Management Information Base for Cryptographically Generated Addresses (CGA)
Universidad Carlos III de Madrid
Av. Universidad 30LeganesMadrid28911SPAIN34 91 6249500alberto@it.uc3m.eshttp://www.it.uc3m.esThis memo defines a portion of the Management Information Base (MIB) for managing Cryptographically Generated Addresses (CGA). For a detailed overview of the documents that describe the current
Internet-Standard Management Framework, please refer to section 7 of
RFC 3410 .
Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. MIB objects are generally
accessed through the Simple Network Management Protocol (SNMP).
Objects in the MIB are defined using the mechanisms defined in the
Structure of Management Information (SMI). This memo specifies a MIB
module that is compliant to the SMIv2, which is described in STD 58,
RFC 2578 , STD 58, RFC 2579 and STD 58, RFC 2580
.
This document defines the portion of the Management Information Base (MIB) to be used for managing
Cryptographically Generated Addresses (CGA) . CGA addresses are IPv6 addresses for which the interface
identifier is generated by computing a one-way hash function from a public signature key and some auxiliary parameters. The cgaLocalTable includes the information related to the CGA addresses configured as local addresses in the system (i.e. local to the
system). These CGA can be used by any protocol requiring CGA configured as local addresses, such as SEND or SHIM6. This table contains
CGA-specific information such as the elements of the CGA Parameters data
structure. More information related to the address can be obtained from the corresponding entries at the ipAddressTable .
CGA addresses are represented as an InetAddressIPv6 type defined in . Managers can create new entries in the table to configure
the node with new CGA addresses. A discrete spin lock object is used to coordinate the creation of rows by different
managers. The table also includes a columnar object that indicates the protocols that are currently using the local CGA. The cgaRemoteTable contains information related to CGA addresses of remote systems. Different protocols (e.g. SEND or SHIM6) or means can be
used to convey this information to the managed node, and many of these protocols can be using a given CGA at the same time. The table contains the
address represented as an InetAddressIPv6 type, and the elements of the CGA Parameters Data structure. The table also includes a columnar object that indicates the protocols that are currently using the local CGA.CGA-MIB DEFINITIONS ::= BEGINIMPORTScgaMIB MODULE-IDENTITYLAST-UPDATED "200812170000Z"ORGANIZATION "IETF CSI (Cga & Send Maintenance) Working Group"CONTACT-INFO"Editor:Alberto Garcia-MartinezU. Carlos III de MadridAvenida Universidad, 30Leganes, Madrid 28911SpainEmail: alberto.garcia@uc3m.esCSI Working Group: cga-ext@ietf.org"DESCRIPTION" The MIB module for managing the CGA Parameters data structure of CGAs local to the managed node. Copyright (C) The IETF Trust (2008). This version of this MIB module is part of RFC yyyy; see the RFC itself for full legal notices."REVISION "200812170000Z"DESCRIPTION"Initial version, published as RFC yyyy."::= { mib-2 XXX }CgaModifier ::= TEXTUAL-CONVENTIONSTATUS currentDESCRIPTION"128-bit unsigned integer, which can be any value. Used during CGA generation to implement the hash extension and add randomness to the address."REFERENCE "RFC 3972"SYNTAX OCTET STRING (SIZE (16))CgaCollisionCount ::= TEXTUAL-CONVENTIONSTATUS currentDESCRIPTION"Counter that is incremented during CGA generation to recover from an address collision. Up to two collisions are allowed."REFERENCE "RFC 3972"SYNTAX INTEGER {zerocollisions(0),onecollision(1),twocollisions(2)}CgaKeyInfo::= TEXTUAL-CONVENTIONSTATUS currentDESCRIPTION"Variable-length field containing the key (either public or private) of the
address (CGA) owner. The key MUST be formatted as a DER-encoded
ASN.1 structure of the type SubjectPublicKeyInfo,
defined in the Internet X.509 certificate profile . When RSA is used, the
algorithm identifier MUST be rsaEncryption, which is
1.2.840.113549.1.1.1, and the RSA public key MUST be formatted by
using the RSAPublicKey type as specified in Section 2.3.1 of RFC
3279 . The length of this field is determined by the ASN.1 encoding."REFERENCE "RFC 3279, RFC 3280, ITU-T Recommendation X.690"SYNTAX OCTET STRING (SIZE (0..1024))CgaProtocolsUsingCga::= TEXTUAL-CONVENTIONSTATUS currentDESCRIPTION"BITS construct to indicate the protocols that are using a CGA. A protocol is using the CGA if the protocol specific part
of the system is using this CGA (for example, because its parameters are cached for future use in the protocol)The management system may not support the update of this object, in which case the unknown bit must be set to 1. If the unknown bit is set to 1
no other bit must be set to 1.Several protocols can be using at the same time a CGA, so many bits could be set at the same time (except when the unknown bit is set).
