Configuration Options
Configuration options are available for global and local policy parameters.
List of Global Configuration Options
Identifier | Affected Component | Configuration Option | Description | Required for POC | Option Value for PoC | Comment |
|---|---|---|---|---|---|---|
scms_version | (all) | SCMS Version | Version number of the SCMS | Y | 1 | |
global_cert_chain_file_id | RA, PCA, EE | The Global Certificate Chain File (GCCF) version | This identifier is used to determine if the EE's version of the LCCF is up-to-date. The identifier for the LCCF is mirrored from the GCCF identifier by the RA and included in the LCCF file name. If the GCCF and related LCCF identifier in the LCCF file name indicate that a newer LCCF version is available, the RA will download the updated LCCF to the EE. | Y | 2 bytes | Additional information on the GCCF File can be found in: Global Certificate Chain File. |
overdue_CRL_tolerance | EE | Maximum time to maintain trust past next CRL date | How long an EE can continue to operate without a CRL update past a next CRL date before deciding that messages are not trustworthy and rejecting all of them (and turning on an appropriate driver warning indicator). | Y | 2 weeks | This is not expected to be implemented in the EEs for PoC, but should be included in the global file for PoC. There must be some point at which this transition occurs, or CRLs are greatly weakened; and it makes sense for the tolerance to change as CRL distribution technology improves. |
i_period | RA, EE | The length of the certificate's i-period in minutes | Currently the i-value is defined as one week (or 10080 minutes) but this might change with more connectivity. | Y | 1 week | Global parameter |
min_certs_per_i_period | RA, EE | Minimum certificates per i-period | The minimum number of certificates an EE receives per i-value (currently i-value = week). This number is also the j-value. Currently that is 20 per week and this might change over time. | Y | 20 | No maximum number capabilities. Note that CRL plan means that this can be set no higher than 255. |
cert_validity_model | RA, EE | Certificate validity model | Pseudonym certificates are either "concurrently" or "non-concurrently" valid. | Y | concurrent | This setting means that the 20 certs per week are all concurrently valid during that week, also affects CRL. |
max_available_cert_supply | RA, PCA, EE | Maximum time with which to provision OBEs with pseudonym certificates | How many years worth of pseudo certs should be provided during the initial provisioning, and then maintained by top-off. For PoC, it is currently 3 years. | Y | 3 years | Affects ability to make major changes in the overall system; also affects size of CRL. |
max_cert_request_age | RA | Maximum Individual Certificate Request Age | Controls maximum amount of time an Individual Certificate Request can stay in the aggregator waiting to be shuffled. | Y | 2 days | NOTE: this is only for certificate requests (not for top-offs) - minimum number or timing minimum, whichever comes first. In deployment, this will be an infinite number. Use of this option in deployment, if allowed, will require permission from the SCMS Manager. |
shuffle_threshold | RA | Shuffle Threshold | Specifies the minimum number of Individual Certificate Requests to accumulate before shuffling and sending to PCA. | Y | 1000 | This is being considered as the minimum number for full privacy mode. Global sets acceptable option value limits. Local sets option value within Global limits. |
hash_of_request_size | RA, PCA | The length in bytes of the "hash of request" | The length in bytes of the "hash of request" that PCA and RA use to identify individual requests. | Y | 32 bytes | Full hash for PoC |
max_gpf_gccf_retrieval_interval | RA, PCA, LA | Maximum time interval between requesting GPF and GCCF updates | SCMS Components need to know when the contents of the Global Policy File (GPF) or Global Certificate Chain File (GCCF) change. | Y | 1 day | Under current procedures, SCMS Components need to request the GPF and GCCF. |
rse_application_cert_validity | RA, PCA, RSE | Validity period of RSE application certificates | Y | 1 week + rse_application_cert_overlap | The value of this parameter shall be the total validity period, including the overlap interval. The initial PoC value should be 169 hours (1 week + 1 hour of overlap) | |
rse_application_cert_overlap | RA, PCA, RSE | Overlap period of RSE application certificates | Y | 1 hour |
List of Global Configuration Options
List of local configuration options
| Identifier | Affected Component | Configuration Option | Description | Required for PoC | Option Value for PoC | Comment |
|---|---|---|---|---|---|---|
shuffle_threshold | RA | Shuffle Threshold | Controls how many Individual Certificate Requests to accumulate before shuffling and sending to PCA. | Y | 1000 | This is being considered as the minimum number for full privacy mode; Global sets acceptable option value limits; Local sets option value within Global limits. |
