User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)
RFC 2574

 
Document Type RFC - Draft Standard (April 1999; No errata)
Obsoleted by RFC 3414
Obsoletes RFC 2274
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 2574 (Draft Standard)
Telechat date
Responsible AD (None)
Send notices to (None)

Email authors IPR References Referenced by Nits Search lists

Network Working Group                                      U. Blumenthal
Request for Comments: 2574                     IBM T. J. Watson Research
Obsoletes: 2274                                                B. Wijnen
Category: Standards Track                      IBM T. J. Watson Research
                                                              April 1999

          User-based Security Model (USM) for version 3 of the
              Simple Network Management Protocol (SNMPv3)

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1999).  All Rights Reserved.

Abstract

   This document describes the User-based Security Model (USM) for SNMP
   version 3 for use in the SNMP architecture [RFC2571].  It defines the
   Elements of Procedure for providing SNMP message level security.
   This document also includes a MIB for remotely monitoring/managing
   the configuration parameters for this Security Model.

Table of Contents

   1.  Introduction                                                   3
   1.1.  Threats                                                      4
   1.2.  Goals and Constraints                                        5
   1.3.  Security Services                                            6
   1.4.  Module Organization                                          7
   1.4.1.  Timeliness Module                                          7
   1.4.2.  Authentication Protocol                                    8
   1.4.3.  Privacy Protocol                                           8
   1.5.  Protection against Message Replay, Delay and Redirection     8
   1.5.1.  Authoritative SNMP engine                                  8
   1.5.2.  Mechanisms                                                 9
   1.6.  Abstract Service Interfaces                                 10
   1.6.1.  User-based Security Model Primitives for Authentication   11
   1.6.2.  User-based Security Model Primitives for Privacy          11
   2.  Elements of the Model                                         12
   2.1.  User-based Security Model Users                             12

Blumenthal & Wijnen         Standards Track                     [Page 1]
RFC 2574                     USM for SNMPv3                   April 1999

   2.2.  Replay Protection                                           13
   2.2.1.  msgAuthoritativeEngineID                                  13
   2.2.2.  msgAuthoritativeEngineBoots and msgAuthoritativeEngineTime14
   2.2.3.  Time Window                                               15
   2.3.  Time Synchronization                                        15
   2.4.  SNMP Messages Using this Security Model                     16
   2.5.  Services provided by the User-based Security Model          17
   2.5.1.  Services for Generating an Outgoing SNMP Message          17
   2.5.2.  Services for Processing an Incoming SNMP Message          19
   2.6.  Key Localization Algorithm.                                 21
   3.  Elements of Procedure                                         21
   3.1.  Generating an Outgoing SNMP Message                         22
   3.2.  Processing an Incoming SNMP Message                         25
   4.  Discovery                                                     30
   5.  Definitions                                                   31
   6.  HMAC-MD5-96 Authentication Protocol                           50
   6.1.  Mechanisms                                                  50
   6.1.1.  Digest Authentication Mechanism                           50
   6.2.  Elements of the Digest Authentication Protocol              51
   6.2.1.  Users                                                     51
   6.2.2.  msgAuthoritativeEngineID                                  51
   6.2.3.  SNMP Messages Using this Authentication Protocol          51
   6.2.4.  Services provided by the HMAC-MD5-96 Authentication Module52
   6.2.4.1.  Services for Generating an Outgoing SNMP Message        52
   6.2.4.2.  Services for Processing an Incoming SNMP Message        53
   6.3.  Elements of Procedure                                       53
   6.3.1.  Processing an Outgoing Message                            54
   6.3.2.  Processing an Incoming Message                            54
   7.  HMAC-SHA-96 Authentication Protocol                           55
   7.1.  Mechanisms                                                  55
   7.1.1.  Digest Authentication Mechanism                           56
Show full document text