| draft-ietf-sidr-rpki-rtr-protocol-mib-00.txt | draft-ietf-sidr-rpki-rtr-protocol-mib-01.txt | |||
|---|---|---|---|---|
| Network Working Group R. Bush | Network Working Group R. Bush | |||
| Internet-Draft Internet Initiative Japan | Internet-Draft Internet Initiative Japan | |||
| Intended status: Standards Track B. Wijnen | Intended status: Standards Track B. Wijnen | |||
| Expires: September 27, 2012 RIPE NCC | Expires: March 03, 2013 RIPE NCC | |||
| K. Patel | K. Patel | |||
| Cisco Systems | Cisco Systems | |||
| M. Baer | M. Baer | |||
| SPARTA | SPARTA | |||
| March 26, 2012 | September 2012 | |||
| Definitions of Managed Objects for the RPKI-Router Protocol | Definitions of Managed Objects for the RPKI-Router Protocol | |||
| draft-ietf-sidr-rpki-rtr-protocol-mib-00 | draft-ietf-sidr-rpki-rtr-protocol-mib-01 | |||
| Abstract | Abstract | |||
| This document defines a portion of the Management Information Base | This document defines a portion of the Management Information Base | |||
| (MIB) for use with network management protocols in the Internet | (MIB) for use with network management protocols in the Internet | |||
| community. In particular, it describes objects used for monitoring | community. In particular, it describes objects used for monitoring | |||
| the RPKI Router protocol. | the RPKI Router protocol. | |||
| Status of this Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on September 27, 2012. | This Internet-Draft will expire on March 03, 2013. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2012 IETF Trust and the persons identified as the | Copyright (c) 2012 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents (http://trustee.ietf.org/ | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | license-info) in effect on the date of publication of this document. | |||
| publication of this document. Please review these documents | Please review these documents carefully, as they describe your rights | |||
| carefully, as they describe your rights and restrictions with respect | and restrictions with respect to this document. Code Components | |||
| to this document. Code Components extracted from this document must | extracted from this document must include Simplified BSD License text | |||
| include Simplified BSD License text as described in Section 4.e of | as described in Section 4.e of the Trust Legal Provisions and are | |||
| the Trust Legal Provisions and are provided without warranty as | provided without warranty as described in the Simplified BSD License. | |||
| described in the Simplified BSD License. | ||||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 | 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Internet-Standard Management Framework . . . . . . . . . . . . 3 | 2. Internet-Standard Management Framework . . . . . . . . . . . . 2 | |||
| 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 21 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 18 | |||
| 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 21 | 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 7.1. Normative References . . . . . . . . . . . . . . . . . . . 21 | 7.1. Normative References . . . . . . . . . . . . . . . . . . . 19 | |||
| 7.2. Informative References . . . . . . . . . . . . . . . . . . 22 | 7.2. Informative References . . . . . . . . . . . . . . . . . . 20 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 22 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 20 | |||
| 1. Introduction | 1. Introduction | |||
| This document defines a portion of the Management Information Base | This document defines a portion of the Management Information Base | |||
| (MIB) for use with network management protocols in the Internet | (MIB) for use with network management protocols in the Internet | |||
| community. In particular, it defines objects used for monitoring the | community. In particular, it defines objects used for monitoring the | |||
| RPKI Router protocol [I-D.ietf-sidr-rpki-rtr]. | RPKI Router protocol [I-D.ietf-sidr-rpki-rtr]. | |||
| 1.1. Requirements Language | 1.1. Requirements Language | |||
| skipping to change at page 20, line 47 | skipping to change at page 18, line 51 | |||
| ::= { rpkiRtrGroups 4 } | ::= { rpkiRtrGroups 4 } | |||
