DOCS-BPI2EXT-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE FROM SNMPv2-SMI -- RFC 2578 TEXTUAL-CONVENTION, DateAndTime FROM SNMPv2-TC -- RFC 2579 OBJECT-GROUP, MODULE-COMPLIANCE FROM SNMPv2-CONF -- RFC 2580 SnmpAdminString FROM SNMP-FRAMEWORK-MIB -- RFC 3411 ifIndex FROM IF-MIB -- RFC 2863 clabProjDocsis FROM CLAB-DEF-MIB DocsX509ASN1DEREncodedCertificate FROM DOCS-IETF-BPI2-MIB; docsBpi2Ext31Mib MODULE-IDENTITY LAST-UPDATED "202407050000Z" -- July 5, 2024 ORGANIZATION "Cable Television Laboratories, Inc." CONTACT-INFO " Postal: Cable Television Laboratories, Inc. 858 Coal Creek Circle Louisville, Colorado 80027-9750 U.S.A. Phone: +1 303-661-9100 Fax: +1 303-661-9199 E-mail:" DESCRIPTION "This MIB module adds to the BPI management objects that are defined in the DOCS-IETF-BPI2-MIB (RFC 4131). These objects are in addition to and the DOCS-IETF-BPI2-MIB (RFC 4131). These objects are in addition to and separate from RFC 4131 and provide management support for new DOCSIS 3.1 features. The following MIBs from RFC 4131 are used to support legacy PKI CM certificate functions defined in the DOCSIS 3.0 security specification: docsBpi2CmDeviceCertTable, docsBpi2CodeMfgOrgName, docsBpi2CodeMfgCodeAccessStart, docsBpi2CodeMfgCvcAccessStart, docsBpi2CodeCoSignerOrgName, docsBpi2CodeCoSignerCodeAccessStart, docsBpi2CodeCoSignerCvcAccessStart, docsBpi2CodeCvcUpdate. The following MIBs defined in this MIB module are used to support new PKI CM certificate functions defined in the DOCSIS 3.1 security specification: docsBpi2Ext31CmDeviceCmCert, docsBpi2Ext31CodeUpdateCvcChain, docsBpi2Ext31CodeMfgOrgName, docsBpi2Ext31CodeMfgCodeAccessStart, docsBpi2Ext31CodeMfgCvcAccessStart, docsBpi2Ext31CodeCoSignerOrgName, docsBpi2Ext31CodeCoSignerCodeAccessStart, docsBpi2Ext31CodeCoSignerCvcAccessStart. Copyright 2015-2024 Cable Television Laboratories, Inc. All rights reserved." REVISION "202407050000Z" -- July 5, 2024 DESCRIPTION "Revised Version includes ECN DOCS-BPI2EXT-MIB-N-24.2372-1." REVISION "201704130000Z" -- April 13, 2017 DESCRIPTION "Revised Version includes ECN DOCS-BPI2EXT-MIB-N-17.1710-1." REVISION "201610200000Z" -- October 20, 2016 DESCRIPTION "Revised Version includes ECN DOCS-BPI2EXT-MIB-N-16.1611-2." REVISION "201605050000Z" -- May 5, 2016 DESCRIPTION "Revised Version includes ECN CCAP-OSSIv3.1-N-16.1505-2." REVISION "201601130000Z" -- January 13, 2016 DESCRIPTION "Initial version, per ECN CM-OSSIv3.1-N-15.1393-6." ::= {clabProjDocsis 29} -- --------------------------------------------------------------------- -- Textual Conventions -- --------------------------------------------------------------------- DocsCvcCaCertificateChain ::= TEXTUAL-CONVENTION DISPLAY-HINT "50x" STATUS current DESCRIPTION "A degenerate PKCS7 signedData structure that contains the CVC and the CVC CA certificate chain in the certificates field." SYNTAX OCTET STRING (SIZE (0..8192)) -- Administrative assignments docsBpi2Ext31Notifications OBJECT IDENTIFIER ::= { docsBpi2Ext31Mib 0 } docsBpi2Ext31MibObjects OBJECT IDENTIFIER ::= { docsBpi2Ext31Mib 1 } docsBpi2Ext31Conformance OBJECT IDENTIFIER ::= { docsBpi2Ext31Mib 2 } docsBpi2Ext31Compliances OBJECT IDENTIFIER ::= { docsBpi2Ext31Conformance 1 } docsBpi2Ext31Groups OBJECT IDENTIFIER ::= { docsBpi2Ext31Conformance 2 } -- No Notifications are defined for this MIB docsBpi2Ext31CmObjects OBJECT IDENTIFIER ::= { docsBpi2Ext31MibObjects 1 } docsBpi2Ext31CmCertObjects OBJECT IDENTIFIER ::= { docsBpi2Ext31CmObjects 1 } docsBpi2Ext31CodeDownloadControl OBJECT IDENTIFIER ::= { docsBpi2Ext31MibObjects 2 } -- --------------------------------------------------------------------- -- The CM Device Cert Table -- --------------------------------------------------------------------- docsBpi2Ext31CmDeviceCertTable OBJECT-TYPE SYNTAX SEQUENCE OF