Difference between revisions of "RFC1351"

                                             Hughes LAN Systems, Inc.

                                             Hughes LAN Systems, Inc.

                                                           July 1992

                                                           July 1992

                     SNMP Administrative Model

                     SNMP Administrative Model

Status of this Memo

Status of this Memo

This document specifies an IAB standards track protocol for the

This document specifies an IAB standards track protocol for the

Internet community, and requests discussion and suggestions for

Internet community, and requests discussion and suggestions for

Official Protocol Standards" for the standardization state and status

Official Protocol Standards" for the standardization state and status

of this protocol. Distribution of this memo is unlimited.

of this protocol. Distribution of this memo is unlimited.

This memo presents an elaboration of the SNMP administrative model

This memo presents an elaboration of the SNMP administrative model

set forth in [1]. This model provides a unified conceptual basis for

set forth in [1]. This model provides a unified conceptual basis for

administering SNMP protocol entities to support

administering SNMP protocol entities to support

   o authentication and integrity,

   o authentication and integrity,

   o privacy,

   o privacy,

   o access control, and

   o access control, and

   o the cooperation of multiple protocol entities.

   o the cooperation of multiple protocol entities.

Please send comments to the SNMP Security Developers mailing list

Please send comments to the SNMP Security Developers mailing list

([email protected]).

([email protected]).

This memo presents an elaboration of the SNMP administrative model

This memo presents an elaboration of the SNMP administrative model

set forth in [1]. It describes how the elaborated administrative

set forth in [1]. It describes how the elaborated administrative

model is applied to realize effective network management in a variety

model is applied to realize effective network management in a variety

of configurations and environments.

of configurations and environments.

The model described here entails the use of distinct identities for

The model described here entails the use of distinct identities for

peers that exchange SNMP messages. Thus, it represents a departure

peers that exchange SNMP messages. Thus, it represents a departure

model and allowing for effective use of asymmetric (public key)

model and allowing for effective use of asymmetric (public key)

security protocols in the future.

security protocols in the future.

A SNMP party  is a conceptual, virtual execution context whose

A SNMP party  is a conceptual, virtual execution context whose

operation is restricted (for security or other purposes) to an

operation is restricted (for security or other purposes) to an

protocol entity processes a SNMP message, it does so by acting as a

protocol entity processes a SNMP message, it does so by acting as a

SNMP party and is thereby restricted to the set of operations defined

SNMP party and is thereby restricted to the set of operations defined

other SNMP parties; it may also be a proper or improper subset of all

other SNMP parties; it may also be a proper or improper subset of all

possible operations of the SNMP protocol entity.

possible operations of the SNMP protocol entity.

Architecturally, each SNMP party comprises

Architecturally, each SNMP party comprises

   o a single, unique party identity,

   o a single, unique party identity,

   o a single authentication protocol and associated

   o a single authentication protocol and associated

     parameters by which all protocol messages originated by

     parameters by which all protocol messages originated by

     the party are authenticated as to origin and integrity,

     the party are authenticated as to origin and integrity,

   o a single privacy protocol and associated parameters by

   o a single privacy protocol and associated parameters by

     which all protocol messages received by the party are

     which all protocol messages received by the party are

     protected from disclosure,

     protected from disclosure,

   o a single MIB view (see Section 3.6) to which all

   o a single MIB view (see Section 3.6) to which all

     management operations performed by the party are

     management operations performed by the party are

     applied, and

     applied, and

   o a logical network location at which the party executes,

   o a logical network location at which the party executes,

     characterized by a transport protocol domain and

     characterized by a transport protocol domain and

     transport addressing information.

     transport addressing information.

