rfc1472.txt

著名的RFC文档,其中有一些文档是已经翻译成中文的的.

Network Working Group                                      F. Kastenholz
Request for Comments: 1472                            FTP Software, Inc.
                                                               June 1993


                 The Definitions of Managed Objects for
                       the Security Protocols of
                      the Point-to-Point Protocol

Status of this Memo

   This RFC specifies an IAB standards track protocol for the Internet
   community, and requests discussion and suggestions for improvements.
   Please refer to the current edition of the "IAB Official Protocol
   Standards" for the standardization state and status of this protocol.
   Distribution of this memo is unlimited.

Abstract

   This memo defines a portion of the Management Information Base (MIB)
   for use with network management protocols in TCP/IP-based internets.
   In particular, it describes managed objects used for managing the
   Security Protocols on subnetwork interfaces using the family of
   Point-to-Point Protocols [8, 9, 10, 11, & 12].

Table of Contents

   1. The Network Management Framework ......................    1
   2. Objects ...............................................    2
   2.1 Format of Definitions ................................    2
   3. Overview ..............................................    2
   3.1 Object Selection Criteria ............................    2
   3.2 Structure of the PPP .................................    2
   3.3 MIB Groups ...........................................    3
   4. Definitions ...........................................    4
   5. Acknowledgements ......................................    9
   6. Security Considerations ...............................   10
   7. References ............................................   11
   8. Author's Address ......................................   12

1.  The Network Management Framework

   The Internet-standard Network Management Framework consists of three
   components.  They are:

      STD 16/RFC 1155 which defines the SMI, the mechanisms used for
      describing and naming objects for the purpose of management.  STD
      16/RFC 1212 defines a more concise description mechanism, which is



Kastenholz                                                      [Page 1]

RFC 1472                    PPP/Security MIB                   June 1993


      wholly consistent with the SMI.

      STD 17/RFC 1213 which defines MIB-II, the core set of managed
      objects for the Internet suite of protocols.

      STD 15/RFC 1157 which defines the SNMP, the protocol used for
      network access to managed objects.

   The Framework permits new objects to be defined for the purpose of
   experimentation and evaluation.

2.  Objects

   Managed objects are accessed via a virtual information store, termed
   the Management Information Base or MIB.  Objects in the MIB are
   defined using the subset of Abstract Syntax Notation One (ASN.1) [3]
   defined in the SMI.  In particular, each object type is named by an
   OBJECT IDENTIFIER, an administratively assigned name.  The object
   type together with an object instance serves to uniquely identify a
   specific instantiation of the object.  For human convenience, we
   often use a textual string, termed the descriptor, to refer to the
   object type.

2.1.  Format of Definitions

   Section 4 contains the specification of all object types contained in
   this MIB module.  The object types are defined using the conventions
   defined in the SMI, as amended by the extensions specified in [5,6].

3.  Overview

3.1.  Object Selection Criteria

   To be consistent with IAB directives and good engineering practice,
   an explicit attempt was made to keep this MIB as simple as possible.
   This was accomplished by applying the following criteria to objects
   proposed for inclusion:

      (1)  Require objects be essential for either fault or
           configuration management.  In particular, objects for
           which the sole purpose was to debug implementations were
           explicitly excluded from the MIB.

      (2)  Consider evidence of current use and/or utility.

      (3)  Limit the total number of objects.

      (4)  Exclude objects which are simply derivable from others in



Kastenholz                                                      [Page 2]

RFC 1472                    PPP/Security MIB                   June 1993


           this or other MIBs.

3.2.  Structure of the PPP

   This section describes the basic model of PPP used in developing the
   PPP MIB. This information should be useful to the implementor in
   understanding some of the basic design decisions of the MIB.

   The PPP is not one single protocol but a large family of protocols.
   Each of these is, in itself, a fairly complex protocol.  The PPP
   protocols may be divided into three rough categories:

   Control Protocols
      The Control Protocols are used to control the operation of the
      PPP. The Control Protocols include the Link Control Protocol
      (LCP), the Password Authentication Protocol (PAP), the Link
      Quality Report (LQR), and the Challenge Handshake Authentication
      Protocol (CHAP).

   Network Protocols
      The Network Protocols are used to move the network traffic over
      the PPP interface.  A Network Protocol encapsulates the datagrams
      of a specific higher-layer protocol that is using the PPP as a
      data link.  Note that within the context of PPP, the term "Network
      Protocol" does not imply an OSI Layer-3 protocol; for instance,
      there is a Bridging network protocol.

   Network Control Protocols (NCPs)
      The NCPs are used to control the operation of the Network
      Protocols. Generally, each Network Protocol has its own Network
      Control Protocol; thus, the IP Network Protocol has its IP Control
      Protocol, the Bridging Network Protocol has its Bridging Network
      Control Protocol and so on.

   This document specifies the objects used in managing one of these
   protocols, namely the PPP Authentication Protocols.

3.3.  MIB Groups

   Objects in this MIB are arranged into several MIB groups.  Each group
   is organized as a set of related objects.

   These groups are the basic unit of conformance: if the semantics of a
   group are applicable to an implementation then all objects in the
   group must be implemented.

   The PPP MIB is organized into several MIB Groups, including, but not
   limited to, the following groups:



Kastenholz                                                      [Page 3]

RFC 1472                    PPP/Security MIB                   June 1993


          o The PPP Link Group
          o The PPP LQR Group
          o The PPP LQR Extensions Group
          o The PPP IP Group
          o The PPP Bridge Group
          o The PPP Security Group

   This document specifies the following group:

   PPP Security Group
      The PPP Security Group contains all configuration and control
      variables that apply to PPP security.

