draft-ietf-snmpv3-intro-03.txt   draft-ietf-snmpv3-intro-04.txt 
INTERNET-DRAFT Jeffrey D. Case INTERNET-DRAFT Jeffrey D. Case
SNMP Research, Inc. SNMP Research, Inc.
Russ Mundy Russ Mundy
Trusted Information Systems, Inc. TIS Labs at Network Associates, Inc.
David Partain David Partain
SNMP Research Europe SNMP Research Europe
Bob Stewart Bob Stewart
Cisco Systems Cisco Systems
Introduction to Version 3 of the Introduction to Version 3 of the
Internet-standard Network Management Framework Internet standard Network Management Framework
1999/01/21 22:03:06 1999/02/10 14:47:33
draft-ietf-snmpv3-intro-03.txt draft-ietf-snmpv3-intro-04.txt
1.12 -- 1999/01/21 22:03:06 1.13 -- 1999/02/10 14:47:33
Status of this Memo Status of this Memo
This document is an Internet-Draft. Internet-Drafts are working This document is an Internet-Draft and is in full conformance with all
documents of the Internet Engineering Task Force (IETF), its areas, and provisions of Section 10 of RFC2026.
its working groups. Note that other groups may also distribute working
documents as Internet-Drafts. Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other groups
may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference material time. It is inappropriate to use Internet-Drafts as reference material
or to cite them other than as "work in progress." or to cite them other than as "work in progress."
To view the entire list of current Internet-Drafts, please check the The list of current Internet-Drafts can be accessed at
"1id-abstracts.txt" listing contained in the Internet-Drafts Shadow http://www.ietf.org/ietf/1id-abstracts.txt
Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern Europe),
ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific Rim), The list of Internet-Draft Shadow Directories can be accessed at
ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast). http://www.ietf.org/shadow.html.
Abstract Abstract
The purpose of this document is to provide an overview of the The purpose of this document is to provide an overview of the
third version of the Internet-standard Management Framework, third version of the Internet-standard Management Framework,
termed the SNMP version 3 Framework (SNMPv3). This Framework is termed the SNMP version 3 Framework (SNMPv3). This Framework is
derived from and builds upon both the original Internet-standard derived from and builds upon both the original Internet-standard
Management Framework (SNMPv1) and the second Internet-standard Management Framework (SNMPv1) and the second Internet-standard
Management Framework (SNMPv2). Management Framework (SNMPv2).
skipping to change at page 13, line 28 skipping to change at page 14, line 28
The specification of transport mappings is found in RFC 1906, "Transport The specification of transport mappings is found in RFC 1906, "Transport
Mappings for Version 2 of the Simple Network Management Protocol Mappings for Version 2 of the Simple Network Management Protocol
(SNMPv2)" [8]. (SNMPv2)" [8].
6.4. SNMPv3 Security and Administration 6.4. SNMPv3 Security and Administration
The SNMPv3 document series defined by the SNMPv3 Working Group consists The SNMPv3 document series defined by the SNMPv3 Working Group consists
of seven documents at this time: of seven documents at this time:
RFC xxxx (draft-ietf-snmpv3-intro-03.txt), "Introduction to RFC xxxx (draft-ietf-snmpv3-intro-04.txt), "Introduction to
Version 3 of the Internet-standard Network Management Framework", Version 3 of the Internet-standard Network Management Framework",
which is this document. which is this document.
RFC xxx1 (draft-ietf-snmpv3-arch-03.txt), "An Architecture for RFC xxx1 (draft-ietf-snmpv3-arch-05.txt), "An Architecture for
Describing SNMP Management Frameworks" [15], describes the overall Describing SNMP Management Frameworks" [15], describes the overall
architecture with special emphasis on the architecture for architecture with special emphasis on the architecture for
security and administration. security and administration.
RFC xxx2 (draft-ietf-snmpv3-mpc-03.txt), "Message Processing and RFC xxx2 (draft-ietf-snmpv3-mpc-05.txt), "Message Processing and
Dispatching for the Simple Network Management Protocol (SNMP)" Dispatching for the Simple Network Management Protocol (SNMP)"
[16], describes the possibly multiple message processing models [16], describes the possibly multiple message processing models
and the dispatcher portion that can be a part of an SNMP protocol and the dispatcher portion that can be a part of an SNMP protocol
engine. engine.