Conceptually, each SNMP party may be represented by an ASN.1 value

Conceptually, each SNMP party may be represented by an ASN.1 value

with the following syntax:

with the following syntax:

   SnmpParty ::= SEQUENCE {

   SnmpParty ::= SEQUENCE {

     partyAuthNonce

     partyAuthNonce

         INTEGER,

         INTEGER,

         OCTET STRING

         OCTET STRING

   }

   }

For each SnmpParty value that represents a SNMP party, the following

For each SnmpParty value that represents a SNMP party, the following

statements are true:

statements are true:

   o Its partyIdentity component is the party identity.

   o Its partyIdentity component is the party identity.

   o Its partyTDomain component is called the transport

   o Its partyTDomain component is called the transport

     domain and indicates the kind of transport service by

     domain and indicates the kind of transport service by

     rfc1351Domain (SNMP over UDP, using SNMP

     rfc1351Domain (SNMP over UDP, using SNMP

     parties).

     parties).

   o Its partyTAddr component is called the transport

   o Its partyTAddr component is called the transport

     addressing information and represents a transport

     addressing information and represents a transport

     service address by which the party receives network

     service address by which the party receives network

     management traffic.

     management traffic.

   o Its partyProxyFor component is called the proxied

   o Its partyProxyFor component is called the proxied

     party  and represents the identity of a second SNMP

     party  and represents the identity of a second SNMP

     noProxy signifies that the party responds to received

     noProxy signifies that the party responds to received

     management requests by entirely local mechanisms.

     management requests by entirely local mechanisms.

   o Its partyMaxMessageSize component is called the

   o Its partyMaxMessageSize component is called the

     maximum message size and represents the length in

     maximum message size and represents the length in

     octets of the largest SNMP message this party is

     octets of the largest SNMP message this party is

     prepared to accept.

     prepared to accept.

   o Its partyAuthProtocol component is called the

   o Its partyAuthProtocol component is called the

     authentication protocol and identifies a protocol and a

     authentication protocol and identifies a protocol and a

     mechanism by which all messages generated by the party

     mechanism by which all messages generated by the party

     generated by the party are not authenticated as to

     generated by the party are not authenticated as to

     integrity and origin.

     integrity and origin.

   o Its partyAuthClock component is called the

   o Its partyAuthClock component is called the

     authentication clock and represents a notion of the

     authentication clock and represents a notion of the

     significance of this component is specific to the

     significance of this component is specific to the

     authentication protocol.

     authentication protocol.

   o Its partyAuthLastMsg component is called the

   o Its partyAuthLastMsg component is called the

     last-timestamp and represents a notion of time

     last-timestamp and represents a notion of time

     message generated by the party. The significance of this

     message generated by the party. The significance of this

     component is specific to the authentication protocol.

     component is specific to the authentication protocol.

   o Its partyAuthNonce component is called the nonce

   o Its partyAuthNonce component is called the nonce

     and represents a monotonically increasing integer

     and represents a monotonically increasing integer

     message generated by the party. The significance of this

     message generated by the party. The significance of this

     component is specific to the authentication protocol.

     component is specific to the authentication protocol.

   o Its partyAuthPrivate component is called the private

   o Its partyAuthPrivate component is called the private

     authentication key and represents any secret value

     authentication key and represents any secret value

     significance of this component is specific to the

     significance of this component is specific to the

     authentication protocol.

     authentication protocol.

   o Its partyAuthPublic component is called the public

   o Its partyAuthPublic component is called the public

     authentication key and represents any public value that

     authentication key and represents any public value that

     The significance of this component is specific to the

     The significance of this component is specific to the

     authentication protocol.

     authentication protocol.

   o Its partyAuthLifetime component is called the

   o Its partyAuthLifetime component is called the

     lifetime and represents an administrative upper bound

     lifetime and represents an administrative upper bound

     generated by the party. The significance of this

     generated by the party. The significance of this

     component is specific to the authentication protocol.

     component is specific to the authentication protocol.

   o Its partyPrivProtocol component is called the privacy

   o Its partyPrivProtocol component is called the privacy

     protocol and identifies a protocol and a mechanism by

     protocol and identifies a protocol and a mechanism by

     noPriv signifies that messages received by the party are

     noPriv signifies that messages received by the party are

     not protected from disclosure.

     not protected from disclosure.

     support the privacy protocol. The significance of this

     support the privacy protocol. The significance of this

     component is specific to the privacy protocol.

     component is specific to the privacy protocol.

   o Its partyPrivPublic component is called the public

   o Its partyPrivPublic component is called the public

     privacy key and represents any public value that may be

     privacy key and represents any public value that may be

     needed to support the privacy protocol. The significance

     needed to support the privacy protocol. The significance

     of this component is specific to the privacy protocol.

     of this component is specific to the privacy protocol.

