logstash-input-snmp 0.1.0.beta4 → 0.1.0.beta5

data/lib/mibs/ietf/SNMP-TLS-TM-MIB.dic

@@ -0,0 +1,1449 @@
+# python version 1.0						DO NOT EDIT
+#
+# This python file has been generated by smidump version 0.5.0:
+#
+#   smidump -f python SNMP-TLS-TM-MIB
+
+FILENAME = "./libsmi-0.5.0/mibs/ietf/SNMP-TLS-TM-MIB"
+
+MIB = {
+    "moduleName" : "SNMP-TLS-TM-MIB",
+
+    "SNMP-TLS-TM-MIB" : {
+        "nodetype" : "module",
+        "language" : "SMIv2",
+        "organization" :    
+            """ISMS Working Group""",
+        "contact" : 
+            """WG-EMail:   isms@lists.ietf.org
+Subscribe:  isms-request@lists.ietf.org
+
+Chairs:
+   Juergen Schoenwaelder
+   Jacobs University Bremen
+   Campus Ring 1
+   28725 Bremen
+   Germany
+   +49 421 200-3587
+   j.schoenwaelder@jacobs-university.de
+
+   Russ Mundy
+   SPARTA, Inc.
+   7110 Samuel Morse Drive
+   Columbia, MD  21046
+   USA
+
+Editor:
+   Wes Hardaker
+   SPARTA, Inc.
+   P.O. Box 382
+   Davis, CA  95617
+   USA
+   ietf@hardakers.net""",
+        "description" :
+            """
+The TLS Transport Model MIB
+
+Copyright (c) 2010 IETF Trust and the persons identified as
+the document authors.  All rights reserved.
+
+Redistribution and use in source and binary forms, with or
+without modification, is permitted pursuant to, and subject
+to the license terms contained in, the Simplified BSD License
+set forth in Section 4.c of the IETF Trust's Legal Provisions
+Relating to IETF Documents
+(http://trustee.ietf.org/license-info).""",
+        "revisions" : (
+            {
+                "date" : "2010-05-07 00:00",
+                "description" :
+                    """This version of this MIB module is part of
+RFC 5953; see the RFC itself for full legal
+notices.""",
+            },
+        ),
+        "identity node" : "snmpTlstmMIB",
+    },
+
+    "imports" : (
+        {"module" : "SNMPv2-SMI", "name" : "MODULE-IDENTITY"},
+        {"module" : "SNMPv2-SMI", "name" : "OBJECT-TYPE"},
+        {"module" : "SNMPv2-SMI", "name" : "OBJECT-IDENTITY"},
+        {"module" : "SNMPv2-SMI", "name" : "mib-2"},
+        {"module" : "SNMPv2-SMI", "name" : "snmpDomains"},
+        {"module" : "SNMPv2-SMI", "name" : "Counter32"},
+        {"module" : "SNMPv2-SMI", "name" : "Unsigned32"},
+        {"module" : "SNMPv2-SMI", "name" : "Gauge32"},
+        {"module" : "SNMPv2-SMI", "name" : "NOTIFICATION-TYPE"},
+        {"module" : "SNMPv2-TC", "name" : "TEXTUAL-CONVENTION"},
+        {"module" : "SNMPv2-TC", "name" : "TimeStamp"},
+        {"module" : "SNMPv2-TC", "name" : "RowStatus"},
+        {"module" : "SNMPv2-TC", "name" : "StorageType"},
+        {"module" : "SNMPv2-TC", "name" : "AutonomousType"},
+        {"module" : "SNMPv2-CONF", "name" : "MODULE-COMPLIANCE"},
+        {"module" : "SNMPv2-CONF", "name" : "OBJECT-GROUP"},
+        {"module" : "SNMPv2-CONF", "name" : "NOTIFICATION-GROUP"},
+        {"module" : "SNMP-FRAMEWORK-MIB", "name" : "SnmpAdminString"},
+        {"module" : "SNMP-TARGET-MIB", "name" : "snmpTargetParamsName"},
+        {"module" : "SNMP-TARGET-MIB", "name" : "snmpTargetAddrName"},
+    ),
+
+    "typedefs" : {
+        "SnmpTLSAddress" : {
+            "basetype" : "OctetString",
+            "status" : "current",
+            "ranges" : [
+            {
+                "min" : "1",
+                "max" : "255"
+            },
+            ],
+            "range" : {
+                "min" : "1",
+                "max" : "255"
+            },
+            "format" : "1a",
+            "description" :
+                """Represents an IPv4 address, an IPv6 address, or a
+US-ASCII-encoded hostname and port number.
+
+An IPv4 address must be in dotted decimal format followed by a
+colon ':' (US-ASCII character 0x3A) and a decimal port number
+in US-ASCII.
+
+An IPv6 address must be a colon-separated format (as described
+in RFC 5952), surrounded by square brackets ('[', US-ASCII
+character 0x5B, and ']', US-ASCII character 0x5D), followed by
+a colon ':' (US-ASCII character 0x3A) and a decimal port number
+in US-ASCII.
+
+A hostname is always in US-ASCII (as per [RFC1033]);
+internationalized hostnames are encoded in US-ASCII as domain
+names after transformation via the ToASCII operation specified
+in [RFC3490].  The ToASCII operation MUST be performed with the
+UseSTD3ASCIIRules flag set.  The hostname is followed by a
+colon ':' (US-ASCII character 0x3A) and a decimal port number
+in US-ASCII.  The name SHOULD be fully qualified whenever
+possible.
+
+Values of this textual convention may not be directly usable
+as transport-layer addressing information, and may require
+run-time resolution.  As such, applications that write them
+must be prepared for handling errors if such values are not
+supported, or cannot be resolved (if resolution occurs at the
+time of the management operation).
