draft-ietf-snmpv3-intro-00.txt   draft-ietf-snmpv3-intro-01.txt 
skipping to change at page 1, line 15 skipping to change at page 1, line 15
Russ Mundy Russ Mundy
Trusted Information Systems, Inc. Trusted Information Systems, Inc.
David Partain David Partain
SNMP Research Europe SNMP Research Europe
Bob Stewart Bob Stewart
Cisco Systems Cisco Systems
Introduction to Version 3 of the Introduction to Version 3 of the
Internet-standard Network Management Framework Internet-standard Network Management Framework
1998/08/07 13:38:54
draft-ietf-snmpv3-intro-01.txt
1.3 -- 1998/08/07 13:38:54
Status of this Memo Status of this Memo
This document is an Internet-Draft. Internet-Drafts are working This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts. working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet- Drafts as reference time. It is inappropriate to use Internet- Drafts as reference
skipping to change at page 3, line 9 skipping to change at page 3, line 9
Framework (SNMPv1) and the second Internet-standard Management Framework (SNMPv1) and the second Internet-standard Management
Framework (SNMPv2). Framework (SNMPv2).
The architecture is designed to be modular to allow the evolution of The architecture is designed to be modular to allow the evolution of
the Framework over time. the Framework over time.
1. Introduction 1. Introduction
This document is an introduction to the third version of the This document is an introduction to the third version of the
Internet-standard Management Framework, termed the SNMP version 3 Internet-standard Management Framework, termed the SNMP version 3
Management Framework (SNMPv3). This document has multiple purposes. Management Framework (SNMPv3) and has multiple purposes.
First, it describes the relationship between the SNMPv3 First, it describes the relationship between the SNMP version 3
specifications and the specifications of the SNMPv1 Management (SNMPv3) specifications and the specifications of the SNMP version 1
Framework, the SNMPv2 Management Framework, and the Community-based (SNMPv1) Management Framework, the SNMP version 2 (SNMPv2) Management
Administrative Framework for SNMPv2. Framework, and the Community-based Administrative Framework for
SNMPv2.
Second, it provides a roadmap to the multiple documents which contain Second, it provides a roadmap to the multiple documents which contain
the relevant specifications. the relevant specifications.
Third, this document provides a brief easy-to-read summary of the Third, this document provides a brief easy-to-read summary of the
contents of each of the relevant specification documents. contents of each of the relevant specification documents.
[Finally, this document may someday contain information regarding [Finally, this document may someday contain information regarding
what it means to be a compliant SNMPv3 implementation, i.e., a set of what it means to be a compliant SNMPv3 implementation, i.e., a set of
applicability statements, but it does not now, and if it never does, applicability statements, but it does not now, and if it never does,
then this sentence will be deleted.] then this sentence will be deleted.]
This document is intentionally tutorial in nature and, as such, may This document is intentionally tutorial in nature and, as such, may
occasionally be "guilty" of oversimplification. In the event of a occasionally be "guilty" of oversimplification. In the event of a
conflict or contradiction between this document and the more detailed conflict or contradiction between this document and the more detailed
documents for which this document is a roadmap, the specifications in documents for which this document is a roadmap, the specifications in
the more detailed documents shall prevail. the more detailed documents shall prevail.
Furthermore, the detailed documents attempt to maintain separation Further, the detailed documents attempt to maintain separation
between the various component modules in order to specify well- between the various component modules in order to specify well-
defined interfaces between them. This roadmap document, however, defined interfaces between them. This roadmap document, however,
takes a different approach and attempts to provide an integrated view takes a different approach and attempts to provide an integrated view
of the various component modules in the interest of readability. of the various component modules in the interest of readability.
2. The Internet Standard Management Framework 2. The Internet Standard Management Framework
The third version of the Internet Standard Management Framework (the The third version of the Internet Standard Management Framework (the
SNMPv3 Framework) is derived from and builds upon both the original SNMPv3 Framework) is derived from and builds upon both the original
Internet-standard Management Framework (SNMPv1) and the second Internet-standard Management Framework (SNMPv1) and the second
skipping to change at page 4, line 22 skipping to change at page 4, line 22
All versions (SNMPv1, SNMPv2, and SNMPv3) of the Internet Standard All versions (SNMPv1, SNMPv2, and SNMPv3) of the Internet Standard
Management Framework share the same basic structure and components. Management Framework share the same basic structure and components.
Furthermore, all versions of the specifications of the Internet Furthermore, all versions of the specifications of the Internet
Standard Management Framework follow the same architecture. Standard Management Framework follow the same architecture.
2.1 Basic Structure and Components 2.1 Basic Structure and Components
An enterprise deploying the Internet Standard Management Framework An enterprise deploying the Internet Standard Management Framework
contains four basic components: contains four basic components:
several (typically many) managed nodes, each with an SNMP entity * several (typically many) managed nodes, each with an SNMP entity
which provides remote access to management instrumentation which provides remote access to management instrumentation
(traditionally called an agent); (traditionally called an agent);
at least one SNMP entity with management applications (typically * at least one SNMP entity with management applications (typically
called a manager), called a manager),
a management protocol used to convey management information * a management protocol used to convey management information
between the SNMP entities, and between the SNMP entities, and
management information. * management information.
That is, the management protocol is used to convey management The management protocol is used to convey management information
information between SNMP entities such as managers and agents. between SNMP entities such as managers and agents.
This basic structure is common to all versions of the Internet This basic structure is common to all versions of the Internet
Standard Management Framework; i.e., SNMPv1, SNMPv2, and SNMPv3. Standard Management Framework; i.e., SNMPv1, SNMPv2, and SNMPv3.
2.2 Architecture of the Internet Standard Management Framework 2.2 Architecture of the Internet Standard Management Framework
The specifications of the Internet Standard Management Framework are The specifications of the Internet Standard Management Framework are
based on a modular architecture. This framework is more than just a based on a modular architecture. This framework is more than just a
protocol for moving data. It consists of: protocol for moving data. It consists of:
a data definition language, * a data definition language,
definitions of management information (the Management Information * definitions of management information (the Management
Base, or MIB), Information Base, or MIB),
a protocol definition, and * a protocol definition, and
security and administration. * security and administration.
Over time, as the Framework has evolved from SNMPv1, through SNMPv2, Over time, as the Framework has evolved from SNMPv1, through SNMPv2,
to SNMPv3, the definitions of each of these architectural components to SNMPv3, the definitions of each of these architectural components
have become richer and more clearly defined, but the fundamental have become richer and more clearly defined, but the fundamental
architecture has remained consistent. architecture has remained consistent.