RFC xxx3 (draft-ietf-snmpv3-appl-v2-02.txt), "SNMP Applications" RFC xxx3 (draft-ietf-snmpv3-appl-v2-03.txt), "SNMP Applications"
[17], describes the five types of applications that can be [17], describes the five types of applications that can be
associated with an SNMPv3 engine and their elements of procedure. associated with an SNMPv3 engine and their elements of procedure.
RFC xxx4 (draft-ietf-snmpv3-usm-v2-04.txt), "The User-Based RFC xxx4 (draft-ietf-snmpv3-usm-v2-05.txt), "The User-Based
Security Model for Version 3 of the Simple Network Management Security Model for Version 3 of the Simple Network Management
Protocol (SNMPv3)" [18], describes the threats, mechanisms, Protocol (SNMPv3)" [18], describes the threats, mechanisms,
protocols, and supporting data used to provide SNMP message-level protocols, and supporting data used to provide SNMP message-level
security. security.
RFC xxx5 (draft-ietf-snmpv3-vacm-03.txt), "View-based Access RFC xxx5 (draft-ietf-snmpv3-vacm-04.txt), "View-based Access
Control Model for the Simple Network Management Protocol (SNMP)" Control Model for the Simple Network Management Protocol (SNMP)"
[19], describes how view-based access control can be applied [19], describes how view-based access control can be applied
within command responder and notification originator applications. within command responder and notification originator applications.
RFC yyyy (draft-ietf-snmpv3-coex-03.txt), "Coexistence between RFC yyyy (draft-ietf-snmpv3-coex-03.txt), "Coexistence between
Version 1, Version 2, and Version 3 of the Internet-standard Version 1, Version 2, and Version 3 of the Internet-standard
Network Management Framework" [20], describes coexistence between Network Management Framework" [20], describes coexistence between
the SNMPv3 Management Framework, the SNMPv2 Management Framework, the SNMPv3 Management Framework, the SNMPv2 Management Framework,
and the original SNMPv1 Management Framework. and the original SNMPv1 Management Framework.
skipping to change at page 18, line 7 skipping to change at page 19, line 7
also provide for proxy service to the UDP mapping. also provide for proxy service to the UDP mapping.
7.4. Protocol Instrumentation 7.4. Protocol Instrumentation
It is the purpose of RFC 1907, the Management Information Base for It is the purpose of RFC 1907, the Management Information Base for
SNMPv2 document [9] to define managed objects which describe the SNMPv2 document [9] to define managed objects which describe the
behavior of an SNMPv2 entity. behavior of an SNMPv2 entity.
7.5. Architecture / Security and Administration 7.5. Architecture / Security and Administration
It is the purpose of RFC xxx1 (draft-ietf-snmpv3-arch-03.txt), "An It is the purpose of RFC xxx1 (draft-ietf-snmpv3-arch-05.txt), "An
Architecture for Describing SNMP Management Frameworks" [15], to define Architecture for Describing SNMP Management Frameworks" [15], to define
an architecture for specifying SNMP Management Frameworks. While an architecture for specifying SNMP Management Frameworks. While
addressing general architectural issues, it focuses on aspects related addressing general architectural issues, it focuses on aspects related
to security and administration. It defines a number of terms used to security and administration. It defines a number of terms used
throughout the SNMPv3 Management Framework and, in so doing, clarifies throughout the SNMPv3 Management Framework and, in so doing, clarifies
and extends the naming of and extends the naming of
* engines and applications, * engines and applications,
* entities (service providers such as the engines in agents * entities (service providers such as the engines in agents
skipping to change at page 18, line 30 skipping to change at page 19, line 30
* identities (service users), and * identities (service users), and
* management information, including support for multiple * management information, including support for multiple
logical contexts. logical contexts.
The document contains a small MIB module which is implemented by all The document contains a small MIB module which is implemented by all
authoritative SNMPv3 protocol engines. authoritative SNMPv3 protocol engines.