+
+The DESCRIPTION clause of TransportAddress objects that may
+have SnmpTLSAddress values must fully describe how (and
+when) such names are to be resolved to IP addresses and vice
+versa.
+
+This textual convention SHOULD NOT be used directly in object
+definitions since it restricts addresses to a specific
+format.  However, if it is used, it MAY be used either on its
+own or in conjunction with TransportAddressType or
+TransportDomain as a pair.
+
+When this textual convention is used as a syntax of an index
+object, there may be issues with the limit of 128
+sub-identifiers specified in SMIv2 (STD 58).  It is RECOMMENDED
+that all MIB documents using this textual convention make
+
+
+
+explicit any limitations on index component lengths that
+management software must observe.  This may be done either by
+including SIZE constraints on the index components or by
+specifying applicable constraints in the conceptual row
+DESCRIPTION clause or in the surrounding documentation.""",
+            "reference" :
+                """RFC 1033: DOMAIN ADMINISTRATORS OPERATIONS GUIDE
+RFC 3490: Internationalizing Domain Names in Applications
+RFC 5952: A Recommendation for IPv6 Address Text Representation""",
+        },
+        "SnmpTLSFingerprint" : {
+            "basetype" : "OctetString",
+            "status" : "current",
+            "ranges" : [
+            {
+                "min" : "0",
+                "max" : "255"
+            },
+            ],
+            "range" : {
+                "min" : "0",
+                "max" : "255"
+            },
+            "format" : "1x:1x",
+            "description" :
+                """A fingerprint value that can be used to uniquely reference
+other data of potentially arbitrary length.
+
+An SnmpTLSFingerprint value is composed of a 1-octet hashing
+algorithm identifier followed by the fingerprint value.  The
+octet value encoded is taken from the IANA TLS HashAlgorithm
+Registry (RFC 5246).  The remaining octets are filled using the
+results of the hashing algorithm.
+
+This TEXTUAL-CONVENTION allows for a zero-length (blank)
+SnmpTLSFingerprint value for use in tables where the
+fingerprint value may be optional.  MIB definitions or
+implementations may refuse to accept a zero-length value as
+appropriate.""",
+            "reference" :
+                """RFC 5246: The Transport Layer
+Security (TLS) Protocol Version 1.2
+http://www.iana.org/assignments/tls-parameters/""",
+        },
+    }, # typedefs
+
+    "nodes" : {
+        "snmpTlstmMIB" : {
+            "nodetype" : "node",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198",
+            "status" : "current",
+        }, # node
+        "snmpTlstmNotifications" : {
+            "nodetype" : "node",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.0",
+        }, # node
+        "snmpTlstmIdentities" : {
+            "nodetype" : "node",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.1",
+        }, # node
+        "snmpTlstmCertToTSNMIdentities" : {
+            "nodetype" : "node",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.1.1",
+        }, # node
+        "snmpTlstmCertSpecified" : {
+            "nodetype" : "node",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.1.1.1",
+            "status" : "current",
+            "description" :
+                """Directly specifies the tmSecurityName to be used for
+this certificate.  The value of the tmSecurityName
+to use is specified in the snmpTlstmCertToTSNData
+column.  The snmpTlstmCertToTSNData column must
+
+
+
+contain a non-zero length SnmpAdminString compliant
+value or the mapping described in this row must be
+considered a failure.""",
+        }, # node
+        "snmpTlstmCertSANRFC822Name" : {
+            "nodetype" : "node",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.1.1.2",
+            "status" : "current",
+            "description" :
+                """Maps a subjectAltName's rfc822Name to a
+tmSecurityName.  The local part of the rfc822Name is
+passed unaltered but the host-part of the name must
+be passed in lowercase.  This mapping results in a
+1:1 correspondence between equivalent subjectAltName
+rfc822Name values and tmSecurityName values except
+that the host-part of the name MUST be passed in
+lowercase.
+
+Example rfc822Name Field:  FooBar@Example.COM
+is mapped to tmSecurityName: FooBar@example.com.""",
+        }, # node
+        "snmpTlstmCertSANDNSName" : {
+            "nodetype" : "node",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.1.1.3",
+            "status" : "current",
+            "description" :
+                """Maps a subjectAltName's dNSName to a
+tmSecurityName after first converting it to all
+lowercase (RFC 5280 does not specify converting to
+lowercase so this involves an extra step).  This
+mapping results in a 1:1 correspondence between
+subjectAltName dNSName values and the tmSecurityName
+values.""",
+            "reference" :
+                """RFC 5280 - Internet X.509 Public Key Infrastructure
+Certificate and Certificate Revocation
+List (CRL) Profile.""",
+        }, # node
+        "snmpTlstmCertSANIpAddress" : {
+            "nodetype" : "node",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.1.1.4",
+            "status" : "current",
+            "description" :
+                """Maps a subjectAltName's iPAddress to a
+tmSecurityName by transforming the binary encoded
+address as follows:
+
+
+1) for IPv4, the value is converted into a
+   decimal-dotted quad address (e.g., '192.0.2.1').
+
+2) for IPv6 addresses, the value is converted into a
+   32-character all lowercase hexadecimal string
+   without any colon separators.
+
+
+
+
+This mapping results in a 1:1 correspondence between
+subjectAltName iPAddress values and the
+tmSecurityName values.