One prime motivator for this modularity was to enable the ongoing One prime motivator for this modularity was to enable the ongoing
evolution of the Framework as is documented in RFC 1052 [14]. When evolution of the Framework as is documented in RFC 1052 [14]. When
originally envisioned, this capability was to be used to ease the originally envisioned, this capability was to be used to ease the
transition from SNMP-based management of internets to management transition from SNMP-based management of internets to management
skipping to change at page 5, line 29 skipping to change at page 5, line 29
replaced without requiring the management information to be redefined replaced without requiring the management information to be redefined
or reinstrumented. History has shown that the selection of this or reinstrumented. History has shown that the selection of this
architecture was the right decision for the wrong reason -- it turned architecture was the right decision for the wrong reason -- it turned
out that this architecture has eased the transition from SNMPv1 to out that this architecture has eased the transition from SNMPv1 to
SNMPv2 and from SNMPv2 to SNMPv3 rather than easing the transition SNMPv2 and from SNMPv2 to SNMPv3 rather than easing the transition
away from management based on the Simple Network Management Protocol. away from management based on the Simple Network Management Protocol.
The SNMPv3 Framework builds and extends these architectural The SNMPv3 Framework builds and extends these architectural
principles by: principles by:
building on these four basic architectural components, in some * building on these four basic architectural components, in some
cases incorporating them from the SNMPv2 Framework by reference, cases incorporating them from the SNMPv2 Framework by reference,
and and
by using these same layering principles in the definition of new * by using these same layering principles in the definition of new
capabilities in the security and administration portion of the capabilities in the security and administration portion of the
architecture. architecture.
Those who are familiar with the architecture of the SNMPv1 Management Those who are familiar with the architecture of the SNMPv1 Management
Framework and the SNMPv2 Management Framework will find many familiar Framework and the SNMPv2 Management Framework will find many familiar
concepts in the architecture of the SNMPv3 Management Framework. concepts in the architecture of the SNMPv3 Management Framework.
However, in some cases, the terminology may be somewhat different. However, in some cases, the terminology may be somewhat different.
2.2.1 The SNMPv1 Management Framework 3. The SNMPv1 Management Framework
The original Internet-standard Network Management Framework (SNMPv1) The original Internet-standard Network Management Framework (SNMPv1)
consists of three documents: is defined in the following documents:
STD 16, RFC 1155 [1] which defines the Structure of Management * STD 16, RFC 1155 [1] which defines the Structure of Management
Information (SMI), the mechanisms used for describing and naming Information (SMI), the mechanisms used for describing and naming
objects for the purpose of management. objects for the purpose of management.
STD 16, RFC 1212 [2] which defines a more concise description * STD 16, RFC 1212 [2] which defines a more concise description
mechanism, but which is wholly consistent with the SMI. mechanism for describing and naming management information objects,
but which is wholly consistent with the SMI.
STD 15, RFC 1157 [3] which defines the Simple Network Management * STD 15, RFC 1157 [3] which defines the Simple Network Management
Protocol (SNMP), the protocol used for network access to managed Protocol (SNMP), the protocol used for network access to managed
objects. objects and event notification. Note this document also defines an
initial set of event notifications.
The SNMPv1 Data Definition Language. The first two of these Additionally, two documents are generally considered to be companions
documents (STD 16) describe the SNMPv1 data definition language. to these three:
SNMPv1 Definitions of Management Information. The data definition * STD 17, RFC 1213 [13] which contains definitions for the base
language described in these two documents was first used to define set of management information
the now-historic MIB-I as specified in RFC 1066 [12], and was
subsequently used to define MIB-II as specified in RFC 1213 [13]. * RFC 1215 [25] defines a concise description mechanism for
defining event notifications, which are called traps in the SNMPv1
protocol. It also specifies the generic traps from RFC 1157 in the
concise notation.
These documents describe the four parts of the first version of the
SNMP Framework.
3.1 The SNMPv1 Data Definition Language.
The first two and the last document describe the SNMPv1 data
definition language. Note that due to the initial requirement that
the SMI be protocol-independent, the first two SMI documents do not
provide a means for defining event notifications (traps). Instead,
the SNMP protocol document defines a few standardized event
notifications (generic traps) and provides a means for additional
event notifications to be defined. The last document specifies a
straight-forward approach towards defining event notifications used
with the SNMPv1 protocol. At the time that it was written, use of
traps in the Internet-standard network management framework was
controversial. As such, RFC 1215 was put forward with the status of
"Informational", which was never updated because it was believed that
the second version of the SNMP Framework would replace the first
version. Note that the SNMPv1 data definition language is sometimes
refered to as SMIv1.
3.2 Management Information.
The data definition language described in the first two documents was
first used to define the now-historic MIB-I as specified in RFC 1066
[12], and was subsequently used to define MIB-II as specified in RFC
1213 [13].
Later, after the publication of MIB-II, a different approach to Later, after the publication of MIB-II, a different approach to
management information definition was taken from the earlier approach management information definition was taken from the earlier approach
of having a single committee staffed by generalists work on a single of having a single committee staffed by generalists work on a single
document to define the Internet-standard MIB. Rather, many mini-MIB document to define the Internet-standard MIB. Rather, many mini-MIB
documents were produced in a parallel and distributed fashion by documents were produced in a parallel and distributed fashion by
groups chartered to produce a specification for a focused portion of groups chartered to produce a specification for a focused portion of
the Internet-standard MIB and staffed by personnel with expertise in the Internet-standard MIB and staffed by personnel with expertise in
those particular areas ranging from various aspects of network those particular areas ranging from various aspects of network
management, to system management, and application management. management, to system management, and application management.
SNMPv1 Protocol Operations. The third document, STD 15, describes 3.3 Protocol Operations.
the SNMPv1 protocol operations performed by protocol data units
(PDUs) on lists of variable bindings. The operators defined by SNMPv1
are: get, get-next, get-response, set-request, and trap. Typical
layering of SNMP on a connectionless transport service is also
defined.
SNMPv1 Security and Administration. Many of the concepts found in The third document, STD 15, describes the SNMPv1 protocol operations
the SNMPv3 security and administration are found in the SNMPv1 performed by protocol data units (PDUs) on lists of variable bindings
Framework. and describes the format of SNMPv1 messages. The operators defined by
SNMPv1 are: get, get-next, get-response, set-request, and trap.
