1 marek 1.1 // Copyright (c) 2005 DMTF. All rights reserved.
2 [Version ( "2.8.0" ),
3 UMLPackagePath ( "CIM::IPsecPolicy" ),
4 Description (
5 "IKEProposal contains the parameters necessary to drive the "
6 "phase 1 IKE negotiation." ),
7 MappingStrings { "IPSP Policy Model.IETF|IKEProposal" }]
8 class CIM_IKEProposal : CIM_SAProposal {
9
10 [Description (
11 "MaxLifetimeSeconds specifies the maximum time the IKE "
12 "message sender proposes for an SA to be considered valid "
13 "after it has been created. A value of zero indicates "
14 "that the default of 8 hours be used. A non-zero value "
15 "indicates the maximum seconds lifetime." ),
16 Units ( "Seconds" ),
17 MappingStrings {
18 "IPSP Policy Model.IETF|IKEProposal.MaxLifetimeSeconds" },
19 ModelCorrespondence {
20 "CIM_SecurityAssociationEndpoint.LifetimeSeconds" },
21 PUnit ( "second" )]
22 marek 1.1 uint64 MaxLifetimeSeconds;
23
24 [Description (
25 "MaxLifetimeKilobytes specifies the maximum kilobyte "
26 "lifetime the IKE message sender proposes for an SA to be "
27 "considered valid after it has been created. A value of "
28 "zero (the default) indicates that there should be no "
29 "maximum kilobyte lifetime. A non-zero value specifies "
30 "the desired kilobyte lifetime." ),
31 Units ( "KiloBytes" ),
32 MappingStrings {
33 "IPSP Policy Model.IETF|IKEProposal.MaxLifetimeKilobytes" },
34 ModelCorrespondence {
35 "CIM_SecurityAssociationEndpoint.LifetimeKilobytes" },
36 PUnit ( "byte * 10^3" )]
37 uint64 MaxLifetimeKilobytes;
38
39 [Description (
40 "CipherAlgorithm is an enumeration that specifies the "
41 "proposed encryption algorithm. The list of algorithms "
42 "was generated from Appendix A of RFC2409. Note that the "
43 marek 1.1 "enumeration is different than the RFC list and aligns "
44 "with the values in IKESAEndpoint.CipherAlgorithm." ),
45 ValueMap { "1", "2", "3", "4", "5", "6", "7", "8..65000",
46 "65001..65535" },
47 Values { "Other", "DES", "IDEA", "Blowfish", "RC5", "3DES",
48 "CAST", "DMTF/IANA Reserved", "Vendor Reserved" },
49 MappingStrings {
50 "IPSP Policy Model.IETF|IKEProposal.CipherAlgorithm",
51 "RFC2409.IETF|Appendix A" },
52 ModelCorrespondence { "CIM_IKESAEndpoint.CipherAlgorithm",
53 "CIM_IKEProposal.OtherCipherAlgorithm" }]
54 uint16 CipherAlgorithm;
55
56 [Description (
57 "Description of the encryption algorithm when the value 1 "
58 "(\"Other\") is specified for the property, "
59 "CipherAlgorithm." ),
60 ModelCorrespondence {
61 "CIM_IKESAEndpoint.OtherCipherAlgorithm",
62 "CIM_IKEProposal.CipherAlgorithm" }]
63 string OtherCipherAlgorithm;
64 marek 1.1
65 [Description (
66 "HashAlgorithm is an enumeration that specifies the "
67 "proposed hash function. The list of algorithms was "
68 "generated from Appendix A of RFC2409. Note that the "
69 "enumeration is different than the RFC list and aligns "
70 "with the values in IKESAEndpoint.HashAlgorithm." ),
71 ValueMap { "1", "2", "3", "4", "5..65000", "65001..65535" },
72 Values { "Other", "MD5", "SHA-1", "Tiger",
73 "DMTF/IANA Reserved", "Vendor Reserved" },
74 MappingStrings {
75 "IPSP Policy Model.IETF|IKEProposal.HashAlgorithm",
76 "RFC2409.IETF|Appendix A" },
77 ModelCorrespondence { "CIM_IKESAEndpoint.HashAlgorithm",
78 "CIM_IKEProposal.OtherHashAlgorithm" }]
79 uint16 HashAlgorithm;
80
81 [Description (
82 "Description of the hash function when the value 1 "
83 "(\"Other\") is specified for the property, "
84 "HashAlgorithm." ),