certs_per_i_period | RA, LA, EE | The actual number of certificates per i-value. certs_per_i_value must be equal or larger than min_certs_per_i_value. | This is the actual number of certificates an EE receives. For POC, this is an RA setting (i.e., the setting is per RA, or possibly sub-RA, not necessarily per EE). | Y | 20/40 | Current plan is to use 20 as the main PoC value, but to test that 40 would also work. Note that CRL plan means that this can be set no higher than 255. All affected components and/or EEs do not necessarily need to be notified separately from the results of cert update requests. |
address_la1 | RA | Addresses of LA1 | Used to communicate with Linkage Authority 1. | Y | Local configuration to be approved by SCMS Manager? | |
address_la2 | RA | Addresses of LA2 | Used to communicate with Linkage Authority 2. | Y | Local configuration to be approved by SCMS Manager? | |
address_pca | RA | Address of PCA | Used to communicate with the Pseudonym Certificate Authority. | Y | Local configuration to be approved by SCMS Manager? | |
tls_cert_ra | RA | TLS Certificate for RA | X.509 certificate used for transport layer security. | Y | Local configuration | |
shared_key_update_interval | PCA, LA | Shared symmetric key between LA and PCA | Maximum time between changes to pre-linkage value encryption/decryption key. | Y | Local configuration to be approved by SCMS Manager? | |
tls_cert_pca | PCA | TLS Certificate for PCA | X.509 certificate used for transport layer security. | Y | Local configuration | |
tls_cert_la | LA | TLS Certificate for LA | X.509 certificate used for transport layer security. | Y | Local configuration |
List of Local Configuration Options
Time Limited Configuration Options
It is valuable to define a time validity for options. This capability is very useful when the value of a configuration option changes. For instance, if i_period changes from one week to one day on January 1st, 2030, it is necessary to inform all EEs ahead of time about the change.
Format
This is done by including a time validity for each configuration option. Each configuration option entry can take the following time validity options:
- N/A: there is no timely limitation for this configuration parameter
- Sequence of configuration option value and time validity - There is a sequence of the following per configuration option entry
- The configuration option value
- Start time: The start-time when the configuration option value starts being valid. This is 'N/A' if the start-time was in the past. The current/first entry is always 'N/A.'
- End time: The end-time until the configuration option value ends being valid. This is 'N/A' if there is no defined end-time. The last entry is always 'N/A' (open ended).
Example
The following example provides two time dependent options for the parameter la_identifier_size:
la_identifier_size, {[2, N/A, 12/31/2015], [4, 1/1/2016, N/A]}
Here the text in [] is one option, and there are two options. The first option indicates a byte size of 2 bytes for la_identifier_size, valid until 12/31/2015 without any start date. The second option indicates a byte size of 4 bytes for la_identifier_size, valid from 1/1/2016 without any end date.
PoC
PoC will test the format and delivery of this extended policy configuration, but each identifier entry will have a single open-ended time span.
Requirements
- Uniqueness of global policy file: Each global policy file shall be unique in the sense that it supersedes a previous global policy file, and there is exactly one valid technical global policy file
- Completeness of configuration option entry: Each configuration option entry shall be complete in the sense that it provides a configuration option value for any time in the future. This implies that the first time entry and the last time entry are always open ended ('N/A').
- Uniqueness of configuration option entry: Each configuration option entry shall be unique and unambiguous, and at no point in time shall there be two valid entries
- Minimum options: Each configuration option entry shall be minimal, and two subsequent time periods shall not use the same option value.
ASN.1 Specification
-- (C) Copyright 2017, 2018 Crash Avoidance Metrics Partners LLC, VSC5 Consortium
--
-- Licensed under the Apache License, Version 2.0 (the "License");
-- you may not use this file except in compliance with the License.
-- You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
--
-- Unless required by applicable law or agreed to in writing, software
-- distributed under the License is distributed on an "AS IS" BASIS,
-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-- See the License for the specific language governing permissions and
-- limitations under the License.
--
-------------------------------------------------------------------------------
-- SCMS-POLICY
--
-- The structures in this file define the different policies in SCMS, such as
-- Global and Local Policy files.
--
-- Each resides in its own file and is signed by one or more components
-- to ensure the policy is valid. Policies affect not only EEs, but backend
-- SCMS components as well.