It can also occur that no protocol is currently using the CGA, for example, just after the configuration of the CGA in the system. In this case
no bits are set. This should be the default value for this object if the management system supports the update of this object."SYNTAX BITS {unknown(0),send(1),shim6(2) }cga OBJECT IDENTIFIER ::= { cgaMIB 1 }cgaLocalSpinLock OBJECT-TYPESYNTAX TestAndIncrMAX-ACCESS read-writeSTATUS currentDESCRIPTION"An advisory lock used to allow cooperating SNMP managers to
coordinate their use of the set operation in creating or
removing rows within the cgaLocalTable. Note that the rows in the cgaLocalTable must not be modified (except for the RowStatus columnar object).In order to use this lock to coordinate the use of set
operations, managers should first retrieve
cgaLocalSpinLock. They should then determine the
appropriate row to create or remove (setting the appropriate value to the cgaLocalRowStatus object). Finally, they should
issue the appropriate set command, including the retrieved
value of cgaLocalSpinLock. If another manager has created or destroyed the row in the meantime, then the value of
cgaLocalSpinLock will have changed, and the creation will
fail as it will be specifying an incorrect value for
cgaLocalSpinLock. It is suggested, but not required, that
the cgaLocalSpinLock be the first var bind for each set of
objects representing a 'row' in a PDU."::= { cga 1 }cgaLocalTable OBJECT-TYPESYNTAX SEQUENCE OF CgaLocalEntryMAX-ACCESS not-accessibleSTATUS currentDESCRIPTION"This table contains information relevant to CGA addresses configured as local addresses in the node.The table is intended to allow managers to add or remove entries as a whole. The modification of the parameters that are used to calculate the CGA would generate inconsistencies, so it is not allowed.
Entries in this table have a corresponding entry in the ipAddressTable , which provides information such as the interface in which it is configured, its status, the time at which it was created, or changed, etc."::= { cga 2 }cgaLocalEntry OBJECT-TYPESYNTAX CgaLocalEntryMAX-ACCESS not-accessibleSTATUS currentDESCRIPTION"An entry in this table must exist for each CGA address configured as a local address.
Each entry in the cgaLocalTable with cgaLocalAdminStatus equal to validAndEnabled(1)
must have a corresponding entry in the IP-MIB:ipAddressTable , and the value for the INDEX of an entry of the cgaLocalTable is the same as the
value of the INDEX for the corresponding entry of the IP-MIB:ipAddressTable.The value of the ipAddressAddr
must be the result of the computation of the Hash1 operation defined in . The value of the ipAddressAddrType
must be ipv6(2) or ipv6z.
The IP-MIB:ipAddressLastChanged object must be changed to reflect any update in the corresponding
cgaLocalTable row. The values of the cgaLocalStorageType and of the corresponding IP-MIB:ipAddressStorageType should be the same.The administrator can create a new row by setting appropriate values to the parameters that are used to build the CGA:
cgaLocalModifier, cgaLocalCollisionCount, cgaLocalPublicKey, cgaLocalPrivateKey and cgaLocalExtensionFields. Additionally the corresponding entry in the
IP-MIB:ipAddressTable must have the IP-MIB:ipAddressRowStatus set to active(1) before or at the same time as the cgaLocalOperStatus
object of the entry is set to validAndEnabled(1).
Note that if the address should only be used as a CGA, the operations of setting the IP-MIB:ipAddressRowStatus columnar object to active(1) and the
cgaLocalOperStatus to validAndEnabled(1) should be performed atomically.
