User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)
RFC 2274
| Document | Type |
RFC - Proposed Standard
(January 1998; No errata)
Obsoleted by RFC 2574
Obsoletes RFC 2264
|
|
|---|---|---|---|
| Last updated | 2013-03-02 | ||
| Stream | Legacy | ||
| Formats | plain text pdf htmlized bibtex | ||
| Stream | Legacy state | (None) | |
| Consensus Boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | RFC 2274 (Proposed Standard) | |
| Telechat date | |||
| Responsible AD | (None) | ||
| Send notices to | (None) | ||
Network Working Group U. Blumenthal
Request for Comments: 2274 IBM T. J. Watson Research
Obsoletes: 2264 B. Wijnen
Category: Standards Track IBM T. J. Watson Research
January 1998
User-based Security Model (USM) for version 3 of the
Simple Network Management Protocol (SNMPv3)
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (1998). All Rights Reserved.
IANA Note
Due to a clerical error in the assignment of the snmpModules in this
memo, this RFC provides the corrected number assignment for this
protocol. This memo obsoletes RFC 2264.
Abstract
This document describes the User-based Security Model (USM) for SNMP
version 3 for use in the SNMP architecture [RFC2271]. It defines the
Elements of Procedure for providing SNMP message level security.
This document also includes a MIB for remotely monitoring/managing
the configuration parameters for this Security Model.
Table of Contents
1. Introduction 3
1.1. Threats 4
1.2. Goals and Constraints 5
1.3. Security Services 6
1.4. Module Organization 7
1.4.1. Timeliness Module 7
1.4.2. Authentication Protocol 8
1.4.3. Privacy Protocol 8
1.5. Protection against Message Replay, Delay and Redirection 8
1.5.1. Authoritative SNMP engine 8
Blumenthal & Wijnen Standards Track [Page 1]
RFC 2274 USM for SNMPv3 January 1998
1.5.2. Mechanisms 9
1.6. Abstract Service Interfaces. 10
1.6.1. User-based Security Model Primitives for Authentication 11
1.6.2. User-based Security Model Primitives for Privacy 11
2. Elements of the Model 12
2.1. User-based Security Model Users 12
2.2. Replay Protection 13
2.2.1. msgAuthoritativeEngineID 13
2.2.2. msgAuthoritativeEngineBoots and msgAuthoritativeEngineTime 14
2.2.3. Time Window 15
2.3. Time Synchronization 15
2.4. SNMP Messages Using this Security Model 16
2.5. Services provided by the User-based Security Model 17
2.5.1. Services for Generating an Outgoing SNMP Message 17
2.5.2. Services for Processing an Incoming SNMP Message 19
2.6. Key Localization Algorithm. 21
3. Elements of Procedure 21
3.1. Generating an Outgoing SNMP Message 22
3.2. Processing an Incoming SNMP Message 25
4. Discovery 30
5. Definitions 31
6. HMAC-MD5-96 Authentication Protocol 45
6.1. Mechanisms 45
6.1.1. Digest Authentication Mechanism 46
6.2. Elements of the Digest Authentication Protocol 46
6.2.1. Users 46
6.2.2. msgAuthoritativeEngineID 47
6.2.3. SNMP Messages Using this Authentication Protocol 47
6.2.4. Services provided by the HMAC-MD5-96 Authentication Module 47
6.2.4.1. Services for Generating an Outgoing SNMP Message 47
6.2.4.2. Services for Processing an Incoming SNMP Message 48
6.3. Elements of Procedure 49
6.3.1. Processing an Outgoing Message 49
6.3.2. Processing an Incoming Message 50
7. HMAC-SHA-96 Authentication Protocol 51
7.1. Mechanisms 51
Show full document text