RFC 2274 (rfc2274) - Page 2 of 76


User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)



Alternative Format: Original Text Document



RFC 2274                     USM for SNMPv3                 January 1998


1.5.2.  Mechanisms                                                     9
1.6.  Abstract Service Interfaces.                                    10
1.6.1.  User-based Security Model Primitives for Authentication       11
1.6.2.  User-based Security Model Primitives for Privacy              11
2.  Elements of the Model                                             12
2.1.  User-based Security Model Users                                 12
2.2.  Replay Protection                                               13
2.2.1.  msgAuthoritativeEngineID                                      13
2.2.2.  msgAuthoritativeEngineBoots and msgAuthoritativeEngineTime    14
2.2.3.  Time Window                                                   15
2.3.  Time Synchronization                                            15
2.4.  SNMP Messages Using this Security Model                         16
2.5.  Services provided by the User-based Security Model              17
2.5.1.  Services for Generating an Outgoing SNMP Message              17
2.5.2.  Services for Processing an Incoming SNMP Message              19
2.6.  Key Localization Algorithm.                                     21
3.  Elements of Procedure                                             21
3.1.  Generating an Outgoing SNMP Message                             22
3.2.  Processing an Incoming SNMP Message                             25
4.  Discovery                                                         30
5.  Definitions                                                       31
6.  HMAC-MD5-96 Authentication Protocol                               45
6.1.  Mechanisms                                                      45
6.1.1.  Digest Authentication Mechanism                               46
6.2.  Elements of the Digest Authentication Protocol                  46
6.2.1.  Users                                                         46
6.2.2.  msgAuthoritativeEngineID                                      47
6.2.3.  SNMP Messages Using this Authentication Protocol              47
6.2.4.  Services provided by the HMAC-MD5-96 Authentication Module    47
6.2.4.1.  Services for Generating an Outgoing SNMP Message            47
6.2.4.2.  Services for Processing an Incoming SNMP Message            48
6.3.  Elements of Procedure                                           49
6.3.1.  Processing an Outgoing Message                                49
6.3.2.  Processing an Incoming Message                                50
7.  HMAC-SHA-96 Authentication Protocol                               51
7.1.  Mechanisms                                                      51
7.1.1.  Digest Authentication Mechanism                               51
7.2.  Elements of the HMAC-SHA-96 Authentication Protocol             52
7.2.1.  Users                                                         52
7.2.2.  msgAuthoritativeEngineID                                      52
7.2.3.  SNMP Messages Using this Authentication Protocol              53
7.2.4.  Services provided by the HMAC-SHA-96 Authentication Module    53
7.2.4.1.  Services for Generating an Outgoing SNMP Message            53
7.2.4.2.  Services for Processing an Incoming SNMP Message            54
7.3.  Elements of Procedure                                           54
7.3.1.  Processing an Outgoing Message                                55
7.3.2.  Processing an Incoming Message                                55
8.  CBC-DES Symmetric Encryption Protocol                             56



Blumenthal & Wijnen         Standards Track