Internet Engineering Task Force Tim Jenkins
IP Security Working Group TimeStep Corporation
Internet Draft John Shriver
Intel Corporation
June 3, 1999
ISAKMP DOI-Independent Monitoring MIB
<draft-ietf-ipsec-isakmp-di-mon-mib-00.txt>
Status of this Memo
This document is a submission to the IETF Internet Protocol Security
(IPSEC) Working Group. Comments are solicited and should be addressed
to the working group mailing list (ipsec@tis.com) or to the editor.
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or made obsolete by other documents at
any time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Copyright Notice
This document is a product of the IETF's IPSec Working Group.
Copyright (C) The Internet Society (1999). All Rights Reserved.
IPSec Working Group Expires December 3, 1999 [Page 1]
Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999
Table of Contents
1. Introduction....................................................2
2. The SNMPv2 Network Management Framework.........................2
2.1 Object Definitions.............................................3
3. ISAKMP DOI-independent MIB Objects Architecture.................4
4. MIB Definitions.................................................5
5. Security Considerations........................................17
6. Acknowledgments................................................17
7. Revision History...............................................17
8. References.....................................................18
1. Introduction
This document defines a DOI (domain of interpretation) independent
monitoring MIB for ISAKMP.
The purpose of this MIB is to be used as the basis for protocol
specific MIBs that use ISAKMP as the basis for key exchanges or
security association negotiation.
As such, it has no DOI-dependent objects.
2. The SNMPv2 Network Management Framework
The SNMP Management Framework presently consists of five major
components:
o An overall architecture, described in RFC 2271 [2271].
o Mechanisms for describing and naming objects and events for the
purpose of management. The first version of this Structure of
Management Information (SMI) is called SMIv1 and described in
RFC 1155 [1155], RFC 1212 [1212] and RFC 1215 [1215]. The second
version, called SMIv2, is described in RFC 1902 [1902],
RFC 1903 [1903] and RFC 1904 [1904].
o Message protocols for transferring management information. The
first version of the SNMP message protocol is called SNMPv1 and
described in RFC 1157 [1157]. A second version of the SNMP message
protocol, which is not an Internet standards track protocol, is
called SNMPv2c and described in RFC 1901 [1901] and
RFC 1906 [1906]. The third version of the message protocol is
called SNMPv3 and described in RFC 1906 [1906], RFC 2272 [2272]
and RFC 2274 [2274].
IPSec Working Group [Page 2]
Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999
o Protocol operations for accessing management information. The
first set of protocol operations and associated PDU formats is
described in RFC 1157 [1157]. A second set of protocol operations
and associated PDU formats is described in RFC 1905 [1905].
o A set of fundamental applications described in RFC 2273 [2273] and
the view-based access control mechanism described in
RFC 2275 [2275].
Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. Objects in the MIB are
defined using the mechanisms defined in the SMI.
This memo specifies a MIB module that is compliant to the SMIv2. A
MIB conforming to the SMIv1 can be produced through the appropriate
translations. The resulting translated MIB must be semantically
equivalent, except where objects or events are omitted because no
translation is possible (use of Counter32). Some machine readable
information in SMIv2 will be converted into textual descriptions in
SMIv1 during the translation process. However, this loss of machine
readable information is not considered to change the semantics of the
MIB.
2.1 Object Definitions
Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. Objects in the MIB are
defined using the subset of Abstract Syntax Notation One (ASN.1)
defined in the SMI. In particular, each object type is named by an
OBJECT IDENTIFIER, an administratively assigned name. The object type
together with an object instance serves to uniquely identify a
specific instantiation of the object. For human convenience, we often
use a textual string, termed the descriptor, to refer to the object
type.
IPSec Working Group [Page 3]
Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999
3. ISAKMP DOI-independent MIB Objects Architecture
The ISAKMP DOI-independent MIB consists of consists of a single table
of security associations (SAs), providing the DOI-independent portion
of all SAs that use ISAKMP as the basis of their negotiation.
