Internet Engineering Task Force Tim Jenkins IP Security Working Group TimeStep Corporation Internet Draft John Shriver Intel Corporation June 3, 1999 ISAKMP DOI-Independent Monitoring MIB Status of this Memo This document is a submission to the IETF Internet Protocol Security (IPSEC) Working Group. Comments are solicited and should be addressed to the working group mailing list (ipsec@tis.com) or to the editor. This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or made obsolete by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Copyright Notice This document is a product of the IETF's IPSec Working Group. Copyright (C) The Internet Society (1999). All Rights Reserved. IPSec Working Group Expires December 3, 1999 [Page 1] Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999 Table of Contents 1. Introduction....................................................2 2. The SNMPv2 Network Management Framework.........................2 2.1 Object Definitions.............................................3 3. ISAKMP DOI-independent MIB Objects Architecture.................4 4. MIB Definitions.................................................5 5. Security Considerations........................................17 6. Acknowledgments................................................17 7. Revision History...............................................17 8. References.....................................................18 1. Introduction This document defines a DOI (domain of interpretation) independent monitoring MIB for ISAKMP. The purpose of this MIB is to be used as the basis for protocol specific MIBs that use ISAKMP as the basis for key exchanges or security association negotiation. As such, it has no DOI-dependent objects. 2. The SNMPv2 Network Management Framework The SNMP Management Framework presently consists of five major components: o An overall architecture, described in RFC 2271 [2271]. o Mechanisms for describing and naming objects and events for the purpose of management. The first version of this Structure of Management Information (SMI) is called SMIv1 and described in RFC 1155 [1155], RFC 1212 [1212] and RFC 1215 [1215]. The second version, called SMIv2, is described in RFC 1902 [1902], RFC 1903 [1903] and RFC 1904 [1904]. o Message protocols for transferring management information. The first version of the SNMP message protocol is called SNMPv1 and described in RFC 1157 [1157]. A second version of the SNMP message protocol, which is not an Internet standards track protocol, is called SNMPv2c and described in RFC 1901 [1901] and RFC 1906 [1906]. The third version of the message protocol is called SNMPv3 and described in RFC 1906 [1906], RFC 2272 [2272] and RFC 2274 [2274]. IPSec Working Group [Page 2] Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999 o Protocol operations for accessing management information. The first set of protocol operations and associated PDU formats is described in RFC 1157 [1157]. A second set of protocol operations and associated PDU formats is described in RFC 1905 [1905]. o A set of fundamental applications described in RFC 2273 [2273] and the view-based access control mechanism described in RFC 2275 [2275]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. Objects in the MIB are defined using the mechanisms defined in the SMI. This memo specifies a MIB module that is compliant to the SMIv2. A MIB conforming to the SMIv1 can be produced through the appropriate translations. The resulting translated MIB must be semantically equivalent, except where objects or events are omitted because no translation is possible (use of Counter32). Some machine readable information in SMIv2 will be converted into textual descriptions in SMIv1 during the translation process. However, this loss of machine readable information is not considered to change the semantics of the MIB. 2.1 Object Definitions Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. Objects in the MIB are defined using the subset of Abstract Syntax Notation One (ASN.1) defined in the SMI. In particular, each object type is named by an OBJECT IDENTIFIER, an administratively assigned name. The object type together with an object instance serves to uniquely identify a specific instantiation of the object. For human convenience, we often use a textual string, termed the descriptor, to refer to the object type. IPSec Working Group [Page 3] Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999 3. ISAKMP DOI-independent MIB Objects Architecture The ISAKMP DOI-independent MIB consists of consists of a single table of security associations (SAs), providing the DOI-independent portion of all SAs that use ISAKMP as the basis of their negotiation. This table includes the uniqueness identifiers for those SAs, some version