Browse Prior Art Database

User-based Security Model for SNMPv2 (RFC1910)

IP.com Disclosure Number: IPCOM000004154D
Original Publication Date: 1996-Feb-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 36 page(s) / 91K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

G. Waters: AUTHOR

Abstract

A management system contains: several (potentially many) nodes, each with a processing entity, termed an agent, which has access to management instrumentation; at least one management station; and, a management protocol, used to convey management information between the agents and management stations. Operations of the protocol are carried out under an administrative framework which defines authentication, authorization, access control, and privacy policies.

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 3% of the total text.

Network Working Group G. Waters, Editor

Request for Comments: 1910 Bell-Northern Research Ltd.

Category: Experimental February 1996

User-based Security Model for SNMPv2

Status of this Memo

This memo defines an Experimental Protocol for the Internet

community. This memo does not specify an Internet standard of any

kind. Discussion and suggestions for improvement are requested.

Distribution of this memo is unlimited.

Table of Contents

1. Introduction ................................................ 2

1.1 Threats .................................................... 3

1.2 Goals and Constraints ...................................... 4

1.3 Security Services .......................................... 5

1.4 Mechanisms ................................................. 5

1.4.1 Digest Authentication Protocol ........................... 7

1.4.2 Symmetric Encryption Protocol ............................ 8

2. Elements of the Model ....................................... 10

2.1 SNMPv2 Users ............................................... 10

2.2 Contexts and Context Selectors ............................. 11

2.3 Quality of Service (qoS) ................................... 13

2.4 Access Policy .............................................. 13

2.5 Replay Protection .......................................... 13

2.5.1 agentID .................................................. 14

2.5.2 agentBoots and agentTime ................................. 14

2.5.3 Time Window .............................................. 15

2.6 Error Reporting ............................................ 15

2.7 Time Synchronization ....................................... 16

2.8 Proxy Error Propagation .................................... 16

2.9 SNMPv2 Messages Using this Model ........................... 16

2.10 Local Configuration Datastore (LCD) ....................... 18

3. Elements of Procedure ....................................... 19

3.1 Generating a Request or Notification ....................... 19

3.2 Processing a Received Communication ........................ 20

3.2.1 Additional Details ....................................... 28

3.2.1.1 ASN.1 Parsing Errors ................................... 28

3.2.1.2 Incorrectly Encoded Parameters ......................... 29

3.2.1.3 Generation of a Report PDU ............................. 29

3.2.1.4 Cache Timeout .......................................... 29

3.3 Generating a Response ...........................