[Docs] [txt|pdf] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]

Versions: (RFC 2570) 00 01 02 RFC 3410

INTERNET-DRAFT                                           Jeffrey D. Case
                                                     SNMP Research, Inc.
                                                              Russ Mundy
                                      NAI Labs, Network Associates, Inc.
                                                           David Partain
                                                                Ericsson
                                                             Bob Stewart
                                                                 Retired

                    Introduction to Version 3 of the
                 Internet-Standard Management Framework

                      $Date: 2002/06/20 15:45:00 $
                  draft-ietf-snmpv3-rfc2570bis-02.txt
           $Revision: 2.2.2 $ -- $Date: 2002/06/20 15:45:00 $


Status of this Memo

This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026.

Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups.  Note that other groups
may also distribute working documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time.  It is inappropriate to use Internet-Drafts as reference material
or to cite them other than as "work in progress."

The list of current Internet-Drafts can be accessed at
           http://www.ietf.org/ietf/1id-abstracts.txt

The list of Internet-Draft Shadow Directories can be accessed at
           http://www.ietf.org/shadow.html.




















Internet Draft                                                 June 2002


                                Abstract


     The purpose of this document is to provide an overview of the
     third version of the Internet-Standard Management Framework,
     termed the SNMP version 3 Framework (SNMPv3).  This Framework
     is derived from and builds upon both the original Internet-
     Standard Management Framework (SNMPv1) and the second
     Internet-Standard Management Framework (SNMPv2).

     The architecture is designed to be modular to allow the
     evolution of the Framework over time.

     This document is intended to become an update to and a
     replacement for RFC 2570 which currently has the
     standardization status of "Informational." This document
     includes up-to-date information reflecting changes since April
     1999 when RFC 2570 was first published.

     This document is a work product of the SNMPv3 Working Group of
     the Internet Engineering Task Force (IETF).





























Expires December 2002     SNMPv3 Working Group                  [Page 2]

Internet Draft                                                 June 2002


0.  Revision History:

This entire section should be removed by the RFC editor when publishing.

Version 2.2.2:  20 June 2002 15:45:00 (EDT)
  .  [JDC] convert nroff to final files, fix up Makefile and nroff problems
     and minor cosmetics including page breaks producing
     (draft-ietf-snmpv3-rfc2570bis-02.txt)

Version 2.2.1:  20 June 2002 16:00:00 (Swedish)
  .  [DLP] incorporate comments from the mailing list
     on (draft-ietf-snmpv3-rfc2570bis-01.txt) which was also known for a brief
     period as (draft-ietf-snmpv3-intro-v2-01.txt)

Version 2.1.2:  22 Apr 2002 15:37:00
  .  incorporate comments from david and russ producing
     (draft-ietf-snmpv3-intro-v2-01.txt) which was renamed
     (draft-ietf-snmpv3-rfc2570bis-01.txt) before ID publication

Version 2.1.1:  11 Apr 2002 12:00:00
  .  address comments from the mailing list wrt version 2.0.1
     which was known as both (draft-ietf-snmpv3-intro-v2-00.txt)
     and (draft-ietf-snmpv3-rfc2570bis-00.txt)

Version 2.0.1:  22 Feb 2002 13:31:00
  .  re-align .rf sources with content of rfc2570
  .  initial update to reflect base documents going from draft to full std
  .  supply requested explanatory text with regard to standardization
     status of SMIv1, SNMPv1, and SNMPv2c
  .  produced (draft-ietf-snmpv3-intro-v2-00.txt) which was renamed
     (draft-ietf-snmpv3-rfc2570bis-00.txt) before ID publication

Version 1.5:

  .  version sent to rfc editor, resulting in publication of RFC 2570


Open Issues

   .  in the category of a "don't forget" reminder ... this document
      should obsolete both rfc 2570 and rfc 1441, (1441 never got
      moved to historic per todo-list request mailgram from
      bert 20 Aug 2001)







Expires December 2002     SNMPv3 Working Group                  [Page 3]

Internet Draft                                                 June 2002


1.  Introduction

This document is an introduction to the third version of the Internet-
Standard Management Framework, termed the SNMP version 3 Management
Framework (SNMPv3) and has multiple purposes.

First, it describes the relationship between the SNMP version 3 (SNMPv3)
specifications and the specifications of the SNMP version 1 (SNMPv1)
Management Framework, the SNMP version 2 (SNMPv2) Management Framework,
and the Community-based Administrative Framework for SNMPv2.

Second, it provides a roadmap to the multiple documents which contain
the relevant specifications.

Third, this document provides a brief easy-to-read summary of the
contents of each of the relevant specification documents.

This document is intentionally tutorial in nature and, as such, may
occasionally be "guilty" of oversimplification.  In the event of a
conflict or contradiction between this document and the more detailed
documents for which this document is a roadmap, the specifications in
the more detailed documents shall prevail.

Further, the detailed documents attempt to maintain separation between
the various component modules in order to specify well-defined
interfaces between them.  This roadmap document, however, takes a
different approach and attempts to provide an integrated view of the
various component modules in the interest of readability.






















Expires December 2002     SNMPv3 Working Group                  [Page 4]

Internet Draft                                                 June 2002


2.  The Internet Standard Management Framework

The third version of the Internet Standard Management Framework (the
SNMPv3 Framework) is derived from and builds upon both the original
Internet-Standard Management Framework (SNMPv1) and the second
Internet-Standard Management Framework (SNMPv2).

All versions (SNMPv1, SNMPv2, and SNMPv3) of the Internet Standard
Management Framework share the same basic structure and components.
Furthermore, all versions of the specifications of the Internet Standard
Management Framework follow the same architecture.


2.1.  Basic Structure and Components

An enterprise deploying the Internet Standard Management Framework
contains four basic components:

  * several (typically many) managed nodes, each with an SNMP entity
    which provides remote access to management instrumentation
    (traditionally called an agent);

  * at least one SNMP entity with management applications (typically
    called a manager),

  * a management protocol used to convey management information
    between the SNMP entities, and

  * management information.

The management protocol is used to convey management information between
SNMP entities such as managers and agents.

This basic structure is common to all versions of the Internet Standard
Management Framework; i.e., SNMPv1, SNMPv2, and SNMPv3.