The removal of an entry in the cgaLocalTable does not automatically require the removal of the corresponding entry in the IP-MIB:ipAddressAddrType,
because the address may remain operational even if it is not usable as a CGA.
Once the value of the cgaLocalOperStatus of an entry has been set once to validAndEnabled(1), the cgaLocalModifier, cgaLocalCollisionCount,
cgaLocalPublicKey, cgaLocalPrivateKey and cgaLocalExtensionFields columnar objects of the entry must remain unmodified.The removal of an entry of the IP-MIB:ipAddressTable must result in the removal of the corresponding entry in the cgaLocalTable.The agent may generate new entries if they are configured by other means than network management."INDEX { ipAddressAddrType, ipAddressAddr }::= { cgaLocalTable 1 }CgaLocalEntry ::= SEQUENCE {cgaLocalModifier CgaModifier,cgaLocalCollisionCount CgaCollisionCount,cgaLocalPublicKey CgaKeyInfo,cgaLocalPrivateKey CgaKeyInfo,cgaLocalExtensionFields OCTET STRING,cgaLocalProtocolsUsingCga CgaProtocolsUsingCga,cgaLocalAdminStatus INTEGER,cgaLocalOperStatus INTEGER,cgaLocalRowStatus RowStatus,cgaLocalStorageType StorageType}cgaLocalModifier OBJECT-TYPESYNTAX CgaModifierMAX-ACCESS read-createSTATUS currentDESCRIPTION"128-bit unsigned integer, which can be any value. Used during CGA generation to implement the hash extension and add randomness to the address.This object should not be modified once the cgaLocalRowStatus object has been set to validAndEnabled(1) for the first time."::= { cgaLocalEntry 1 }cgaLocalCollisionCount OBJECT-TYPESYNTAX CgaCollisionCountMAX-ACCESS read-createSTATUS currentDESCRIPTION"Counter that is incremented during CGA generation to recover from an address collision.This object should not be modified once the cgaLocalRowStatus object has been set to validAndEnabled(1) for the first time."::= { cgaLocalEntry 2 }cgaLocalPublicKey OBJECT-TYPESYNTAX CgaKeyInfoMAX-ACCESS read-createSTATUS currentDESCRIPTION"Variable-length field containing the public key of the address owner.This object should not be modified once the cgaLocalRowStatus object has been set to validAndEnabled(1) for the first time."REFERENCE "RFC 3279, RFC 3280, ITU-T Recommendation X.690"::= { cgaLocalEntry 3 }cgaLocalPrivateKey OBJECT-TYPESYNTAX CgaKeyInfoMAX-ACCESS read-createSTATUS currentDESCRIPTION"Variable-length field containing the private key of the address owner.This object should not be modified once the cgaLocalRowStatus object has been set to validAndEnabled(1) for the first time."REFERENCE "RFC 3279, RFC 3280, ITU-T Recommendation X.690"::= { cgaLocalEntry 4 }cgaLocalExtensionFields OBJECT-TYPESYNTAX OCTET STRING (SIZE (0..1024))MAX-ACCESS read-createSTATUS currentDESCRIPTION"Optional variable-length field. Defined as an opaque type.This object should not be modified once the cgaLocalRowStatus object has been set to validAndEnabled(1) for the first time."::= { cgaLocalEntry 5 }cgaLocalProtocolsUsingCga OBJECT-TYPESYNTAX CgaProtocolsUsingCgaMAX-ACCESS read-onlySTATUS currentDESCRIPTION"Protocols currently using this CGA."::= { cgaLocalEntry 6 }cgaLocalAdminStatus OBJECT-TYPESYNTAX INTEGER {enabled(1),disabled(2) }MAX-ACCESS read-createSTATUS currentDESCRIPTION"The desired state of the CGA. When set to enabled(1), the administrator requires the CGA to be available as a valid local address of the system. Conversely, when set to
disabled, the administrator requires the CGA not to be available as an address for the system."DEFVAL { disabled }::= { cgaLocalEntry 7 }cgaLocalOperStatus OBJECT-TYPESYNTAX INTEGER {validAndEnabled(1),disabled(2) }MAX-ACCESS read-onlySTATUS currentDESCRIPTION"The current operational state of the CGA. The state validAndEnabled(1) indicates that this entry is both valid and operational as a local address
in the system.A CGA is valid if it fulfills the conditions stated in in RFC 3972, i.e.