+
+The resulting length of an encoded IPv6 address is
+the maximum length supported by the View-Based
+Access Control Model (VACM).  Using both the
+Transport Security Model's support for transport
+prefixes (see the SNMP-TSM-MIB's
+snmpTsmConfigurationUsePrefix object for details)
+will result in securityName lengths that exceed what
+VACM can handle.""",
+        }, # node
+        "snmpTlstmCertSANAny" : {
+            "nodetype" : "node",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.1.1.5",
+            "status" : "current",
+            "description" :
+                """Maps any of the following fields using the
+corresponding mapping algorithms:
+
+|------------+----------------------------|
+| Type       | Algorithm                  |
+|------------+----------------------------|
+| rfc822Name | snmpTlstmCertSANRFC822Name |
+| dNSName    | snmpTlstmCertSANDNSName    |
+| iPAddress  | snmpTlstmCertSANIpAddress  |
+|------------+----------------------------|
+
+The first matching subjectAltName value found in the
+certificate of the above types MUST be used when
+deriving the tmSecurityName.  The mapping algorithm
+specified in the 'Algorithm' column MUST be used to
+derive the tmSecurityName.
+
+This mapping results in a 1:1 correspondence between
+subjectAltName values and tmSecurityName values.  The
+three sub-mapping algorithms produced by this
+combined algorithm cannot produce conflicting
+results between themselves.""",
+        }, # node
+        "snmpTlstmCertCommonName" : {
+            "nodetype" : "node",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.1.1.6",
+            "status" : "current",
+            "description" :
+                """Maps a certificate's CommonName to a tmSecurityName
+after converting it to a UTF-8 encoding.  The usage
+of CommonNames is deprecated and users are
+encouraged to use subjectAltName mapping methods
+
+
+
+
+instead.  This mapping results in a 1:1
+correspondence between certificate CommonName values
+and tmSecurityName values.""",
+        }, # node
+        "snmpTlstmObjects" : {
+            "nodetype" : "node",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2",
+        }, # node
+        "snmpTlstmSession" : {
+            "nodetype" : "node",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.1",
+        }, # node
+        "snmpTlstmSessionOpens" : {
+            "nodetype" : "scalar",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.1.1",
+            "status" : "current",
+            "syntax" : {
+                "type" : { "module" :"SNMPv2-SMI", "name" : "Counter32"},
+            },
+            "access" : "readonly",
+            "description" :
+                """The number of times an openSession() request has been executed
+as a (D)TLS client, regardless of whether it succeeded or
+failed.""",
+        }, # scalar
+        "snmpTlstmSessionClientCloses" : {
+            "nodetype" : "scalar",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.1.2",
+            "status" : "current",
+            "syntax" : {
+                "type" : { "module" :"SNMPv2-SMI", "name" : "Counter32"},
+            },
+            "access" : "readonly",
+            "description" :
+                """The number of times a closeSession() request has been
+executed as an (D)TLS client, regardless of whether it
+succeeded or failed.""",
+        }, # scalar
+        "snmpTlstmSessionOpenErrors" : {
+            "nodetype" : "scalar",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.1.3",
+            "status" : "current",
+            "syntax" : {
+                "type" : { "module" :"SNMPv2-SMI", "name" : "Counter32"},
+            },
+            "access" : "readonly",
+            "description" :
+                """The number of times an openSession() request failed to open a
+session as a (D)TLS client, for any reason.""",
+        }, # scalar
+        "snmpTlstmSessionAccepts" : {
+            "nodetype" : "scalar",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.1.4",
+            "status" : "current",
+            "syntax" : {
+                "type" : { "module" :"SNMPv2-SMI", "name" : "Counter32"},
+            },
+            "access" : "readonly",
+            "description" :
+                """The number of times a (D)TLS server has accepted a new
+connection from a client and has received at least one SNMP
+message through it.""",
+        }, # scalar
+        "snmpTlstmSessionServerCloses" : {
+            "nodetype" : "scalar",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.1.5",
+            "status" : "current",
+            "syntax" : {
+                "type" : { "module" :"SNMPv2-SMI", "name" : "Counter32"},
+            },
+            "access" : "readonly",
+            "description" :
+                """The number of times a closeSession() request has been
+executed as an (D)TLS server, regardless of whether it
+succeeded or failed.""",
+        }, # scalar
+        "snmpTlstmSessionNoSessions" : {
+            "nodetype" : "scalar",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.1.6",
+            "status" : "current",
+            "syntax" : {
+                "type" : { "module" :"SNMPv2-SMI", "name" : "Counter32"},
+            },
+            "access" : "readonly",
+            "description" :
+                """The number of times an outgoing message was dropped because
+the session associated with the passed tmStateReference was no
+longer (or was never) available.""",
+        }, # scalar
+        "snmpTlstmSessionInvalidClientCertificates" : {
+            "nodetype" : "scalar",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.1.7",
+            "status" : "current",
+            "syntax" : {
+                "type" : { "module" :"SNMPv2-SMI", "name" : "Counter32"},
+            },
+            "access" : "readonly",
+            "description" :
+                """The number of times an incoming session was not established
+on an (D)TLS server because the presented client certificate
+was invalid.  Reasons for invalidation include, but are not
+limited to, cryptographic validation failures or lack of a
+suitable mapping row in the snmpTlstmCertToTSNTable.""",
+        }, # scalar
+        "snmpTlstmSessionUnknownServerCertificate" : {
+            "nodetype" : "scalar",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.1.8",
+            "status" : "current",
+            "syntax" : {
+                "type" : { "module" :"SNMPv2-SMI", "name" : "Counter32"},
+            },
+            "access" : "readonly",
+            "description" :
+                """The number of times an outgoing session was not established
+on an (D)TLS client because the server certificate presented
+by an SNMP over (D)TLS server was invalid because no
+configured fingerprint or Certification Authority (CA) was
+acceptable to validate it.
+This may result because there was no entry in the
+snmpTlstmAddrTable or because no path could be found to a
+known CA.""",
+        }, # scalar
+        "snmpTlstmSessionInvalidServerCertificates" : {
+            "nodetype" : "scalar",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.1.9",
+            "status" : "current",
+            "syntax" : {
+                "type" : { "module" :"SNMPv2-SMI", "name" : "Counter32"},
+            },
+            "access" : "readonly",
+            "description" :
+                """The number of times an outgoing session was not established
+on an (D)TLS client because the server certificate presented
+by an SNMP over (D)TLS server could not be validated even if
+the fingerprint or expected validation path was known.  That
+is, a cryptographic validation error occurred during
+certificate validation processing.