7.6. Message Processing and Dispatch (MPD) 7.6. Message Processing and Dispatch (MPD)
RFC xxx2 (draft-ietf-snmpv3-mpc-03.txt), "Message Processing and RFC xxx2 (draft-ietf-snmpv3-mpc-05.txt), "Message Processing and
Dispatching for the Simple Network Management Protocol (SNMP)" [16], Dispatching for the Simple Network Management Protocol (SNMP)" [16],
describes the Message Processing and Dispatching for SNMP messages describes the Message Processing and Dispatching for SNMP messages
within the SNMP architecture. It defines the procedures for dispatching within the SNMP architecture. It defines the procedures for dispatching
potentially multiple versions of SNMP messages to the proper SNMP potentially multiple versions of SNMP messages to the proper SNMP
Message Processing Models, and for dispatching PDUs to SNMP Message Processing Models, and for dispatching PDUs to SNMP
applications. This document also describes one Message Processing Model applications. This document also describes one Message Processing Model
- the SNMPv3 Message Processing Model. - the SNMPv3 Message Processing Model.
It is expected that an SNMPv3 protocol engine MUST support at least one It is expected that an SNMPv3 protocol engine MUST support at least one
Message Processing Model. An SNMPv3 protocol engine MAY support more Message Processing Model. An SNMPv3 protocol engine MAY support more
than one, for example in a multi-lingual system which provides than one, for example in a multi-lingual system which provides
simultaneous support of SNMPv3 and SNMPv1 and/or SNMPv2c. simultaneous support of SNMPv3 and SNMPv1 and/or SNMPv2c.
7.7. SNMP Applications 7.7. SNMP Applications
It is the purpose of RFC xxx3 (draft-ietf-snmpv3-appl-v2-02.txt), "SNMP It is the purpose of RFC xxx3 (draft-ietf-snmpv3-appl-v2-03.txt), "SNMP
Applications" to describe the five types of applications which can be Applications" to describe the five types of applications which can be
associated with an SNMP engine. They are: Command Generators, Command associated with an SNMP engine. They are: Command Generators, Command
Responders, Notification Originators, Notification Receivers, and Proxy Responders, Notification Originators, Notification Receivers, and Proxy
Forwarders. Forwarders.
The document also defines MIB modules for specifying targets of The document also defines MIB modules for specifying targets of
management operations (including notifications), for notification management operations (including notifications), for notification
filtering, and for proxy forwarding. filtering, and for proxy forwarding.
7.8. User-based Security Model (USM) 7.8. User-based Security Model (USM)
RFC xxx4 (draft-ietf-snmpv3-usm-v2-04.txt), the "User-based Security RFC xxx4 (draft-ietf-snmpv3-usm-v2-05.txt), the "User-based Security
Model (USM) for version 3 of the Simple Network Management Protocol Model (USM) for version 3 of the Simple Network Management Protocol
(SNMPv3)" describes the User-based Security Model for SNMPv3. It (SNMPv3)" describes the User-based Security Model for SNMPv3. It
defines the Elements of Procedure for providing SNMP message-level defines the Elements of Procedure for providing SNMP message-level
security. security.
The document describes the two primary and two secondary threats which The document describes the two primary and two secondary threats which
are defended against by the User-based Security Model. They are: are defended against by the User-based Security Model. They are:
modification of information, masquerade, message stream modification, modification of information, masquerade, message stream modification,
and disclosure. and disclosure.
skipping to change at page 20, line 17 skipping to change at page 21, line 17
An entity may provide simultaneous support for multiple security models An entity may provide simultaneous support for multiple security models
as well as multiple authentication and privacy protocols. All of the as well as multiple authentication and privacy protocols. All of the
protocols used by the USM are based on pre-placed keys, i.e., private protocols used by the USM are based on pre-placed keys, i.e., private
key mechanisms. The SNMPv3 architecture permits the use of asymmetric key mechanisms. The SNMPv3 architecture permits the use of asymmetric
mechanisms and protocols (commonly called "public key cryptography") but mechanisms and protocols (commonly called "public key cryptography") but
as of this writing, no such SNMPv3 security models utilizing public key as of this writing, no such SNMPv3 security models utilizing public key
cryptography have been published. cryptography have been published.
7.9. View-based Access Control (VACM) 7.9. View-based Access Control (VACM)
The purpose of RFC xxx5 (draft-ietf-snmpv3-vacm-03.txt), the "View-based The purpose of RFC xxx5 (draft-ietf-snmpv3-vacm-04.txt), the "View-based
Access Control Model (VACM) for the Simple Network Management Protocol Access Control Model (VACM) for the Simple Network Management Protocol
(SNMP)" is to describe the View-based Access Control Model for use in (SNMP)" is to describe the View-based Access Control Model for use in
the SNMP architecture. The VACM can simultaneously be associated in a the SNMP architecture. The VACM can simultaneously be associated in a
single engine implementation with multiple Message Processing Models and single engine implementation with multiple Message Processing Models and
multiple Security Models. multiple Security Models.
