing of the message.
6) Using either the session indicated by the tmSessionID if there 6) Using either the session indicated by the tmSessionID if there
was one or the session resulting from a previous step (3 or 4), was one or the session resulting from a previous step (3 or 4),
pass the outgoingMessage to (D)TLS for encapsulation and pass the outgoingMessage to (D)TLS for encapsulation and
transmission. transmission.
5.3. Establishing a Session 5.3. Establishing a Session
skipping to change at page 26, line 33 skipping to change at page 26, line 33
tmStateReference cache as tmSecurityName. The details of the tmStateReference cache as tmSecurityName. The details of the
lookup process are fully described in the DESCRIPTION clause lookup process are fully described in the DESCRIPTION clause
of the tlstmCertToTSNTable MIB object. If any verification of the tlstmCertToTSNTable MIB object. If any verification
fails in any way (for example because of failures in fails in any way (for example because of failures in
cryptographic verification or because of the lack of an cryptographic verification or because of the lack of an
appropriate row in the tlstmCertToTSNTable) then the session appropriate row in the tlstmCertToTSNTable) then the session
establishment MUST fail, the establishment MUST fail, the
snmpTlstmSessionInvalidClientCertificates object is snmpTlstmSessionInvalidClientCertificates object is
incremented and processing stops. incremented and processing stops.
b) The (D)TLS client side of the connection MUST verify that b) The (D)TLS client side of the connection MUST verify that the
authenticated identity of the (D)TLS server's presented (D)TLS server's presented certificate is the expected
certificate is the expected certificate. The (D)TLS client certificate. The (D)TLS client MUST NOT transmit SNMP
MUST NOT transmit SNMP messages until the server certificate messages until the server certificate has been authenticated
has been authenticated and the client certificate has been and the client certificate has been transmitted.
transmitted.
If the connection is being established from configuration If the connection is being established from configuration
based on SNMP-TARGET-MIB configuration then the procedures in based on SNMP-TARGET-MIB configuration then the procedures in
the tlstmAddrTable DESCRIPTION clause should be followed to the tlstmAddrTable DESCRIPTION clause should be followed to
determine if the presented identity matches the expectations determine if the presented identity matches the expectations
of the configuration. Path validation procedures (like those of the configuration. Path validation procedures (like those
defined in [RFC5280]) MUST be followed. If a server identity defined in [RFC5280]) MUST be followed. If a server identity
name has been configured in the tlstmAddrServerIdentity name has been configured in the tlstmAddrServerIdentity
column then this reference identity must be compared against column then this reference identity must be compared against
the presented identity (for example using procedures the presented identity (for example using procedures
skipping to change at page 27, line 17 skipping to change at page 27, line 16
(D)TLS provides assurance that the authenticated identity has (D)TLS provides assurance that the authenticated identity has
been signed by a trusted configured certificate authority. been signed by a trusted configured certificate authority.
If verification of the server's certificate fails in any way If verification of the server's certificate fails in any way
(for example because of failures in cryptographic (for example because of failures in cryptographic
verification or the presented identity did not match the verification or the presented identity did not match the
expected named entity) then the session establishment MUST expected named entity) then the session establishment MUST
fail, the snmpTlstmSessionInvalidServerCertificates object is fail, the snmpTlstmSessionInvalidServerCertificates object is
incremented and processing stops. incremented and processing stops.
4) The TLSTM-specific session identifier (tlstmSessionID) is set in 4) The TLSTM-specific session identifier (tlstmSessionID) is set in
the sessionID of the tmStateReference passed to the TLS Transport the tmSessionID of the tmStateReference passed to the TLS
Model to indicate that the session has been established Transport Model to indicate that the session has been established
successfully and to point to a specific (D)TLS session for future successfully and to point to a specific (D)TLS session for future
use. use.
Servers that wish to support multiple principals at a particular port Servers that wish to support multiple principals at a particular port
SHOULD make use of the Server Name Indication extension defined in SHOULD make use of a (D)TLS extension that allows server-side
Section 3.1 of [RFC4366]. Supporting this will allow, for example, principal selection like the Server Name Indication extension defined
sending notifications to a specific principal at a given TCP, UDP or in Section 3.1 of [RFC4366]. Supporting this will allow, for
SCTP port. example, sending notifications to a specific principal at a given
TCP, UDP or SCTP port.
5.4. Closing a Session 5.4. Closing a Session
The TLS Transport Model provides the following primitive to close a The TLS Transport Model provides the following primitive to close a
session: session:
statusInformation = statusInformation =
closeSession( closeSession(
IN tmSessionID -- session ID of the session to be closed IN tmSessionID -- session ID of the session to be closed
) )
skipping to change at page 30, line 6 skipping to change at page 30, line 6
FROM SNMPv2-TC FROM SNMPv2-TC
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
FROM SNMPv2-CONF FROM SNMPv2-CONF
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB FROM SNMP-FRAMEWORK-MIB
snmpTargetParamsName, snmpTargetAddrName snmpTargetParamsName, snmpTargetAddrName
FROM SNMP-TARGET-MIB FROM SNMP-TARGET-MIB
; ;
tlstmMIB MODULE-IDENTITY tlstmMIB MODULE-IDENTITY
LAST-UPDATED "200912300000Z" LAST-UPDATED "201001080000Z"
ORGANIZATION "ISMS Working Group" ORGANIZATION "ISMS Working Group"
CONTACT-INFO "WG-EMail: isms@lists.ietf.org CONTACT-INFO "WG-EMail: isms@lists.ietf.org
Subscribe: isms-request@lists.ietf.org Subscribe: isms-request@lists.ietf.org
Chairs: Chairs:
Juergen Schoenwaelder Juergen Schoenwaelder
Jacobs University Bremen Jacobs University Bremen
Campus Ring 1 Campus Ring 1
28725 Bremen 28725 Bremen
Germany Germany
skipping to change at page 30, line 38 skipping to change at page 30, line 38
Sparta, Inc. Sparta, Inc.