the computation of the Hash1 function to a bit string that includes information from the objects cgaLocalModifier, cgaLocalCollisionCount,
cgaLocalPublicKey, cgaLocalExtensionFields, along with the prefix of the ipAddressAddr object, results in the interface identifier of the
ipAddressAddr; and
the computation of another hash function, Hash2, defined to operate with the same input data as for Hash2, results in 16*sec bits equal to zero
(being sec the three leftmost bits of the interface identifier of the address)."::= { cgaLocalEntry 8 }cgaLocalRowStatus OBJECT-TYPESYNTAX RowStatusMAX-ACCESS read-createSTATUS currentDESCRIPTION"The status of this conceptual row.A conceptual row can not be made active until all the columnar objects, except may be the cgaLocalAdminStatus y cgaLocalOperStatus, have been assigned a value."::= { cgaLocalEntry 9 }cgaLocalStorageType OBJECT-TYPESYNTAX StorageTypeMAX-ACCESS read-createSTATUS currentDESCRIPTION"The storage type for this conceptual row. If this object
has a value of 'permanent', then no other objects are
required to be able to be modified.The values of the cgaLocalStorageType and of the corresponding IP-MIB:ipAddressStorageType should be the same."DEFVAL { volatile }::= { cgaLocalEntry 10 }cgaRemoteTable OBJECT-TYPESYNTAX SEQUENCE OF CgaRemoteEntryMAX-ACCESS not-accessibleSTATUS currentDESCRIPTION"List of valid CGA addresses of remote nodes. A CGA is valid if it fulfills the conditions stated in in RFC 3972, i.e.
the computation of the Hash1 function to a bit string that includes information from the objects cgaRemoteModifier, cgaRemoteCollisionCount,
cgaRemotePublicKey, cgaRemoteExtensionFields, along with the prefix of the cgaRemoteAddr object, results in the interface identifier of the
cgaRemoteAddr; and
the computation of another hash function, Hash2, defined to operate with the same input data as for Hash2, results in 16*sec bits equal to zero
(being sec the three leftmost bits of the interface identifier of the address).In general, the agent populates the entries in this table with the information obtained using a CGA-aware protocol (i.e. SEND or SHIM6),
and these protocols can be responsible for deleting the entry according to the rules defined for their operation.
The information that could be associated with the CGA specific to a protocol (for example, the link layer address associated to the CGA) must be
managed in a MIB specific for the considered protocol. Note that many protocols could be using the same remote CGA. All the objects in this table are defined as read-only."::= { cga 3 }cgaRemoteEntry OBJECT-TYPESYNTAX CgaRemoteEntryMAX-ACCESS not-accessibleSTATUS currentDESCRIPTION"Information related with a remote CGA."INDEX { cgaRemoteAddr }::= { cgaRemoteTable 1 }CgaRemoteEntry ::= SEQUENCE {cgaRemoteAddr InetAddressIPv6,cgaRemoteModifier CgaModifier,cgaRemoteCollisionCount CgaCollisionCount,cgaRemotePublicKey CgaKeyInfo,cgaRemoteExtensionFields OCTET STRING,cgaRemoteProtocolsUsingCga CgaProtocolsUsingCga,cgaRemoteOrigin INTEGER,cgaRemoteCreated TimeStamp}cgaRemoteAddr OBJECT-TYPESYNTAX InetAddressIPv6MAX-ACCESS not-accessibleSTATUS currentDESCRIPTION"The CGA IPv6 address to which this entry's addressing information is associated."::= { cgaRemoteEntry 1 }cgaRemoteModifier OBJECT-TYPESYNTAX CgaModifierMAX-ACCESS read-onlySTATUS currentDESCRIPTION"128-bit unsigned integer, which can be any value. Used during CGA generation to implement the hash extension and add randomness to the address."::= { cgaRemoteEntry 2 }cgaRemoteCollisionCount OBJECT-TYPESYNTAX CgaCollisionCountMAX-ACCESS read-onlySTATUS currentDESCRIPTION"Counter that is incremented during CGA generation to recover from an address collision."::= { cgaRemoteEntry 3 }cgaRemotePublicKey OBJECT-TYPESYNTAX CgaKeyInfoMAX-ACCESS read-onlySTATUS currentDESCRIPTION"Variable-length field containing the public key of the remote node owner of