If, for all SNMP parties realized by a SNMP protocol entity, the

If, for all SNMP parties realized by a SNMP protocol entity, the

authentication protocol is noAuth and the privacy protocol is noPriv,

authentication protocol is noAuth and the privacy protocol is noPriv,

then that protocol entity is called non-secure.

then that protocol entity is called non-secure.

A SNMP protocol entity is an actual process which performs network

A SNMP protocol entity is an actual process which performs network

management operations by generating and/or responding to SNMP

management operations by generating and/or responding to SNMP

operation of that entity must be restricted to the subset of all

operation of that entity must be restricted to the subset of all

possible operations that is administratively defined for that party.

possible operations that is administratively defined for that party.

By definition, the operation of a SNMP protocol entity requires no

By definition, the operation of a SNMP protocol entity requires no

concurrency between processing of any single protocol message (by a

concurrency between processing of any single protocol message (by a

multi-threaded. However, there may be situations where implementors

multi-threaded. However, there may be situations where implementors

may choose to use multi-threading.

may choose to use multi-threading.

Architecturally, every SNMP entity maintains a local database that

Architecturally, every SNMP entity maintains a local database that

represents all SNMP parties known to it -- those whose operation is

represents all SNMP parties known to it -- those whose operation is

control policy (see Section 3.11) that defines the access privileges

control policy (see Section 3.11) that defines the access privileges

accorded to known SNMP parties.

accorded to known SNMP parties.

A SNMP management station is the operational role assumed by a SNMP

A SNMP management station is the operational role assumed by a SNMP

party when it initiates SNMP management operations by the generation

party when it initiates SNMP management operations by the generation

of appropriate SNMP protocol messages or when it receives and

of appropriate SNMP protocol messages or when it receives and

processes trap notifications.

processes trap notifications.

but they may provide little or no support for performing SNMP

but they may provide little or no support for performing SNMP

management operations on behalf of remote protocol users.

management operations on behalf of remote protocol users.

A SNMP agent is the operational role assumed by a SNMP party when it

A SNMP agent is the operational role assumed by a SNMP party when it

performs SNMP management operations in response to received SNMP

performs SNMP management operations in response to received SNMP

protocol messages such as those generated by a SNMP management

protocol messages such as those generated by a SNMP management

station (see Section 3.3).

station (see Section 3.3).

Sometimes, the term SNMP agent is applied to partial implementations

Sometimes, the term SNMP agent is applied to partial implementations

of the SNMP (in embedded systems, for example) that focus upon this

of the SNMP (in embedded systems, for example) that focus upon this

of management services, but they may provide little or no support for

of management services, but they may provide little or no support for

local invocation of such services.

local invocation of such services.

A view subtree is the set of all MIB object instances which have a

A view subtree is the set of all MIB object instances which have a

common ASN.1 OBJECT IDENTIFIER prefix to their names. A view subtree

common ASN.1 OBJECT IDENTIFIER prefix to their names. A view subtree

OBJECT IDENTIFIER prefix common to all (potential) MIB object

OBJECT IDENTIFIER prefix common to all (potential) MIB object

instances in that subtree.

instances in that subtree.