Typical layering of SNMP on a connectionless transport service is
also defined.
3.4 SNMPv1 Security and Administration.
STD 15 also describes an approach to security and administration.
Many of these concepts are carried forward into the SNMPv3 Framework.
The SNMPv1 Framework describes the encapsulation of SNMPv1 PDUs in The SNMPv1 Framework describes the encapsulation of SNMPv1 PDUs in
SNMP messages between SNMP entities and distinguishes between SNMP messages between SNMP entities and distinguishes between
application entities and protocol entities. In SNMPv3, these are application entities and protocol entities. In SNMPv3, these are
renamed applications and engines, respectively. renamed applications and engines, respectively.
The SNMPv1 Framework also introduces the concept of an authentication The SNMPv1 Framework also introduces the concept of an authentication
service supporting one or more authentication schemes. In SNMPv3, service supporting one or more authentication schemes. In SNMPv3,
the concept of an authentication service is expanded to include other the concept of an authentication service is expanded to include other
services, such as privacy. services, such as privacy.
skipping to change at page 7, line 19 skipping to change at page 8, line 7
strings. This was a known fundamental weakness in the SNMPv1 strings. This was a known fundamental weakness in the SNMPv1
Framework but it was thought at that time that the definition of Framework but it was thought at that time that the definition of
commercial grade security might be contentious in its design and commercial grade security might be contentious in its design and
difficult to get approved because "security" means many different difficult to get approved because "security" means many different
things to different people. To that end, and because some users do things to different people. To that end, and because some users do
not require strong authentication, the SNMPv1 architected an not require strong authentication, the SNMPv1 architected an
authentication service as a separate block to be defined "later" and authentication service as a separate block to be defined "later" and
the SNMPv3 Framework provides an architecture for use within that the SNMPv3 Framework provides an architecture for use within that
block as well as a definition for its subsystems. block as well as a definition for its subsystems.
2.2.2 The SNMPv2 Management Framework 4. The SNMPv2 Management Framework
The SNMPv2 Management Framework is fully described in [4-9] and The SNMPv2 Management Framework is fully described in [4-9] and
coexistence and transition issues relating to SNMPv1 and SNMPv2 are coexistence and transition issues relating to SNMPv1 and SNMPv2 are
discussed in [10]. discussed in [10].
SNMPv2 provides several advantages over SNMPv1, including: SNMPv2 provides several advantages over SNMPv1, including:
* expanded data types (e.g., 64 bit counter) * expanded data types (e.g., 64 bit counter)
* improved efficiency and performance (get-bulk operator) * improved efficiency and performance (get-bulk operator)
skipping to change at page 7, line 44 skipping to change at page 8, line 32
* improved sets, especially row creation and deletion * improved sets, especially row creation and deletion
* fine tuning of the data definition language * fine tuning of the data definition language
However, the SNMPv2 Framework, as described in these documents, is However, the SNMPv2 Framework, as described in these documents, is
incomplete in that it does not meet the original design goals of the incomplete in that it does not meet the original design goals of the
SNMPv2 project. The unmet goals included provision of security and SNMPv2 project. The unmet goals included provision of security and
administration delivering so-called "commercial grade" security with administration delivering so-called "commercial grade" security with
authentication: origin identification, message integrity, and * authentication: origin identification, message integrity,
some aspects of replay protection; and some aspects of replay protection;
privacy: confidentiality; * privacy: confidentiality;
authorization and access control; and * authorization and access control; and
suitable remote configuration and administration capabilities for
these features. * suitable remote configuration and administration capabilities
for these features.
The SNMPv3 Management Framework, as described in this document and The SNMPv3 Management Framework, as described in this document and
the companion documents, addresses these significant deficiencies. the companion documents, addresses these significant deficiencies.
2.3 The SNMPv3 Working Group 5. The SNMPv3 Working Group
This document, and its companion documents, were produced by the This document, and its companion documents, were produced by the
SNMPv3 Working Group of the Internet Engineering Task Force (IETF). SNMPv3 Working Group of the Internet Engineering Task Force (IETF).
The SNMPv3 Working Group was chartered to prepare recommendations for The SNMPv3 Working Group was chartered to prepare recommendations for
the next generation of SNMP. The goal of the Working Group was to the next generation of SNMP. The goal of the Working Group was to
produce the necessary set of documents that will provide a single produce the necessary set of documents that provide a single standard
standard for the next generation of core SNMP functions. The single, for the next generation of core SNMP functions. The single, most
most critical need in the next generation is to define security and critical need in the next generation is a definition of security and
administration that makes SNMP-based management transactions secure administration that makes SNMP-based management transactions secure
in a way which is useful for users who wish to use SNMPv3 to manage in a way which is useful for users who wish to use SNMPv3 to manage
networks, the systems that make up those networks, and the networks, the systems that make up those networks, and the
applications which reside on those systems, including manager-to- applications which reside on those systems, including manager-to-
agent, agent-to-manager, and manager-to-manager transactions. agent, agent-to-manager, and manager-to-manager transactions.
In the several years prior to the chartering of the Working Group, In the several years prior to the chartering of the Working Group,
there were a number of activities aimed at incorporating security and there were a number of activities aimed at incorporating security and
other improvements to SNMP. These efforts included: other improvements to SNMP. These efforts included:
"SNMP Security" circa 1991-1992 [RFC 1351 - RFC 1353], * "SNMP Security" circa 1991-1992 [RFC 1351 - RFC 1353],
"SMP" circa 1992-1993, * "SMP" circa 1992-1993,
"The Party-based SNMPv2" circa 1993-1995 [RFC 1441 - RFC 1452]. * "The Party-based SNMPv2" circa 1993-1995 [RFC 1441 - RFC 1452].
Each of these efforts incorporated commercial grade, industrial Each of these efforts incorporated commercial grade, industrial
strength security including authentication, privacy, authorization, strength security including authentication, privacy, authorization,
view-based access control, and administration, including remote view-based access control, and administration, including remote
configuration. configuration.
These efforts fed the development of the SNMPv2 Management Framework These efforts fed the development of the SNMPv2 Management Framework
as described in RFCs 1902 - 1908. However, the Framework described as described in RFCs 1902 - 1908. However, the Framework described
in those RFCs had no standards-based security and administrative in those RFCs had no standards-based security and administrative
framework of its own; rather, it was associated with multiple framework of its own; rather, it was associated with multiple
security and administrative frameworks, including: security and administrative frameworks, including:
"The Community-based SNMPv2" (SNMPv2c) [RFC 1901], * "The Community-based SNMPv2" (SNMPv2c) [RFC 1901],
"SNMPv2u" [RFCs 1909 - 1910] and * "SNMPv2u" [RFCs 1909 - 1910] and
* "SNMPv2*."