--
-- This file is part of the SCMS protocol developed by CAMP VSC5
-- It depends on the IEEE 1609.2 protocol specification
-------------------------------------------------------------------------------
-- @namespace Ieee1609dot2ScmsPolicyTypes
Ieee1609dot2ScmsPolicyTypes {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
scms(4) interfaces(1) policy-types(500) major-version-2(2)}
DEFINITIONS AUTOMATIC TAGS ::= BEGIN
EXPORTS ALL;
IMPORTS
Countersignature,
ExplicitCertificate,
Ieee1609Dot2Data,
SequenceOfCertificate
FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609)
dot2(2) base(1) schema(1) major-version-2(2)}
Duration,
Hostname,
Opaque,
Time64,
Uint8,
Uint16,
Uint32,
Uint64
FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609)
dot2(2) base(1) base-types(2) major-version-2(2)}
LaHostnameId,
PcaHostnameId,
RaHostnameId
FROM Ieee1609dot2ScmsBaseTypes {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
scms(4) interfaces(1) base-types(2) major-version-2(2)}
;
---
-- @brief The PolicyFiles structure defines the parent structure for all
-- policy files (GCCF & LCCF). Each policy file resides in its own file
-- and its signed by one or more components. to ensure the policy is
-- valid.
-- @class PolicyFiles
-- @param globalPolicyFile contains the global policy file generated by Policy
-- Generator (PG).
-- @param localPolicyFile contains the local policy file genrated by a
-- Registration Authority (RA). Note that RA has to
-- get this signed by PG before sending to EEs.
PolicyFiles ::= CHOICE {
globalPolicyFile GlobalPolicyFile,
localPolicyFile LocalPolicyFile,
...
}
---
-- @brief This data type defines the inherent policy file structure created
-- either by PG or RA.
-- @class BasePolicyFile
-- @param version defines the version of BasePolicyFile. Currently, it is
-- denoted by integer 1.
-- @param tbsData is the policy data that is signed by PG at the scms
-- protocol level.
-- @param signatures denote the counter signatures that are generated by
-- auditors of the policy file. Note that PG or RA must
-- obtain these signatures before sending to any EE.
-- @see Uint8, Countersignature
BasePolicyFile ::= SEQUENCE {
version Uint8(1),
tbsData ToBeSignedPolicyData,
-- countersignatures generated by auditors of the policy file
signatures SEQUENCE SIZE(1..MAX) OF Countersignature,
...
}
---
-- @brief This data type contains the policy file data that is signed by the
-- PG at scms-protocol level.
-- @class ToBeSignedPolicyData
-- @param policyID denotes the unique identifier for a policy file.
-- @param generationTime is the point of time when a policy file was generated.
-- @param activeTime is the duration of time for which the policy file is
-- valid.
-- @param policy is the policy data for either global, local or custom
-- file.
-- @see Time64
ToBeSignedPolicyData ::= SEQUENCE {
policyID OCTET STRING (SIZE (0..32)),
generationTime Time64,
activeTime Time64,
policy Policy,
...
}
---
-- @brief This data type is generated by PG and contains global policy data.
-- @class GlobalPolicyFile
-- @param tbsData is the policy data that is signed by PG at scms-protocol level.
GlobalPolicyFile ::= BasePolicyFile (WITH COMPONENTS {...,
tbsData( WITH COMPONENTS {...,
policy(WITH COMPONENTS {...,
global PRESENT
})
})
})
---
-- @brief This data type is generated by an RA and contains local policy data
-- derived from global policy data.
-- Because the RA is allowed to remove fields from the GPF which are not
-- relevant to the OBUs and/or RSUs under its jurisdiction, it must request
-- that Policy Generator signs the 'custom' portion. This ensures the customized
-- GPF is consistent with the actual GPF. The signature of the PG will appear in
-- the 'signatures' field of the 'globalParameters'.
--
-- The 'localParameters' section of the policy is signed by the RA, and its
-- signature should appear in the 'signatures' section as well as any other
-- auditors of the LPF.
--
-- The LocalPolicyFile is encapsulated by the SignedLocalPolicyFile defined
-- in scms-protocol.asn, which is signed by the RA.
-- @class LocalPolicyFile
-- @param globalParameters denotes all the values inherited from
-- GlobalPolicyFile.
-- @param localParameters denotes all values defined by RA for local policy
-- file specifically.