A MIB view is a subset of the set of all instances of all object

A MIB view is a subset of the set of all instances of all object

types defined according to the Internet-standard SMI [2] (i.e., of

types defined according to the Internet-standard SMI [2] (i.e., of

the universal set of all instances of all MIB objects), subject to

the universal set of all instances of all MIB objects), subject to

the following constraints:

the following constraints:

   o Each element of a MIB view is uniquely named by an

   o Each element of a MIB view is uniquely named by an

     ASN.1 OBJECT IDENTIFIER value. As such,

     ASN.1 OBJECT IDENTIFIER value. As such,

     instance name resolves within a particular MIB view to

     instance name resolves within a particular MIB view to

     at most one object instance.

     at most one object instance.

   o Every MIB view is defined as a collection of view

   o Every MIB view is defined as a collection of view

     subtrees.

     subtrees.

A SNMP management communication is a communication from one specified

A SNMP management communication is a communication from one specified

SNMP party to a second specified SNMP party about management

SNMP party to a second specified SNMP party about management

information that is represented in the MIB view of the appropriate

information that is represented in the MIB view of the appropriate

party. In particular, a SNMP management communication may be

party. In particular, a SNMP management communication may be

   o a query by the originating party about information in

   o a query by the originating party about information in

     the MIB view of the addressed party (e.g., getRequest

     the MIB view of the addressed party (e.g., getRequest

     and getNextRequest),

     and getNextRequest),

   o an indicative assertion to the addressed party about

   o an indicative assertion to the addressed party about

     information in the MIB view of the originating party

     information in the MIB view of the originating party

     (e.g., getResponse or trapNotification), or

     (e.g., getResponse or trapNotification), or

   o an imperative assertion by the originating party about

   o an imperative assertion by the originating party about

     information in the MIB view of the addressed party

     information in the MIB view of the addressed party

     (e.g., setRequest).

     (e.g., setRequest).

A management communication is represented by an ASN.1 value with the

A management communication is represented by an ASN.1 value with the

syntax

syntax

   SnmpMgmtCom ::= [1] IMPLICIT SEQUENCE {

   SnmpMgmtCom ::= [1] IMPLICIT SEQUENCE {

         PDUs

         PDUs

   }

   }

For each SnmpMgmtCom value that represents a SNMP management

For each SnmpMgmtCom value that represents a SNMP management

communication, the following statements are true:

communication, the following statements are true:

   o Its dstParty component is called the destination and

   o Its dstParty component is called the destination and

     identifies the SNMP party to which the communication

     identifies the SNMP party to which the communication

     is directed.

     is directed.

   o Its srcParty component is called the source and

   o Its srcParty component is called the source and

     identifies the SNMP party from which the

     identifies the SNMP party from which the

     communication is originated.

     communication is originated.

   o Its pdu component has the form and significance

   o Its pdu component has the form and significance

     attributed to it in [1].

     attributed to it in [1].

A SNMP authenticated management communication is a SNMP management

A SNMP authenticated management communication is a SNMP management

communication (see Section 3.7) for which the originating SNMP party

communication (see Section 3.7) for which the originating SNMP party

authenticated management communication is represented by an ASN.1

authenticated management communication is represented by an ASN.1

value with the syntax

value with the syntax

   SnmpAuthMsg ::= [1] IMPLICIT SEQUENCE {

   SnmpAuthMsg ::= [1] IMPLICIT SEQUENCE {

         SnmpMgmtCom

         SnmpMgmtCom

   }

   }

For each SnmpAuthMsg value that represents a SNMP authenticated

For each SnmpAuthMsg value that represents a SNMP authenticated

management communication, the following statements are true:

management communication, the following statements are true:

   o Its authInfo component is called the authentication

   o Its authInfo component is called the authentication

     information and represents information required in

     information and represents information required in

     determining whether the communication is authentic or

     determining whether the communication is authentic or

     not.

     not.

   o Its authData component is called the authentication

   o Its authData component is called the authentication

     data and represents a SNMP management

     data and represents a SNMP management

     communication.

     communication.