2.2.  Architecture of the Internet Standard Management Framework

The specifications of the Internet Standard Management Framework are
based on a modular architecture.  This framework is more than just a
protocol for moving data.  It consists of:

  * a data definition language,






Expires December 2002     SNMPv3 Working Group                  [Page 5]

Internet Draft                                                 June 2002


  * definitions of management information (the Management
    Information Base, or MIB),

  * a protocol definition, and

  * security and administration.

Over time, as the Framework has evolved from SNMPv1, through SNMPv2, to
SNMPv3, the definitions of each of these architectural components have
become richer and more clearly defined, but the fundamental architecture
has remained consistent.

One prime motivator for this modularity was to enable the ongoing
evolution of the Framework, as is documented in RFC 1052 [1].  When
originally envisioned, this capability was to be used to ease the
transition from SNMP-based management of internets to management based
on OSI protocols.  To this end, the framework was architected with a
protocol-independent data definition language and Management Information
Base along with a MIB-independent protocol.  This separation was
designed to allow the SNMP-based protocol to be replaced without
requiring the management information to be redefined or reinstrumented.
History has shown that the selection of this architecture was the right
decision for the wrong reason -- it turned out that this architecture
has eased the transition from SNMPv1 to SNMPv2 and from SNMPv2 to SNMPv3
rather than easing the transition away from management based on the
Simple Network Management Protocol.

The SNMPv3 Framework builds and extends these architectural principles
by:

  * building on these four basic architectural components, in some
    cases incorporating them from the SNMPv2 Framework by reference,
    and

  * by using these same layering principles in the definition of new
    capabilities in the security and administration portion of the
    architecture.

Those who are familiar with the architecture of the SNMPv1 Management
Framework and the SNMPv2 Management Framework will find many familiar
concepts in the architecture of the SNMPv3 Management Framework.
However, in some cases, the terminology may be somewhat different.








Expires December 2002     SNMPv3 Working Group                  [Page 6]

Internet Draft                                                 June 2002


3.  The SNMPv1 Management Framework

The original Internet-Standard Network Management Framework (SNMPv1) is
defined in the following documents:

  * STD 16, RFC 1155 [2] which defines the Structure of Management
    Information (SMI), the mechanisms used for describing and naming
    objects for the purpose of management.

  * STD 16, RFC 1212 [3] which defines a more concise description
    mechanism for describing and naming management information objects,
    but which is wholly consistent with the SMI.

  * STD 15, RFC 1157 [4] which defines the Simple Network Management
    Protocol (SNMP), the protocol used for network access to managed
    objects and event notification. Note this document also defines an
    initial set of event notifications.

Additionally, two documents are generally considered companions to these
three:

  * STD 17, RFC 1213 [5] which contains definitions for the base
    set of management information

  * RFC 1215 [6] defines a concise description mechanism for
    defining event notifications, which are called traps in the SNMPv1
    protocol. It also specifies the generic traps from RFC 1157 in the
    concise notation.

These documents describe the four parts of the first version of the SNMP
Framework.


3.1.  The SNMPv1 Data Definition Language

The first two and the last document, i.e., RFCs 1155, 1212, and 1215,
describe the SNMPv1 data definition language and are often collectively
referred to as "SMIv1." Note that due to the initial requirement that
the SMI be protocol-independent, the first two SMI documents do not
provide a means for defining event notifications (traps).  Instead, the
SNMP protocol document defines a few standardized event notifications
(generic traps) and provides a means for additional event notifications
to be defined. The last document specifies a straight-forward approach
towards defining event notifications used with the SNMPv1 protocol. At
the time that it was written, use of traps in the Internet-Standard





Expires December 2002     SNMPv3 Working Group                  [Page 7]

Internet Draft                                                 June 2002


network management framework was controversial.  As such, RFC 1215 was
put forward with the status of "Informational", which was never updated
because it was believed that the second version of the SNMP Framework
would replace the first version.



3.2.  Management Information

The data definition language described in the first two documents was
first used to define the now-historic MIB-I as specified in RFC 1066
[7], and was subsequently used to define MIB-II as specified in RFC 1213
[5].

Later, after the publication of MIB-II, a different approach to
management information definition was taken from the earlier approach of
having a single committee staffed by generalists work on a single
document to define the Internet-Standard MIB.  Rather, many mini-MIB
documents were produced in a parallel and distributed fashion by groups
chartered to produce a specification for a focused portion of the
Internet-Standard MIB and staffed by personnel with expertise in those
particular areas ranging from various aspects of network management, to
system management, and application management.


3.3.  Protocol Operations

The third document, STD 15 [4], describes the SNMPv1 protocol operations
performed by protocol data units (PDUs) on lists of variable bindings
and describes the format of SNMPv1 messages. The operators defined by
SNMPv1 are:  get, get-next, get-response, set-request, and trap.
Typical layering of SNMP on a connectionless transport service is also
defined.


3.4.  SNMPv1 Security and Administration

STD 15 [4] also describes an approach to security and administration.
Many of these concepts are carried forward and some, particularly
security, are extended by the SNMPv3 Framework.

The SNMPv1 Framework describes the encapsulation of SNMPv1 PDUs in SNMP
messages between SNMP entities and distinguishes between application
entities and protocol entities.  In SNMPv3, these are renamed
applications and engines, respectively.





Expires December 2002     SNMPv3 Working Group                  [Page 8]

Internet Draft                                                 June 2002


The SNMPv1 Framework also introduces the concept of an authentication
service supporting one or more authentication schemes.  In addition to
authentication, SNMPv3 defines the additional security capability
referred to as privacy.  (Note: some literature from the security
community would describe SNMPv3 security capabilities as providing data
integrity, source authenticity, and confidentiality.)  The modular
nature of the SNMPv3 Framework permits both changes and additions to the
security capabilities.

Finally, the SNMPv1 Framework introduces access control based on a
concept called an SNMP MIB view.  The SNMPv3 Framework specifies a
fundamentally similar concept called view-based access control.  With
this capability, SNMPv3 provides the means for controlling access to
information on managed devices.

However, while the SNMPv1 Framework anticipated the definition of
multiple authentication schemes, it did not define any such schemes
other than a trivial authentication scheme based on community strings.
This was a known fundamental weakness in the SNMPv1 Framework but it was
thought at that time that the definition of commercial grade security
might be contentious in its design and difficult to get approved because
"security" means many different things to different people.  To that
end, and because some users do not require strong authentication, the
SNMPv1 architected an authentication service as a separate block to be
defined "later" and the SNMPv3 Framework provides an architecture for
use within that block as well as a definition for its subsystems.



