RFC 3414 (rfc3414) - Page 4 of 88


User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)



Alternative Format: Original Text Document

< Previous
Next >


RFC 3414                     USM for SNMPv3                December 2002


1. Introduction

   The Architecture for describing Internet Management Frameworks
   [RFC 3411] describes that an SNMP engine is composed of:

   1) a Dispatcher,
   2) a Message Processing Subsystem,
   3) a Security Subsystem, and
   4) an Access Control Subsystem.

   Applications make use of the services of these subsystems.

   It is important to understand the SNMP architecture and the
   terminology of the architecture to understand where the Security
   Model described in this document fits into the architecture and
   interacts with other subsystems within the architecture.  The reader
   is expected to have read and understood the description of the SNMP
   architecture, as defined in [RFC 3411].

   This memo describes the User-based Security Model as it is used
   within the SNMP Architecture.  The main idea is that we use the
   traditional concept of a user (identified by a userName) with which
   to associate security information.

   This memo describes the use of HMAC-MD5-96 and HMAC-SHA-96 as the
   authentication protocols and the use of CBC-DES as the privacy
   protocol.  The User-based Security Model however allows for other
   such protocols to be used instead of or concurrent with these
   protocols.  Therefore, the description of HMAC-MD5-96, HMAC-SHA-96
   and CBC-DES are in separate sections to reflect their self-contained
   nature and to indicate that they can be replaced or supplemented in
   the future.

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC 2119].

1.1. Threats

   Several of the classical threats to network protocols are applicable
   to the network management problem and therefore would be applicable
   to any SNMP Security Model.  Other threats are not applicable to the
   network management problem.  This section discusses principal
   threats, secondary threats, and threats which are of lesser
   importance.

   The principal threats against which this SNMP Security Model should
   provide protection are:



Blumenthal & Wijnen         Standards Track


< Previous
Next >


Web Standards & Support:

Link to and support eLook.org Powered by LoadedWeb Web Hosting
Valid XHTML 1.0! Valid CSS! eLook.org FireFox Extensions