RFC 3826 (rfc3826) - Page 2 of 16
The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP User-based Security Model
Alternative Format: Original Text Document
RFC 3826 AES for SNMP's USM June 2004
3.2. Elements of the AES Privacy Protocol . . . . . . . . . 9
3.2.1. Users . . . . . . . . . . . . . . . . . . . . . 9
3.2.2. msgAuthoritativeEngineID. . . . . . . . . . . . 9
3.2.3. SNMP Messages Using this Privacy Protocol . . . 10
3.2.4. Services provided by the AES Privacy Modules. . 10
3.3. Elements of Procedure. . . . . . . . . . . . . . . . . 11
3.3.1. Processing an Outgoing Message. . . . . . . . . 12
3.3.2. Processing an Incoming Message. . . . . . . . . 12
4. Security Considerations. . . . . . . . . . . . . . . . . . . 13
5. IANA Considerations. . . . . . . . . . . . . . . . . . . . . 13
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 14
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 14
7.1. Normative References . . . . . . . . . . . . . . . . . 14
7.2. Informative References . . . . . . . . . . . . . . . . 14
8. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 15
9. Full Copyright Statement . . . . . . . . . . . . . . . . . . 16
1. Introduction
Within the Architecture for describing Internet Management Frameworks
[RFC 3411], the User-based Security Model (USM) [RFC 3414] for SNMPv3
is defined as a Security Subsystem within an SNMP engine. RFC 3414
describes the use of HMAC-MD5-96 and HMAC-SHA-96 as the initial
authentication protocols, and the use of CBC-DES as the initial
privacy protocol. The User-based Security Model, however, allows for
other such protocols to be used instead of, or concurrently with,
these protocols.
This memo describes the use of CFB128-AES-128 as an alternative
privacy protocol for the User-based Security Model. The key words
"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD",
"SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document
are to be interpreted as described in [RFC 2119].
1.1. Goals and Constraints
The main goal of this memo is to provide a new privacy protocol for
the USM based on the Advanced Encryption Standard (AES) [FIPS-AES].
The major constraint is to maintain a complete interchangeability of
the new protocol defined in this memo with existing authentication
and privacy protocols already defined in USM.
For a given user, the AES-based privacy protocol MUST be used with
one of the authentication protocols defined in RFC 3414 or an
algorithm/protocol providing equivalent functionality.
Blumenthal, et al. Standards Track