4.  The SNMPv2 Management Framework

The SNMPv2 Management Framework is described in [8-13] and coexistence
and transition issues relating to SNMPv1 and SNMPv2 are discussed in
[14].

SNMPv2 provides several advantages over SNMPv1, including:

  * expanded data types (e.g., 64 bit counter)

  * improved efficiency and performance (get-bulk operator)

  * confirmed event notification (inform operator)

  * richer error handling (errors and exceptions)






Expires December 2002     SNMPv3 Working Group                  [Page 9]

Internet Draft                                                 June 2002


  * improved sets, especially row creation and deletion

  * fine tuning of the data definition language

However, the SNMPv2 Framework, as described in these documents, is
incomplete in that it does not meet the original design goals of the
SNMPv2 project.  The unmet goals included provision of security and
administration delivering so-called "commercial grade" security with:

  * authentication:  origin identification, message integrity,
    and some aspects of replay protection;

  * privacy:  confidentiality;

  * authorization and access control; and

  * suitable remote configuration and administration capabilities
    for these features.

The SNMPv3 Management Framework, as described in this document and the
companion documents, addresses these significant deficiencies.


5.  The SNMPv3 Working Group

This document, and its companion documents, were produced by the SNMPv3
Working Group of the Internet Engineering Task Force (IETF).  The SNMPv3
Working Group was chartered to prepare recommendations for the next
generation of SNMP.  The goal of the Working Group was to produce the
necessary set of documents that provide a single standard for the next
generation of core SNMP functions.  The single, most critical need in
the next generation is a definition of security and administration that
makes SNMP-based management transactions secure in a way which is useful
for users who wish to use SNMPv3 to manage networks, the systems that
make up those networks, and the applications which reside on those
systems, including manager-to-agent, agent-to-manager, and manager-to-
manager transactions.

In the several years prior to the chartering of the Working Group, there
were a number of activities aimed at incorporating security and other
improvements to SNMP.  These efforts included:

  * "SNMP Security" circa 1991-1992 (RFC 1351 - RFC 1353),

  * "SMP" circa 1992-1993, and





Expires December 2002     SNMPv3 Working Group                 [Page 10]

Internet Draft                                                 June 2002


  * "The Party-based SNMPv2" (sometimes called "SNMPv2p") circa 1993-1995
    (RFC 1441 - RFC 1452).

Each of these efforts incorporated commercial grade, industrial strength
security including authentication, privacy, authorization, view-based
access control, and administration, including remote configuration.

These efforts fed the development of the SNMPv2 Management Framework as
described in RFCs 1902 - 1908.  However, the Framework described in
those RFCs had no standards-based security and administrative framework
of its own; rather, it was associated with multiple security and
administrative frameworks, including:

  * "The Community-based SNMPv2" (SNMPv2c) as described in RFC 1901 [15],

  * "SNMPv2u" as described in RFCs 1909 and 1910, and

  * "SNMPv2*."

SNMPv2c had the most support within the IETF but had no security and
administration whereas both SNMPv2u and SNMPv2* had security but lacked
a consensus of support within the IETF.

The SNMPv3 Working Group was chartered to produce a single set of
specifications for the next generation of SNMP, based upon a convergence
of the concepts and technical elements of SNMPv2u and SNMPv2*, as was
suggested by an advisory team which was formed to provide a single
recommended approach for SNMP evolution.

In so doing, the Working Group charter defined the following objectives:

  * accommodate the wide range of operational environments with
    differing management demands;

  * facilitate the need to transition from previous, multiple
    protocols to SNMPv3;

  * facilitate the ease of setup and maintenance activities.

In the initial work of the SNMPv3 Working Group, the group focused on
security and administration, including

  * authentication and privacy,

  * authorization and view-based access control, and





Expires December 2002     SNMPv3 Working Group                 [Page 11]

Internet Draft                                                 June 2002


  * standards-based remote configuration of the above.

The SNMPv3 Working Group did not "reinvent the wheel," but reused the
SNMPv2 Draft Standard documents, i.e., RFCs 1902 through 1908 for those
portions of the design that were outside the focused scope.

Rather, the primary contributors to the SNMPv3 Working Group, and the
Working Group in general, devoted their considerable efforts to
addressing the missing link -- security and administration -- and in the
process made invaluable contributions to the state-of-the-art of
management.

They produced a design based on a modular architecture with evolutionary
capabilities with emphasis on layering.  As a result, SNMPv3 can be
thought of as SNMPv2 with additional security and administration
capabilities.

In doing so, the Working Group achieved the goal of producing a single
specification which has not only the endorsement of the IETF but also
has security and administration.






























Expires December 2002     SNMPv3 Working Group                 [Page 12]

Internet Draft                                                 June 2002


6.  SNMPv3 Framework Module Specifications

The specification of the SNMPv3 Management Framework is partitioned in a
modular fashion among several documents.  It is the intention of the
SNMPv3 Working Group that, with proper care, any or all of the
individual documents can be revised, upgraded, or replaced as
requirements change, new understandings are obtained, and new
technologies become available.

Whenever feasible, the initial document set which defines the SNMPv3
Management Framework leverages prior investments defining and
implementing the SNMPv2 Management Framework by incorporating by
reference each of the specifications of the SNMPv2 Management Framework.

The SNMPv3 Framework augments those specifications with specifications
for security and administration for SNMPv3.

The documents which specify the SNMPv3 Management Framework follow the
same architecture as those of the prior versions and can be organized
for expository purposes into four main categories as follows:

  * the data definition language,

  * Management Information Base (MIB) modules,

  * protocol operations, and

  * security and administration.

The first three sets of documents are incorporated from SNMPv2.  The
documents in the fourth set are new to SNMPv3, but, as described
previously, build on significant prior related works.



6.1.  Data Definition Language

The specifications of the data definition language include STD 58, RFC
2578, "Structure of Management Information Version 2 (SMIv2)" [16], and
related specifications.  These documents are updates of RFCs 1902 - 1904
[8-10] which have evolved independently from the other parts of the
framework and were republished with minor editorial changes as STD 58,
RFCs 2578 - 2580 [16-18] when promoted from Draft Standard to full
Standard.






Expires December 2002     SNMPv3 Working Group                 [Page 13]

Internet Draft                                                 June 2002


The Structure of Management Information (SMIv2) defines fundamental data
types, an object model, and the rules for writing and revising MIB
modules.  Related specifications include STD 58, RFCs 2579, 2580.