the address."::= { cgaRemoteEntry 4 }cgaRemoteExtensionFields OBJECT-TYPESYNTAX OCTET STRING (SIZE (0..1024))MAX-ACCESS read-onlySTATUS currentDESCRIPTION"Optional variable-length field. Defined as an opaque type."::= { cgaRemoteEntry 5 }cgaRemoteProtocolsUsingCga OBJECT-TYPESYNTAX CgaProtocolsUsingCgaMAX-ACCESS read-onlySTATUS currentDESCRIPTION"Protocols currently using this CGA."::= { cgaRemoteEntry 6 }cgaRemoteOrigin OBJECT-TYPESYNTAX INTEGER {other(1),manual(2),send(3),shim6(4)}MAX-ACCESS read-onlySTATUS currentDESCRIPTION"The origin of the CGA entry.manual(2) indicates that the CGA was manually configured, e.g. by user configuration.send(3) indicates that the CGA was received through the SEND protocol .shim6 indicates that the CGA was received through the SEND protocol.Note that each protocol may require different rules for validating the CGA (for example, different number of minimum bits for the key).Note also that although created by a particular mean, the CGA could be used at the same time by many protocols."::= { cgaRemoteEntry 7 }cgaRemoteCreated OBJECT-TYPESYNTAX TimeStampMAX-ACCESS read-onlySTATUS currentDESCRIPTION"The value of sysUpTime at the time this entry was created.
If this entry was created prior to the last re-
initialization of the local network management subsystem,
then this object contains a zero value."::= { cgaRemoteEntry 8 }cgaMIBConformance OBJECT IDENTIFIER ::= { cgaMIB 2 }cgaMIBCompliances OBJECT IDENTIFIER ::= { cgaMIBConformance 1 }cgaMIBGroups OBJECT IDENTIFIER ::= { cgaMIBConformance 2 }cgaMIBCompliance MODULE-COMPLIANCESTATUS currentDESCRIPTION"The compliance statement for systems with CGA addresses."MODULE -- this module-- MANDATORY-GROUPS { }GROUP cgaLocalGroupDESCRIPTION"This group is mandatory for nodes that support the use of CGA as local addresses."GROUP cgaRemoteGroupDESCRIPTION"This group is mandatory for nodes that implement protocols that may rely on the identification of remote nodes as CGA addresses, such as SEND or Shim6."OBJECT cgaLocalSpinLockMIN-ACCESS not-accessibleDESCRIPTION"An agent is not required to implement this
object. However, if an agent provides write access to any
of the other objects in the cgaLocalGroup, it SHOULD
provide write access to this object as well."OBJECT cgaLocalModifierMIN-ACCESS read-onlyDESCRIPTION"An agent is not required to provide write or create access
to this object."OBJECT cgaLocalCollisionCountMIN-ACCESS read-onlyDESCRIPTION"An agent is not required to provide write or create access
to this object."OBJECT cgaLocalPublicKeyMIN-ACCESS read-onlyDESCRIPTION"An agent is not required to provide write or create access
to this object."OBJECT cgaLocalPrivateKeyMIN-ACCESS not-accessibleDESCRIPTION"An agent is not required to provide write or create access
to this object. However, if an agent provides write access to any other objects in the cgaLocalGroup, it SHOULD provide write (and read) access to this
object as well.
Read access to this object is not required. If write access is not provided to other objects in the cgaLocalGroup, the cgaLocalPrivateKey may be not readable."OBJECT cgaLocalExtensionFieldsMIN-ACCESS read-onlyDESCRIPTION"An agent is not required to provide write or create access
to this object."OBJECT cgaLocalProtocolsUsingCgaSYNTAX BITS { unknown(0) }DESCRIPTION"An agent is not required to update the protocols currently using the CGA. In this case, the unknown(0) value is shown."OBJECT cgaLocalAdminStatusMIN-ACCESS read-onlyDESCRIPTION"An agent is not required to provide write or create access
to this object."OBJECT cgaLocalRowStatusSYNTAX RowStatus { active(1) }MIN-ACCESS read-onlyDESCRIPTION"An agent is not required to provide write or create access
to this object. In this case, the only value permitted is active(1)."OBJECT cgaLocalStorageTypeMIN-ACCESS read-onlyDESCRIPTION"An agent is not required to provide write or create access
to this object.