LocalPolicyFile ::= SEQUENCE {
globalParameters BasePolicyFile (WITH COMPONENTS {...,
tbsData( WITH COMPONENTS {...,
policy( WITH COMPONENTS {...,
custom PRESENT
})
})
}),
localParamters BasePolicyFile (WITH COMPONENTS {...,
tbsData( WITH COMPONENTS {...,
policy( WITH COMPONENTS {...,
local PRESENT
})
})
})
}
---
-- @brief This data type contains policy file data depending on the type of
-- policy file i.e. global, local or custom.
-- @class Policy
-- @param global denotes global policy data.
-- @param custom denotes custom policy data.
-- @param local denotes local policy data.
Policy ::= CHOICE {
global GlobalPolicyData,
custom CustomPolicyData,
local LocalPolicyData,
...
}
---
-- @brief This data type contains global policy data generated by PG.
-- This structure defines the parameters of the Global Policy
--
-- This structure contains an array of temporal series, where each temporal
-- serie applies to a particular parameter of the policy. The syntax of these
-- temporal series follows the following format:
--
-- temporalSeriesOfXXX {
-- initialXXX XXX
-- intervals SEQUENCE SIZE(0..N) OF SEQUENCE {
-- startTime Time64
-- xxx XXX
-- }
-- }
--
-- where:
--
-- initialXXX initial value of parameter of type XXX
-- startTime timestamp in future when value takes effect
-- xxx value of parameter
-- XXX type of parameter
-- @class GlobalPolicyData
-- @param temporalSeriesOfScmsVersion SCMS Version, default value is 1
-- @param temporalSeriesOfCertChainFileID File ID number of the current GCCF
-- @param temporalSeriesOfOverdueCrlTolerance max time to operate without a new
-- CRL, specified in weeks (4 bytes)
-- @param temporalSeriesOfIPeriod i-value / i-period; default: 1 week
-- @param temporalSeriesOfMinCertsPerIPeriod minimum certs per i-period; default: 20
-- @param temporalSeriesOfCertValidityModel pseudonym cert validity model -
-- "concurrent" or "non-concurrent"
-- @param temporalSeriesOfMaxAvailableCertSupply max time covered by a certificate
-- batch in years, default: 3 years
-- @param temporalSeriesOfMaxCertRequestAge maximum time for individual cert
-- request; to remain in aggregator;
-- default: 2 days
-- @param temporalSeriesOfShuffleThreshold minimum # of individual cert requests
-- before shuffle/send to PCA; default: 1000
-- @param temporalSeriesOfHashOfRequestSize bytes in "hash of request" between
-- PCA and RA for individual cert requests; default: 32
-- @param temporalSeriesOfMaxGpfGccfRetrievalInterval maximum interval (in hours) before
-- retreiving new GPF or GCCF; default: 1 hour
-- @param temporalSeriesOfRseApplicationCertValidity validity time for an RSE cert (in hours)
-- Default value is 1 week + 1 hour = 168 hours
-- @param temporalSeriesOfRseApplicationCertOVerlap RSE application cert overlap; Default value is 1 hour
-- @see Time64
GlobalPolicyData ::= SEQUENCE {
temporalSeriesOfScmsVersion SEQUENCE {
initialScmsVersion ScmsVersion DEFAULT 1,
intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
startTime Time64,
scmsVersion ScmsVersion
}
} OPTIONAL,
temporalSeriesOfCertChainFileID SEQUENCE {
initialGlobalCertChainFileID GlobalCertChainFileID,
intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
startTime Time64,
globalCertChainFileID GlobalCertChainFileID
}
} OPTIONAL,
temporalSeriesOfOverdueCrlTolerance SEQUENCE {
initialOverdueCrlTolerance OverdueCrlTolerance,
intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
startTime Time64,
overdueCrlTolerance OverdueCrlTolerance
}
} OPTIONAL,
temporalSeriesOfIPeriod SEQUENCE {
initialIPeriod IPeriod,
intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
startTime Time64,
iPeriod IPeriod
}
} OPTIONAL,
temporalSeriesOfMinCertsPerIPeriod SEQUENCE {
initialMinCertsPerIPeriod MinCertsPerIPeriod DEFAULT 20,
intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
startTime Time64,
minCertsPerIPeriod MinCertsPerIPeriod
}
} OPTIONAL,
temporalSeriesOfCertValidityModel SEQUENCE {
initialCertValidityModel CertValidityModel,
intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
startTime Time64,
certValidityModel CertValidityModel
}
} OPTIONAL,
temporalSeriesOfMaxAvailableCertSupply SEQUENCE {
initialMaxAvailableCertSupply MaxAvailableCertSupply,
intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
startTime Time64,
maxAvailableCertSupply MaxAvailableCertSupply
}
} OPTIONAL,
temporalSeriesOfMaxCertRequestAge SEQUENCE {
initialMaxCertRequestAge MaxCertRequestAge,
intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
startTime Time64,
maxCertRequestAge MaxCertRequestAge
}
} OPTIONAL,
temporalSeriesOfShuffleThreshold SEQUENCE {
initialShuffleThreshold ShuffleThreshold DEFAULT 1000,
intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
startTime Time64,
shuffleThreshold ShuffleThreshold
}
} OPTIONAL,
temporalSeriesOfHashOfRequestSize SEQUENCE {
initialHashOfRequestSize HashOfRequestSize DEFAULT 32,
intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
startTime Time64,
hashOfRequestSize HashOfRequestSize
}
} OPTIONAL,
temporalSeriesOfMaxGpfGccfRetrievalInterval SEQUENCE {
initialMaxGpfGccfRetrievalInterval MaxGpfGccfRetrievalInterval,
intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
startTime Time64,
maxGpfGccfRetrievalInterval MaxGpfGccfRetrievalInterval
}
} OPTIONAL,
temporalSeriesOfRseApplicationCertValidity SEQUENCE {
initialRseApplicationCertValidity RseApplicationCertValidity,
intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
startTime Time64,
rseApplicationCertValidity RseApplicationCertValidity
}
} OPTIONAL,
temporalSeriesOfRseApplicationCertOVerlap SEQUENCE {
initialRseApplicationCertOverlap RseApplicationCertOverlap,
intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
startTime Time64,
rseApplicationCertOverlap RseApplicationCertOverlap
}
} OPTIONAL,
...
}
---
-- @brief This data type defines the current scms version.
-- @class ScmsVersion
ScmsVersion ::= Uint8
---
-- @brief This data type denotes the 16-byte global certificate chain ID.
-- @class GlobalCertChainFileID
GlobalCertChainFileID ::= Uint16
---
-- @brief This data type denotes the maximum time to operate without a new CRL,
-- specified in weeks (4 bytes)
-- @class OverdueCrlTolerance
OverdueCrlTolerance ::= Duration
---
-- @brief This data type denotes the i-value / i-period; default
-- @class IPeriod
IPeriod ::= Duration
---
-- @brief This data type denotes the minimum certs per i-period
-- @class MinCertsPerIPeriod
MinCertsPerIPeriod ::= Uint8
---
-- @brief This data type denotes the pseudonym cert validity model -
-- concurrent" or "non-concurrent"
-- @class CertValidityModel
-- @param concurrent certificates for an i-period are all simultaneous valid.
-- @param non-concurrent certificates for an i-period are sequentially valid.
CertValidityModel ::= ENUMERATED {
concurrent (1),
non-concurrent (2),
...
}
---
-- @brief This data type denotes the maximum time covered by a certificate
-- batch in years.
-- @class MaxAvailableCertSupply
MaxAvailableCertSupply ::= Duration
---
-- @brief This data type denotes the maximum time for individual certificate
-- request.
-- @class MaxCertRequestAge
MaxCertRequestAge ::= Duration
---
-- @brief This data type denotes the minimum number of individual certificate
-- requests before shuffle/send to PCA.
-- @class ShuffleThreshold
ShuffleThreshold ::= Uint32
---
-- @brief This data type denotes the number of bytes in "has of request"
-- between PCA and RA for indicidaul certificate requests.
-- @class HashOfRequestSize
HashOfRequestSize ::= Uint8
---
-- @brief This data type denotes the maximum interval (in hours) before
-- retrieving new GPF and GCCF.
-- @class MaxGpfGccfRetrievalInterval
MaxGpfGccfRetrievalInterval ::= Duration
---
-- @brief This data type denotes the validity time for an RSE certificate (in
-- hours).
-- @class RseApplicationCertValidity
RseApplicationCertValidity ::= Duration
---
-- @brief This data type denotes the RSE certificate overlap period (in hours).
