User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)
RFC 2274
Document | Type |
RFC - Proposed Standard
(January 1998; No errata)
Obsoleted by RFC 2574
Obsoletes RFC 2264
|
|
---|---|---|---|
Authors | |||
Last updated | 2013-03-02 | ||
Stream | Legacy | ||
Formats | plain text html pdf htmlized bibtex | ||
Stream | Legacy state | (None) | |
Consensus Boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | RFC 2274 (Proposed Standard) | |
Telechat date | |||
Responsible AD | (None) | ||
Send notices to | (None) |
Network Working Group U. Blumenthal Request for Comments: 2274 IBM T. J. Watson Research Obsoletes: 2264 B. Wijnen Category: Standards Track IBM T. J. Watson Research January 1998 User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3) Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (1998). All Rights Reserved. IANA Note Due to a clerical error in the assignment of the snmpModules in this memo, this RFC provides the corrected number assignment for this protocol. This memo obsoletes RFC 2264. Abstract This document describes the User-based Security Model (USM) for SNMP version 3 for use in the SNMP architecture [RFC2271]. It defines the Elements of Procedure for providing SNMP message level security. This document also includes a MIB for remotely monitoring/managing the configuration parameters for this Security Model. Table of Contents 1. Introduction 3 1.1. Threats 4 1.2. Goals and Constraints 5 1.3. Security Services 6 1.4. Module Organization 7 1.4.1. Timeliness Module 7 1.4.2. Authentication Protocol 8 1.4.3. Privacy Protocol 8 1.5. Protection against Message Replay, Delay and Redirection 8 1.5.1. Authoritative SNMP engine 8 Blumenthal & Wijnen Standards Track [Page 1] RFC 2274 USM for SNMPv3 January 1998 1.5.2. Mechanisms 9 1.6. Abstract Service Interfaces. 10 1.6.1. User-based Security Model Primitives for Authentication 11 1.6.2. User-based Security Model Primitives for Privacy 11 2. Elements of the Model 12 2.1. User-based Security Model Users 12 2.2. Replay Protection 13 2.2.1. msgAuthoritativeEngineID 13 2.2.2. msgAuthoritativeEngineBoots and msgAuthoritativeEngineTime 14 2.2.3. Time Window 15 2.3. Time Synchronization 15 2.4. SNMP Messages Using this Security Model 16 2.5. Services provided by the User-based Security Model 17 2.5.1. Services for Generating an Outgoing SNMP Message 17 2.5.2. Services for Processing an Incoming SNMP Message 19 2.6. Key Localization Algorithm. 21 3. Elements of Procedure 21 3.1. Generating an Outgoing SNMP Message 22 3.2. Processing an Incoming SNMP Message 25 4. Discovery 30 5. Definitions 31 6. HMAC-MD5-96 Authentication Protocol 45 6.1. Mechanisms 45 6.1.1. Digest Authentication Mechanism 46 6.2. Elements of the Digest Authentication Protocol 46 6.2.1. Users 46 6.2.2. msgAuthoritativeEngineID 47 6.2.3. SNMP Messages Using this Authentication Protocol 47 6.2.4. Services provided by the HMAC-MD5-96 Authentication Module 47 6.2.4.1. Services for Generating an Outgoing SNMP Message 47 6.2.4.2. Services for Processing an Incoming SNMP Message 48 6.3. Elements of Procedure 49 6.3.1. Processing an Outgoing Message 49 6.3.2. Processing an Incoming Message 50 7. HMAC-SHA-96 Authentication Protocol 51 7.1. Mechanisms 51Show full document text