This table includes the uniqueness identifiers for those SAs, some
version information, some communications information and some basic
status information. Also included are aggregate statistics based on
the assumption that DOI-specific usage of ISAKMP is for the purpose
of negotiating SAs.
Additional tables could be generated that are specific to the ISAKMP
DOI, however, there is no attempt to define these tables as part of
this MIB.
There are no traps defined. The reason for this is that the DOI-
independent portion of ISAKMP makes no assumptions about the use of
ISAKMP, aside from the aggregate statistics assumption stated above.
Additionally, there is no count of notifications sent or received.
The reason for this is that the usage of notifications is associated
with specific DOIs (even though there are ISAKMP defined notification
types), and this is a DOI-independent MIB. Protocols that use the
notifications must be designed to allow counting of the notification
types from DOI of 0 if they use the ISAKMP notification types in
addition to their own.
IPSec Working Group [Page 4]
Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999
4. MIB Definitions
ISAKMP-DOI-IND-MON-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, Counter32, Gauge32,
OBJECT-IDENTITY
-- delete this and next line before release
, experimental
FROM SNMPv2-SMI
TEXTUAL-CONVENTION, TruthValue
FROM SNMPv2-TC
IsakmpDOI
FROM IPSEC-ISAKMP-IKE-DOI-TC;
isakmpDoiIndMonModule MODULE-IDENTITY
LAST-UPDATED "9906031200Z"
ORGANIZATION "IETF IPSec Working Group"
CONTACT-INFO
" Tim Jenkins
TimeStep Corporation
362 Terry Fox Drive
Kanata, ON K0A 2H0
Canada
+1 (613) 599-3610
tjenkins@timestep.com
John Shriver
Intel Corporation
28 Crosby Drive Bedford, MA
01730
+1 (781) 687-1329
John.Shriver@intel.com
"
DESCRIPTION
"The MIB module to describe the DOI-independent part of
ISAKMP objects; to be used for monitoring purposes."
REVISION "9906031200Z"
DESCRIPTION
"Initial revision."
-- replace xxx in next line before release, uncomment before release
-- ::= { mib-2 xxx }
-- delete this and next line before release
::= { experimental 501 } -- invalid!
IPSec Working Group [Page 5]
Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999
isakmpDoiIndMIBObjects OBJECT-IDENTITY
STATUS current
DESCRIPTION
"This is the base object identifier for all ISAKMP
branches."
::= { isakmpDoiIndMonModule 1 }
--
-- significant branches
--
isakmpSaTable OBJECT-IDENTITY
STATUS current
DESCRIPTION
"This is the base object identifier for the security
associations table."
::= { isakmpDoiIndMIBObjects 1 }
isakmpGlobals OBJECT-IDENTITY
STATUS current
DESCRIPTION
"This is the base object identifier for all objects which
are global values for ISAKMP."
::= { isakmpDoiIndMIBObjects 2 }
isakmpNegStats OBJECT-IDENTITY
STATUS current
DESCRIPTION
"This is the base object identifier for all objects which
are global counters for ISAKMP negotiation statistics."
::= { isakmpDoiIndMIBObjects 3 }
isakmpTrafStats OBJECT-IDENTITY
STATUS current
DESCRIPTION
"This is the base object identifier for all objects which
are global counters for ISAKMP security association traffic
statistics."
::= { isakmpDoiIndMIBObjects 4 }
isakmpErrors OBJECT-IDENTITY
STATUS current
DESCRIPTION
"This is the base object identifier for all objects which
are global error counters for ISAKMP."
::= { isakmpDoiIndMIBObjects 5 }
IPSec Working Group [Page 6]
Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999
isakmpGroups OBJECT-IDENTITY
STATUS current
DESCRIPTION
"This is the base object identifier for all objects which
describe the groups in this MIB."
::= { isakmpDoiIndMIBObjects 6 }
isakmpConformance OBJECT-IDENTITY
STATUS current
DESCRIPTION
"This is the base object identifier for all objects which
describe the conformance for this MIB."