+
+Reasons for invalidation include, but are not
+limited to, cryptographic validation failures.""",
+        }, # scalar
+        "snmpTlstmSessionInvalidCaches" : {
+            "nodetype" : "scalar",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.1.10",
+            "status" : "current",
+            "syntax" : {
+                "type" : { "module" :"SNMPv2-SMI", "name" : "Counter32"},
+            },
+            "access" : "readonly",
+            "description" :
+                """The number of outgoing messages dropped because the
+tmStateReference referred to an invalid cache.""",
+        }, # scalar
+        "snmpTlstmConfig" : {
+            "nodetype" : "node",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.2",
+        }, # node
+        "snmpTlstmCertificateMapping" : {
+            "nodetype" : "node",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.2.1",
+        }, # node
+        "snmpTlstmCertToTSNCount" : {
+            "nodetype" : "scalar",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.2.1.1",
+            "status" : "current",
+            "syntax" : {
+                "type" : { "module" :"SNMPv2-SMI", "name" : "Gauge32"},
+            },
+            "access" : "readonly",
+            "description" :
+                """A count of the number of entries in the
+snmpTlstmCertToTSNTable.""",
+        }, # scalar
+        "snmpTlstmCertToTSNTableLastChanged" : {
+            "nodetype" : "scalar",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.2.1.2",
+            "status" : "current",
+            "syntax" : {
+                "type" : { "module" :"SNMPv2-TC", "name" : "TimeStamp"},
+            },
+            "access" : "readonly",
+            "description" :
+                """The value of sysUpTime.0 when the snmpTlstmCertToTSNTable was
+last modified through any means, or 0 if it has not been
+modified since the command responder was started.""",
+        }, # scalar
+        "snmpTlstmCertToTSNTable" : {
+            "nodetype" : "table",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.2.1.3",
+            "status" : "current",
+            "description" :
+                """This table is used by a (D)TLS server to map the (D)TLS
+client's presented X.509 certificate to a tmSecurityName.
+
+On an incoming (D)TLS/SNMP connection, the client's presented
+certificate must either be validated based on an established
+trust anchor, or it must directly match a fingerprint in this
+table.  This table does not provide any mechanisms for
+configuring the trust anchors; the transfer of any needed
+trusted certificates for path validation is expected to occur
+through an out-of-band transfer.
+
+Once the certificate has been found acceptable (either by path
+validation or directly matching a fingerprint in this table),
+this table is consulted to determine the appropriate
+tmSecurityName to identify with the remote connection.  This
+is done by considering each active row from this table in
+prioritized order according to its snmpTlstmCertToTSNID value.
+Each row's snmpTlstmCertToTSNFingerprint value determines
+whether the row is a match for the incoming connection:
+
+    1) If the row's snmpTlstmCertToTSNFingerprint value
+       identifies the presented certificate, then consider the
+       row as a successful match.
+
+    2) If the row's snmpTlstmCertToTSNFingerprint value
+       identifies a locally held copy of a trusted CA
+       certificate and that CA certificate was used to
+       validate the path to the presented certificate, then
+       consider the row as a successful match.
+
+Once a matching row has been found, the
+snmpTlstmCertToTSNMapType value can be used to determine how
+the tmSecurityName to associate with the session should be
+
+
+
+determined.  See the snmpTlstmCertToTSNMapType column's
+DESCRIPTION for details on determining the tmSecurityName
+value.  If it is impossible to determine a tmSecurityName from
+the row's data combined with the data presented in the
+certificate, then additional rows MUST be searched looking for
+another potential match.  If a resulting tmSecurityName mapped
+from a given row is not compatible with the needed
+requirements of a tmSecurityName (e.g., VACM imposes a
+32-octet-maximum length and the certificate derived
+securityName could be longer), then it must be considered an
+invalid match and additional rows MUST be searched looking for
+another potential match.
+
+If no matching and valid row can be found, the connection MUST
+be closed and SNMP messages MUST NOT be accepted over it.
+
+Missing values of snmpTlstmCertToTSNID are acceptable and
+implementations should continue to the next highest numbered
+row.  It is recommended that administrators skip index values
+to leave room for the insertion of future rows (for example,
+use values of 10 and 20 when creating initial rows).
+
+Users are encouraged to make use of certificates with
+subjectAltName fields that can be used as tmSecurityNames so
+that a single root CA certificate can allow all child
+certificate's subjectAltName to map directly to a
+tmSecurityName via a 1:1 transformation.  However, this table
+is flexible to allow for situations where existing deployed
+certificate infrastructures do not provide adequate
+subjectAltName values for use as tmSecurityNames.