STD 58, RFC 2579, "Textual Conventions for SMIv2" [17], defines an
initial set of shorthand abbreviations which are available for use
within all MIB modules for the convenience of human readers and writers.

STD 58, RFC 2580, "Conformance Statements for SMIv2" [18], defines the
format for compliance statements which are used for describing
requirements for agent implementations and capability statements which
can be used to document the characteristics of particular
implementations.

The term "SMIv2" is somewhat ambiguous because users of the term intend
it to have at least two different meanings.  Sometimes the term is used
to refer the entire data definition language of STD 58, defined
collectively in RFCs 2578 - 2580 whereas at other times it is used to
refer to only the portion of the data definition language defined in RFC
2578.  This ambiguity is unfortunate but is rarely a significant problem
in practice.


6.2.  MIB Modules

MIB modules usually contain object definitions, may contain definitions
of event notifications, and sometimes include compliance statements
specified in terms of appropriate object and event notification groups.
As such, MIB modules define the management information maintained by the
instrumentation in managed nodes, made remotely accessible by management
agents, conveyed by the management protocol, and manipulated by
management applications.

MIB modules are defined according to the rules defined in the documents
which specify the data definition language, principally the SMI as
supplemented by the related specifications.

There is a large and growing number of standards-track MIB modules, as
defined in the periodically updated "Internet Official Protocol
Standards" list [19].  As of this writing, there are more than 100
standards-track MIB modules with a total number of defined objects
exceeding 10,000. In addition, there is an even larger and growing
number of enterprise-specific MIB modules defined unilaterally by
various vendors, research groups, consortia, and the like resulting in
an unknown and virtually uncountable number of defined objects.





Expires December 2002     SNMPv3 Working Group                 [Page 14]

Internet Draft                                                 June 2002


In general, management information defined in any MIB module, regardless
of the version of the data definition language used, can be used with
any version of the protocol.  For example, MIB modules defined in terms
of the SNMPv1 SMI (SMIv1) are compatible with the SNMPv3 Management
Framework and can be conveyed by the protocols specified therein.
Furthermore, MIB modules defined in terms of the SNMPv2 SMI (SMIv2) are
compatible with SNMPv1 protocol operations and can be conveyed by it.
However, there is one noteworthy exception:  the Counter64 datatype
which can be defined in a MIB module defined in SMIv2 format but which
cannot be conveyed by an SNMPv1 protocol engine.  It can be conveyed by
an SNMPv2 or an SNMPv3 engine, but cannot be conveyed by an engine which
exclusively supports SNMPv1.


6.3.  Protocol Operations and Transport Mappings

The specifications for the protocol operations and transport mappings of
the SNMPv3 Framework are incorporated by reference to the two SNMPv2
Framework documents which have subsequently been updated.

The specification for protocol operations is found in RFC yyy5, "Version
2 of the Protocol Operations for the Simple Network Management Protocol"
[20].

The SNMPv3 Framework is designed to allow various portions of the
architecture to evolve independently.  For example, it might be possible
for a new specification of protocol operations to be defined within the
Framework to allow for additional protocol operations.

The specification of transport mappings is found in RFC yyy6, "Transport
Mappings for the Simple Network Management Protocol" [21].



6.4.  SNMPv3 Security and Administration

The document series pertaining to SNMPv3 Security and Administration
defined by the SNMPv3 Working Group consists of seven documents at this
time:

      RFC xxx0, "Introduction to the Version 3 of the Internet-Standard
      Management Framework (SNMPv3)," which is this document.

      RFC xxx1, "An Architecture for Describing SNMP Management
      Frameworks" [22], describes the overall architecture with special





Expires December 2002     SNMPv3 Working Group                 [Page 15]

Internet Draft                                                 June 2002


      emphasis on the architecture for security and administration.

      RFC xxx2, "Message Processing and Dispatching for the Simple
      Network Management Protocol (SNMP)" [23], describes the possibly
      multiple message processing models and the dispatcher portion that
      can be a part of an SNMP protocol engine.

      RFC xxx3, "SNMPv3 Applications" [24], describes the five initial
      types of applications that can be associated with an SNMPv3 engine
      and their elements of procedure.

      RFC xxx4, "The User-Based Security Model for Version 3 of the
      Simple Network Management Protocol (SNMPv3)" [25], describes the
      threats against which protection is provided, as well as the
      mechanisms, protocols, and supporting data used to provide SNMP
      message-level security with the user-based security model.

      RFC xxx5, "View-based Access Control Model for the Simple Network
      Management Protocol (SNMP)" [26], describes how view-based access
      control can be applied within command responder and notification
      originator applications.

      RFC xxx6, "SNMPv3 Coexistence and Transition" [27], describes
      coexistence between the SNMPv3 Management Framework, the SNMPv2
      Management Framework, and the original SNMPv1 Management
      Framework, and is in the process of being updated by a Work in
      Progress.























Expires December 2002     SNMPv3 Working Group                 [Page 16]

Internet Draft                                                 June 2002


7.  Document Summaries

The following sections provide brief summaries of each document with
slightly more detail than is provided in the overviews above.


7.1.  Structure of Management Information

Management information is viewed as a collection of managed objects,
residing in a virtual information store, termed the Management
Information Base (MIB).  Collections of related objects are defined in
MIB modules.  These modules are written in the SNMP data definition
language, which evolved from an adapted subset of OSI's Abstract Syntax
Notation One (ASN.1) [28] language.  STD 58, RFCs 2578, 2579, 2580,
collectively define the data definition language, specify the base data
types for objects, specify a core set of short-hand specifications for
data types called textual conventions, and specify a few administrative
assignments of object identifier (OID) values.

The SMI is divided into three parts:  module definitions, object
definitions, and, notification definitions.

(1)  Module definitions are used when describing information modules.
     An ASN.1 macro, MODULE-IDENTITY, is used to convey concisely the
     semantics of an information module.

(2)  Object definitions are used when describing managed objects.  An
     ASN.1 macro, OBJECT-TYPE, is used to convey concisely the syntax
     and semantics of a managed object.

(3)  Notification definitions are used when describing unsolicited
     transmissions of management information.  An ASN.1 macro,
     NOTIFICATION-TYPE, is used to convey concisely the syntax and
     semantics of a notification.