| END | END | |||
| 5. IANA Considerations | 5. IANA Considerations | |||
| The MIB module in this document will required an IANA assigned OBJECT | The MIB module in this document will required an IANA assigned OBJECT | |||
| IDENTIFIER within the SMI Numbers registry. For example, replacing | IDENTIFIER within the SMI Numbers registry. For example, replacing | |||
| XXX below: | XXX below: | |||
| Descriptor OBJECT IDENTIFIER value | Descriptor OBJECT IDENTIFIER value | |||
| ---------- ----------------------- | ---------- ----------------------- | |||
| rpkiRouter { mib-2 XXX } | rpkiRouter { mib-2 XXX } | |||
| 6. Security Considerations | 6. Security Considerations | |||
| There are no management objects defined in this MIB module that have | There are no management objects defined in this MIB module that have | |||
| a MAX-ACCESS clause of read-write and/or read-create. So, if this | a MAX-ACCESS clause of read-write and/or read-create. So, if this | |||
| MIB module is implemented correctly, then there is no risk that an | MIB module is implemented correctly, then there is no risk that an | |||
| intruder can alter or create any management objects of this MIB | intruder can alter or create any management objects of this MIB | |||
| module via direct SNMP SET operations. | module via direct SNMP SET operations. | |||
| Most of the readable objects in this MIB module (i.e., objects with a | Most of the readable objects in this MIB module (i.e., objects with a | |||
| MAX-ACCESS other than not-accessible) may be considered sensitive or | MAX-ACCESS other than not-accessible) may be considered sensitive or | |||
| vulnerable in some network environments. They are vulnerable in the | vulnerable in some network environments. They are vulnerable in the | |||
| sense that when an intruder sees the information in this MIB module, | sense that when an intruder sees the information in this MIB module, | |||
| skipping to change at page 21, line 35 | skipping to change at page 19, line 31 | |||
| even then, there is no control as to who on the secure network is | even then, there is no control as to who on the secure network is | |||
| allowed to access and GET/SET (read/change/create/delete) the objects | allowed to access and GET/SET (read/change/create/delete) the objects | |||
| in this MIB module. | in this MIB module. | |||
| It is RECOMMENDED that implementers consider the security features as | It is RECOMMENDED that implementers consider the security features as | |||
| provided by the SNMPv3 framework (see [RFC3410], section 8), | provided by the SNMPv3 framework (see [RFC3410], section 8), | |||
| including full support for the SNMPv3 cryptographic mechanisms (for | including full support for the SNMPv3 cryptographic mechanisms (for | |||
| authentication and privacy). | authentication and privacy). | |||
| Further, deployment of SNMP versions prior to SNMPv3 is NOT | Further, deployment of SNMP versions prior to SNMPv3 is NOT | |||
| RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to | RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to | |||
| enable cryptographic security. It is then a customer/operator | enable cryptographic security. It is then a customer/operator | |||
| responsibility to ensure that the SNMP entity giving access to an | responsibility to ensure that the SNMP entity giving access to an | |||
| instance of this MIB module is properly configured to give access to | instance of this MIB module is properly configured to give access to | |||
| the objects only to those principals (users) that have legitimate | the objects only to those principals (users) that have legitimate | |||
| rights to indeed GET or SET (change/create/delete) them. | rights to indeed GET or SET (change/create/delete) them. | |||
| 7. References | 7. References | |||
| 7.1. Normative References | 7.1. Normative References | |||
| [I-D.ietf-sidr-rpki-rtr] | [I-D.ietf-sidr-rpki-rtr] | |||
| Bush, R. and R. Austein, "The RPKI/Router Protocol", | Bush, R. and R. Austein, "The RPKI/Router Protocol", | |||
| draft-ietf-sidr-rpki-rtr-26 (work in progress), | Internet-Draft draft-ietf-sidr-rpki-rtr-26, February 2012. | |||