+Certificates may also be mapped to tmSecurityNames using the
+CommonName portion of the Subject field.  However, the usage
+of the CommonName field is deprecated and thus this usage is
+NOT RECOMMENDED.  Direct mapping from each individual
+certificate fingerprint to a tmSecurityName is also possible
+but requires one entry in the table per tmSecurityName and
+requires more management operations to completely configure a
+device.""",
+        }, # table
+        "snmpTlstmCertToTSNEntry" : {
+            "nodetype" : "row",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.2.1.3.1",
+            "create" : "true",
+            "status" : "current",
+            "linkage" : [
+                "snmpTlstmCertToTSNID",
+            ],
+            "description" :
+                """A row in the snmpTlstmCertToTSNTable that specifies a mapping
+for an incoming (D)TLS certificate to a tmSecurityName to use
+for a connection.""",
+        }, # row
+        "snmpTlstmCertToTSNID" : {
+            "nodetype" : "column",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.2.1.3.1.1",
+            "status" : "current",
+            "syntax" : {
+                "type" :                 {
+                    "basetype" : "Unsigned32",
+                    "ranges" : [
+                    {
+                        "min" : "1",
+                        "max" : "4294967295"
+                    },
+                    ],
+                    "range" : {
+                        "min" : "1",
+                        "max" : "4294967295"
+                    },
+                },
+            },
+            "access" : "noaccess",
+            "description" :
+                """A unique, prioritized index for the given entry.  Lower
+numbers indicate a higher priority.""",
+        }, # column
+        "snmpTlstmCertToTSNFingerprint" : {
+            "nodetype" : "column",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.2.1.3.1.2",
+            "status" : "current",
+            "syntax" : {
+                "type" :                 {
+                    "basetype" : "OctetString",
+                    "parent module" : {
+                        "name" : "SNMP-TLS-TM-MIB",
+                        "type" : "SnmpTLSFingerprint",
+                    },
+                    "ranges" : [
+                    {
+                        "min" : "1",
+                        "max" : "255"
+                    },
+                    ],
+                    "range" : {
+                        "min" : "1",
+                        "max" : "255"
+                    },
+                },
+            },
+            "access" : "readwrite",
+            "description" :
+                """A cryptographic hash of a X.509 certificate.  The results of
+a successful matching fingerprint to either the trusted CA in
+the certificate validation path or to the certificate itself
+is dictated by the snmpTlstmCertToTSNMapType column.""",
+        }, # column
+        "snmpTlstmCertToTSNMapType" : {
+            "nodetype" : "column",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.2.1.3.1.3",
+            "status" : "current",
+            "syntax" : {
+                "type" : { "module" :"SNMPv2-TC", "name" : "AutonomousType"},
+            },
+            "access" : "readwrite",
+            "default" : "1.3.6.1.2.1.198.1.1.1",
+            "description" :
+                """Specifies the mapping type for deriving a tmSecurityName from
+a certificate.  Details for mapping of a particular type SHALL
+be specified in the DESCRIPTION clause of the OBJECT-IDENTITY
+that describes the mapping.  If a mapping succeeds it will
+return a tmSecurityName for use by the TLSTM model and
+processing stops.
+
+If the resulting mapped value is not compatible with the
+needed requirements of a tmSecurityName (e.g., VACM imposes a
+32-octet-maximum length and the certificate derived
+
+
+
+
+securityName could be longer), then future rows MUST be
+searched for additional snmpTlstmCertToTSNFingerprint matches
+to look for a mapping that succeeds.
+
+Suitable values for assigning to this object that are defined
+within the SNMP-TLS-TM-MIB can be found in the
+snmpTlstmCertToTSNMIdentities portion of the MIB tree.""",
+        }, # column
+        "snmpTlstmCertToTSNData" : {
+            "nodetype" : "column",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.2.1.3.1.4",
+            "status" : "current",
+            "syntax" : {
+                "type" :                 {
+                    "basetype" : "OctetString",
+                    "ranges" : [
+                    {
+                        "min" : "0",
+                        "max" : "1024"
+                    },
+                    ],
+                    "range" : {
+                        "min" : "0",
+                        "max" : "1024"
+                    },
+                },
+            },
+            "access" : "readwrite",
+            "default" : "",
+            "description" :
+                """Auxiliary data used as optional configuration information for
+a given mapping specified by the snmpTlstmCertToTSNMapType
+column.  Only some mapping systems will make use of this
+column.  The value in this column MUST be ignored for any
+mapping type that does not require data present in this
+column.""",
+        }, # column
+        "snmpTlstmCertToTSNStorageType" : {
+            "nodetype" : "column",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.2.1.3.1.5",
+            "status" : "current",
+            "syntax" : {
+                "type" : { "module" :"SNMPv2-TC", "name" : "StorageType"},
+            },
+            "access" : "readwrite",
+            "default" : "nonVolatile",
+            "description" :
+                """The storage type for this conceptual row.  Conceptual rows
+having the value 'permanent' need not allow write-access to
+any columnar objects in the row.""",
+        }, # column
+        "snmpTlstmCertToTSNRowStatus" : {
+            "nodetype" : "column",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.2.1.3.1.6",
+            "status" : "current",
+            "syntax" : {
+                "type" : { "module" :"SNMPv2-TC", "name" : "RowStatus"},
+            },
+            "access" : "readwrite",
+            "description" :
+                """The status of this conceptual row.  This object may be used
+to create or remove rows from this table.
+
+To create a row in this table, an administrator must set this
+object to either createAndGo(4) or createAndWait(5).
+
+
+
+
+
+
+Until instances of all corresponding columns are appropriately
+configured, the value of the corresponding instance of the
+snmpTlstmParamsRowStatus column is notReady(3).
+
+In particular, a newly created row cannot be made active until
+the corresponding snmpTlstmCertToTSNFingerprint,
+snmpTlstmCertToTSNMapType, and snmpTlstmCertToTSNData columns
+have been set.