"SNMPv2*."
SNMPv2c had the endorsement of the IETF but no security and SNMPv2c had the endorsement of the IETF but no security and
administration whereas both SNMPv2u and SNMPv2* had security but administration whereas both SNMPv2u and SNMPv2* had security but
lacked the endorsement of the IETF. lacked the endorsement of the IETF.
The SNMPv3 Working Group was chartered to produce a single set of The SNMPv3 Working Group was chartered to produce a single set of
specifications for the next generation of SNMP, based upon a specifications for the next generation of SNMP, based upon a
convergence of the concepts and technical elements of SNMPv2u and convergence of the concepts and technical elements of SNMPv2u and
SNMPv2*, as was suggested by an advisory team which was formed to SNMPv2*, as was suggested by an advisory team which was formed to
provide a single recommended approach for SNMP evolution. provide a single recommended approach for SNMP evolution.
In so doing, the Working Group charter defined the following In so doing, the Working Group charter defined the following
objectives: objectives:
accommodate the wide range of operational environments with * accommodate the wide range of operational environments with
differing management demands; differing management demands;
facilitate the need to transition from previous, multiple * facilitate the need to transition from previous, multiple
protocols to SNMPv3; protocols to SNMPv3;
facilitate the ease of setup and maintenance activities. * facilitate the ease of setup and maintenance activities.
In the initial work of the SNMPv3 Working Group, the group focused on In the initial work of the SNMPv3 Working Group, the group focused on
security and administration, including security and administration, including
authentication and privacy, * authentication and privacy,
authorization and view-based access control, and * authorization and view-based access control, and
standards-based remote configuration of the above. * standards-based remote configuration of the above.
The SNMPv3 Working Group did not "reinvent the wheel," but reused the The SNMPv3 Working Group did not "reinvent the wheel," but reused the
SNMPv2 Draft Standard documents, i.e., RFCs 1902 through 1908. SNMPv2 Draft Standard documents, i.e., RFCs 1902 through 1908.
The SNMPv3 Working Group produced a design based on a modular The SNMPv3 Working Group produced a design based on a modular
architecture with evolutionary capabilities with emphasis on architecture with evolutionary capabilities with emphasis on
layering. As a result, SNMPv3 is SNMPv2 plus security and layering. As a result, SNMPv3 is SNMPv2 plus security and
administration. administration.
In doing so, the Working Group achieved the goal of producing a In doing so, the Working Group achieved the goal of producing a
single specification which has both the endorsement of the IETF and single specification which has both the endorsement of the IETF and
security and administration. security and administration.
3. SNMPv3 Framework Module Specifications 6. SNMPv3 Framework Module Specifications
The specification of the SNMPv3 Management Framework is partitioned The specification of the SNMPv3 Management Framework is partitioned
in a modular fashion among several documents. It is the intention of in a modular fashion among several documents. It is the intention of
the SNMPv3 Working Group that, with proper care, any or all of the the SNMPv3 Working Group that, with proper care, any or all of the
individual documents can be revised, upgraded, or replaced as individual documents can be revised, upgraded, or replaced as
requirements change, new understandings are obtained, and new requirements change, new understandings are obtained, and new
technologies become available. technologies become available.
Whenever feasible, the initial document set which defines the SNMPv3 Whenever feasible, the initial document set which defines the SNMPv3
Management Framework leverages prior investments defining and Management Framework leverages prior investments defining and
skipping to change at page 10, line 28 skipping to change at page 11, line 28
Framework. Framework.
The SNMPv3 Framework augments those specifications with The SNMPv3 Framework augments those specifications with
specifications for security and administration for SNMPv3. specifications for security and administration for SNMPv3.
The documents which specify the SNMPv3 Management Framework follow The documents which specify the SNMPv3 Management Framework follow
the same architecture as those of the prior versions and can be the same architecture as those of the prior versions and can be
organized for expository purposes into four main categories as organized for expository purposes into four main categories as
follows: follows:
the data definition language, * the data definition language,
Management Information Base (MIB) modules, * Management Information Base (MIB) modules,
protocol operations, and * protocol operations, and
security and administration. * security and administration.
The first three sets of documents are incorporated from SNMPv2. The The first three sets of documents are incorporated from SNMPv2. The
fourth set of documents are new to SNMPv3, but, as described fourth set of documents are new to SNMPv3, but, as described
previously, build on significant prior related works. previously, build on significant prior related works.
3.1 Data Definition Language 6.1 Data Definition Language
The specifications of the data definition language includes RFC 1902, The specifications of the data definition language includes RFC 1902,
"The Structure of Management Information for Version 2 of the Simple "The Structure of Management Information for Version 2 of the Simple
Network Management Protocol (SNMPv2)" [4], and related Network Management Protocol (SNMPv2)" [4], and related
specifications. The Structure of Management Information (SMI) specifications. The Structure of Management Information (SMI)
defines fundamental data types, an object model, and the rules for defines fundamental data types, an object model, and the rules for
writing and revising MIB modules. Related specifications include RFC writing and revising MIB modules. Related specifications include RFC
1903 and RFC 1904. 1903 and RFC 1904. The updated data definition language is sometimes
refered to as SMIv2.
RFC 1903, "Textual Conventions for Version 2 of the Simple Network RFC 1903, "Textual Conventions for Version 2 of the Simple Network
Management Protocol (SNMPv2)" [5], defines an initial set of Management Protocol (SNMPv2)" [5], defines an initial set of
shorthand abbreviations which are available for use within all MIB shorthand abbreviations which are available for use within all MIB
modules for the convenience of human readers and writers. modules for the convenience of human readers and writers.
RFC 1904, "Conformance Statements for Version 2 of the Simple Network RFC 1904, "Conformance Statements for Version 2 of the Simple Network
Management Protocol (SNMPv2)" [6], defines the format for compliance Management Protocol (SNMPv2)" [6], defines the format for compliance
statements which are used for describing requirements for agent statements which are used for describing requirements for agent
implementations and capability statements which can be used to implementations and capability statements which can be used to
document the characteristics of particular implementations. document the characteristics of particular implementations.