information, some communications information and some basic status information. Also included are aggregate statistics based on the assumption that DOI-specific usage of ISAKMP is for the purpose of negotiating SAs. Additional tables could be generated that are specific to the ISAKMP DOI, however, there is no attempt to define these tables as part of this MIB. There are no traps defined. The reason for this is that the DOI- independent portion of ISAKMP makes no assumptions about the use of ISAKMP, aside from the aggregate statistics assumption stated above. Additionally, there is no count of notifications sent or received. The reason for this is that the usage of notifications is associated with specific DOIs (even though there are ISAKMP defined notification types), and this is a DOI-independent MIB. Protocols that use the notifications must be designed to allow counting of the notification types from DOI of 0 if they use the ISAKMP notification types in addition to their own. IPSec Working Group [Page 4] Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999 4. MIB Definitions ISAKMP-DOI-IND-MON-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Counter32, Gauge32, OBJECT-IDENTITY -- delete this and next line before release , experimental FROM SNMPv2-SMI TEXTUAL-CONVENTION, TruthValue FROM SNMPv2-TC IsakmpDOI FROM IPSEC-ISAKMP-IKE-DOI-TC; isakmpDoiIndMonModule MODULE-IDENTITY LAST-UPDATED "9906031200Z" ORGANIZATION "IETF IPSec Working Group" CONTACT-INFO " Tim Jenkins TimeStep Corporation 362 Terry Fox Drive Kanata, ON K0A 2H0 Canada +1 (613) 599-3610 tjenkins@timestep.com John Shriver Intel Corporation 28 Crosby Drive Bedford, MA 01730 +1 (781) 687-1329 John.Shriver@intel.com " DESCRIPTION "The MIB module to describe the DOI-independent part of ISAKMP objects; to be used for monitoring purposes." REVISION "9906031200Z" DESCRIPTION "Initial revision." -- replace xxx in next line before release, uncomment before release -- ::= { mib-2 xxx } -- delete this and next line before release ::= { experimental 501 } -- invalid! IPSec Working Group [Page 5] Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999 isakmpDoiIndMIBObjects OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for all ISAKMP branches." ::= { isakmpDoiIndMonModule 1 } -- -- significant branches -- isakmpSaTable OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for the security associations table." ::= { isakmpDoiIndMIBObjects 1 } isakmpGlobals OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for all objects which are global values for ISAKMP." ::= { isakmpDoiIndMIBObjects 2 } isakmpNegStats OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for all objects which are global counters for ISAKMP negotiation statistics." ::= { isakmpDoiIndMIBObjects 3 } isakmpTrafStats OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for all objects which are global counters for ISAKMP security association traffic statistics." ::= { isakmpDoiIndMIBObjects 4 } isakmpErrors OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for all objects which are global error counters for ISAKMP." ::= { isakmpDoiIndMIBObjects 5 } IPSec Working Group [Page 6] Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999 isakmpGroups OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for all objects which describe the groups in this MIB." ::= { isakmpDoiIndMIBObjects 6 } isakmpConformance OBJECT-IDENTITY STATUS current DESCRIPTION "This is the base object identifier for all objects which describe the conformance for this MIB." ::= { isakmpDoiIndMIBObjects 7 } -- -- textual conventions -- IsakmpIpv6Address ::= TEXTUAL-CONVENTION DISPLAY-HINT "2x:2x:2x:2x:2x:2x:1d.1d.1d.1d" STATUS current DESCRIPTION "This data type is used to model IPv6 address prefixes. This is a binary string of 16 octets in network byte-order." SYNTAX OCTET STRING (SIZE (16)) IsakmpCookie ::= TEXTUAL-CONVENTION DISPLAY-HINT "x" STATUS current DESCRIPTION "This data type is used to model ISAKMP cookies. This is a binary string of 8 octets in network byte-order." SYNTAX OCTET STRING (SIZE (8)) -- the ISAKMP DOI-independent SA MIB-Group -- -- a collection of objects providing information about the -- DOI-independent portion of SAs generated using ISAKMP -- saTable OBJECT-TYPE SYNTAX SEQUENCE OF SaEntry MAX-ACCESS not-accessible STATUS current IPSec Working Group [Page 7] Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999 DESCRIPTION "The (conceptual) table containing the DOI-independent portion of ISAKMP SAs." ::= { isakmpSaTable 1 } saEntry OBJECT-TYPE SYNTAX SaEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) containing the DOI-independent information on a particular ISAKMP SA." INDEX { saLocalIpAddress, saRemoteIpAddress, saInitiatorCookie, saResponderCookie } ::= { saTable 1 } SaEntry::= SEQUENCE { -- identification saLocalIpAddress IsakmpIpv6Address, saRemoteIpAddress IsakmpIpv6Address, saInitiatorCookie IsakmpCookie, saResponderCookie IsakmpCookie, -- communication information saLocalUdpPort INTEGER, saRemoteUdpPort INTEGER, -- peer version information saPeerMajorVersion INTEGER, saPeerMinorVersion INTEGER, -- creation/status/type saDoi IsakmpDOI, saLocallyInitiated TruthValue, saStatus INTEGER, saExchangeType INTEGER, -- statistics saInPackets Counter32, saOutPackets Counter32, saInOctets Counter32, saOutOctets Counter32 } IPSec Working Group [Page 8] Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999 saLocalIpAddress OBJECT-TYPE SYNTAX IsakmpIpv6Address MAX-ACCESS read-only STATUS current DESCRIPTION "The local address used to negotiated the ISAKMP phase 1 SA. For implementations that do not support IPv6, this address should appear as one of the IPv4-mapped IPv6 addresses as defined in Section 2.5.4 of [IPV6AA]. Specifically, the prefix '0000:0000:0000:0000:0000:FFFF:' is used for IPv4 only nodes, while the prefix '0000:0000:0000:0000:0000:0000:' is used for bi-lingual nodes." ::= { saEntry 1 } saRemoteIpAddress OBJECT-TYPE SYNTAX IsakmpIpv6Address MAX-ACCESS read-only STATUS current DESCRIPTION "The remote address used to negotiated the ISAKMP phase 1 SA. For implementations that do not support IPv6, this address should appear as one of the IPv4-mapped IPv6 addresses as defined in Section 2.5.4 of [IPV6AA]. Specifically, the prefix '0000:0000:0000:0000:0000:FFFF:' is used for IPv4 only nodes, while the prefix '0000:0000:0000:0000:0000:0000:' is used for bi-lingual nodes." ::= { saEntry 2 } saInitiatorCookie OBJECT-TYPE SYNTAX IsakmpCookie MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the cookie used by the initiator for the ISAKMP phase 1 SA." ::= { saEntry 3 } saResponderCookie OBJECT-TYPE SYNTAX IsakmpCookie MAX-ACCESS read-only IPSec Working Group [Page 9] Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999 STATUS current DESCRIPTION "The value of the cookie used by the responder for the ISAKMP phase 1 SA. Note that this value may be 0 if the ISAKMP phase 1 SA has been initiated but not responded to by the peer entity. It must never be 0 if this entry represents an ISAKMP phase 1 SA establishment attempt that has been initiated by the peer. This rule prevents index collisions in the (unlikely) event that two peers simultaneously initiate with the same cookie at the same time." ::= { saEntry 4 } saLocalUdpPort OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The local UDP port number that this ISAKMP phase 1 SA was negotiated with." ::= { saEntry 5 } saRemoteUdpPort OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The remote UDP port number that this ISAKMP phase 1 SA was negotiated with." ::= { saEntry 6 } saPeerMajorVersion OBJECT-TYPE SYNTAX INTEGER (0..15) MAX-ACCESS read-only STATUS current DESCRIPTION "The major version number from the ISAKMP packet header used by the peer." REFERENCE "Section 3.1 of RFC2408" ::= { saEntry 7 } saPeerMinorVersion OBJECT-TYPE SYNTAX INTEGER (0..15) MAX-ACCESS read-only STATUS current IPSec Working Group [Page 10] Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999 DESCRIPTION "The minor version number from the ISAKMP packet header used by the peer." REFERENCE "Section 3.1 of RFC2408" ::= { saEntry 8 } saDoi OBJECT-TYPE SYNTAX IsakmpDOI MAX-ACCESS read-only STATUS current DESCRIPTION "The specific DOI value using ISAKMP. Note that this value MAY be 0, as allowed by Section 3.4 of RFC2408" REFERENCE "Section 3.3, RFC2408" ::= { saEntry 9 } saLocallyInitiated OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This value is 'true' if the ISAKMP phase 1 SA was initiated by the local entity, and 'false' if initiated by the remote entity." ::= { saEntry 10 } saStatus OBJECT-TYPE SYNTAX INTEGER { negotiating(1), established(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The status of the ISAKMP phase 1 SA. If the state is 'negotiating', it means that processing of the final packet of the phase 1 exchange is not yet complete. If the state is 'established', it means that processing of all packets associated with ISAKMP phase 1 SA negotation is complete, and the entities involved in the ISAKMP phase 1 SA are authenticated." ::= { saEntry 11 } saExchangeType OBJECT-TYPE SYNTAX INTEGER { base(1), IPSec Working Group [Page 11] Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999 identityProtection(2), authOnly(3), aggressive(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "The exchange type used to negotiate the ISAKMP phase 1 SA. Other values may be used by specific domains." REFERENCE "Section 3.1 RFC2408" ::= { saEntry 12 } saInPackets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets received by the ISAKMP