As noted earlier, the term "SMIv2" is somewhat ambiguous because users
of the term intend it to have at least two different meanings.
Sometimes the term is used to refer the entire data definition language
of STD 58, defined collectively in RFCs 2578 - 2580 whereas at other
times it is used to refer to only the portion of the data definition
language defined in RFC 2578.  This ambiguity is unfortunate but is
rarely a significant problem in practice.








Expires December 2002     SNMPv3 Working Group                 [Page 17]

Internet Draft                                                 June 2002


7.1.1.  Base SMI Specification

STD 58, RFC 2578 specifies the base data types for the data definition
language, which include: Integer32, enumerated integers, Unsigned32,
Gauge32, Counter32,  Counter64, TimeTicks, INTEGER, OCTET STRING, OBJECT
IDENTIFIER, IpAddress, Opaque, and BITS. It also assigns values to
several object identifiers.  STD 58, RFC 2578 further defines the
following constructs of the data definition language:

  * IMPORTS to allow the specification of items that are used
    in a MIB module, but defined in another MIB module.

  * MODULE-IDENTITY to specify for a MIB module a description
    and administrative information such as contact and revision
    history.

  * OBJECT-IDENTITY and OID value assignments to specify a
    an OID value.

  * OBJECT-TYPE to specify the data type, status, and the semantics
    of managed objects.

  * SEQUENCE type assignment to list the columnar objects in
    a table.

  * NOTIFICATION-TYPE construct to specify an event notification.


7.1.2.  Textual Conventions

When designing a MIB module, it is often useful to specify in a short-
hand way the semantics for a set of objects with similar behavior.  This
is done by defining a new data type using a base data type specified in
the SMI.  Each new type has a different name, and specifies a base type
with more restrictive semantics.  These newly defined types are termed
textual conventions, and are used for the convenience of humans reading
a MIB module and potentially by "intelligent" management applications.
It is the purpose of STD 58, RFC 2579, Textual Conventions for SMIv2
[17], to define the construct, TEXTUAL-CONVENTION, of the data
definition language used to define such new types and to specify an
initial set of textual conventions available to all MIB modules.









Expires December 2002     SNMPv3 Working Group                 [Page 18]

Internet Draft                                                 June 2002


7.1.3.  Conformance Statements

It may be useful to define the acceptable lower-bounds of
implementation, along with the actual level of implementation achieved.
It is the purpose of STD 58, RFC 2580, Conformance Statements for SMIv2
[18], to define the constructs of the data definition language used for
these purposes.  There are two kinds of constructs:

(1)  Compliance statements are used when describing requirements for
     agents with respect to object and event notification definitions.
     The MODULE-COMPLIANCE construct is used to convey concisely
     such requirements.

(2)  Capability statements are used when describing capabilities of
     agents with respect to object and event notification definitions.
     The AGENT-CAPABILITIES construct is used to convey concisely such
     capabilities.

Finally, collections of related objects and collections of related event
notifications are grouped together to form a unit of conformance.  The
OBJECT-GROUP construct is used to convey concisely the objects in and
the semantics of an object group. The NOTIFICATION-GROUP construct is
used to convey concisely the event notifications in and the semantics of
an event notification group.


7.2.  Protocol Operations

The management protocol provides for the exchange of messages which
convey management information between the agents and the management
stations.  The form of these messages is a message "wrapper" which
encapsulates a Protocol Data Unit (PDU).

It is the purpose of RFC yyy5, "Version 2 of the Protocol Operations for
the Simple Network Management Protocol" [20], to define the operations
of the protocol with respect to the sending and receiving of the PDUs.


7.3.  Transport Mappings

SNMP messages may be used over a variety of protocol suites.  It is the
purpose of RFC yyy6, "Transport Mappings for SNMP" [21], to define how
SNMP messages maps onto an initial set of transport domains.  Other
mappings may be defined in the future.






Expires December 2002     SNMPv3 Working Group                 [Page 19]

Internet Draft                                                 June 2002


Although several mappings are defined, the mapping onto UDP is the
preferred mapping.  As such, to provide for the greatest level of
interoperability, systems which choose to deploy other mappings should
also provide for proxy service to the UDP mapping.


7.4.  Protocol Instrumentation

It is the purpose of RFC yyy7, "Management Information Base for the
Simple Network Management Protocol" [29], to define managed objects
which describe the behavior of portions of an SNMP entity.


7.5.  Architecture / Security and Administration

It is the purpose of RFC xxx1, "An Architecture for Describing SNMP
Management Frameworks" [22], to define an architecture for specifying
SNMP Management Frameworks.  While addressing general architectural
issues, it focuses on aspects related to security and administration.
It defines a number of terms used throughout the SNMPv3 Management
Framework and, in so doing, clarifies and extends the naming of

  * engines and applications,

  * entities (service providers such as the engines in agents
    and managers),

  * identities (service users), and

  * management information, including support for multiple
    logical contexts.

The document contains a small MIB module which is implemented by all
authoritative SNMPv3 protocol engines.


7.6.  Message Processing and Dispatch (MPD)

RFC xxx2, "Message Processing and Dispatching for the Simple Network
Management Protocol (SNMP)" [23], describes the Message Processing and
Dispatching for SNMP messages within the SNMP architecture.  It defines
the procedures for dispatching potentially multiple versions of SNMP
messages to the proper SNMP Message Processing Models, and for
dispatching PDUs to SNMP applications.  This document also describes one
Message Processing Model - the SNMPv3 Message Processing Model.





Expires December 2002     SNMPv3 Working Group                 [Page 20]

Internet Draft                                                 June 2002


An SNMPv3 protocol engine MUST support at least one Message Processing
Model.  An SNMPv3 protocol engine MAY support more than one, for example
in a multi-lingual system which provides simultaneous support of SNMPv3
and SNMPv1 and/or SNMPv2c.  For example, such a tri-lingual system which
provides simultaneous support for SNMPv1, SNMPv2c, and SNMPv3 supports
three message processing models.


7.7.  SNMP Applications

It is the purpose of RFC xxx3, "SNMP Applications" [24] to describe the
five types of applications which can be associated with an SNMP engine.
They are:  Command Generators, Command Responders, Notification
Originators, Notification Receivers, and Proxy Forwarders.

The document also defines MIB modules for specifying targets of
management operations (including notifications), for notification
filtering, and for proxy forwarding.