3.2 MIB Modules 6.2 MIB Modules
MIB modules usually contain object definitions, may contain MIB modules usually contain object definitions, may contain
definitions of notifications, and sometimes include compliance definitions of event notifications, and sometimes include compliance
statements specified in terms of appropriate object groups. As such, statements specified in terms of appropriate object and event
MIB modules define the management information maintained by the notification groups. As such, MIB modules define the management
instrumentation in managed nodes, made remotely accessible by information maintained by the instrumentation in managed nodes, made
management agents, conveyed by the management protocol, and remotely accessible by management agents, conveyed by the management
manipulated by management applications. protocol, and manipulated by management applications.
MIB modules are defined according the rules defined in the documents MIB modules are defined according the rules defined in the documents
which specify the data definition language, principally the SMI as which specify the data definition language, principally the SMI as
supplemented by the related specifications. supplemented by the related specifications.
There is a large and growing number of standards-based MIB modules, There is a large and growing number of standards-based MIB modules,
as defined in the periodically updated list of standard protocols as defined in the periodically updated list of standard protocols
[STD 0001, RFC 2000]. As of this writing, there are nearly 100 [STD 0001, RFC 2000]. As of this writing, there are nearly 100
standards-based MIB modules with a total number of defined objects standards-based MIB modules with a total number of defined objects
approaching 10,000. In addition, there is an even larger and growing approaching 10,000. In addition, there is an even larger and growing
number of enterprise-specific MIB modules defined unilaterally by number of enterprise-specific MIB modules defined unilaterally by
various vendors, research groups, consortia, and the like resulting various vendors, research groups, consortia, and the like resulting
in an unknown and virtually uncountable number of defined objects. in an unknown and virtually uncountable number of defined objects.
In general, management information defined in any MIB module, In general, management information defined in any MIB module,
regardless of the version of the data definition language used, can regardless of the version of the data definition language used, can
be used with any version of the protocol. For example, MIB modules be used with any version of the protocol. For example, MIB modules
defined in terms of the SNMPv1 SMI are compatible with the SNMPv3 defined in terms of the SNMPv1 SMI (SMIv1) are compatible with the
Management Framework and can be conveyed by the protocols specified SNMPv3 Management Framework and can be conveyed by the protocols
therein. Furthermore, MIB modules defined in terms of the SNMPv2 SMI specified therein. Furthermore, MIB modules defined in terms of the
are compatible with SNMPv1 protocol operations and can be conveyed by SNMPv2 SMI (SMIv2) are compatible with SNMPv1 protocol operations and
it. However, there is one noteworthy exception: the Counter64 can be conveyed by it. However, there is one noteworthy exception:
datatype which can be defined in a MIB module defined in SNMPv2 the Counter64 datatype which can be defined in a MIB module defined
format but which cannot be conveyed by an SNMPv1 protocol engine. in SMIv2 format but which cannot be conveyed by an SNMPv1 protocol
engine.
3.3 Protocol Operations and Transport Mappings 6.3 Protocol Operations and Transport Mappings
The specifications for the protocol operations and transport mappings The specifications for the protocol operations and transport mappings
of the SNMPv3 Framework are incorporated by reference to two SNMPv2 of the SNMPv3 Framework are incorporated by reference to the two
Framework documents. SNMPv2 Framework documents.
The specification for protocol operations is found in RFC 1905, The specification for protocol operations is found in RFC 1905,
"Protocol Operations for Version 2 of the Simple Network Management "Protocol Operations for Version 2 of the Simple Network Management
Protocol (SNMPv2)" [7]. Protocol (SNMPv2)" [7].
The specification of transport mappings is found in RFC 1906, The specification of transport mappings is found in RFC 1906,
"Transport Mappings for Version 2 of the Simple Network Management "Transport Mappings for Version 2 of the Simple Network Management
Protocol (SNMPv2)" [8]. Protocol (SNMPv2)" [8].
3.4 SNMPv3 Security and Administration 6.4 SNMPv3 Security and Administration
The SNMPv3 document series defined by the SNMPv3 Working Group The SNMPv3 document series defined by the SNMPv3 Working Group
consists of six [seven] documents at this time: consists of six [seven] documents at this time:
RFC xxxx, "Introduction to the Third Version of the Internet RFC xxxx, "Introduction to the Third Version of the Internet
Standard Management Framework (SNMPv3)," which is this document. Standard Management Framework (SNMPv3)," which is this document.
RFC 2271, "An Architecture for Describing SNMP Management RFC 2271, "An Architecture for Describing SNMP Management
Frameworks" [15], describes the overall architecture with special Frameworks" [15], describes the overall architecture with special
emphasis on the architecture for security and administration. emphasis on the architecture for security and administration.
skipping to change at page 13, line 5 skipping to change at page 14, line 5
provide SNMP message-level security. provide SNMP message-level security.
RFC 2275, "View-based Access Control Model for the Simple Network RFC 2275, "View-based Access Control Model for the Simple Network
Management Protocol (SNMP)" [19], describes how view-based access Management Protocol (SNMP)" [19], describes how view-based access
control can be applied within command responder and notification control can be applied within command responder and notification
originator applications. originator applications.
RFC yyyy, "SNMPv3 Coexistence and Transition" [20], does not exist RFC yyyy, "SNMPv3 Coexistence and Transition" [20], does not exist
yet and is still in development. yet and is still in development.
4. Document Summaries 7. Document Summaries
The following sections provide brief summaries of each document with The following sections provide brief summaries of each document with
slightly more detail than is provided in the overviews, above. slightly more detail than is provided in the overviews, above.
4.1 Structure of Management Information 7.1 Structure of Management Information
Management information is viewed as a collection of managed objects, Management information is viewed as a collection of managed objects,
residing in a virtual information store, termed the Management residing in a virtual information store, termed the Management
Information Base (MIB). Collections of related objects are defined Information Base (MIB). Collections of related objects are defined
in MIB modules. These modules are written using a subset of OSI's in MIB modules. These modules are written in the SNMP MIB module
Abstract Syntax Notation One (ASN.1) [11]. It is the purpose of RFC language, which contains elements of OSI's Abstract Syntax Notation
1902, the Structure of Management Information for SNMPv2 [4], to One (ASN.1) [11] language. RFC 1902, RFC 1903, and RFC 1904 together
define that subset. define the MIB module language, specify the base data types for
objects, specify a core set of short-hand specifications for data
types called textual conventions, and specify a few administrative
assignments of object identifier (OID) values.