A SNMP private management communication is a SNMP authenticated

A SNMP private management communication is a SNMP authenticated

management communication (see Section 3.8) that is (possibly)

management communication (see Section 3.8) that is (possibly)

protected from disclosure. A private management communication is

protected from disclosure. A private management communication is

represented by an ASN.1 value with the syntax

represented by an ASN.1 value with the syntax

         [1] IMPLICIT OCTET STRING

         [1] IMPLICIT OCTET STRING

   }

   }

For each SnmpPrivMsg value that represents a SNMP private management

For each SnmpPrivMsg value that represents a SNMP private management

communication, the following statements are true:

communication, the following statements are true:

   o Its privDst component is called the privacy destination

   o Its privDst component is called the privacy destination

     and identifies the SNMP party to which the

     and identifies the SNMP party to which the

     communication is directed.

     communication is directed.

   o Its privData component is called the privacy data and

   o Its privData component is called the privacy data and

     represents the (possibly encrypted) serialization

     represents the (possibly encrypted) serialization

     authenticated management communication (see

     authenticated management communication (see

     Section 3.8).

     Section 3.8).

3.10  SNMP Management Communication Class

3.10  SNMP Management Communication Class

A SNMP management communication class corresponds to a specific SNMP

A SNMP management communication class corresponds to a specific SNMP

PDU type defined in [1]. A management communication class is

PDU type defined in [1]. A management communication class is

represented by an ASN.1 INTEGER value according to the type of the

represented by an ASN.1 INTEGER value according to the type of the

identifying PDU (see Table 1).

identifying PDU (see Table 1).

               Get            1

               Get            1

               GetNext        2

               GetNext        2

               Set            8

               Set            8

               Trap          16

               Trap          16

       Table 1: Management Communication Classes

       Table 1: Management Communication Classes

The value by which a communication class is represented is computed

The value by which a communication class is represented is computed

as 2 raised to the value of the ASN.1 context-specific tag for the

as 2 raised to the value of the ASN.1 context-specific tag for the

appropriate SNMP PDU.

appropriate SNMP PDU.

A set of management communication classes is represented by the ASN.1

A set of management communication classes is represented by the ASN.1

INTEGER value that is the sum of the representations of the

INTEGER value that is the sum of the representations of the

communication classes in that set. The null set is represented by the

communication classes in that set. The null set is represented by the

value zero.

value zero.

3.11  SNMP Access Control Policy

3.11  SNMP Access Control Policy

A SNMP access control policy is a specification of a local access

A SNMP access control policy is a specification of a local access

policy in terms of the network management communication classes which

policy in terms of the network management communication classes which

are authorized between pairs of SNMP parties. Architecturally, such a

are authorized between pairs of SNMP parties. Architecturally, such a

specification comprises three parts:

specification comprises three parts:

   o the targets of SNMP access control - the SNMP parties

   o the targets of SNMP access control - the SNMP parties

     that may perform management operations as requested

     that may perform management operations as requested

     by management communications received from other

     by management communications received from other

     parties,

     parties,

   o the subjects of SNMP access control - the SNMP parties

   o the subjects of SNMP access control - the SNMP parties

     that may request, by sending management

     that may request, by sending management

     communications to other parties, that management

     communications to other parties, that management

     operations be performed, and

     operations be performed, and

   o the policy that specifies the classes of SNMP

   o the policy that specifies the classes of SNMP

     management communications that a particular target is

     management communications that a particular target is

     authorized to accept from a particular subject.

     authorized to accept from a particular subject.

Access to individual MIB object instances is determined implicitly

Access to individual MIB object instances is determined implicitly

since by definition each (target) SNMP party performs operations on

since by definition each (target) SNMP party performs operations on

target's MIB view and, accordingly, to particular MIB object

target's MIB view and, accordingly, to particular MIB object

instances.

instances.