-- @class RseApplicationCertOverlap
RseApplicationCertOverlap ::= Duration
---
-- @brief This type is used by an RA that wants to create a custom version of
-- the GlobalPolicyData. This structure adds an element with the RA's
-- ID to differentiate it from a conventional GlobalPolicyFile.
-- @class CustomPolicyData
-- @param requestingRaHostname is the 256-bit unique hostname of the RA
-- requesting custom policy data.
-- @param globalPolicy is the global policy file data.
-- @see RaHostnameId
CustomPolicyData ::= SEQUENCE {
requestingRaHostname RaHostnameId OPTIONAL,
-- Hostname of the RA that customized this policy data
globalPolicy GlobalPolicyData,
...
}
---
-- @brief This data type contains local policy data generated by RA from
-- global policy data derived from GPF of PG.
-- @class LocalPolicyData
-- @param temporalSeriesOfShuffleThreshold minimum # of individual cert
-- requests before shuffle/send
-- to PCA.
-- @param temporalSeriesOfCertsPerIPeriod certs per i-period.
-- overrides global value);
-- default: 20
-- @param temporalSeriesOfLaOneHost LA1 256-bit unique hostname.
-- @param temporalSeriesOfLaTwoHost LA2 256-bit unique hostname.
-- @param temporalSeriesOfPcaHost PCA 256-bit unique hostname.
-- @param temporalSeriesOfRaX509TlsCert RA TLS certificate for
-- connection over HTTP.
-- @param temporalSeriesOfLaX509TlsCert LA TLS certificate.
-- @param temporalSeriesOfPcaX509TlsCert PCA TLS certificate.
-- @param temporalSeriesOfSharedKeyUpdateInterval maximum time between changes
-- to pre-linkage value enc/dec
-- key.
-- @see Time64, LaHostnameId, RaHostnameId, PcaHostnameId
LocalPolicyData ::= SEQUENCE {
temporalSeriesOfShuffleThreshold SEQUENCE {
initialShuffleThreshold ShuffleThreshold,
intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
startTime Time64,
shuffleThreshold ShuffleThreshold
}
} OPTIONAL,
temporalSeriesOfCertsPerIPeriod SEQUENCE {
initialCertsPerIPeriod CertsPerIPeriod DEFAULT 20,
intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
startTime Time64,
certsPerIPeriod CertsPerIPeriod
}
} OPTIONAL,
temporalSeriesOfLaOneHost SEQUENCE {
initialLaOneHost LaHostnameId,
intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
startTime Time64,
laOneHost LaHostnameId
}
} OPTIONAL,
temporalSeriesOfLaTwoHost SEQUENCE {
initialLaTwoHost LaHostnameId,
intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
startTime Time64,
laTwoHost LaHostnameId
}
} OPTIONAL,
temporalSeriesOfPcaHost SEQUENCE {
initialPcaHost PcaHostnameId,
intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
startTime Time64,
pcaHost PcaHostnameId
}
} OPTIONAL,
temporalSeriesOfRaX509TlsCert SEQUENCE {
initialRaX509TlsCert X509TlsCert,
intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
startTime Time64,
raX509TlsCert X509TlsCert
}
} OPTIONAL,
temporalSeriesOfLaX509TlsCert SEQUENCE {
initialLaX509TlsCert X509TlsCert,
intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
startTime Time64,
laX509TlsCert X509TlsCert
}
} OPTIONAL,
temporalSeriesOfPcaX509TlsCert SEQUENCE {
initialPcaX509TlsCert X509TlsCert,
intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
startTime Time64,
pcaX509TlsCert X509TlsCert
}
} OPTIONAL,
temporalSeriesOfSharedKeyUpdateInterval SEQUENCE {
initialSharedKeyUpdateInterval SharedKeyUpdateInterval,
intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
startTime Time64,
sharedKeyUpdateInterval SharedKeyUpdateInterval
}
} OPTIONAL,
...
}
---
-- @brief This data type denotes the certificates per i-period. This overrides
-- the global value.
-- @class CertsPerIPeriod
CertsPerIPeriod ::= Uint8
---
-- @brief This data type denotes the TLS certificate for secure communication
-- over HTTP.
-- @class X509TlsCert
X509TlsCert ::= Opaque
---
-- @brief This data type denotes the maximum time between changes to pre
-- linkage value encryption/decryption key.
-- @class SharedKeyUpdateInterval
SharedKeyUpdateInterval ::= Duration
END