7.8.  User-based Security Model (USM)

RFC xxx4, the "User-based Security Model (USM) for version 3 of the
Simple Network Management Protocol (SNMPv3)" [25] describes the User-
based Security Model for SNMPv3.  It defines the Elements of Procedure
for providing SNMP message-level security.

The document describes the two primary and two secondary threats which
are defended against by the User-based Security Model.  They are:
modification of information, masquerade, message stream modification,
and disclosure.

The USM utilizes MD5 [30] and the Secure Hash Algorithm [31] as keyed
hashing algorithms [32] for digest computation to provide data integrity

  * to directly protect against data modification attacks,

  * to indirectly provide data origin authentication, and

  * to defend against masquerade attacks.

The USM uses loosely synchronized monotonically increasing time
indicators to defend against certain message stream modification
attacks.  Automatic clock synchronization mechanisms based on the
protocol are specified without dependence on third-party time sources





Expires December 2002     SNMPv3 Working Group                 [Page 21]

Internet Draft                                                 June 2002


and concomitant security considerations.

The USM uses the Data Encryption Standard (DES) [33] in the cipher block
chaining mode (CBC) if disclosure protection is desired.  Support for
DES in the USM is optional, primarily because export and usage
restrictions in many countries make it difficult to export and use
products which include cryptographic technology.


The document also includes a MIB suitable for remotely monitoring and
managing the configuration parameters for the USM, including key
distribution and key management.

An entity may provide simultaneous support for multiple security models
as well as multiple authentication and privacy protocols.  All of the
protocols used by the USM are based on pre-placed keys, i.e., private
key mechanisms.  The SNMPv3 architecture permits the use of symmetric
and asymmetric mechanisms and protocols (asymmetric mechanisms are
commonly called public key cryptography) but, as of this writing, there
are no SNMPv3 security models on the IETF standards track that use
public key cryptography.



7.9.  View-based Access Control (VACM)

The purpose of RFC xxx5, the "View-based Access Control Model (VACM) for
the Simple Network Management Protocol (SNMP)" [26], is to describe the
View-based Access Control Model for use in the SNMP architecture.  The
VACM can simultaneously be associated in a single engine implementation
with multiple Message Processing Models and multiple Security Models.

It is architecturally possible to have multiple, different, Access
Control Models active and present simultaneously in a single engine
implementation, but this is expected to be *_very_* rare in practice and
*_far_* less common than simultaneous support for multiple Message
Processing Models and/or multiple Security Models.


7.10.  SNMPv3 Coexistence and Transition

The purpose of RFC xxx6, "Coexistence between Version 1, Version 2, and
Version 3 of the Internet-Standard Network Management Framework" [27],
is to describe coexistence between the SNMPv3 Management Framework, the
SNMPv2 Management Framework, and the original SNMPv1 Management





Expires December 2002     SNMPv3 Working Group                 [Page 22]

Internet Draft                                                 June 2002


Framework.  In particular, this document describes four aspects of
coexistence:

   *  Conversion of MIB documents from SMIv1 to SMIv2 format

   *  Mapping of notification parameters

   *  Approaches to coexistence between entities which support
      the various versions of SNMP in a multi-lingual network, in
      particular the processing of protocol operations in
      multi-lingual implementations, as well as behavior of
      proxy implementations

   *  The SNMPv1 Message Processing Model and Community-Based
      Security Model, which provides mechanisms for adapting
      SNMPv1 and SNMPv2c into the View-Based Access Control Model
      (VACM) [26]

































Expires December 2002     SNMPv3 Working Group                 [Page 23]

Internet Draft                                                 June 2002


8.  Standardization Status

It is not the role for this document to proclaim the standardization
status of any standards-track document.  Readers should consult the
latest version of the "Internet Official Protocol Standards" list [19]
to determine the standardization status of any document.

However, the SNMPv3 Working Group explicitly requested that text be
included in this document to amplify on the status of SMIv1, SNMPv1, and
SNMPv2c.


8.1.  SMIv1 Status

SMIv1, as described in STD 16, RFCs 1155 and 1212, was promoted to full
Standard status in 1990 and has remained a Standard even after SMIv2
reached full Standard (see RFC 2026 [34] for more information about the
Internet Standards Process).  In many cases, a Standard is declared
"Historic" when its replacement reaches full Standard.  For example,
MIB-1 [7] was declared "Historic" when MIB-2 [5] reached full Standard.
Similarly, when SMIv2 reached full Standard, it might have been
reasonable at that time to retire SMIv1 and declare it to be "Historic"
but as the result of a conscious decision, STD 16, RFCs 1155 and 1212
continue to have the standardization status of full "Standard" but are
not recommended. These documents were not declared "Historic" and remain
on the standards track because they provide normative references for
other documents on the standards track and cannot be declared "Historic"
without rendering the documents which rely on them to also become
"Historic."  Consequently, STD 16 retains its standardization status but
is not recommended because it has been superseded by the newer SMIv2
specifications which are identified somewhat later in this document.

On a pragmatic level, since about 1993 it has been wise for users of the
data definition language to use SMIv2 for all new work because the
realities of the marketplace have occasionally required the support of
data definitions in both the SMIv1 and SMIv2 formats.  While there are
tools widely available at low cost or no cost to translate SMIv2
definitions to SMIv1 definitions, it is impractical to build automatic
tools that automatically translate SMIv1 definitions to SMIv2
definitions.  Consequently, if one works in primarily SMIv2, the cost of
providing data definitions in both SMIv1 and SMIv2 formats is trivial.
In contrast, if one works primarily in SMIv1 format, providing data
definitions in both SMIv1 and SMIv2 is significantly more expensive.
The market requirements today for providing data definitions in SMIv1
format are greatly diminished when compared to those of 1993, and SMIv2





Expires December 2002     SNMPv3 Working Group                 [Page 24]

Internet Draft                                                 June 2002


continues to be the strongly preferred format even though SMIv1 has not
been declared "Historic."  Indeed, the IETF currently requires that new
MIB modules be written using SMIv2.


8.2.  SNMPv1 and SNMPv2 Standardization Status

Protocol operations via SNMPv1 and SNMPv2c message wrappers support only
trivial authentication based on plain-text community strings and, as a
result, are fundamentally insecure.  When the SNMPv3 specifications for
security and administration, which include strong security, reached full
Standard status, the full Standard SNMPv1, formerly STD 15 [4], and the
experimental SNMPv2c specifications described in RFC 1901 [15] were
declared Historic due to their weaknesses with respect to security and
to send a clear message that the third version of the Internet Standard
Management Framework is the framework of choice.  The Party-based SNMPv2
(SNMPv2p), SNMPv2u, and SNMPv2* were either declared Historic circa 1995
or were never on the standards track.

