User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)
RFC 2274

Document Type RFC - Proposed Standard (January 1998; No errata)
Obsoleted by RFC 2574
Obsoletes RFC 2264
Last updated 2013-03-02
Stream Legacy
Formats plain text pdf html bibtex
Stream Legacy state (None)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state RFC 2274 (Proposed Standard)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                      U. Blumenthal
Request for Comments: 2274                     IBM T. J. Watson Research
Obsoletes: 2264                                                B. Wijnen
Category: Standards Track                      IBM T. J. Watson Research
                                                            January 1998

          User-based Security Model (USM) for version 3 of the
              Simple Network Management Protocol (SNMPv3)

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1998).  All Rights Reserved.

IANA Note

   Due to a clerical error in the assignment of the snmpModules in this
   memo, this RFC provides the corrected number assignment for this
   protocol.  This memo obsoletes RFC 2264.

Abstract

   This document describes the User-based Security Model (USM) for SNMP
   version 3 for use in the SNMP architecture [RFC2271].  It defines the
   Elements of Procedure for providing SNMP message level security.
   This document also includes a MIB for remotely monitoring/managing
   the configuration parameters for this Security Model.

Table of Contents

1.  Introduction                                                       3
1.1.  Threats                                                          4
1.2.  Goals and Constraints                                            5
1.3.  Security Services                                                6
1.4.  Module Organization                                              7
1.4.1.  Timeliness Module                                              7
1.4.2.  Authentication Protocol                                        8
1.4.3.  Privacy Protocol                                               8
1.5.  Protection against Message Replay, Delay and Redirection         8
1.5.1.  Authoritative SNMP engine                                      8

Blumenthal & Wijnen         Standards Track                     [Page 1]
RFC 2274                     USM for SNMPv3                 January 1998

1.5.2.  Mechanisms                                                     9
1.6.  Abstract Service Interfaces.                                    10
1.6.1.  User-based Security Model Primitives for Authentication       11
1.6.2.  User-based Security Model Primitives for Privacy              11
2.  Elements of the Model                                             12
2.1.  User-based Security Model Users                                 12
2.2.  Replay Protection                                               13
2.2.1.  msgAuthoritativeEngineID                                      13
2.2.2.  msgAuthoritativeEngineBoots and msgAuthoritativeEngineTime    14
2.2.3.  Time Window                                                   15
2.3.  Time Synchronization                                            15
2.4.  SNMP Messages Using this Security Model                         16
2.5.  Services provided by the User-based Security Model              17
2.5.1.  Services for Generating an Outgoing SNMP Message              17
2.5.2.  Services for Processing an Incoming SNMP Message              19
2.6.  Key Localization Algorithm.                                     21
3.  Elements of Procedure                                             21
3.1.  Generating an Outgoing SNMP Message                             22
3.2.  Processing an Incoming SNMP Message                             25
4.  Discovery                                                         30
5.  Definitions                                                       31
6.  HMAC-MD5-96 Authentication Protocol                               45
6.1.  Mechanisms                                                      45
6.1.1.  Digest Authentication Mechanism                               46
6.2.  Elements of the Digest Authentication Protocol                  46
6.2.1.  Users                                                         46
6.2.2.  msgAuthoritativeEngineID                                      47
6.2.3.  SNMP Messages Using this Authentication Protocol              47
6.2.4.  Services provided by the HMAC-MD5-96 Authentication Module    47
6.2.4.1.  Services for Generating an Outgoing SNMP Message            47
6.2.4.2.  Services for Processing an Incoming SNMP Message            48
6.3.  Elements of Procedure                                           49
6.3.1.  Processing an Outgoing Message                                49
6.3.2.  Processing an Incoming Message                                50
7.  HMAC-SHA-96 Authentication Protocol                               51
7.1.  Mechanisms                                                      51
Show full document text