The SMI is divided into three parts: module definitions, object The SMI is divided into three parts: module definitions, object
definitions, and, trap definitions. definitions, and, trap definitions.
(1) Module definitions are used when describing information modules. (1) Module definitions are used when describing information modules.
An ASN.1 macro, MODULE-IDENTITY, is used to convey concisely the An ASN.1 macro, MODULE-IDENTITY, is used to convey concisely the
semantics of an information module. semantics of an information module.
(2) Object definitions are used when describing managed objects. An (2) Object definitions are used when describing managed objects. An
ASN.1 macro, OBJECT-TYPE, is used to convey concisely the syntax ASN.1 macro, OBJECT-TYPE, is used to convey concisely the syntax
and semantics of a managed object. and semantics of a managed object.
(3) Notification definitions are used when describing unsolicited (3) Notification definitions are used when describing unsolicited
transmissions of management information. An ASN.1 macro, transmissions of management information. An ASN.1 macro,
NOTIFICATION-TYPE, is used to convey concisely the syntax and NOTIFICATION-TYPE, is used to convey concisely the syntax and
semantics of a notification. semantics of a notification.
4.2 Textual Conventions 7.1.1 Base SMI Specification
When designing a MIB module, it is often useful to define new types RFC 1902 specifies the base data types for the MIB module language,
similar to those defined in the SMI. In comparison to a type defined which include: Integer32, enumerated integers, Unsigned32, Gauge32,
in the SMI, each of these new types has a different name, a similar Counter32, Counter64, TimeTicks, OCTET STRING, OBJECT IDENTIFIER,
syntax, but a more precise semantics. These newly defined types are IpAddress, Opaque, and BITS. It also assigns values to several object
termed textual conventions, and are used for the convenience of identifiers. RFC 1902 further defines the following constructs of
humans reading the MIB module. It is the purpose of RFC 1903, the MIB module language:
Textual Conventions for SNMPv2 [5], to define the initial set of
textual conventions available to all MIB modules.
Objects defined using a textual convention are always encoded by * IMPORTS to allow the specification of items that are used
means of the rules that define their primitive type. However, in a MIB module, but defined in another MIB module.
textual conventions often have special semantics associated with
them. As such, an ASN.1 macro, TEXTUAL-CONVENTION, is used to convey
concisely the syntax and semantics of a textual convention.
4.3 Conformance Statements * MODULE-IDENTITY to specify for a MIB module a description
and administrative information such as contact and revision
history.
* OBJECT-IDENTITY and OID value assignments to specify a
an OID value.
* OBJECT-TYPE to specify the data type, status, and the semantics
of managed objects.
* SEQUENCE type assignement to list the columnar objects in
a table.
* NOTIFICATION-TYPE construct to describe an event notification.
7.1.2 Textual Conventions
When designing a MIB module, it is often useful to specify in a
short-hand way the semantics for a set of objects with similar
behavior. This is done by defining a new data type using a base data
type specified in the SMI. Each new type has a different name, and
specifies a base type with more restrictive semantics. These newly
defined types are termed textual conventions, and are used for the
convenience of humans reading a MIB module and potentially by
"intelligent" management applications. It is the purpose of RFC
1903, Textual Conventions for SNMPv2 [5], to define the construct,
TEXTUAL-CONVENTION, of the MIB module language used to define such
new types and to specify an initial set of textual conventions
available to all MIB modules.
7.1.3 Conformance Statements
It may be useful to define the acceptable lower-bounds of It may be useful to define the acceptable lower-bounds of
implementation, along with the actual level of implementation implementation, along with the actual level of implementation
achieved. It is the purpose of RFC 1904, Conformance Statements for achieved. It is the purpose of RFC 1904, Conformance Statements for
SNMPv2 [6], to define the notation used for these purposes. There SNMPv2 [6], to define the constructs of the MIB module language used
are two kinds of notations: for these purposes. There are two kinds of constructs:
(1) Compliance statements are used when describing requirements for (1) Compliance statements are used when describing requirements for
agents with respect to object definitions. An ASN.1 macro, agents with respect to object and event notification definitions.
MODULE-COMPLIANCE, is used to convey concisely such requirements. The MODULE-COMPLIANCE construct is used to convey concisely
such requirements.
(2) Capability statements are used when describing capabilities of (2) Capability statements are used when describing capabilities of
agents with respect to object definitions. An ASN.1 macro, AGENT- agents with respect to object and event notification definitions.
CAPABILITIES, is used to convey concisely such capabilities. The AGENT-CAPABILITIES construct is used to convey concisely such
capabilities.
Finally, collections of related objects are grouped together to form Finally, collections of related objects and collections of related
a unit of conformance. An ASN.1 macro, OBJECT-GROUP, is used to event notifications are grouped together to form a unit of
convey concisely the syntax and semantics of a group. conformance. The OBJECT-GROUP construct is used to convey concisely
the objects in and the semantics of an object group. The
NOTIFICATION-GROUP construct is used to convey concisely the event
notifications in and the semantics of an event notification group.
4.4 Protocol Operations 7.2 Protocol Operations
The management protocol provides for the exchange of messages which The management protocol provides for the exchange of messages which
convey management information between the agents and the management convey management information between the agents and the management
stations. The form of these messages is a message "wrapper" which stations. The form of these messages is a message "wrapper" which
encapsulates a Protocol Data Unit (PDU). encapsulates a Protocol Data Unit (PDU).
It is the purpose of RFC 1905, Protocol Operations for SNMPv2 [7], to It is the purpose of RFC 1905, Protocol Operations for SNMPv2 [7], to
define the operations of the protocol with respect to the sending and define the operations of the protocol with respect to the sending and
receiving of the PDUs. receiving of the PDUs.
4.5 Transport Mappings 7.3 Transport Mappings
The management protocol, version 2 of the Simple Network Management SNMP Messages may be used over a variety of protocol suites. It is
Protocol, may be used over a variety of protocol suites. It is the the purpose of RFC 1906, Transport Mappings for SNMPv2 [8], to define
purpose of RFC 1906, Transport Mappings for SNMPv2 [8], to define how how SNMP messages maps onto an initial set of transport domains.
SNMPv2 maps onto an initial set of transport domains. Other mappings Other mappings may be defined in the future.
may be defined in the future.