On a pragmatic level, it is expected that a number of vendors will
continue to produce and users will continue to deploy and use multi-
lingual implementations that support SNMPv1 and/or SNMPv2c as well as
SNMPv3.  It should be noted that the IETF standards process does not
control actions of vendors or users who may choose to promote or deploy
historic protocols, such as SNMPv1 and SNMPv2c, in spite of known
short-comings.  However, it is not expected that vendors will produce
nor that users will deploy multi-lingual implementations that support
the Party-based SNMPv2p (SNMPv2p), SNMPv2u, or SNMPv2*.

Indeed, as described above, one of the SNMPv3 specifications for
security and administration, RFC xxx6, Coexistence between Version 1,
Version 2, and Version 3 of the Internet-standard Management Framework
[27], addresses these issues.

Of course, it is important that users deploying multi-lingual systems
with insecure protocols exercise sufficient due diligence to insure that
configurations limit access via SNMPv1 and SNMPv2c appropriately, in
keeping with the organization's security policy, just as they should
carefully limit access granted via SNMPv3 with a security level of no
authentication and no privacy which is roughly equivalent from a
security point of view.  For example, it is probably unwise to allow
SNMPv1 or SNMPv2c a greater level of access than is provided to
unauthenticated SNMPv3 users, e.g., it does not make sense to guard the
front door with armed guards, trained attack dogs, moats and drawbridges
while providing unfettered access through an open back door.





Expires December 2002     SNMPv3 Working Group                 [Page 25]

Internet Draft                                                 June 2002


The SNMPv1 framework, SNMPv2 framework, and SNMPv2c had limited
capabilities for administering the SNMPv1 and SNMPv2c protocols.  For
example, there are no objects defined to view and configure communities
or destinations for notifications (traps and informs). The result has
been vendor defined mechanisms for administration that range from
proprietary format configuration files that cannot be viewed or
configured via SNMP to enterprise specific object definitions.  The
SNMPv3 framework provides a rich standards-based approach to
administration which, by design, can be used for the SNMPv1 and SNMPv2c
protocols. Thus, to foster interoperability of administration of SNMPv1
and SNMPv2c protocols in multi-lingual systems, the mechanisms and
objects specified in [24], [26], and [27] should be used to supplement
or replace the equivalent proprietary mechanisms.



8.3.  Working Group Recommendation

Based on the explanations above, the SNMPv3 Working Group recommends
that RFCs 1157, 1441, 1901, 1909 and 1910 be reclassified as Historical
documents.





























Expires December 2002     SNMPv3 Working Group                 [Page 26]

Internet Draft                                                 June 2002


9.  Security Considerations

As this document is primarily a roadmap document, it introduces no new
security considerations.  The reader is referred to the relevant
sections of each of the referenced documents for information about
security considerations.


10.  Editors' Addresses

   Jeffrey Case
   SNMP Research, Inc.
   3001 Kimberlin Heights Road
   Knoxville, TN 37920-9716
   USA
   Phone:  +1 865 573 1434
   EMail:  case@snmp.com


   Russ Mundy
   NAI Labs, Network Associates, Inc.
   3060 Washington Rd
   Glenwood, MD 21738
   USA
   Phone:  +1 443 259 2307
   EMail:  mundy@tislabs.com


   David Partain
   Ericsson
   P.O. Box 1248
   SE-581 12 Linkoping
   Sweden
   Phone:  +46 13 28 41 44
   EMail:  David.Partain@ericsson.com


   Bob Stewart
   Retired











Expires December 2002     SNMPv3 Working Group                 [Page 27]

Internet Draft                                                 June 2002


11.  Full Copyright Statement

   Copyright (C) The Internet Society (2002).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph
   are included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."



12.  References

[1]  Cerf, V.,  "IAB Recommendations for the Development of Internet
     Network Management Standards", RFC 1052, April 1988.

[2]  Rose, M. and K. McCloghrie, "Structure and Identification of
     Management Information for TCP/IP-based internets", STD 16, RFC
     1155, May 1990.

[3]  Rose, M. and K. McCloghrie, "Concise MIB Definitions", STD 16,
     RFC 1212, March 1991.

[4]  Case, J., Fedor, M., Schoffstall, M. and Davin, J., "Simple Network
     Management Protocol", STD 15, RFC 1157, May 1990.






Expires December 2002     SNMPv3 Working Group                 [Page 28]

Internet Draft                                                 June 2002


[5]  McCloghrie, K. and M. Rose, "Management Information Base for
     Network Management of TCP/IP-based internets:  MIB-II", STD 17,
     RFC 1213, March 1991.

[6]  Rose, M., "A Convention for Defining Traps for use with the
     SNMP", RFC 1215, March 1991.

[7]  McCloghrie, K. and M. Rose, "Management Information Base for
     Network Management of TCP/IP-based Internets", RFC 1066,
     August 1988.

[8]  SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M. and
     S. Waldbusser, "Structure of Management Information for Version 2
     of the Simple Network Management Protocol (SNMPv2)", RFC 1902,
     January 1996.

[9]  SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M. and
     S. Waldbusser, "Textual Conventions for Version 2 of the Simple
     Network Management Protocol (SNMPv2)", RFC 1903, January 1996.

[10] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M. and
     S. Waldbusser, "Conformance Statements for Version 2 of the Simple
     Network Management Protocol (SNMPv2)", RFC 1904, January 1996.

[11] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M. and
     S. Waldbusser, "Protocol Operations for Version 2 of the Simple
     Network Management Protocol (SNMPv2)", RFC 1905, January 1996.

[12] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M. and
     S. Waldbusser, "Transport Mappings for Version 2 of the Simple
     Network Management Protocol (SNMPv2)", RFC 1906, January 1996.

[13] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M. and
     S. Waldbusser, "Management Information Base for Version 2 of the
     Simple Network Management Protocol (SNMPv2)", RFC 1907,
     January 1996.

[14] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M. and
     S. Waldbusser, "Coexistence between Version 1 and Version 2 of the
     Internet-standard Network Management Framework", RFC 1908,
     January 1996.

[15] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M. and
     S. Waldbusser, "Introduction to Community-based SNMPv2", RFC 1901,
     January 1996.