85 marek 1.1 ModelCorrespondence { "CIM_IKESAEndpoint.OtherHashAlgorithm",
86 "CIM_IKEProposal.HashAlgorithm" }]
87 string OtherHashAlgorithm;
88
89 [Description (
90 "AuthenticationMethod is an enumeration that specifies "
91 "the proposed authentication. The list of methods was "
92 "generated from Appendix A of RFC2409. Note that the "
93 "enumeration is different than the RFC list and aligns "
94 "with the values in IKESAEndpoint.AuthenticationMethod. "
95 "There is one change to the list - the value 65000 has "
96 "special meaning. It is a special value that indicates "
97 "that this particular proposal should be repeated once "
98 "for each authentication method corresponding to "
99 "credentials installed on the machine. For example, if "
100 "the system has a pre-shared key and an public-key "
101 "certificate, a proposal list would be constructed which "
102 "includes a proposal that specifies a pre-shared key and "
103 "a proposal for any of the public-key certificates." ),
104 ValueMap { "1", "2", "3", "4", "5", "6", "7..64999", "65000",
105 "65001..65535" },
106 marek 1.1 Values { "Other", "Pre-shared Key", "DSS Signatures",
107 "RSA Signatures", "Encryption with RSA",
108 "Revised Encryption with RSA", "DMTF/IANA Reserved",
109 "Any", "Vendor Reserved" },
110 MappingStrings {
111 "IPSP Policy Model.IETF|IKEProposal.AuthenticationMethod",
112 "RFC2409.IETF|Appendix A" },
113 ModelCorrespondence {
114 "CIM_IKESAEndpoint.AuthenticationMethod",
115 "CIM_IKEProposal.OtherAuthenticationMethod" }]
116 uint16 AuthenticationMethod;
117
118 [Description (
119 "Description of the method when the value 1 (\"Other\") "
120 "is specified for the property, AuthenticationMethod." ),
121 ModelCorrespondence {
122 "CIM_IKESAEndpoint.OtherAuthenticationMethod",
123 "CIM_IKEProposal.AuthenticationMethod" }]
124 string OtherAuthenticationMethod;
125
126 [Description (
127 marek 1.1 "The property GroupId specifies the proposed phase 1 "
128 "security association key exchange group. This property "
129 "is ignored for all aggressive mode exchanges "
130 "(IKEAction.ExchangeMode = 4). If the GroupID number is "
131 "from the vendor-specific range (32768-65535), the "
132 "property VendorID qualifies the group number. Well-known "
133 "group identifiers from RFC2412, Appendix E, are: Group "
134 "1=\'768 bit prime\', Group 2=\'1024 bit prime\', Group 3 "
135 "=\'Elliptic Curve Group with 155 bit field element\', "
136 "Group 4= \'Large Elliptic Curve Group with 185 bit field "
137 "element\', and Group 5=\'1536 bit prime\'." ),
138 ValueMap { "0", "1", "2", "3", "4", "5", "..", "0x8000.." },
139 Values { "No Group/Non-Diffie-Hellman Exchange",
140 "DH-768 bit prime", "DH-1024 bit prime",
141 "EC2N-155 bit field element",
142 "EC2N-185 bit field element", "DH-1536 bit prime",
143 "Standard Group - Reserved", "Vendor Reserved" },
144 MappingStrings {
145 "IPSP Policy Model.IETF|IKEProposal.GroupID",
146 "RFC2412.IETF|Appendix E" },
147 ModelCorrespondence { "CIM_IKESAEndpoint.GroupID",
148 marek 1.1 "CIM_IKEProposal.VendorID" }]
149 uint16 GroupId;
150
151 [Description (
152 "VendorID identifies the vendor when the value of GroupID "
153 "is in the vendor-specific range, 32768 to 65535." ),
154 ModelCorrespondence { "CIM_IKESAEndpoint.VendorID",
155 "CIM_IKEProposal.GroupId" }]
156 string VendorID;
157
158
159 };
|
Return to
CIM_IKEProposal.mof
CVS log
Up to [Pegasus] / pegasus / Schemas / CIM231 / DMTF / IPsecPolicy