User-based Security Model for SNMPv2
RFC 1910

Document Type RFC - Historic (February 1996; No errata)
Last updated 2013-03-02
Stream Legacy
Formats plain text pdf html bibtex
Stream Legacy state (None)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state RFC 1910 (Historic)
Telechat date
Responsible AD Bert Wijnen
IESG note and RFC1910 are now Historic
Send notices to <brent@eng.sun.com>
Network Working Group                                  G. Waters, Editor
Request for Comments: 1910                   Bell-Northern Research Ltd.
Category: Experimental                                     February 1996

                  User-based Security Model for SNMPv2

Status of this Memo

   This memo defines an Experimental Protocol for the Internet
   community.  This memo does not specify an Internet standard of any
   kind.  Discussion and suggestions for improvement are requested.
   Distribution of this memo is unlimited.

Table of Contents

   1. Introduction ................................................    2
   1.1 Threats ....................................................    3
   1.2 Goals and Constraints ......................................    4
   1.3 Security Services ..........................................    5
   1.4 Mechanisms .................................................    5
   1.4.1 Digest Authentication Protocol ...........................    7
   1.4.2 Symmetric Encryption Protocol ............................    8
   2. Elements of the Model .......................................   10
   2.1 SNMPv2 Users ...............................................   10
   2.2 Contexts and Context Selectors .............................   11
   2.3 Quality of Service (qoS) ...................................   13
   2.4 Access Policy ..............................................   13
   2.5 Replay Protection ..........................................   13
   2.5.1 agentID ..................................................   14
   2.5.2 agentBoots and agentTime .................................   14
   2.5.3 Time Window ..............................................   15
   2.6 Error Reporting ............................................   15
   2.7 Time Synchronization .......................................   16
   2.8 Proxy Error Propagation ....................................   16
   2.9 SNMPv2 Messages Using this Model ...........................   16
   2.10 Local Configuration Datastore (LCD) .......................   18
   3. Elements of Procedure .......................................   19
   3.1 Generating a Request or Notification .......................   19
   3.2 Processing a Received Communication ........................   20
   3.2.1 Additional Details .......................................   28
   3.2.1.1 ASN.1 Parsing Errors ...................................   28
   3.2.1.2 Incorrectly Encoded Parameters .........................   29
   3.2.1.3 Generation of a Report PDU .............................   29
   3.2.1.4 Cache Timeout ..........................................   29
   3.3 Generating a Response ......................................   30
   4. Discovery ...................................................   30
   5. Definitions .................................................   31

Waters                        Experimental                      [Page 1]
RFC 1910          User-based Security Model for SNMPv2     February 1996

   4.1 The USEC Basic Group .......................................   32
   4.2 Conformance Information ....................................   35
   4.2.1 Compliance Statements ....................................   35
   4.2.2 Units of Conformance .....................................   35
   6. Security Considerations .....................................   36
   6.1 Recommended Practices ......................................   36
   6.2 Defining Users .............................................   37
   6.3 Conformance ................................................   38
   7. Editor's Address ............................................   38
   8. Acknowledgements ............................................   39
   9. References ..................................................   39
   Appendix A Installation ........................................   41
   Appendix A.1 Agent Installation Parameters .....................   41
   Appendix A.2 Password to Key Algorithm .........................   43
   Appendix A.3 Password to Key Sample ............................   44

1.  Introduction

   A management system contains:  several (potentially many) nodes, each
   with a processing entity, termed an agent, which has access to
   management instrumentation; at least one management station; and, a
   management protocol, used to convey management information between
   the agents and management stations.  Operations of the protocol are
   carried out under an administrative framework which defines
   authentication, authorization, access control, and privacy policies.

   Management stations execute management applications which monitor and
   control managed elements.  Managed elements are devices such as
   hosts, routers, terminal servers, etc., which are monitored and
   controlled via access to their management information.

   The Administrative Infrastructure for SNMPv2 document [1] defines an
   administrative framework which realizes effective management in a
Show full document text