Although several mappings are defined, the mapping onto UDP is the Although several mappings are defined, the mapping onto UDP is the
preferred mapping. As such, to provide for the greatest level of preferred mapping. As such, to provide for the greatest level of
interoperability, systems which choose to deploy other mappings interoperability, systems which choose to deploy other mappings
should also provide for proxy service to the UDP mapping. should also provide for proxy service to the UDP mapping.
4.6 Protocol Instrumentation 7.4 Protocol Instrumentation
It is the purpose of RFC 1907, the Management Information Base for It is the purpose of RFC 1907, the Management Information Base for
SNMPv2 document [9] to define managed objects which describe the SNMPv2 document [9] to define managed objects which describe the
behavior of an SNMPv2 entity. behavior of an SNMPv2 entity.
4.7 Architecture / Security and Administration 7.5 Architecture / Security and Administration
It is the purpose of RFC 2271, "SNMPv3 Architecture" [15], to define It is the purpose of RFC 2271, "SNMPv3 Architecture" [15], to define
an architecture for defining SNMP Management Frameworks. While an architecture for defining SNMP Management Frameworks. While
addressing general architectural issues, it focuses on aspects addressing general architectural issues, it focuses on aspects
related to security and administration. It defines a number of terms related to security and administration. It defines a number of terms
used throughout the SNMPv3 Management Framework and, in so doing, used throughout the SNMPv3 Management Framework and, in so doing,
clarifies and extends the naming of clarifies and extends the naming of
engines and applications, * engines and applications,
entities (service providers such as the engines in agents and
managers),
identities (service users), and * entities (service providers such as the engines in agents
and managers),
* identities (service users), and
management information, including support for multiple logical * management information, including support for multiple
contexts. logical contexts.
The document contains a small MIB module which is implemented by all The document contains a small MIB module which is implemented by all
authoritative SNMPv3 protocol engines. authoritative SNMPv3 protocol engines.
4.8 Message Processing and Dispatch (MPD) 7.6 Message Processing and Dispatch (MPD)
RFC 2272, "Message Processing and Dispatching for the Simple Network RFC 2272, "Message Processing and Dispatching for the Simple Network
Management Protocol (SNMP)" [16], describes the Message Processing Management Protocol (SNMP)" [16], describes the Message Processing
and Dispatching for SNMP messages within the SNMP architecture. It and Dispatching for SNMP messages within the SNMP architecture. It
defines the procedures for dispatching potentially multiple versions defines the procedures for dispatching potentially multiple versions
of SNMP messages to the proper SNMP Message Processing Models, and of SNMP messages to the proper SNMP Message Processing Models, and
for dispatching PDUs to SNMP applications. This document also for dispatching PDUs to SNMP applications. This document also
describes one Message Processing Model - the SNMPv3 Message describes one Message Processing Model - the SNMPv3 Message
Processing Model. Processing Model.
It is expected that an SNMPv3 protocol engine MUST support at least It is expected that an SNMPv3 protocol engine MUST support at least
one Message Processing Model. An SNMPv3 protocol engine MAY support one Message Processing Model. An SNMPv3 protocol engine MAY support
more than one, for example in a multilingual system which provides more than one, for example in a multilingual system which provides
simultaneous support of SNMPv3 and SNMPv1 and/or SNMPv2c. simultaneous support of SNMPv3 and SNMPv1 and/or SNMPv2c.
4.9 SNMPv3 Applications 7.7 SNMPv3 Applications
It is the purpose of RFC 2273, "SNMPv3 Applications" to describe the It is the purpose of RFC 2273, "SNMPv3 Applications" to describe the
five types of applications which can be associated with an SNMP five types of applications which can be associated with an SNMP
engine. They are: Command Generators, Command Responders, engine. They are: Command Generators, Command Responders,
Notification Originators, Notification Receivers, and Proxy Notification Originators, Notification Receivers, and Proxy
Forwarders. Forwarders.
The document also defines MIB modules for specifying targets of The document also defines MIB modules for specifying targets of
management operations (including notifications), for notification management operations (including notifications), for notification
filtering, and for proxy forwarding. filtering, and for proxy forwarding.
4.10 User-based Security Model (USM) 7.8 User-based Security Model (USM)
RFC 2274, the "User-based Security Model (USM) for version 3 of the RFC 2274, the "User-based Security Model (USM) for version 3 of the
Simple Network Management Protocol (SNMPv3)" describes the User-based Simple Network Management Protocol (SNMPv3)" describes the User-based
Security Model for SNMPv3. It defines the Elements of Procedure for Security Model for SNMPv3. It defines the Elements of Procedure for
providing SNMP message-level security. providing SNMP message-level security.
The document describes the two primary and two secondary threats The document describes the two primary and two secondary threats
which are defended against by the User-based Security Model. They which are defended against by the User-based Security Model. They
are: modification of information, masquerade, message stream are: modification of information, masquerade, message stream
modification, and [optionally] disclosure. modification, and [optionally] disclosure.
The USM utilizes MD5 [21] and the Secure Hash Algorithm [22] as keyed The USM utilizes MD5 [21] and the Secure Hash Algorithm [22] as keyed
hashing algorithms [22] for digest computation to provide data hashing algorithms [22] for digest computation to provide data
integrity integrity
to directly protect against data modification attacks,
to indirectly provide data origin authentication, and * to directly protect against data modification attacks,
to defend against masquerade attacks. * to indirectly provide data origin authentication, and
* to defend against masquerade attacks.
The USM uses loosely synchronized monotonically increasing time The USM uses loosely synchronized monotonically increasing time
indicators to defend against certain message stream modification indicators to defend against certain message stream modification
attacks. Automatic clock synchronization mechanisms based on the attacks. Automatic clock synchronization mechanisms based on the
protocol are specified without dependence on third-party time sources protocol are specified without dependence on third-party time sources
and concomitant security considerations. and concomitant security considerations.
The USM uses the Data Encryption Standard (DES) [24] in the cipher The USM uses the Data Encryption Standard (DES) [24] in the cipher
block chaining mode (CBC) [optionally] to protect against disclosure. block chaining mode (CBC) [optionally] to protect against disclosure.
skipping to change at page 16, line 51 skipping to change at page 18, line 36
distribution and key management. distribution and key management.
A single protocol entity may provide simultaneous support for A single protocol entity may provide simultaneous support for
multiple security models as well as multiple authentication and multiple security models as well as multiple authentication and
privacy protocols. All of the protocols used by the USM are based on privacy protocols. All of the protocols used by the USM are based on
symmetric cryptography, i.e., private key mechanisms. The SNMPv3 symmetric cryptography, i.e., private key mechanisms. The SNMPv3
architecture admits the use of public key cryptography, but as of architecture admits the use of public key cryptography, but as of
this writing, no SNMPv3 security models utilizing public key this writing, no SNMPv3 security models utilizing public key
cryptography have been published. cryptography have been published.