::= { isakmpDoiIndMIBObjects 7 }
--
-- textual conventions
--
IsakmpIpv6Address ::= TEXTUAL-CONVENTION
DISPLAY-HINT "2x:2x:2x:2x:2x:2x:1d.1d.1d.1d"
STATUS current
DESCRIPTION
"This data type is used to model IPv6 address prefixes. This
is a binary string of 16 octets in network byte-order."
SYNTAX OCTET STRING (SIZE (16))
IsakmpCookie ::= TEXTUAL-CONVENTION
DISPLAY-HINT "x"
STATUS current
DESCRIPTION
"This data type is used to model ISAKMP cookies. This is a
binary string of 8 octets in network byte-order."
SYNTAX OCTET STRING (SIZE (8))
-- the ISAKMP DOI-independent SA MIB-Group
--
-- a collection of objects providing information about the
-- DOI-independent portion of SAs generated using ISAKMP
--
saTable OBJECT-TYPE
SYNTAX SEQUENCE OF SaEntry
MAX-ACCESS not-accessible
STATUS current
IPSec Working Group [Page 7]
Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999
DESCRIPTION
"The (conceptual) table containing the DOI-independent
portion of ISAKMP SAs."
::= { isakmpSaTable 1 }
saEntry OBJECT-TYPE
SYNTAX SaEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (conceptual row) containing the DOI-independent
information on a particular ISAKMP SA."
INDEX {
saLocalIpAddress,
saRemoteIpAddress,
saInitiatorCookie,
saResponderCookie }
::= { saTable 1 }
SaEntry::= SEQUENCE {
-- identification
saLocalIpAddress IsakmpIpv6Address,
saRemoteIpAddress IsakmpIpv6Address,
saInitiatorCookie IsakmpCookie,
saResponderCookie IsakmpCookie,
-- communication information
saLocalUdpPort INTEGER,
saRemoteUdpPort INTEGER,
-- peer version information
saPeerMajorVersion INTEGER,
saPeerMinorVersion INTEGER,
-- creation/status/type
saDoi IsakmpDOI,
saLocallyInitiated TruthValue,
saStatus INTEGER,
saExchangeType INTEGER,
-- statistics
saInPackets Counter32,
saOutPackets Counter32,
saInOctets Counter32,
saOutOctets Counter32
}
IPSec Working Group [Page 8]
Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999
saLocalIpAddress OBJECT-TYPE
SYNTAX IsakmpIpv6Address
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The local address used to negotiated the ISAKMP phase 1 SA.
For implementations that do not support IPv6, this address
should appear as one of the IPv4-mapped IPv6 addresses as
defined in Section 2.5.4 of [IPV6AA].
Specifically, the prefix '0000:0000:0000:0000:0000:FFFF:' is
used for IPv4 only nodes, while the prefix
'0000:0000:0000:0000:0000:0000:' is used for bi-lingual
nodes."
::= { saEntry 1 }
saRemoteIpAddress OBJECT-TYPE
SYNTAX IsakmpIpv6Address
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The remote address used to negotiated the ISAKMP phase 1
SA.
For implementations that do not support IPv6, this address
should appear as one of the IPv4-mapped IPv6 addresses as
defined in Section 2.5.4 of [IPV6AA].
Specifically, the prefix '0000:0000:0000:0000:0000:FFFF:' is
used for IPv4 only nodes, while the prefix
'0000:0000:0000:0000:0000:0000:' is used for bi-lingual
nodes."
::= { saEntry 2 }
saInitiatorCookie OBJECT-TYPE
SYNTAX IsakmpCookie
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the cookie used by the initiator for the
ISAKMP phase 1 SA."
::= { saEntry 3 }
saResponderCookie OBJECT-TYPE
SYNTAX IsakmpCookie
MAX-ACCESS read-only
IPSec Working Group [Page 9]
Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999
STATUS current
DESCRIPTION
"The value of the cookie used by the responder for the
ISAKMP phase 1 SA.
Note that this value may be 0 if the ISAKMP phase 1 SA has
been initiated but not responded to by the peer entity.
