User-based Security for SNMPv2: A Status Report
A Brief Taxonomy
- first released in August 1995, subsequently published as
Experimental RFCs in February 1996
- an administrative model for SNMPv2
(RFC 1909)
- a greatly simplified security model for SNMPv2;
same security as SNMPv2 ``classic'' but smaller footprint
(RFC 1910)
Administrative Model
party-based ``classic'' administrative model rewritten to:
- define contexts, access rights and views
- remove parties
- refer to security models
- clarify informs as defined by SNMPv2c
Admin Framework Clarifications
(Informs, Agents, and Managers)
- SNMPv2 ambiguous in this area
- since only agents can have managed objects:
- the information in an inform must come from the agent
portion of a dual-role entity
- corollary: if you generate an inform with data:
- you have to be able to respond to requests for data, since,
informs like traps are unreliable
- upstream manager may need to retrieve values later
- this is consistent with the notion that the owner of the clock is
closer to the data
The Original USEC Idea
- separate the party concept into users and agents
- users have secrets and access rights
- agents have transport information and clocks
- the dichotomy vastly simplifies implementation
- one (NV) clock per agent, etc.
- configuration based on user-identities is easy and intuitive
USEC Re-design
- technical team formed to address comments from working group:
- Bert, Glenn, Keith, marshall, and Shawn
- design team chosen to complete work since a small focused team
could complete the work quickly
USEC Changes: Contexts
- contexts are unambiguously identified by one (or more)
agentID and contextSelector pair(s)
- four kinds of contexts:
- remote,
- used by manager
- local,
- used by agent
- local-proxy,
- received by proxy-agent
- remote-proxy,
- forwarded by a proxy-agent
- rules added for proxy error propagation and time-outs
...Contexts
Non-proxy scenario:
context-A
Manager <----------------> Agent
proxy scenario:
context-B context-C
Manager <----------------> Proxy <----------------> Agent
Agent
USEC Changes: Error Reports
- maintenance user removed
- synchronization not a separate procedure; defined as a part of
normal procedure of receiving a message
- QoS bit indicates whether error reports may be generated
- reports never generated on bad ASN.1 or bad parameters
USEC Changes: Other
- secrets are now localized by agentID
- keyed-MD5 used for digest calculation
- latestReceivedAgentTime introduced to eliminate possibility
that replayed messages would prevent the managers notion of an
agent's time from advancing
- discovery procedure defined
- revised document to realize SNMPv2c
USEC MIB
- replaces party MIB
- although timely resolution required, development is not
lock-stepped with other documents
- development is proceeding
- an open mailing list is set up for discussions, send ``subscribe''
in e-mail subject
Interoperability
- four implementations successfully interoperated:
- two openly available (CMU-based code and snmptcl)
- two commercial (Epilogue, IBM)
- other implementations in the works
What's Next
- complete the USEC-MIB work
- hope for IWL testing event soon
- more information can be found on
The USEC Resource Page
Please send additions, changes, and comments via
electronic mail.
Last modified: Sat Mar 30 14:04:24 PST 1996