| February 2012. | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC2287] Krupczak, C. and J. Saperia, "Definitions of System-Level | [RFC2287] Krupczak, C. and J. Saperia, "Definitions of System-Level | |||
| Managed Objects for Applications", RFC 2287, | Managed Objects for Applications", RFC 2287, February | |||
| February 1998. | 1998. | |||
| [RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder, | [RFC2578] McCloghrie, K., Perkins, D. and J. Schoenwaelder, | |||
| "Structure of Management Information Version 2 (SMIv2)", | "Structure of Management Information Version 2 (SMIv2)", | |||
| STD 58, RFC 2578, April 1999. | STD 58, RFC 2578, April 1999. | |||
| [RFC2579] McCloghrie, K., Perkins, D., and J. Schoenwaelder, | [RFC2579] McCloghrie, K., Perkins, D. and J. Schoenwaelder, "Textual | |||
| "Textual Conventions for SMIv2", STD 58, RFC 2579, | Conventions for SMIv2", STD 58, RFC 2579, April 1999. | |||
| April 1999. | ||||
| [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, | [RFC2580] McCloghrie, K., Perkins, D. and J. Schoenwaelder, | |||
| "Conformance Statements for SMIv2", STD 58, RFC 2580, | "Conformance Statements for SMIv2", STD 58, RFC 2580, | |||
| April 1999. | April 1999. | |||
| [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, | [RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart, | |||
| "Introduction and Applicability Statements for Internet- | "Introduction and Applicability Statements for Internet- | |||
| Standard Management Framework", RFC 3410, December 2002. | Standard Management Framework", RFC 3410, December 2002. | |||
| [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. | [RFC4001] Daniele, M., Haberman, B., Routhier, S. and J. | |||
| Schoenwaelder, "Textual Conventions for Internet Network | Schoenwaelder, "Textual Conventions for Internet Network | |||
| Addresses", RFC 4001, February 2005. | Addresses", RFC 4001, February 2005. | |||
| 7.2. Informative References | 7.2. Informative References | |||
| [RFC1982] Elz, R. and R. Bush, "Serial Number Arithmetic", RFC 1982, | [RFC1982] Elz, R. and R. Bush, "Serial Number Arithmetic", RFC 1982, | |||
| August 1996. | August 1996. | |||
| [RFC2385] Heffernan, A., "Protection of BGP Sessions via the TCP MD5 | [RFC2385] Heffernan, A., "Protection of BGP Sessions via the TCP MD5 | |||
| Signature Option", RFC 2385, August 1998. | Signature Option", RFC 2385, August 1998. | |||
| [RFC4252] Ylonen, T. and C. Lonvick, "The Secure Shell (SSH) | [RFC4252] Ylonen, T. and C. Lonvick, "The Secure Shell (SSH) | |||
| Authentication Protocol", RFC 4252, January 2006. | Authentication Protocol", RFC 4252, January 2006. | |||
| [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security | [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security | |||
| (TLS) Protocol Version 1.2", RFC 5246, August 2008. | (TLS) Protocol Version 1.2", RFC 5246, August 2008. | |||
| [RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP | [RFC5925] Touch, J., Mankin, A. and R. Bonica, "The TCP | |||
| Authentication Option", RFC 5925, June 2010. | Authentication Option", RFC 5925, June 2010. | |||
| Authors' Addresses | Authors' Addresses | |||
| Randy Bush | Randy Bush | |||
| Internet Initiative Japan | Internet Initiative Japan | |||
| 5147 Crystal Springs | 5147 Crystal Springs | |||
| Bainbridge Island, Washington 98110 | Bainbridge Island, Washington 98110 | |||
| US | US | |||
| Phone: +1 206 780 0431 x1 | ||||
| Email: randy@psg.com | Email: randy@psg.com | |||
| Bert Wijnen | Bert Wijnen | |||
| RIPE NCC | RIPE NCC | |||
| Schagen 33 | Schagen 33 | |||
| 3461 GL Linschoten | 3461 GL Linschoten | |||
| Netherlands | Netherlands | |||
| Email: bertietf@bwijnen.net | Email: bertietf@bwijnen.net | |||
| Keyur Patel | Keyur Patel | |||
| Cisco Systems | Cisco Systems | |||
| 170 W. Tasman Drive | 170 W. Tasman Drive | |||
| San Jose, CA 95134 | San Jose, CA 95134 | |||
| USA | USA | |||
| Email: keyupate@cisco.com | Email: keyupate@cisco.com | |||
| Michael Baer | Michael Baer | |||
| SPARTA | SPARTA | |||
| P.O. Box 72682 | P.O. Box 72682 | |||
| Davis, CA 95617 | Davis, CA 95617 | |||
| USA | USA | |||
| Email: michael.baer@sparta.com | Email: michael.baer@sparta.com | |||
| End of changes. 23 change blocks. | ||||
| 46 lines changed or deleted | 40 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||