It must never be 0 if this entry represents an ISAKMP phase
1 SA establishment attempt that has been initiated by the
peer. This rule prevents index collisions in the (unlikely)
event that two peers simultaneously initiate with the same
cookie at the same time."
::= { saEntry 4 }
saLocalUdpPort OBJECT-TYPE
SYNTAX INTEGER (0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The local UDP port number that this ISAKMP phase 1 SA was
negotiated with."
::= { saEntry 5 }
saRemoteUdpPort OBJECT-TYPE
SYNTAX INTEGER (0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The remote UDP port number that this ISAKMP phase 1 SA was
negotiated with."
::= { saEntry 6 }
saPeerMajorVersion OBJECT-TYPE
SYNTAX INTEGER (0..15)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The major version number from the ISAKMP packet header used
by the peer."
REFERENCE "Section 3.1 of RFC2408"
::= { saEntry 7 }
saPeerMinorVersion OBJECT-TYPE
SYNTAX INTEGER (0..15)
MAX-ACCESS read-only
STATUS current
IPSec Working Group [Page 10]
Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999
DESCRIPTION
"The minor version number from the ISAKMP packet header used
by the peer."
REFERENCE "Section 3.1 of RFC2408"
::= { saEntry 8 }
saDoi OBJECT-TYPE
SYNTAX IsakmpDOI
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The specific DOI value using ISAKMP.
Note that this value MAY be 0, as allowed by Section 3.4 of
RFC2408"
REFERENCE "Section 3.3, RFC2408"
::= { saEntry 9 }
saLocallyInitiated OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This value is 'true' if the ISAKMP phase 1 SA was initiated
by the local entity, and 'false' if initiated by the remote
entity."
::= { saEntry 10 }
saStatus OBJECT-TYPE
SYNTAX INTEGER { negotiating(1), established(2) }
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The status of the ISAKMP phase 1 SA.
If the state is 'negotiating', it means that processing of
the final packet of the phase 1 exchange is not yet
complete.
If the state is 'established', it means that processing of
all packets associated with ISAKMP phase 1 SA negotation is
complete, and the entities involved in the ISAKMP phase 1 SA
are authenticated."
::= { saEntry 11 }
saExchangeType OBJECT-TYPE
SYNTAX INTEGER {
base(1),
IPSec Working Group [Page 11]
Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999
identityProtection(2),
authOnly(3),
aggressive(4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The exchange type used to negotiate the ISAKMP phase 1 SA.
Other values may be used by specific domains."
REFERENCE "Section 3.1 RFC2408"
::= { saEntry 12 }
saInPackets OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of packets received by the ISAKMP phase 1
SA, including un-encrypted packets used to negotiate the
ISAKMP phase 1 SA, and any re-transmissions."
::= { saEntry 13 }
saOutPackets OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of packets sent by the ISAKMP phase 1 SA,
including un-encrypted packets used to negotiate the ISAKMP
phase 1 SA, and any re-transmissions received."
::= { saEntry 14 }
saInOctets OBJECT-TYPE
SYNTAX Counter32
UNITS "bytes"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The amount of encrypted traffic measured in bytes received
by the ISAKMP phase 1 SA. This includes encrypted traffic
used to negotiate the ISAKMP phase 1 SA, and any re-
transmissions received."
::= { saEntry 15 }
saOutOctets OBJECT-TYPE
SYNTAX Counter32
UNITS "bytes"
IPSec Working Group [Page 12]
Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The amount of encrypted traffic measured in bytes sent by
the ISAKMP phase 1 SA. This includes encrypted traffic used
to negotiate the ISAKMP phase 1 SA, and any re-
transmissions."
::= { saEntry 16 }
--
-- the ISAKMP Entity MIB-Group
--
isakmpMajorVersion OBJECT-TYPE
SYNTAX INTEGER ( 0..15 )
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The maximum major version number value capable of being
supported by the entity."
::= { isakmpGlobals 1 }
isakmpMinorVersion OBJECT-TYPE
SYNTAX INTEGER ( 0..15 )
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The maximum minor version number value capable of being
supported by the entity."
