User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)
RFC 3414

Document Type RFC - Internet Standard (December 2002; Errata)
Updated by RFC 5590
Obsoletes RFC 2574
Last updated 2015-10-14
Stream IETF
Formats plain text pdf html bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 3414 (Internet Standard)
Consensus Unknown
Telechat date
Responsible AD Randy Bush
IESG note Approved
Responsible: RFC Editor
Send notices to (None)
Network Working Group                                      U. Blumenthal
Request for Comments: 3414                                     B. Wijnen
STD: 62                                              Lucent Technologies
Obsoletes: 2574                                            December 2002
Category: Standards Track

          User-based Security Model (USM) for version 3 of the
              Simple Network Management Protocol (SNMPv3)

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2002).  All Rights Reserved.

Abstract

   This document describes the User-based Security Model (USM) for
   Simple Network Management Protocol (SNMP) version 3 for use in the
   SNMP architecture.  It defines the Elements of Procedure for
   providing SNMP message level security.  This document also includes a
   Management Information Base (MIB) for remotely monitoring/managing
   the configuration parameters for this Security Model.  This document
   obsoletes RFC 2574.

Table of Contents

   1.        Introduction..........................................  4
   1.1.      Threats...............................................  4
   1.2.      Goals and Constraints.................................  6
   1.3.      Security Services.....................................  6
   1.4.      Module Organization...................................  7
   1.4.1.    Timeliness Module.....................................  8
   1.4.2.    Authentication Protocol...............................  8
   1.4.3.    Privacy Protocol......................................  8
   1.5.      Protection against Message Replay, Delay
             and Redirection.......................................  9
   1.5.1.    Authoritative SNMP engine.............................  9
   1.5.2.    Mechanisms............................................  9
   1.6.      Abstract Service Interfaces........................... 11

Blumenthal & Wijnen         Standards Track                     [Page 1]
RFC 3414                     USM for SNMPv3                December 2002

   1.6.1.    User-based Security Model Primitives
             for Authentication.................................... 11
   1.6.2.    User-based Security Model Primitives
             for Privacy........................................... 12
   2.        Elements of the Model................................. 12
   2.1.      User-based Security Model Users....................... 12
   2.2.      Replay Protection..................................... 13
   2.2.1.    msgAuthoritativeEngineID.............................. 14
   2.2.2.    msgAuthoritativeEngineBoots and
             msgAuthoritativeEngineTime............................ 14
   2.2.3.    Time Window........................................... 15
   2.3.      Time Synchronization.................................. 15
   2.4.      SNMP Messages Using this Security Model............... 16
   2.5.      Services provided by the User-based Security Model.... 17
   2.5.1.    Services for Generating an Outgoing SNMP Message...... 17
   2.5.2.    Services for Processing an Incoming SNMP Message...... 20
   2.6.      Key Localization Algorithm............................ 22
   3.        Elements of Procedure................................. 22
   3.1.      Generating an Outgoing SNMP Message................... 22
   3.2.      Processing an Incoming SNMP Message................... 26
   4.        Discovery............................................. 31
   5.        Definitions........................................... 32
   6.        HMAC-MD5-96 Authentication Protocol................... 51
   6.1.      Mechanisms............................................ 51
   6.1.1.    Digest Authentication Mechanism....................... 51
   6.2.      Elements of the Digest Authentication Protocol........ 52
   6.2.1.    Users................................................. 52
   6.2.2.    msgAuthoritativeEngineID.............................. 53
   6.2.3.    SNMP Messages Using this Authentication Protocol...... 53
   6.2.4.    Services provided by the HMAC-MD5-96
             Authentication Module................................. 53
   6.2.4.1.  Services for Generating an Outgoing SNMP Message...... 53
   6.2.4.2.  Services for Processing an Incoming SNMP Message...... 54
   6.3.      Elements of Procedure................................. 55
   6.3.1.    Processing an Outgoing Message........................ 55
   6.3.2.    Processing an Incoming Message........................ 56
Show full document text