Conceptually, a SNMP access policy is represented by a collection of

Conceptually, a SNMP access policy is represented by a collection of

ASN.1 values with the following syntax:

ASN.1 values with the following syntax:

   AclEntry ::= SEQUENCE {

   AclEntry ::= SEQUENCE {

         INTEGER

         INTEGER

   }

   }

For each such value that represents one part of a SNMP access policy,

For each such value that represents one part of a SNMP access policy,

the following statements are true:

the following statements are true:

     identifies the SNMP party to which the partial policy

     identifies the SNMP party to which the partial policy

     permits access.

     permits access.

   o Its aclSubject component is called the subject and

   o Its aclSubject component is called the subject and

     identifies the SNMP party to which the partial policy

     identifies the SNMP party to which the partial policy

     grants privileges.

     grants privileges.

   o Its aclPrivileges component is called the privileges and

   o Its aclPrivileges component is called the privileges and

     represents a set of SNMP management communication

     represents a set of SNMP management communication

     specified target party when received from the specified

     specified target party when received from the specified

     subject party.

     subject party.

3.12  SNMP Proxy Party

3.12  SNMP Proxy Party

A SNMP proxy party is a SNMP party that performs management

A SNMP proxy party is a SNMP party that performs management

operations by communicating with another, logically remote party.

operations by communicating with another, logically remote party.

When communication between a logically remote party and a SNMP proxy

When communication between a logically remote party and a SNMP proxy

party is via the SNMP (over any transport protocol), then the proxy

party is via the SNMP (over any transport protocol), then the proxy

management may be amortized or shifted -- thereby facilitating the

management may be amortized or shifted -- thereby facilitating the

construction of large management systems.

construction of large management systems.

When communication between a logically remote party and a SNMP proxy

When communication between a logically remote party and a SNMP proxy

party is not via the SNMP, then the proxy party is called a SNMP

party is not via the SNMP, then the proxy party is called a SNMP

whereby otherwise unmanageable devices or portions of an internet may

whereby otherwise unmanageable devices or portions of an internet may

be managed via the SNMP.

be managed via the SNMP.

The transparency principle that defines the behavior of a SNMP party

The transparency principle that defines the behavior of a SNMP party

in general applies in particular to a SNMP proxy party:

in general applies in particular to a SNMP proxy party:

     The manner in which one SNMP party processes

     The manner in which one SNMP party processes

     SNMP protocol messages received from another

     SNMP protocol messages received from another

     SNMP party is entirely transparent to the latter.

     SNMP party is entirely transparent to the latter.

The transparency principle derives directly from the historical SNMP

The transparency principle derives directly from the historical SNMP

philosophy of divorcing architecture from implementation. To this

philosophy of divorcing architecture from implementation. To this

resemble that of a transport-layer bridge, this particular

resemble that of a transport-layer bridge, this particular

implementation strategy (or any other!) does not merit special

implementation strategy (or any other!) does not merit special

recognition either in the SNMP management architecture or in standard

recognition either in the SNMP management architecture or in standard

mechanisms for proxy administration.

mechanisms for proxy administration.

Implicit in the transparency principle is the requirement that the

Implicit in the transparency principle is the requirement that the

semantics of SNMP management operations are preserved between any two

semantics of SNMP management operations are preserved between any two

the architecture in those rare cases where they might be supported in

the architecture in those rare cases where they might be supported in

a conformant way.

a conformant way.

Also implicit in the transparency principle is the requirement that,

Also implicit in the transparency principle is the requirement that,

throughout its interaction with a proxy agent, a management station

throughout its interaction with a proxy agent, a management station

corresponding error response in the interaction between the proxy

corresponding error response in the interaction between the proxy

agent and management station.

agent and management station.

3.13  Procedures

3.13  Procedures

This section describes the procedures followed by a SNMP protocol

This section describes the procedures followed by a SNMP protocol

entity in processing SNMP messages. These procedures are independent

entity in processing SNMP messages. These procedures are independent

of the particular authentication and privacy protocols that may be in

of the particular authentication and privacy protocols that may be in

use.

use.

3.13.1  Generating a Request

3.13.1  Generating a Request

This section describes the procedure followed by a SNMP protocol

This section describes the procedure followed by a SNMP protocol

entity whenever either a management request or a trap notification is

entity whenever either a management request or a trap notification is

to be transmitted by a SNMP party.

to be transmitted by a SNMP party.