+
+The following objects may not be modified while the
+value of this object is active(1):
+    - snmpTlstmCertToTSNFingerprint
+    - snmpTlstmCertToTSNMapType
+    - snmpTlstmCertToTSNData
+An attempt to set these objects while the value of
+snmpTlstmParamsRowStatus is active(1) will result in
+an inconsistentValue error.""",
+        }, # column
+        "snmpTlstmParamsCount" : {
+            "nodetype" : "scalar",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.2.1.4",
+            "status" : "current",
+            "syntax" : {
+                "type" : { "module" :"SNMPv2-SMI", "name" : "Gauge32"},
+            },
+            "access" : "readonly",
+            "description" :
+                """A count of the number of entries in the snmpTlstmParamsTable.""",
+        }, # scalar
+        "snmpTlstmParamsTableLastChanged" : {
+            "nodetype" : "scalar",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.2.1.5",
+            "status" : "current",
+            "syntax" : {
+                "type" : { "module" :"SNMPv2-TC", "name" : "TimeStamp"},
+            },
+            "access" : "readonly",
+            "description" :
+                """The value of sysUpTime.0 when the snmpTlstmParamsTable
+was last modified through any means, or 0 if it has not been
+modified since the command responder was started.""",
+        }, # scalar
+        "snmpTlstmParamsTable" : {
+            "nodetype" : "table",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.2.1.6",
+            "status" : "current",
+            "description" :
+                """This table is used by a (D)TLS client when a (D)TLS
+connection is being set up using an entry in the
+SNMP-TARGET-MIB.  It extends the SNMP-TARGET-MIB's
+snmpTargetParamsTable with a fingerprint of a certificate to
+use when establishing such a (D)TLS connection.""",
+        }, # table
+        "snmpTlstmParamsEntry" : {
+            "nodetype" : "row",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.2.1.6.1",
+            "create" : "true",
+            "status" : "current",
+            "implied" : "true",
+            "linkage" : [
+                "snmpTargetParamsName",
+            ],
+            "description" :
+                """A conceptual row containing a fingerprint hash of a locally
+held certificate for a given snmpTargetParamsEntry.  The
+values in this row should be ignored if the connection that
+needs to be established, as indicated by the SNMP-TARGET-MIB
+infrastructure, is not a certificate and (D)TLS based
+connection.  The connection SHOULD NOT be established if the
+certificate fingerprint stored in this entry does not point to
+a valid locally held certificate or if it points to an
+unusable certificate (such as might happen when the
+certificate's expiration date has been reached).""",
+        }, # row
+        "snmpTlstmParamsClientFingerprint" : {
+            "nodetype" : "column",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.2.1.6.1.1",
+            "status" : "current",
+            "syntax" : {
+                "type" : { "module" :"SNMP-TLS-TM-MIB", "name" : "SnmpTLSFingerprint"},
+            },
+            "access" : "readwrite",
+            "description" :
+                """This object stores the hash of the public portion of a
+locally held X.509 certificate.  The X.509 certificate, its
+public key, and the corresponding private key will be used
+when initiating a (D)TLS connection as a (D)TLS client.""",
+        }, # column
+        "snmpTlstmParamsStorageType" : {
+            "nodetype" : "column",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.2.1.6.1.2",
+            "status" : "current",
+            "syntax" : {
+                "type" : { "module" :"SNMPv2-TC", "name" : "StorageType"},
+            },
+            "access" : "readwrite",
+            "default" : "nonVolatile",
+            "description" :
+                """The storage type for this conceptual row.  Conceptual rows
+having the value 'permanent' need not allow write-access to
+any columnar objects in the row.""",
+        }, # column
+        "snmpTlstmParamsRowStatus" : {
+            "nodetype" : "column",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.2.1.6.1.3",
+            "status" : "current",
+            "syntax" : {
+                "type" : { "module" :"SNMPv2-TC", "name" : "RowStatus"},
+            },
+            "access" : "readwrite",
+            "description" :
+                """The status of this conceptual row.  This object may be used
+to create or remove rows from this table.
+
+To create a row in this table, an administrator must set this
+object to either createAndGo(4) or createAndWait(5).
+
+Until instances of all corresponding columns are appropriately
+configured, the value of the corresponding instance of the
+snmpTlstmParamsRowStatus column is notReady(3).
+
+In particular, a newly created row cannot be made active until
+the corresponding snmpTlstmParamsClientFingerprint column has
+been set.
+
+The snmpTlstmParamsClientFingerprint object may not be modified
+while the value of this object is active(1).
+
+An attempt to set these objects while the value of
+snmpTlstmParamsRowStatus is active(1) will result in
+an inconsistentValue error.""",
+        }, # column
+        "snmpTlstmAddrCount" : {
+            "nodetype" : "scalar",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.2.1.7",
+            "status" : "current",
+            "syntax" : {
+                "type" : { "module" :"SNMPv2-SMI", "name" : "Gauge32"},
+            },
+            "access" : "readonly",
+            "description" :
+                """A count of the number of entries in the snmpTlstmAddrTable.""",
+        }, # scalar
+        "snmpTlstmAddrTableLastChanged" : {
+            "nodetype" : "scalar",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.2.1.8",
+            "status" : "current",
+            "syntax" : {
+                "type" : { "module" :"SNMPv2-TC", "name" : "TimeStamp"},
+            },
+            "access" : "readonly",
+            "description" :
+                """The value of sysUpTime.0 when the snmpTlstmAddrTable
+was last modified through any means, or 0 if it has not been
+modified since the command responder was started.""",
+        }, # scalar
+        "snmpTlstmAddrTable" : {
+            "nodetype" : "table",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.2.1.9",
+            "status" : "current",
+            "description" :
+                """This table is used by a (D)TLS client when a (D)TLS
+connection is being set up using an entry in the
+SNMP-TARGET-MIB.  It extends the SNMP-TARGET-MIB's
+snmpTargetAddrTable so that the client can verify that the
+correct server has been reached.  This verification can use
+either a certificate fingerprint, or an identity
+authenticated via certification path validation.
+
+If there is an active row in this table corresponding to the
+entry in the SNMP-TARGET-MIB that was used to establish the
+connection, and the row's snmpTlstmAddrServerFingerprint
+column has non-empty value, then the server's presented
+certificate is compared with the
+snmpTlstmAddrServerFingerprint value (and the
+snmpTlstmAddrServerIdentity column is ignored).  If the
+fingerprint matches, the verification has succeeded.  If the
+fingerprint does not match, then the connection MUST be
+closed.