phase 1 SA, including un-encrypted packets used to negotiate the ISAKMP phase 1 SA, and any re-transmissions." ::= { saEntry 13 } saOutPackets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets sent by the ISAKMP phase 1 SA, including un-encrypted packets used to negotiate the ISAKMP phase 1 SA, and any re-transmissions received." ::= { saEntry 14 } saInOctets OBJECT-TYPE SYNTAX Counter32 UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The amount of encrypted traffic measured in bytes received by the ISAKMP phase 1 SA. This includes encrypted traffic used to negotiate the ISAKMP phase 1 SA, and any re- transmissions received." ::= { saEntry 15 } saOutOctets OBJECT-TYPE SYNTAX Counter32 UNITS "bytes" IPSec Working Group [Page 12] Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999 MAX-ACCESS read-only STATUS current DESCRIPTION "The amount of encrypted traffic measured in bytes sent by the ISAKMP phase 1 SA. This includes encrypted traffic used to negotiate the ISAKMP phase 1 SA, and any re- transmissions." ::= { saEntry 16 } -- -- the ISAKMP Entity MIB-Group -- isakmpMajorVersion OBJECT-TYPE SYNTAX INTEGER ( 0..15 ) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum major version number value capable of being supported by the entity." ::= { isakmpGlobals 1 } isakmpMinorVersion OBJECT-TYPE SYNTAX INTEGER ( 0..15 ) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum minor version number value capable of being supported by the entity." ::= { isakmpGlobals 2 } -- -- ISAKMP phase 1 SA statistics -- isakmpCurrentSAs OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of ISAKMP SAs in the entity." ::= { isakmpNegStats 1 } isakmpCurrentInitiatedSAs OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only IPSec Working Group [Page 13] Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999 STATUS current DESCRIPTION "The current number of ISAKMP SAs successfully negotiated in the entity that were initiated by the entity." ::= { isakmpNegStats 2 } isakmpCurrentRespondedSAs OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of ISAKMP SAs successfully negotiated in the entity that were initiated by the peer entity." ::= { isakmpNegStats 3 } isakmpTotalSAs OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ISAKMP SAs successfully negotiated in the entity since boot time." ::= { isakmpNegStats 4 } isakmpTotalInitiatedSAs OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ISAKMP SAs successfully negotiated in the entity since boot time that were initiated by the entity." ::= { isakmpNegStats 5 } isakmpTotalRespondedSAs OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ISAKMP SAs successfully negotiated in the entity since boot time that were initiated by the peer entity." ::= { isakmpNegStats 6 } isakmpTotalAttempts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current IPSec Working Group [Page 14] Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999 DESCRIPTION "The total number of ISAKMP SAs negotiation attempts made since boot time. This includes successful negotiations." ::= { isakmpNegStats 7 } isakmpTotalAsInitAttempts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ISAKMP SAs negotiation attempts made where the entity was the initiator since boot time. This includes successful negotiations." ::= { isakmpNegStats 8 } isakmpTotalAsRespAttempts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ISAKMP SAs negotiation attempts made where the entity was the responder since boot time. This includes successful negotiations." ::= { isakmpNegStats 9 } -- -- traffic statistics -- isakmpTotalInPackets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ISAKMP packets received by the entity since boot time, including re-transmissions." ::= { isakmpTrafStats 1 } isakmpTotalOutPackets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ISAKMP packets sent by the entity since boot time, including re-transmissions." ::= { isakmpTrafStats 2 } IPSec Working Group [Page 15] Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999 isakmpTotalInOctets OBJECT-TYPE SYNTAX Counter32 UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The total amount of encrypted ISAKMP traffic received by the entity since boot time, measured in bytes, including any re- transmitted packets received or sent." ::= { isakmpTrafStats 3 } isakmpTotalOutOctets OBJECT-TYPE SYNTAX Counter32 UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The total amount of encrypted ISAKMP traffic sent by the entity since boot time, measured in bytes, including any re- transmissions." ::= { isakmpTrafStats 4 } -- -- global error counts -- isakmpTotalInitFailures OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of attempts to initiate an ISAKMP phase 1 SA that failed since boot time, when there was a response from the peer