::= { isakmpGlobals 2 }
--
-- ISAKMP phase 1 SA statistics
--
isakmpCurrentSAs OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current number of ISAKMP SAs in the entity."
::= { isakmpNegStats 1 }
isakmpCurrentInitiatedSAs OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
IPSec Working Group [Page 13]
Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999
STATUS current
DESCRIPTION
"The current number of ISAKMP SAs successfully negotiated in
the entity that were initiated by the entity."
::= { isakmpNegStats 2 }
isakmpCurrentRespondedSAs OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current number of ISAKMP SAs successfully negotiated in
the entity that were initiated by the peer entity."
::= { isakmpNegStats 3 }
isakmpTotalSAs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of ISAKMP SAs successfully negotiated in
the entity since boot time."
::= { isakmpNegStats 4 }
isakmpTotalInitiatedSAs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of ISAKMP SAs successfully negotiated in
the entity since boot time that were initiated by the
entity."
::= { isakmpNegStats 5 }
isakmpTotalRespondedSAs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of ISAKMP SAs successfully negotiated in
the entity since boot time that were initiated by the peer
entity."
::= { isakmpNegStats 6 }
isakmpTotalAttempts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
IPSec Working Group [Page 14]
Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999
DESCRIPTION
"The total number of ISAKMP SAs negotiation attempts made
since boot time. This includes successful negotiations."
::= { isakmpNegStats 7 }
isakmpTotalAsInitAttempts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of ISAKMP SAs negotiation attempts made
where the entity was the initiator since boot time. This
includes successful negotiations."
::= { isakmpNegStats 8 }
isakmpTotalAsRespAttempts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of ISAKMP SAs negotiation attempts made
where the entity was the responder since boot time. This
includes successful negotiations."
::= { isakmpNegStats 9 }
--
-- traffic statistics
--
isakmpTotalInPackets OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of ISAKMP packets received by the entity
since boot time, including re-transmissions."
::= { isakmpTrafStats 1 }
isakmpTotalOutPackets OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of ISAKMP packets sent by the entity since
boot time, including re-transmissions."
::= { isakmpTrafStats 2 }
IPSec Working Group [Page 15]
Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999
isakmpTotalInOctets OBJECT-TYPE
SYNTAX Counter32
UNITS "bytes"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total amount of encrypted ISAKMP traffic received by the
entity since boot time, measured in bytes, including any re-
transmitted packets received or sent."
::= { isakmpTrafStats 3 }
isakmpTotalOutOctets OBJECT-TYPE
SYNTAX Counter32
UNITS "bytes"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total amount of encrypted ISAKMP traffic sent by the
entity since boot time, measured in bytes, including any re-
transmissions."
::= { isakmpTrafStats 4 }
--
-- global error counts
--
isakmpTotalInitFailures OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of attempts to initiate an ISAKMP phase 1
SA that failed since boot time, when there was a response
from the peer entity.
This value may be used to detect clogging or denial-of-
service attacks."
::= { isakmpErrors 1 }
isakmpTotalInitNoResponses OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
IPSec Working Group [Page 16]
Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999
DESCRIPTION
"The total number of attempts to initiate an ISAKMP phase 1
SA that failed since boot time, when there was no response
from the peer entity."
::= { isakmpErrors 2 }
END
5. Security Considerations
This MIB contains readable objects whose values provide information
related to ISAKMP SAs. There are no objects with MAX-ACCESS clauses
of read-write or read-create.
While unauthorized access to the readable objects is relatively
innocuous, unauthorized access to those objects through an insecure
channel can provide attackers with more information about a system
than an administrator may desire.
A specific example of this includes, but is not limited to, the
monitoring of global statistic counts by attackers that provides
feedback on the progress of an attack.
6. Acknowledgments
This document is based in part on an earlier proposal titled "draft-
ietf-ipsec-mib-xx.txt". That series was abandoned, since it included
application specific constructs in addition to the IPSec only
objects.