+
+If the server's presented certificate has passed
+certification path validation [RFC5280] to a configured
+trust anchor, and an active row exists with a zero-length
+snmpTlstmAddrServerFingerprint value, then the
+snmpTlstmAddrServerIdentity column contains the expected
+host name.  This expected host name is then compared against
+the server's certificate as follows:
+
+  - Implementations MUST support matching the expected host
+  name against a dNSName in the subjectAltName extension
+  field and MAY support checking the name against the
+  CommonName portion of the subject distinguished name.
+
+
+
+
+
+  - The '*' (ASCII 0x2a) wildcard character is allowed in the
+  dNSName of the subjectAltName extension (and in common
+  name, if used to store the host name), but only as the
+  left-most (least significant) DNS label in that value.
+  This wildcard matches any left-most DNS label in the
+  server name.  That is, the subject *.example.com matches
+  the server names a.example.com and b.example.com, but does
+  not match example.com or a.b.example.com.  Implementations
+  MUST support wildcards in certificates as specified above,
+  but MAY provide a configuration option to disable them.
+
+  - If the locally configured name is an internationalized
+  domain name, conforming implementations MUST convert it to
+  the ASCII Compatible Encoding (ACE) format for performing
+  comparisons, as specified in Section 7 of [RFC5280].
+
+If the expected host name fails these conditions then the
+connection MUST be closed.
+
+If there is no row in this table corresponding to the entry
+in the SNMP-TARGET-MIB and the server can be authorized by
+another, implementation-dependent means, then the connection
+MAY still proceed.""",
+        }, # table
+        "snmpTlstmAddrEntry" : {
+            "nodetype" : "row",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.2.1.9.1",
+            "create" : "true",
+            "status" : "current",
+            "implied" : "true",
+            "linkage" : [
+                "snmpTargetAddrName",
+            ],
+            "description" :
+                """A conceptual row containing a copy of a certificate's
+fingerprint for a given snmpTargetAddrEntry.  The values in
+this row should be ignored if the connection that needs to be
+established, as indicated by the SNMP-TARGET-MIB
+infrastructure, is not a (D)TLS based connection.  If an
+snmpTlstmAddrEntry exists for a given snmpTargetAddrEntry, then
+the presented server certificate MUST match or the connection
+MUST NOT be established.  If a row in this table does not
+exist to match an snmpTargetAddrEntry row, then the connection
+SHOULD still proceed if some other certificate validation path
+algorithm (e.g., RFC 5280) can be used.""",
+        }, # row
+        "snmpTlstmAddrServerFingerprint" : {
+            "nodetype" : "column",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.2.1.9.1.1",
+            "status" : "current",
+            "syntax" : {
+                "type" : { "module" :"SNMP-TLS-TM-MIB", "name" : "SnmpTLSFingerprint"},
+            },
+            "access" : "readwrite",
+            "default" : "",
+            "description" :
+                """A cryptographic hash of a public X.509 certificate.  This
+object should store the hash of the public X.509 certificate
+that the remote server should present during the (D)TLS
+connection setup.  The fingerprint of the presented
+certificate and this hash value MUST match exactly or the
+connection MUST NOT be established.""",
+        }, # column
+        "snmpTlstmAddrServerIdentity" : {
+            "nodetype" : "column",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.2.1.9.1.2",
+            "status" : "current",
+            "syntax" : {
+                "type" : { "module" :"SNMP-FRAMEWORK-MIB", "name" : "SnmpAdminString"},
+            },
+            "access" : "readwrite",
+            "default" : "",
+            "description" :
+                """The reference identity to check against the identity
+presented by the remote system.""",
+        }, # column
+        "snmpTlstmAddrStorageType" : {
+            "nodetype" : "column",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.2.1.9.1.3",
+            "status" : "current",
+            "syntax" : {
+                "type" : { "module" :"SNMPv2-TC", "name" : "StorageType"},
+            },
+            "access" : "readwrite",
+            "default" : "nonVolatile",
+            "description" :
+                """The storage type for this conceptual row.  Conceptual rows
+having the value 'permanent' need not allow write-access to
+any columnar objects in the row.""",
+        }, # column
+        "snmpTlstmAddrRowStatus" : {
+            "nodetype" : "column",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.2.2.1.9.1.4",
+            "status" : "current",
+            "syntax" : {
+                "type" : { "module" :"SNMPv2-TC", "name" : "RowStatus"},
+            },
+            "access" : "readwrite",
+            "description" :
+                """The status of this conceptual row.  This object may be used
+to create or remove rows from this table.
+
+To create a row in this table, an administrator must set this
+object to either createAndGo(4) or createAndWait(5).
+
+Until instances of all corresponding columns are
+appropriately configured, the value of the
+corresponding instance of the snmpTlstmAddrRowStatus
+column is notReady(3).
+
+In particular, a newly created row cannot be made active until
+the corresponding snmpTlstmAddrServerFingerprint column has been
+set.
+
+Rows MUST NOT be active if the snmpTlstmAddrServerFingerprint
+column is blank and the snmpTlstmAddrServerIdentity is set to
+'*' since this would insecurely accept any presented
+certificate.
+
+The snmpTlstmAddrServerFingerprint object may not be modified
+while the value of this object is active(1).
+
+An attempt to set these objects while the value of
+snmpTlstmAddrRowStatus is active(1) will result in
+an inconsistentValue error.""",
+        }, # column
+        "snmpTlstmConformance" : {
+            "nodetype" : "node",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.3",
+        }, # node
+        "snmpTlstmCompliances" : {
+            "nodetype" : "node",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.3.1",
+        }, # node
+        "snmpTlstmGroups" : {
+            "nodetype" : "node",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.3.2",
+        }, # node
+        "snmpTLSTCPDomain" : {
+            "nodetype" : "node",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.6.1.8",
+            "status" : "current",
+            "description" :
+                """The SNMP over TLS via TCP transport domain.  The
+corresponding transport address is of type SnmpTLSAddress.