Expires December 2002     SNMPv3 Working Group                 [Page 29]

Internet Draft                                                 June 2002


[16] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose,
     M. and S. Waldbusser, "Structure of Management Information
     Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.

[17] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose,
     M. and S. Waldbusser, "Textual Conventions for SMIv2", STD 58,
     RFC 2579, April 1999.

[18] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose,
     M. and S. Waldbusser, "Conformance Statements for SMIv2", STD
     58, RFC 2580, April 1999.

[19] "Official Internet Protocol Standards",
     http://www.rfc-editor.org/rfcxx00.html
     also STD0001.

[20] Presuhn, R., Case, J., McCloghrie, K., Rose, M. and S.  Waldbusser,
     "Version 2 of the Protocol Operations for the Simple Network
     Management Protocol", RFC yyy5, TBD 2002.
     (presently <draft-ietf-snmpv3-update-proto-06.txt>)

[21] Presuhn, R., Case, J., McCloghrie, K., Rose, M. and S.  Waldbusser,
     "Transport Mappings for the Simple Network Management Protocol",
     RFC yyy6, TBD 2002.
     (presently <draft-ietf-snmpv3-update-transmap-06.txt>)

[22] Harrington, D., Presuhn, R. and B. Wijnen, "An Architecture for
     Describing SNMP Management Frameworks", RFC xxx1, TBD 2002.
     (presently <draft-ietf-snmpv3-arch-v2-02.txt>)

[23] Case, J., Harrington, D., Presuhn, R. and B. Wijnen,
     "Message Processing and Dispatching for the Simple Network
     Management Protocol (SNMP)", RFC xxx2, TBD 2002.
     (presently <draft-ietf-snmpv3-mpd-v2-02.txt>)

[24] Levi, D., Meyer, P. and B. Stewart, "SNMPv3 Applications",
     RFC xxx3, TBD 2002.
     (presently <draft-ietf-snmpv3-appl-v3-01.txt>)

[25] Blumenthal, U. and B. Wijnen, "The User-Based Security Model for
     Version 3 of the Simple Network Management Protocol (SNMPv3)",
     RFC xxx4, TBD 2002.
     (presently <draft-ietf-snmpv3-usm-v2-rfc2574bis-01.txt>)

[26] Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based Access





Expires December 2002     SNMPv3 Working Group                 [Page 30]

Internet Draft                                                 June 2002


     Control Model for the Simple Network Management Protocol (SNMP)",
     RFC xxx5, TBD 2002.
     (presently <draft-ietf-snmpv3-vacm-v2-01.txt>)

[27] Frye, R., Levi, D., Routhier, S. and B. Wijnen, "Coexistence
     between Version 1, Version 2, and Version 3 of the Internet-
     standard Network Management Framework", RFC xxx6, TBD 2000.
     (presently <draft-ietf-snmpv3-coex-v2-01.txt>)

[28] Information processing systems - Open Systems Interconnection -
     Specification of Abstract Syntax Notation One (ASN.1),
     International Organization for Standardization.  International
     Standard 8824, (December, 1987).

[29] Presuhn, R., Case, J., McCloghrie, K., Rose, M. and S.  Waldbusser,
     "Management Information Base for the Simple Network Management
     Protocol", RFC yyy7, TBD 2002.
     (presently <draft-ietf-snmpv3-update-mib-07.txt>)

[30] Rivest, R., "Message Digest Algorithm MD5", RFC 1321, April 1992.

[31] Secure Hash Algorithm. NIST FIPS 180-1, (April, 1995)
     http://csrc.nist.gov/fips/fip180-1.txt (ASCII)
     http://csrc.nist.gov/fips/fip180-1.ps  (Postscript)

[32] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: Keyed-Hashing
     for Message Authentication", RFC 2104, February 1997.

[33] Data Encryption Standard, National Institute of Standards
     and Technology.  Federal Information Processing Standard (FIPS)
     Publication 46-1.  Supersedes FIPS Publication 46, (January, 1977;
     reaffirmed January, 1988).

[34] Bradner, S., "The Internet Standards Process -- Revision 3",
     RFC 2026, October, 1996.















Expires December 2002     SNMPv3 Working Group                 [Page 31]

Internet Draft                                                 June 2002


Table of Contents



0 Revision History: ...............................................    3
1 Introduction ....................................................    4
2 The Internet Standard Management Framework ......................    5
2.1 Basic Structure and Components ................................    5
2.2 Architecture of the Internet Standard Management Framework ....    5
3 The SNMPv1 Management Framework .................................    7
3.1 The SNMPv1 Data Definition Language ...........................    7
3.2 Management Information ........................................    8
3.3 Protocol Operations ...........................................    8
3.4 SNMPv1 Security and Administration ............................    8
4 The SNMPv2 Management Framework .................................    9
5 The SNMPv3 Working Group ........................................   10
6 SNMPv3 Framework Module Specifications ..........................   13
6.1 Data Definition Language ......................................   13
6.2 MIB Modules ...................................................   14
6.3 Protocol Operations and Transport Mappings ....................   15
6.4 SNMPv3 Security and Administration ............................   15
7 Document Summaries ..............................................   17
7.1 Structure of Management Information ...........................   17
7.1.1 Base SMI Specification ......................................   18
7.1.2 Textual Conventions .........................................   18
7.1.3 Conformance Statements ......................................   19
7.2 Protocol Operations ...........................................   19
7.3 Transport Mappings ............................................   19
7.4 Protocol Instrumentation ......................................   20
7.5 Architecture / Security and Administration ....................   20
7.6 Message Processing and Dispatch (MPD) .........................   20
7.7 SNMP Applications .............................................   21
7.8 User-based Security Model (USM) ...............................   21
7.9 View-based Access Control (VACM) ..............................   22
7.10 SNMPv3 Coexistence and Transition ............................   22
8 Standardization Status ..........................................   24
8.1 SMIv1 Status ..................................................   24
8.2 SNMPv1 and SNMPv2 Standardization Status ......................   25
8.3 Working Group Recommendation ..................................   26
9 Security Considerations .........................................   27
10 Editors' Addresses .............................................   27
11 Full Copyright Statement .......................................   28
12 References .....................................................   28







Expires December 2002     SNMPv3 Working Group                 [Page 32]


Html markup produced by rfcmarkup 1.107, available from http://tools.ietf.org/tools/rfcmarkup/