Portions of the original document's origins were based on the working
paper "IP Security Management Information Base" by R. Thayer and U.
Blumenthal.
Contribution to the IPSec MIB series of documents comes from C.
Brooks, C. Powell, M. Daniele, T. Kivinen, J. Walker, S. Kelly, J.
Leonard, M. Richardson and R. Charlet, and others participating in
the IPSec WG.
7. Revision History
This section will be removed before publication.
June 3, 1999Initial Release.
1) Group and Compliance statements?
2) Sub-identifier under the experimental tree?
IPSec Working Group [Page 17]
Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999
8. References
[IPSECTC]Shriver, J., "IPSec DOI Textual Conventions MIB", draft-
ietf-ipsec-doi-tc-mib-00.txt, March 22, 1999, work in
progress
[ISAKMP]Maughan, D., Schertler, M., Schneider, M., and Turner, J.,
"Internet Security Association and Key Management Protocol
(ISAKMP)", RFC2408, November 1998
[IPV6AA]Hinden, R., Deering, S., "IP Version 6 Addressing
Architecture", RFC2373, July 1998
[1902] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser,
"Structure of Management Information for version 2 of the
Simple Network Management Protocol (SNMPv2)", RFC 1902,
January 1996.
[2271] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture
for Describing SNMP Management Frameworks", RFC 2271, January
1998
[1155] Rose, M., and K. McCloghrie, "Structure and Identification of
Management Information for TCP/IP-based Internets", RFC 1155,
May 1990
[1212] Rose, M., and K. McCloghrie, "Concise MIB Definitions", RFC
1212, March 1991
[1215] M. Rose, "A Convention for Defining Traps for use with the
SNMP", RFC 1215, March 1991
[1903] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and
S. Waldbusser, "Textual Conventions for Version 2 of the
Simple Network Management Protocol (SNMPv2)", RFC 1903,
January 1996.
[1904] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and
S. Waldbusser, "Conformance Statements for Version 2 of the
Simple Network Management Protocol (SNMPv2)", RFC 1904,
January 1996.
[1157] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple
Network Management Protocol", RFC 1157, May 1990.
[1901] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and
S. Waldbusser, "Introduction to Community-based SNMPv2", RFC
1901, January 1996.
IPSec Working Group [Page 18]
Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999
[1906] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and
S. Waldbusser, "Transport Mappings for Version 2 of the
Simple Network Management Protocol (SNMPv2)", RFC 1906,
January 1996.
[2272] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message
Processing and Dispatching for the Simple Network Management
Protocol (SNMP)", RFC 2272, January 1998.
[2274] Blumenthal, U., and B. Wijnen, "User-based Security Model
(USM) for version 3 of the Simple Network Management Protocol
(SNMPv3)", RFC 2274, January 1998.
[1905] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and
S. Waldbusser, "Protocol Operations for Version 2 of the
Simple Network Management Protocol (SNMPv2)", RFC 1905,
January 1996.
[2273] Levi, D., Meyer, P., and B. Stewart, MPv3 Applications", RFC
2273, SNMP Research, Inc., Secure Computing Corporation,
Cisco Systems, January 1998.
[2275] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based
Access Control Model (VACM) for the Simple Network Management
Protocol (SNMP)", RFC 2275, January 1998.
Editors' Addresses
Tim Jenkins
tjenkins@timestep.com
TimeStep Corporation
362 Terry Fox Drive
Kanata, ON
Canada
K2K 2P5
+1 (613) 599-3610
John Shriver
John.Shriver@intel.com
Intel Corporation
28 Crosby Drive
Bedford, MA
01730
+1 (781) 687-1329
IPSec Working Group [Page 19]
Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999
The IPSec working group can be contacted via the IPSec working
group's mailing list (ipsec@tislabs.com) or through its chairs:
Robert Moskowitz
rgm@icsa.net
International Computer Security Association
Theodore Y. Ts'o
tytso@MIT.EDU
Massachusetts Institute of Technology
Expiration
This document expires December 3, 1999
IPSec Working Group [Page 20]