  1. An ASN.1 SnmpMgmtCom value is constructed for

  1. An ASN.1 SnmpMgmtCom value is constructed for

     which the srcParty component identifies the originating

     which the srcParty component identifies the originating

     receiving party, and for which the other component

     receiving party, and for which the other component

     represents the desired management operation.

     represents the desired management operation.

     authentication protocol and other relevant information

     authentication protocol and other relevant information

     for the originating SNMP party.

     for the originating SNMP party.

  3. An ASN.1 SnmpAuthMsg value is constructed with

  3. An ASN.1 SnmpAuthMsg value is constructed with

     the following properties:

     the following properties:

     o Its authInfo component is constructed according

     o Its authInfo component is constructed according

       to the authentication protocol specified for the

       to the authentication protocol specified for the

       originating party.

       originating party.

       In particular, if the authentication protocol for the

       In particular, if the authentication protocol for the

       originating SNMP party is identified as noAuth,

       originating SNMP party is identified as noAuth,

       then this component corresponds to the OCTET

       then this component corresponds to the OCTET

       STRING value of zero length.

       STRING value of zero length.

     o Its authData component is the constructed

     o Its authData component is the constructed

       SnmpMgmtCom value.

       SnmpMgmtCom value.

  4. The local database is consulted to determine the privacy

  4. The local database is consulted to determine the privacy

     protocol and other relevant information for the receiving

     protocol and other relevant information for the receiving

     SNMP party.

     SNMP party.

  5. An ASN.1 SnmpPrivMsg value is constructed with the

  5. An ASN.1 SnmpPrivMsg value is constructed with the

     following properties:

     following properties:

     o Its privDst component identifies the receiving

     o Its privDst component identifies the receiving

       SNMP party.

       SNMP party.

     o Its privData component is the (possibly

     o Its privData component is the (possibly

       encrypted) serialization of the SnmpAuthMsg

       encrypted) serialization of the SnmpAuthMsg

       value according to the conventions of [3] and [1].

       value according to the conventions of [3] and [1].

       In particular, if the privacy protocol for the

       In particular, if the privacy protocol for the

       receiving SNMP party is identified as noPriv, then

       receiving SNMP party is identified as noPriv, then

       Otherwise, the privData component is processed

       Otherwise, the privData component is processed

       according to the privacy protocol.

       according to the privacy protocol.

  6. The constructed SnmpPrivMsg value is serialized

  6. The constructed SnmpPrivMsg value is serialized

     according to the conventions of [3] and [1].

     according to the conventions of [3] and [1].

  7. The serialized SnmpPrivMsg value is transmitted

  7. The serialized SnmpPrivMsg value is transmitted

     using the transport address and transport domain for

     using the transport address and transport domain for

     the receiving SNMP party.

     the receiving SNMP party.

3.13.2  Processing a Received Communication

3.13.2  Processing a Received Communication

This section describes the procedure followed by a SNMP protocol

This section describes the procedure followed by a SNMP protocol

entity whenever a management communication is received.

entity whenever a management communication is received.

  1. If the received message is not the serialization (according

  1. If the received message is not the serialization (according

     to the conventions of [3] and [1]) of an ASN.1

     to the conventions of [3] and [1]) of an ASN.1

     SnmpPrivMsg value, then that message is discarded

     SnmpPrivMsg value, then that message is discarded

     without further processing.

     without further processing.

  2. The local database is consulted for information about

  2. The local database is consulted for information about

     the receiving SNMP party identified by the privDst

     the receiving SNMP party identified by the privDst

     component of the SnmpPrivMsg value.

     component of the SnmpPrivMsg value.

  3. If information about the receiving SNMP party is absent

  3. If information about the receiving SNMP party is absent

     from the local database, or specifies a transport domain

     from the local database, or specifies a transport domain

     entity, then the received message is discarded without

     entity, then the received message is discarded without

     further processing.

     further processing.