+
+The securityName prefix to be associated with the
+snmpTLSTCPDomain is 'tls'.  This prefix may be used by
+security models or other components to identify which secure
+transport infrastructure authenticated a securityName.""",
+            "reference" :
+                """RFC 2579: Textual Conventions for SMIv2""",
+        }, # node
+        "snmpDTLSUDPDomain" : {
+            "nodetype" : "node",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.6.1.9",
+            "status" : "current",
+            "description" :
+                """The SNMP over DTLS via UDP transport domain.  The
+corresponding transport address is of type SnmpTLSAddress.
+
+The securityName prefix to be associated with the
+snmpDTLSUDPDomain is 'dtls'.  This prefix may be used by
+security models or other components to identify which secure
+transport infrastructure authenticated a securityName.""",
+            "reference" :
+                """RFC 2579: Textual Conventions for SMIv2""",
+        }, # node
+    }, # nodes
+
+    "notifications" : {
+        "snmpTlstmServerCertificateUnknown" : {
+            "nodetype" : "notification",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.0.1",
+            "status" : "current",
+            "objects" : {
+                "snmpTlstmSessionUnknownServerCertificate" : {
+                    "nodetype" : "object",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+            },
+            "description" :
+                """Notification that the server certificate presented by an SNMP
+over (D)TLS server was invalid because no configured
+fingerprint or CA was acceptable to validate it.  This may be
+because there was no entry in the snmpTlstmAddrTable or
+because no path could be found to known Certification
+Authority.
+
+
+
+
+
+
+
+To avoid notification loops, this notification MUST NOT be
+sent to servers that themselves have triggered the
+notification.""",
+        }, # notification
+        "snmpTlstmServerInvalidCertificate" : {
+            "nodetype" : "notification",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.0.2",
+            "status" : "current",
+            "objects" : {
+                "snmpTlstmAddrServerFingerprint" : {
+                    "nodetype" : "object",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmSessionInvalidServerCertificates" : {
+                    "nodetype" : "object",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+            },
+            "description" :
+                """Notification that the server certificate presented by an SNMP
+over (D)TLS server could not be validated even if the
+fingerprint or expected validation path was known.  That is, a
+cryptographic validation error occurred during certificate
+validation processing.
+
+To avoid notification loops, this notification MUST NOT be
+sent to servers that themselves have triggered the
+notification.""",
+        }, # notification
+    }, # notifications
+
+    "groups" : {
+        "snmpTlstmStatsGroup" : {
+            "nodetype" : "group",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.3.2.1",
+            "status" : "current",
+            "members" : {
+                "snmpTlstmSessionOpens" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmSessionClientCloses" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmSessionOpenErrors" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmSessionAccepts" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmSessionServerCloses" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmSessionNoSessions" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmSessionInvalidClientCertificates" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmSessionUnknownServerCertificate" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmSessionInvalidServerCertificates" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmSessionInvalidCaches" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+            }, # members
+            "description" :
+                """A collection of objects for maintaining
+statistical information of an SNMP engine that
+implements the SNMP TLS Transport Model.""",
+        }, # group
+        "snmpTlstmIncomingGroup" : {
+            "nodetype" : "group",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.3.2.2",
+            "status" : "current",
+            "members" : {
+                "snmpTlstmCertToTSNCount" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmCertToTSNTableLastChanged" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmCertToTSNFingerprint" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmCertToTSNMapType" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmCertToTSNData" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmCertToTSNStorageType" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmCertToTSNRowStatus" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+            }, # members
+            "description" :
+                """A collection of objects for maintaining
+incoming connection certificate mappings to
+tmSecurityNames of an SNMP engine that implements the
+SNMP TLS Transport Model.""",
+        }, # group
+        "snmpTlstmOutgoingGroup" : {
+            "nodetype" : "group",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.3.2.3",
+            "status" : "current",
+            "members" : {
+                "snmpTlstmParamsCount" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmParamsTableLastChanged" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmParamsClientFingerprint" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmParamsStorageType" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmParamsRowStatus" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmAddrCount" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmAddrTableLastChanged" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmAddrServerFingerprint" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmAddrServerIdentity" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmAddrStorageType" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmAddrRowStatus" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+            }, # members
+            "description" :
+                """A collection of objects for maintaining
+outgoing connection certificates to use when opening
+connections as a result of SNMP-TARGET-MIB settings.""",
+        }, # group
+        "snmpTlstmNotificationGroup" : {
+            "nodetype" : "group",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.3.2.4",
+            "status" : "current",
+            "members" : {
+                "snmpTlstmServerCertificateUnknown" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmServerInvalidCertificate" : {
+                    "nodetype" : "member",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+            }, # members
+            "description" :
+                """Notifications""",
+        }, # group
+    }, # groups
+
+    "compliances" : {
+        "snmpTlstmCompliance" : {
+            "nodetype" : "compliance",
+            "moduleName" : "SNMP-TLS-TM-MIB",
+            "oid" : "1.3.6.1.2.1.198.3.1.1",
+            "status" : "current",
+            "description" :
+                """The compliance statement for SNMP engines that support the
+SNMP-TLS-TM-MIB""",
+            "requires" : {
+                "snmpTlstmStatsGroup" : {
+                    "nodetype" : "mandatory",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmIncomingGroup" : {
+                    "nodetype" : "mandatory",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmOutgoingGroup" : {
+                    "nodetype" : "mandatory",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+                "snmpTlstmNotificationGroup" : {
+                    "nodetype" : "mandatory",
+                    "module" : "SNMP-TLS-TM-MIB"
+                },
+            }, # requires
+        }, # compliance
+    }, # compliances
+
+}