      Implementation of this group is optional.  Implementation is
      optional since the variables in this group provide configuration
      and control for the PPP Security functions.  Thus, these variables
      should be protected by SNMPv2 security.  If an agent does not
      support SNMPv2 with privacy it is strongly advised that this group
      not be implemented.  See the section on "Security Considerations"
      at the end of this document.

4.  Definitions

          PPP-SEC-MIB DEFINITIONS ::= BEGIN

          IMPORTS
               Counter
                    FROM RFC1155-SMI
               OBJECT-TYPE
                    FROM RFC-1212
               ppp
                    FROM PPP-LCP-MIB;

               pppSecurity OBJECT IDENTIFIER ::= { ppp 2 }

               pppSecurityProtocols OBJECT IDENTIFIER ::= { pppSecurity 1 }

          -- The following uniquely identify the various protocols
          -- used by PPP security. These OBJECT IDENTIFIERS are
          -- used in the pppSecurityConfigProtocol and
          -- pppSecuritySecretsProtocol objects to identify to which
          -- protocols the table entries apply.

               pppSecurityPapProtocol OBJECT IDENTIFIER ::=
                         { pppSecurityProtocols 1 }
               pppSecurityChapMD5Protocol OBJECT IDENTIFIER ::=
                         { pppSecurityProtocols 2 }




Kastenholz                                                      [Page 4]

RFC 1472                    PPP/Security MIB                   June 1993


          -- PPP Security Group
          -- Implementation of this group is optional.

          -- This table allows the network manager to configure
          -- which security protocols are to be used on which
          -- link and in what order of preference each is to be tried


          pppSecurityConfigTable   OBJECT-TYPE
               SYNTAX    SEQUENCE OF PppSecurityConfigEntry
               ACCESS    not-accessible
               STATUS    mandatory
               DESCRIPTION
                         "Table containing the configuration and
                         preference parameters for PPP Security."
               ::= { pppSecurity 2 }


          pppSecurityConfigEntry   OBJECT-TYPE
               SYNTAX    PppSecurityConfigEntry
               ACCESS    not-accessible
               STATUS    mandatory
               DESCRIPTION
                         "Security configuration information for a
                         particular PPP link."
               INDEX     { pppSecurityConfigLink,
                         pppSecurityConfigPreference }
               ::= { pppSecurityConfigTable 1 }


          PppSecurityConfigEntry ::= SEQUENCE {
               pppSecurityConfigLink
                    INTEGER,
               pppSecurityConfigPreference
                    INTEGER,
               pppSecurityConfigProtocol
                    OBJECT IDENTIFIER,
               pppSecurityConfigStatus
                    INTEGER
               }


          pppSecurityConfigLink   OBJECT-TYPE
               SYNTAX    INTEGER(0..2147483647)
               ACCESS    read-write
               STATUS    mandatory
               DESCRIPTION
                         "The value of ifIndex that identifies the entry



Kastenholz                                                      [Page 5]

RFC 1472                    PPP/Security MIB                   June 1993


                         in the interface table that is associated with
                         the local PPP entity's link for which this
                         particular security algorithm shall be
                         attempted. A value of 0 indicates the default
                         algorithm - i.e., this entry applies to all
                         links for which explicit entries in the table
                         do not exist."
               ::= { pppSecurityConfigEntry 1 }


          pppSecurityConfigPreference   OBJECT-TYPE
               SYNTAX    INTEGER(0..2147483647)
               ACCESS    read-write
               STATUS    mandatory
               DESCRIPTION
                         "The relative preference of the security
                         protocol identified by
                         pppSecurityConfigProtocol. Security protocols
                         with lower values of
                         pppSecurityConfigPreference are tried before
                         protocols with higher values of
                         pppSecurityConfigPreference."
               ::= { pppSecurityConfigEntry 2 }


          pppSecurityConfigProtocol   OBJECT-TYPE
               SYNTAX    OBJECT IDENTIFIER
               ACCESS    read-write
               STATUS    mandatory
               DESCRIPTION
                         "Identifies the security protocol to be
                         attempted on the link identified by
                         pppSecurityConfigLink at the preference level
                         identified by pppSecurityConfigPreference. "
               ::= { pppSecurityConfigEntry 3 }


          pppSecurityConfigStatus   OBJECT-TYPE
               SYNTAX    INTEGER  {
                         invalid(1),
                         valid(2)
                    }
               ACCESS    read-write
               STATUS    mandatory
               DESCRIPTION
                         "Setting this object to the value invalid(1)
                         has the effect of invalidating the
                         corresponding entry in the



Kastenholz                                                      [Page 6]

RFC 1472                    PPP/Security MIB                   June 1993


                         pppSecurityConfigTable. It is an
                         implementation-specific matter as to whether
                         the agent removes an invalidated entry from the
                         table.  Accordingly, management stations must
                         be prepared to receive tabular information from
                         agents that corresponds to entries not
                         currently in use.  Proper interpretation of
                         such entries requires examination of the
                         relevant pppSecurityConfigStatus object."
               DEFVAL    { valid }
               ::= { pppSecurityConfigEntry 4 }


          -- This table contains all of the ID/Secret pair information.


          pppSecuritySecretsTable   OBJECT-TYPE
               SYNTAX    SEQUENCE OF PppSecuritySecretsEntry
               ACCESS    not-accessible
               STATUS    mandatory
               DESCRIPTION
                         "Table containing the identities and secrets
                         used by the PPP authentication protocols.  As
                         this table contains secret information, it is