It is architecturally possible to have multiple, different, Access It is architecturally possible to have multiple, different, Access
Control Models active and present simultaneously in a single engine Control Models active and present simultaneously in a single engine
implementation, but this is expected to be *_very_* rare in practice and implementation, but this is expected to be *_very_* rare in practice and
*_far_* less common than simultaneous support for multiple Message *_far_* less common than simultaneous support for multiple Message
skipping to change at page 25, line 10 skipping to change at page 26, line 10
[13] McCloghrie, K., and M. Rose, "Management Information Base for [13] McCloghrie, K., and M. Rose, "Management Information Base for
Network Management of TCP/IP-based internets: MIB-II, RFC 1213, Network Management of TCP/IP-based internets: MIB-II, RFC 1213,
March 1991. March 1991.
[14] Cerf, V., "IAB Recommendations for the Development of Internet [14] Cerf, V., "IAB Recommendations for the Development of Internet
Network Management Standards", RFC 1052, April 1988. Network Management Standards", RFC 1052, April 1988.
[15] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture [15] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture
for Describing SNMP Management Frameworks", for Describing SNMP Management Frameworks",
<draft-ietf-snmpv3-arch-03.txt>, January 1999. <draft-ietf-snmpv3-arch-05.txt>, January 1999.
[16] Case, J., Harrington, D., Presuhn, R., and B. Wijnen, "Message [16] Case, J., Harrington, D., Presuhn, R., and B. Wijnen, "Message
Processing and Dispatching for the Simple Network Management Processing and Dispatching for the Simple Network Management
Protocol (SNMP)", <draft-ietf-snmpv3-mpc-03.txt>, Protocol (SNMP)", <draft-ietf-snmpv3-mpc-05.txt>,
January, 1999. January, 1999.
[17] Levi, D., Meyer, P., and B. Stewart, "SNMP Applications", [17] Levi, D., Meyer, P., and B. Stewart, "SNMP Applications",
<draft-ietf-snmpv3-appl-v2-02.txt>, January 1999. <draft-ietf-snmpv3-appl-v2-03.txt>, January 1999.
[18] Blumenthal, U. and B. Wijnen, "The User-Based Security [18] Blumenthal, U. and B. Wijnen, "The User-Based Security
Model for Version 3 of the Simple Network Management Protocol Model for Version 3 of the Simple Network Management Protocol
(SNMPv3)", <draft-ietf-snmpv3-usm-v2-04.txt>, January 1999. (SNMPv3)", <draft-ietf-snmpv3-usm-v2-05.txt>, January 1999.
[19] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based [19] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based
Access Control Model for the Simple Network Management Protocol Access Control Model for the Simple Network Management Protocol
(SNMP)", <draft-ietf-snmpv3-vacm-03.txt>, January 1999. (SNMP)", <draft-ietf-snmpv3-vacm-04.txt>, January 1999.
[20] Frye, R., Levi, D., Routhier, S., and B. Wijnen, "Coexistence [20] Frye, R., Levi, D., Routhier, S., and B. Wijnen, "Coexistence
between Version 1, Version 2, and Version 3 of the between Version 1, Version 2, and Version 3 of the
Internet-standard Network Management Framework", Internet-standard Network Management Framework",
<draft-ietf-snmpv3-coex-03.txt>, January 1999. <draft-ietf-snmpv3-coex-03.txt>, January 1999.
[21] Rivest, R., "Message Digest Algorithm MD5", RFC 1321, April 1992. [21] Rivest, R., "Message Digest Algorithm MD5", RFC 1321, April 1992.
[22] Secure Hash Algorithm. NIST FIPS 180-1, (April, 1995) [22] Secure Hash Algorithm. NIST FIPS 180-1, (April, 1995)
http://csrc.nist.gov/fips/fip180-1.txt (ASCII) http://csrc.nist.gov/fips/fip180-1.txt (ASCII)
skipping to change at page 26, line 7 skipping to change at page 27, line 7
[24] Data Encryption Standard, National Institute of Standards [24] Data Encryption Standard, National Institute of Standards
and Technology. Federal Information Processing Standard (FIPS) and Technology. Federal Information Processing Standard (FIPS)
Publication 46-1. Supersedes FIPS Publication 46, (January, 1977; Publication 46-1. Supersedes FIPS Publication 46, (January, 1977;
reaffirmed January, 1988). reaffirmed January, 1988).
