1 marek 1.1 // Copyright (c) 2005 DMTF. All rights reserved.
2 [Abstract, Version ( "2.8.0" ),
3 UMLPackagePath ( "CIM::IPsecPolicy" ),
4 Description (
5 "SANegotiationAction is the base class for negotiated SAs. It "
6 "is abstract, specifying the common parameters that control the "
7 "IPsec phase 1 and phase 2 negotiations." ),
8 MappingStrings { "IPSP Policy Model.IETF|SANegotiationAction",
9 "IPSP Policy Model.IETF|IKENegotiationAction" }]
10 class CIM_SANegotiationAction : CIM_SAAction {
11
12 [Description (
13 "MinLifetimeSeconds prevents certain denial of service "
14 "attacks where the peer requests an arbitrarily low "
15 "lifetime value, causing renegotiations with expensive "
16 "Diffie-Hellman operations. The property specifies the "
17 "minimum lifetime, in seconds, that will be accepted from "
18 "the peer. A value of zero (the default) indicates that "
19 "there is no minimum value. A non-zero value specifies "
20 "the minimum seconds lifetime." ),
21 Units ( "Seconds" ),
22 marek 1.1 MappingStrings {
23 "IPSP Policy Model.IETF|IKENegotiationAction.MinLifetimeSeconds" },
24 ModelCorrespondence {
25 "CIM_SecurityAssociationEndpoint.LifetimeSeconds" },
26 PUnit ( "second" )]
27 uint64 MinLifetimeSeconds = 0;
28
29 [Description (
30 "IdleDurationSeconds is the time an SA can remain idle "
31 "(i.e., no traffic protected using the security "
32 "association) before it is automatically deleted. The "
33 "default (zero) value indicates that there is no idle "
34 "duration timer and that the SA is deleted based upon the "
35 "SA seconds and kilobyte lifetimes. Any non-zero value "
36 "indicates the number of seconds that the SA may remain "
37 "unused." ),
38 Units ( "Seconds" ),
39 MappingStrings {
40 "IPSP Policy Model.IETF|IKENegotiationAction.IdleDurationSeconds" },
41 ModelCorrespondence {
42 "CIM_SecurityAssociationEndpoint.IdleDurationSeconds" },
43 marek 1.1 PUnit ( "second" )]
44 uint64 IdleDurationSeconds = 0;
45
46 [Description (
47 "MinLifetimeKilobytes prevents certain denial of service "
48 "attacks where the peer requests an arbitrarily low "
49 "lifetime value, causing renegotiations with expensive "
50 "Diffie-Hellman operations. The property specifies the "
51 "minimum lifetime, in kilobytes, that will be accepted "
52 "from the peer. A value of zero (the default) indicates "
53 "that there is no minimum value. A non-zero value "
54 "specifies the minimum kilobytes lifetime. Note that "
55 "there has been considerable debate regarding the "
56 "usefulness of applying kilobyte lifetimes to phase 1 "
57 "security associations, so it is likely that this "
58 "property will only apply to the subclass, IPsecAction." ),
59 Units ( "KiloBytes" ),
60 MappingStrings {
61 "IPSP Policy Model.IETF|IKENegotiationAction.MinLifetimeKilobytes" },
62 ModelCorrespondence {
63 "CIM_SecurityAssociationEndpoint.LifetimeKilobytes" },
64 marek 1.1 PUnit ( "byte * 10^3" )]
65 uint64 MinLifetimeKilobytes = 0;
66
67
68 };
|