If an agent allows this object to be written or created, it
is not required to allow this object to be set to readOnly,
permanent, or nonVolatile."OBJECT cgaRemoteProtocolsUsingCgaSYNTAX BITS { unknown(0) }DESCRIPTION"An agent is not required to update the protocols currently using the CGA. In this case, the unknown(0) value is shown."::= { cgaMIBCompliances 1 }cgaLocalGroup OBJECT-GROUPOBJECTS {cgaLocalSpinLock, cgaLocalModifier, cgaLocalCollisionCount, cgaLocalPublicKey, cgaLocalPrivateKey, cgaLocalExtensionFields, cgaLocalProtocolsUsingCga, cgaLocalAdminStatus, cgaLocalOperStatus, cgaLocalRowStatus, cgaLocalStorageType }STATUS currentDESCRIPTION"The group of the elements representing the components of the CGA Parameters data structure for the local node."::= { cgaMIBGroups 1 }cgaRemoteGroup OBJECT-GROUPOBJECTS { cgaRemoteModifier, cgaRemoteCollisionCount, cgaRemotePublicKey, cgaRemoteExtensionFields, cgaRemoteProtocolsUsingCga, cgaRemoteOrigin, cgaRemoteCreated }STATUS currentDESCRIPTION"The group of the elements representing the components of the CGA Parameters data structure for remote nodes."::= { cgaMIBGroups 2 }ENDSome of the management objects of this MIB module have been defined with either a MAX-ACCESS clause of read-create (for the columnar objects belonging to the cgaLocalTable) or read-write (for the spinlock object to control access to that table). Such access capability may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations.The objects of the cgaLocalTable specify the CGA addresses configured in this node. An attacker could delete or disable the entry associated to a CGA
to prevent the node to benefit from the authentication and certification facilities provided by the combination of the CGA addresses and protocols
such as SeND (RFC3972) or SHIM6.The addition by an attacker of a row composed of consistent information about a CGA could allow the node to be able to impersonate the identity of another node.Regarding to the risks of providing GET access to the tables defined in this MIB, relevant risks arise from the fact that the private key (contained in the
cgaLocalPrivateKey object) could be disclosed. Some implementations not providing write access to the CGA elements may also disable read access to the cgaLocalPrivateKey object.
The rest of the information contained in the cgaLocalTable is used to prove the identity of the node considered to other nodes communicating with it. Therefore, the disclosure of this information does not provide great
advantage for an attacker in order to impersonate the identity of the node (unless factoring attacks become practical, and the private key could be
derived from the public one, in which case the CGA should be changed). Other risks are essentially the same as faced by the knowledge of a set of non-CGA, i.e. being able to correlate traffic from different
addresses. Analogous considerations can be stated for the information contained in the cgaRemoteTable.SNMP versions prior to SNMPv3 did not include adequate security.
Even if the network itself is secure (for example by using IPSec),
even then, there is no control as to who on the secure network is
allowed to access and GET/SET (read/change/create/delete) the objects
in this MIB module.It is RECOMMENDED that implementers consider the security features as
provided by the SNMPv3 framework (see , section 8), including full
support for the SNMPv3 cryptographic mechanisms (for authentication
and privacy).Further, deployment of SNMP versions prior to SNMPv3 is NOT
RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
enable cryptographic security. It is then a customer/operator
responsibility to ensure that the SNMP entity giving access to an
instance of this MIB module, is properly configured to give access to
the objects only to those principals (users) that have legitimate
rights to indeed GET or SET (change/create/delete) them.The MIB module in this document uses the following IANA-assigned OBJECT IDENTIFIER values recorded in the SMI Numbers registry:Editor's Note (to be removed prior to publication): the IANA is
requested to assign a value for "XXX" under the 'mib-2' subtree
and to record the assignment in the SMI Numbers registry. When
the assignment has been made, the RFC Editor is asked to replace
"XXX" (here and in the MIB module) with the assigned value and to
remove this note.