[25] M.T. Rose, "A Convention for Defining Traps for use with the [25] M.T. Rose, "A Convention for Defining Traps for use with the
SNMP", RFC 1215, March 1991. SNMP", RFC 1215, March 1991.
Table of Contents Table of Contents
1 Introduction .................................................... 2 1 Introduction .................................................... 3
2 The Internet Standard Management Framework ...................... 3 2 The Internet Standard Management Framework ...................... 4
2.1 Basic Structure and Components ................................ 3 2.1 Basic Structure and Components ................................ 4
2.2 Architecture of the Internet Standard Management Framework .... 3 2.2 Architecture of the Internet Standard Management Framework .... 4
3 The SNMPv1 Management Framework ................................. 5 3 The SNMPv1 Management Framework ................................. 6
3.1 The SNMPv1 Data Definition Language ........................... 5 3.1 The SNMPv1 Data Definition Language ........................... 6
3.2 Management Information ........................................ 6 3.2 Management Information ........................................ 7
3.3 Protocol Operations ........................................... 6 3.3 Protocol Operations ........................................... 7
3.4 SNMPv1 Security and Administration ............................ 6 3.4 SNMPv1 Security and Administration ............................ 7
4 The SNMPv2 Management Framework ................................. 7 4 The SNMPv2 Management Framework ................................. 8
5 The SNMPv3 Working Group ........................................ 8 5 The SNMPv3 Working Group ........................................ 9
6 SNMPv3 Framework Module Specifications .......................... 11 6 SNMPv3 Framework Module Specifications .......................... 12
6.1 Data Definition Language ...................................... 11 6.1 Data Definition Language ...................................... 12
6.2 MIB Modules ................................................... 12 6.2 MIB Modules ................................................... 13
6.3 Protocol Operations and Transport Mappings .................... 13 6.3 Protocol Operations and Transport Mappings .................... 14
6.4 SNMPv3 Security and Administration ............................ 13 6.4 SNMPv3 Security and Administration ............................ 14
7 Document Summaries .............................................. 15 7 Document Summaries .............................................. 16
7.1 Structure of Management Information ........................... 15 7.1 Structure of Management Information ........................... 16
7.1.1 Base SMI Specification ...................................... 15 7.1.1 Base SMI Specification ...................................... 16
7.1.2 Textual Conventions ......................................... 16 7.1.2 Textual Conventions ......................................... 17
7.1.3 Conformance Statements ...................................... 16 7.1.3 Conformance Statements ...................................... 17
7.2 Protocol Operations ........................................... 17 7.2 Protocol Operations ........................................... 18
7.3 Transport Mappings ............................................ 17 7.3 Transport Mappings ............................................ 18
7.4 Protocol Instrumentation ...................................... 17 7.4 Protocol Instrumentation ...................................... 18
7.5 Architecture / Security and Administration .................... 18 7.5 Architecture / Security and Administration .................... 19
7.6 Message Processing and Dispatch (MPD) ......................... 18 7.6 Message Processing and Dispatch (MPD) ......................... 19
7.7 SNMP Applications ............................................. 18 7.7 SNMP Applications ............................................. 19
7.8 User-based Security Model (USM) ............................... 19 7.8 User-based Security Model (USM) ............................... 20
7.9 View-based Access Control (VACM) .............................. 20 7.9 View-based Access Control (VACM) .............................. 21
7.10 SNMPv3 Coexistence and Transition ............................ 20 7.10 SNMPv3 Coexistence and Transition ............................ 21
8 Security Considerations ......................................... 22 8 Security Considerations ......................................... 23
9 Editors' Addresses .............................................. 22 9 Editors' Addresses .............................................. 23
10 Full Copyright Statement ....................................... 23 10 Full Copyright Statement ....................................... 24
11 References ..................................................... 23 11 References ..................................................... 24
 End of changes. 22 change blocks. 
30 lines changed or deleted 32 lines changed or added

This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/