DocsBpi2Ext31CmDeviceCertEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table describes the Baseline Privacy Plus device certificates issued from the new PKI defined in DOCSIS 3.1 for each CM MAC interface." ::= { docsBpi2Ext31CmCertObjects 1 } docsBpi2Ext31CmDeviceCertEntry OBJECT-TYPE SYNTAX DocsBpi2Ext31CmDeviceCertEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry contains the device certificates of one CM MAC interface. An entry in this table exists for each ifEntry with an ifType of docsCableMaclayer(127)." INDEX { ifIndex } ::= { docsBpi2Ext31CmDeviceCertTable 1 } DocsBpi2Ext31CmDeviceCertEntry ::= SEQUENCE { docsBpi2Ext31CmDeviceCmCert DocsX509ASN1DEREncodedCertificate, docsBpi2Ext31CmDeviceManufCert DocsX509ASN1DEREncodedCertificate } docsBpi2Ext31CmDeviceCmCert OBJECT-TYPE SYNTAX DocsX509ASN1DEREncodedCertificate MAX-ACCESS read-write STATUS current DESCRIPTION "The X509 DER-encoded cable modem certificate. Note: This object can be set only when the value is the zero-length OCTET STRING; otherwise, an error of 'inconsistentValue' is returned. Once the object contains the certificate, its access MUST be read-only and persists after re-initialization of the managed system." REFERENCE "Information Model Mapping: CM-SP-CM-OSSIv4.0 CmCert::DeviceCert DOCSIS 3.1 Security Specification, CM-SP-SECv3.1-I02-150326, Cable Modem Certificate Storage and Management in the CM" ::= { docsBpi2Ext31CmDeviceCertEntry 1 } docsBpi2Ext31CmDeviceManufCert OBJECT-TYPE SYNTAX DocsX509ASN1DEREncodedCertificate MAX-ACCESS read-only STATUS current DESCRIPTION "This attribute represents the X509 DER-encoded CA certificate that signed the DOCSIS 3.1/4.0 CM device certificate" REFERENCE "Information Model Mapping: CM-SP-CM-OSSIv4.0 CmTrustAnchorCert::CaCert DOCSIS 3.1 Security Specification, CM-SP-SECv3.1-I02-150326, Cable Modem Certificate Storage and Management in the CM" ::= { docsBpi2Ext31CmDeviceCertEntry 2 } -- --------------------------------------------------------------------- -- The Download Control Objects -- --------------------------------------------------------------------- docsBpi2Ext31CodeUpdateCvcChain OBJECT-TYPE SYNTAX DocsCvcCaCertificateChain MAX-ACCESS read-write STATUS current DESCRIPTION "The value of this object is a degenerate PKCS7 signedData structure that contains the CVC and the CVC CA certificate chain in the certificates field. Setting this object triggers the device to verify the CVC and update the cvcAccessStart values associated with the new PKI defined by DOCSIS 3.1. The content of this object is then discarded. If the device is not enabled to upgrade codefiles, or if the CVC verification fails, the CVC will be rejected. Reading this object always returns the zero-length OCTET STRING." REFERENCE "DOCSIS 3.1 Security Specification, CM-SP-SECv3.1-I02-150326, Secure Software Download Section" ::= { docsBpi2Ext31CodeDownloadControl 1 } docsBpi2Ext31CodeMfgOrgName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The value of this object is the device manufacturer's organizationName used to validate the code verification certificate issued from the new PKI defined in DOCSIS 3.1." REFERENCE "DOCSIS 3.1 Security Specification, CM-SP-SECv3.1-I02-150326, Secure Software Download Section" ::= { docsBpi2Ext31CodeDownloadControl 2 } docsBpi2Ext31CodeMfgCodeAccessStart OBJECT-TYPE SYNTAX DateAndTime (SIZE(11)) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of this object is the device manufacturer's current codeAccessStart value used with the new PKI defined in DOCSIS 3.1. This value will always refer to Greenwich Mean Time (GMT), and the value format must contain TimeZone information (fields 8-10)." REFERENCE "DOCSIS 3.1 Security Specification, CM-SP-SECv3.1-I02-150326, Secure Software Download Section " ::= { docsBpi2Ext31CodeDownloadControl 3 } docsBpi2Ext31CodeMfgCvcAccessStart OBJECT-TYPE SYNTAX DateAndTime (SIZE(11)) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of this object is the device manufacturer's current cvcAccessStart value used with the new PKI defined in DOCSIS 3.1. This value will always refer to Greenwich Mean Time (GMT), and the value format must contain TimeZone information (fields 8-10)." REFERENCE "DOCSIS 3.1 Security Specification, CM-SP-SECv3.1-I02-150326, Secure Software Download Section " ::= { docsBpi2Ext31CodeDownloadControl 4 } docsBpi2Ext31CodeCoSignerOrgName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The value of this object is the co-signer's organizationName used to validate the code verification certificate issued from the new PKI defined in DOCSIS 3.1. The value is a zero length string if the co-signer is not specified." REFERENCE "DOCSIS 3.1 Security Specification, CM-SP-SECv3.1-I02-150326, Secure Software Download Section " ::= { docsBpi2Ext31CodeDownloadControl 5 } docsBpi2Ext31CodeCoSignerCodeAccessStart OBJECT-TYPE SYNTAX DateAndTime (SIZE(11)) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of this object is the co-signer's current codeAccessStart value used with the new PKI defined in DOCSIS 3.1. This value will always refer to Greenwich Mean Time (GMT), and the value format must contain TimeZone information (fields 8-10). If docsBpi2CodeCoSignerOrgName is a zero length string, the value of this object is meaningless." REFERENCE "DOCSIS 3.1 Security Specification, CM-SP-SECv3.1-I02-150326, Secure Software Download Section " ::= { docsBpi2Ext31CodeDownloadControl 6 } docsBpi2Ext31CodeCoSignerCvcAccessStart OBJECT-TYPE SYNTAX DateAndTime (SIZE(11)) MAX-ACCESS read-only STATUS current DESCRIPTION "The value of this object is the co-signer's current cvcAccessStart value used with the new PKI defined in DOCSIS 3.1. This value will always refer to Greenwich Mean Time (GMT), and the value format must contain TimeZone information (fields 8-10). If docsBpi2CodeCoSignerOrgName is a zero-length string, the value of this object is meaningless." REFERENCE "DOCSIS 3.1 Security Specification, CM-SP-SECv3.1-I02-150326, Secure Software Download Section " ::= { docsBpi2Ext31CodeDownloadControl 7 } docsBpi2Ext31CodeDownloadControlOcspCvcResponse OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "This optional attribute is the Revocation Information for the CVC chains." REFERENCE "Information Model Mapping: CM-SP-CM-OSSIv4.0 CodeDownloadControl::OcspCvcResponse DOCSIS Security Specification, CM-SP-SECv4.0-I06-230503, August 15, 2019, Cable Television Laboratories, Inc. Network Initialization" ::= { docsBpi2Ext31CodeDownloadControl 8 } -- --------------------------------------------------------------------- -- Compliance Statements -- --------------------------------------------------------------------- docsBpi2Ext31MIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for implementations of the DOC-BPI2EXT-MIB." MODULE -- this MODULE MANDATORY-GROUPS { docsBpi2Ext31CmGroup, docsBpi2Ext31BaseGroup } ::= { docsBpi2Ext31Compliances 1 } -- -- Compliance Groups -- docsBpi2Ext31CmGroup OBJECT-GROUP OBJECTS { docsBpi2Ext31CmDeviceCmCert, docsBpi2Ext31CmDeviceManufCert } STATUS current DESCRIPTION "The group of objects implemented by the CM." ::= { docsBpi2Ext31Groups 1 } docsBpi2Ext31BaseGroup OBJECT-GROUP OBJECTS { docsBpi2Ext31CodeUpdateCvcChain, docsBpi2Ext31CodeMfgOrgName, docsBpi2Ext31CodeMfgCodeAccessStart, docsBpi2Ext31CodeMfgCvcAccessStart, docsBpi2Ext31CodeCoSignerOrgName, docsBpi2Ext31CodeCoSignerCodeAccessStart, docsBpi2Ext31CodeCoSignerCvcAccessStart, docsBpi2Ext31CodeDownloadControlOcspCvcResponse } STATUS current DESCRIPTION "The group of objects implemented by the CM and open to implementation by other devices." ::= { docsBpi2Ext31Groups 2 } END