entity. This value may be used to detect clogging or denial-of- service attacks." ::= { isakmpErrors 1 } isakmpTotalInitNoResponses OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current IPSec Working Group [Page 16] Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999 DESCRIPTION "The total number of attempts to initiate an ISAKMP phase 1 SA that failed since boot time, when there was no response from the peer entity." ::= { isakmpErrors 2 } END 5. Security Considerations This MIB contains readable objects whose values provide information related to ISAKMP SAs. There are no objects with MAX-ACCESS clauses of read-write or read-create. While unauthorized access to the readable objects is relatively innocuous, unauthorized access to those objects through an insecure channel can provide attackers with more information about a system than an administrator may desire. A specific example of this includes, but is not limited to, the monitoring of global statistic counts by attackers that provides feedback on the progress of an attack. 6. Acknowledgments This document is based in part on an earlier proposal titled "draft- ietf-ipsec-mib-xx.txt". That series was abandoned, since it included application specific constructs in addition to the IPSec only objects. Portions of the original document's origins were based on the working paper "IP Security Management Information Base" by R. Thayer and U. Blumenthal. Contribution to the IPSec MIB series of documents comes from C. Brooks, C. Powell, M. Daniele, T. Kivinen, J. Walker, S. Kelly, J. Leonard, M. Richardson and R. Charlet, and others participating in the IPSec WG. 7. Revision History This section will be removed before publication. June 3, 1999Initial Release. 1) Group and Compliance statements? 2) Sub-identifier under the experimental tree? IPSec Working Group [Page 17] Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999 8. References [IPSECTC]Shriver, J., "IPSec DOI Textual Conventions MIB", draft- ietf-ipsec-doi-tc-mib-00.txt, March 22, 1999, work in progress [ISAKMP]Maughan, D., Schertler, M., Schneider, M., and Turner, J., "Internet Security Association and Key Management Protocol (ISAKMP)", RFC2408, November 1998 [IPV6AA]Hinden, R., Deering, S., "IP Version 6 Addressing Architecture", RFC2373, July 1998 [1902] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Structure of Management Information for version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1902, January 1996. [2271] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing SNMP Management Frameworks", RFC 2271, January 1998 [1155] Rose, M., and K. McCloghrie, "Structure and Identification of Management Information for TCP/IP-based Internets", RFC 1155, May 1990 [1212] Rose, M., and K. McCloghrie, "Concise MIB Definitions", RFC 1212, March 1991 [1215] M. Rose, "A Convention for Defining Traps for use with the SNMP", RFC 1215, March 1991 [1903] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Textual Conventions for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1903, January 1996. [1904] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Conformance Statements for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1904, January 1996. [1157] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network Management Protocol", RFC 1157, May 1990. [1901] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Introduction to Community-based SNMPv2", RFC 1901, January 1996. IPSec Working Group [Page 18] Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999 [1906] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1906, January 1996. [2272] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", RFC 2272, January 1998. [2274] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2274, January 1998. [1905] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1905, January 1996. [2273] Levi, D., Meyer, P., and B. Stewart, MPv3 Applications", RFC 2273, SNMP Research, Inc., Secure Computing Corporation, Cisco Systems, January 1998. [2275] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", RFC 2275, January 1998. Editors' Addresses Tim Jenkins tjenkins@timestep.com TimeStep Corporation 362 Terry Fox Drive Kanata, ON Canada K2K 2P5 +1 (613) 599-3610 John Shriver John.Shriver@intel.com Intel Corporation 28 Crosby Drive Bedford, MA 01730 +1 (781) 687-1329 IPSec Working Group [Page 19] Internet Draft ISAKMP DOI-Independent Monitoring MIB June 1999 The IPSec working group can be contacted via the IPSec working group's mailing list (ipsec@tislabs.com) or through its chairs: Robert Moskowitz rgm@icsa.net International Computer Security Association Theodore Y. Ts'o tytso@MIT.EDU Massachusetts Institute of Technology Expiration This document expires December 3, 1999 IPSec Working Group [Page 20]