User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)
RFC 2574
| Document | Type |
RFC - Draft Standard
(April 1999; No errata)
Obsoleted by RFC 3414
Obsoletes RFC 2274
|
|
|---|---|---|---|
| Last updated | 2013-03-02 | ||
| Stream | IETF | ||
| Formats | plain text html pdf htmlized bibtex | ||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 2574 (Draft Standard) | |
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | (None) | ||
| Send notices to | (None) | ||
Network Working Group U. Blumenthal
Request for Comments: 2574 IBM T. J. Watson Research
Obsoletes: 2274 B. Wijnen
Category: Standards Track IBM T. J. Watson Research
April 1999
User-based Security Model (USM) for version 3 of the
Simple Network Management Protocol (SNMPv3)
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (1999). All Rights Reserved.
Abstract
This document describes the User-based Security Model (USM) for SNMP
version 3 for use in the SNMP architecture [RFC2571]. It defines the
Elements of Procedure for providing SNMP message level security.
This document also includes a MIB for remotely monitoring/managing
the configuration parameters for this Security Model.
Table of Contents
1. Introduction 3
1.1. Threats 4
1.2. Goals and Constraints 5
1.3. Security Services 6
1.4. Module Organization 7
1.4.1. Timeliness Module 7
1.4.2. Authentication Protocol 8
1.4.3. Privacy Protocol 8
1.5. Protection against Message Replay, Delay and Redirection 8
1.5.1. Authoritative SNMP engine 8
1.5.2. Mechanisms 9
1.6. Abstract Service Interfaces 10
1.6.1. User-based Security Model Primitives for Authentication 11
1.6.2. User-based Security Model Primitives for Privacy 11
2. Elements of the Model 12
2.1. User-based Security Model Users 12
Blumenthal & Wijnen Standards Track [Page 1]
RFC 2574 USM for SNMPv3 April 1999
2.2. Replay Protection 13
2.2.1. msgAuthoritativeEngineID 13
2.2.2. msgAuthoritativeEngineBoots and msgAuthoritativeEngineTime14
2.2.3. Time Window 15
2.3. Time Synchronization 15
2.4. SNMP Messages Using this Security Model 16
2.5. Services provided by the User-based Security Model 17
2.5.1. Services for Generating an Outgoing SNMP Message 17
2.5.2. Services for Processing an Incoming SNMP Message 19
2.6. Key Localization Algorithm. 21
3. Elements of Procedure 21
3.1. Generating an Outgoing SNMP Message 22
3.2. Processing an Incoming SNMP Message 25
4. Discovery 30
5. Definitions 31
6. HMAC-MD5-96 Authentication Protocol 50
6.1. Mechanisms 50
6.1.1. Digest Authentication Mechanism 50
6.2. Elements of the Digest Authentication Protocol 51
6.2.1. Users 51
6.2.2. msgAuthoritativeEngineID 51
6.2.3. SNMP Messages Using this Authentication Protocol 51
6.2.4. Services provided by the HMAC-MD5-96 Authentication Module52
6.2.4.1. Services for Generating an Outgoing SNMP Message 52
6.2.4.2. Services for Processing an Incoming SNMP Message 53
6.3. Elements of Procedure 53
6.3.1. Processing an Outgoing Message 54
6.3.2. Processing an Incoming Message 54
7. HMAC-SHA-96 Authentication Protocol 55
7.1. Mechanisms 55
7.1.1. Digest Authentication Mechanism 56
7.2. Elements of the HMAC-SHA-96 Authentication Protocol 56
7.2.1. Users 56
Show full document text