P.O. Box 382 P.O. Box 382
Davis, CA 95617 Davis, CA 95617
USA USA
ietf@hardakers.net ietf@hardakers.net
" "
DESCRIPTION " DESCRIPTION "
The TLS Transport Model MIB The TLS Transport Model MIB
Copyright (c) 2009 IETF Trust and the persons identified as Copyright (c) 2010 IETF Trust and the persons identified as
the document authors. All rights reserved. the document authors. All rights reserved.
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this MIB module is part of RFC XXXX; This version of this MIB module is part of RFC XXXX;
see the RFC itself for full legal notices." see the RFC itself for full legal notices."
-- NOTE to RFC editor: replace XXXX with actual RFC number -- NOTE to RFC editor: replace XXXX with actual RFC number
-- for this document and remove this note -- for this document and remove this note
REVISION "200912300000Z" REVISION "201001080000Z"
DESCRIPTION "The initial version, published in RFC XXXX." DESCRIPTION "The initial version, published in RFC XXXX."
-- NOTE to RFC editor: replace XXXX with actual RFC number -- NOTE to RFC editor: replace XXXX with actual RFC number
-- for this document and remove this note -- for this document and remove this note
::= { snmpModules xxxx } ::= { snmpModules xxxx }
-- RFC Ed.: replace xxxx with IANA-assigned number and -- RFC Ed.: replace xxxx with IANA-assigned number and
-- remove this note -- remove this note
-- ************************************************ -- ************************************************
-- subtrees of the TLSTM-MIB -- subtrees of the TLSTM-MIB
skipping to change at page 44, line 40 skipping to change at page 44, line 40
In particular, a newly created row cannot be made active until In particular, a newly created row cannot be made active until
the corresponding tlstmParamsClientFingerprint column has the corresponding tlstmParamsClientFingerprint column has
been set. been set.
The tlstmParamsClientFingerprint object may not be modified The tlstmParamsClientFingerprint object may not be modified
while the value of this object is active(1). while the value of this object is active(1).
An attempt to set these objects while the value of An attempt to set these objects while the value of
tlstmParamsRowStatus is active(1) will result in tlstmParamsRowStatus is active(1) will result in
an inconsistentValue error. an inconsistentValue error."
If this row is deleted it has no effect on the corresponding
row in the targetParamsTable.
If the corresponding row in the targetParamsTable is deleted
then this row must be automatically removed."
::= { tlstmParamsEntry 3 } ::= { tlstmParamsEntry 3 }
-- Lists expected certificate fingerprints to be presented by a DTLS -- Lists expected certificate fingerprints to be presented by a DTLS
-- server -- server
tlstmAddrCount OBJECT-TYPE tlstmAddrCount OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A count of the number of entries in the tlstmAddrTable" "A count of the number of entries in the tlstmAddrTable"
::= { tlstmCertificateMapping 7 } ::= { tlstmCertificateMapping 7 }
tlstmAddrTableLastChanged OBJECT-TYPE tlstmAddrTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp SYNTAX TimeStamp
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The value of sysUpTime.0 when the tlstmAddrTable "The value of sysUpTime.0 when the tlstmAddrTable
was last modified through any means, or 0 if it has not been was last modified through any means, or 0 if it has not been
modified since the command responder was started." modified since the command responder was started."
skipping to change at page 48, line 7 skipping to change at page 47, line 48
In particular, a newly created row cannot be made active until In particular, a newly created row cannot be made active until
the corresponding tlstmAddrServerFingerprint column has been the corresponding tlstmAddrServerFingerprint column has been
set. set.
The tlstmAddrServerFingerprint object may not be modified The tlstmAddrServerFingerprint object may not be modified
while the value of this object is active(1). while the value of this object is active(1).
An attempt to set these objects while the value of An attempt to set these objects while the value of
tlstmAddrRowStatus is active(1) will result in tlstmAddrRowStatus is active(1) will result in
an inconsistentValue error. an inconsistentValue error."
If this row is deleted it has no effect on the corresponding
row in the targetAddrTable.
If the corresponding row in the targetAddrTable is deleted
then this row must be automatically removed."
::= { tlstmAddrEntry 4 } ::= { tlstmAddrEntry 4 }
-- ************************************************ -- ************************************************
-- tlstmNotifications - Notifications Information -- tlstmNotifications - Notifications Information
-- ************************************************ -- ************************************************
tlstmServerCertificateUnknown NOTIFICATION-TYPE tlstmServerCertificateUnknown NOTIFICATION-TYPE
OBJECTS { snmpTlstmSessionUnknownServerCertificate } OBJECTS { snmpTlstmSessionUnknownServerCertificate }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
 End of changes. 31 change blocks. 
71 lines changed or deleted 64 lines changed or added

This html diff was produced by rfcdiff 1.37b. The latest version is available from http://tools.ietf.org/tools/rfcdiff/