4.11 View-based Access Control (VACM) 7.9 View-based Access Control (VACM)
The purpose of RFC 2275, the "View-based Access Control Model (VACM) The purpose of RFC 2275, the "View-based Access Control Model (VACM)
for the Simple Network Management Protocol (SNMP)" is to describe the for the Simple Network Management Protocol (SNMP)" is to describe the
View-based Access Control Model for use in the SNMP architecture. View-based Access Control Model for use in the SNMP architecture.
The VACM can simultaneously be associated in a single engine The VACM can simultaneously be associated in a single engine
implementation with multiple Message Processing Models and multiple implementation with multiple Message Processing Models and multiple
Security Models. Security Models.
It is architecturally possible to have multiple, different, Access It is architecturally possible to have multiple, different, Access
Control Models active and present simultaneously in a single engine Control Models active and present simultaneously in a single engine
implementation, but this is expected to be *_very_* rare in practice implementation, but this is expected to be *_very_* rare in practice
and *_far_* less common than simultaneous support for multiple and *_far_* less common than simultaneous support for multiple
Message Processing Models and/or multiple Security Models. Message Processing Models and/or multiple Security Models.
4.12 SNMPv3 Coexistence and Transition 7.10 SNMPv3 Coexistence and Transition
This document does not exist yet. It needs to contain: This document does not exist yet. It needs to contain:
background of 2 approaches to coexistence and transition background of 2 approaches to coexistence and transition
multilingual approach multilingual approach
proxy approach proxy approach
mapping functions derived from rfc 2089 but incorporated by value mapping functions derived from rfc 2089 but incorporated by value
rather than by reference in order to get these functions onto the rather than by reference in order to get these functions onto the
standards track and to fix up any lingering problems standards track and to fix up any lingering problems
a community-based security model consistent with the architecture a community-based security model consistent with the architecture
and containing a suitable MIB module for remote configuration thereof and containing a suitable MIB module for remote configuration thereof
for use by multilingual engines supporting snmpv1 and snmpv2c in for use by multilingual engines supporting snmpv1 and snmpv2c in
addition to snmpv3 addition to snmpv3
This could be multiple documents, but it really isn't necessary to have more This could be multiple documents, but it really isn't necessary to have more
than one and fewer are better than many. than one and fewer are better than many.
5. Security Considerations 8. Security Considerations
As this document is primarily a roadmap document, it introduces no As this document is primarily a roadmap document, it introduces no
new security considerations. The reader is referred to the relevant new security considerations. The reader is referred to the relevant
sections of each of the referenced documents for information about sections of each of the referenced documents for information about
security considerations. security considerations.
6. Editors' Addresses 9. Editors' Addresses
Jeffrey Case Jeffrey Case
SNMP Research, Inc. SNMP Research, Inc.
3001 Kimberlin Heights Road 3001 Kimberlin Heights Road
Knoxville, TN 37920-9716 Knoxville, TN 37920-9716
USA USA
Phone: +1 423 573 1434 Phone: +1 423 573 1434
EMail: case@snmp.com EMail: case@snmp.com
Russ Mundy Russ Mundy
skipping to change at page 19, line 5 skipping to change at page 21, line 5
Email: partain@europe.snmp.com Email: partain@europe.snmp.com
Bob Stewart Bob Stewart
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134-1706 San Jose, CA 95134-1706
U.S.A. U.S.A.
Phone: +1 603 654 6923 Phone: +1 603 654 6923
EMail: bstewart@cisco.com EMail: bstewart@cisco.com
7. Full Copyright Statement 10. Full Copyright Statement
Copyright (C) The Internet Society (1998). All Rights Reserved. Copyright (C) The Internet Society (1998). All Rights Reserved.
This document and translations of it may be copied and furnished to This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it others, and derivative works that comment on or otherwise explain it
or assist in its implmentation may be prepared, copied, published and or assist in its implmentation may be prepared, copied, published and
distributed, in whole or in part, without restriction of any kind, distributed, in whole or in part, without restriction of any kind,
provided that the above copyright notice and this paragraph are provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing document itself may not be modified in any way, such as by removing
skipping to change at page 19, line 33 skipping to change at page 21, line 33
The limited permissions granted above are perpetual and will not be The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns. revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."
8. References 11. References
[1] Rose, M., and K. McCloghrie, "Structure and Identification of [1] Rose, M., and K. McCloghrie, "Structure and Identification of
Management Information for TCP/IP-based internets", STD 16, RFC Management Information for TCP/IP-based internets", STD 16, RFC
1155, May 1990. 1155, May 1990.
[2] Rose, M., and K. McCloghrie, "Concise MIB Definitions", STD 16, [2] Rose, M., and K. McCloghrie, "Concise MIB Definitions", STD 16,
RFC 1212, March 1991. RFC 1212, March 1991.
[3] Case, J., Fedor, M., Schoffstall, M., Davin, J., "Simple Network [3] Case, J., Fedor, M., Schoffstall, M., Davin, J., "Simple Network
Management Protocol", STD 15, RFC 1157, SNMP Research, Performance Management Protocol", STD 15, RFC 1157, SNMP Research, Performance
skipping to change at line 880 skipping to change at page 23, line 33
http://csrc.nist.gov/fips/fip180-1.ps (Postscript) http://csrc.nist.gov/fips/fip180-1.ps (Postscript)
[23] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: [23] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC:
Keyed-Hashing for Message Authentication", RFC 2104, February Keyed-Hashing for Message Authentication", RFC 2104, February
1997. 1997.
[24] Data Encryption Standard, National Institute of Standards [24] Data Encryption Standard, National Institute of Standards
and Technology. Federal Information Processing Standard (FIPS) and Technology. Federal Information Processing Standard (FIPS)
Publication 46-1. Supersedes FIPS Publication 46, (January, 1977; Publication 46-1. Supersedes FIPS Publication 46, (January, 1977;
reaffirmed January, 1988). reaffirmed January, 1988).
[25] M.T. Rose, "A Convention for Defining Traps for use with the
SNMP", RFC 1215, March 1991.
 End of changes. 87 change blocks. 
148 lines changed or deleted 226 lines changed or added

This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/