  4. An ASN.1 OCTET STRING value is constructed

  4. An ASN.1 OCTET STRING value is constructed

     (possibly by decryption, according to the privacy

     (possibly by decryption, according to the privacy

     protocol in use) from the privData component of said

     protocol in use) from the privData component of said

     SnmpPrivMsg value.

     SnmpPrivMsg value.

     In particular, if the privacy protocol recorded for the

     In particular, if the privacy protocol recorded for the

     party is noPriv, then the OCTET STRING value

     party is noPriv, then the OCTET STRING value

     corresponds exactly to the privData component of the

     corresponds exactly to the privData component of the

     SnmpPrivMsg value.

     SnmpPrivMsg value.

  5. If the OCTET STRING value is not the serialization

  5. If the OCTET STRING value is not the serialization

     (according to the conventions of [3] and [1]) of an ASN.1

     (according to the conventions of [3] and [1]) of an ASN.1

     SnmpAuthMsg value, then the received message is

     SnmpAuthMsg value, then the received message is

     discarded without further processing.

     discarded without further processing.

  6. If the dstParty component of the authData

  6. If the dstParty component of the authData

     component of the obtained SnmpAuthMsg value is

     component of the obtained SnmpAuthMsg value is

     SnmpPrivMsg value, then the received message is

     SnmpPrivMsg value, then the received message is

     discarded without further processing.

     discarded without further processing.

  7. The local database is consulted for information about

  7. The local database is consulted for information about

     the originating SNMP party identified by the srcParty

     the originating SNMP party identified by the srcParty

     component of the authData component of the

     component of the authData component of the

     SnmpAuthMsg value.

     SnmpAuthMsg value.

     absent from the local database, then the received

     absent from the local database, then the received

     message is discarded without further processing.

     message is discarded without further processing.

  9. The obtained SnmpAuthMsg value is evaluated

  9. The obtained SnmpAuthMsg value is evaluated

     according to the authentication protocol and other

     according to the authentication protocol and other

     relevant information associated with the originating

     relevant information associated with the originating

     SNMP party in the local database.

     SNMP party in the local database.

     In particular, if the authentication protocol is identified

     In particular, if the authentication protocol is identified

     as noAuth, then the SnmpAuthMsg value is always

     as noAuth, then the SnmpAuthMsg value is always

     evaluated as authentic.

     evaluated as authentic.

10. If the SnmpAuthMsg value is evaluated as

10. If the SnmpAuthMsg value is evaluated as

     unauthentic, then the received message is discarded

     unauthentic, then the received message is discarded

     without further processing, and an authentication failure

     without further processing, and an authentication failure

     is noted.

     is noted.

11. The ASN.1 SnmpMgmtCom value is extracted from

11. The ASN.1 SnmpMgmtCom value is extracted from

     the authData component of the SnmpAuthMsg

     the authData component of the SnmpAuthMsg

     value.

     value.

12. The local database is consulted for access privileges

12. The local database is consulted for access privileges

     permitted by the local access policy to the originating

     permitted by the local access policy to the originating

     SNMP party with respect to the receiving SNMP party.

     SNMP party with respect to the receiving SNMP party.

13. The management communication class is determined

13. The management communication class is determined

     from the ASN.1 tag value associated with the

     from the ASN.1 tag value associated with the

     SnmpMgmtCom value.

     SnmpMgmtCom value.

14. If the management communication class of the received

14. If the management communication class of the received

     message is either 16 or 4 (i.e., Trap or GetResponse) and

     message is either 16 or 4 (i.e., Trap or GetResponse) and

     this class is not among the access privileges, then the

     this class is not among the access privileges, then the

     received message is discarded without further processing.

     received message is discarded without further processing.

15. If the management communication class of the received

15. If the management communication class of the received

     message is not among the access privileges, then the

     message is not among the access privileges, then the

     component is zero and its error-status component is

     component is zero and its error-status component is

     readOnly.

     readOnly.

16. If the proxied party associated with the receiving SNMP

16. If the proxied party associated with the receiving SNMP

     party in the local database is identified as noProxy,

     party in the local database is identified as noProxy,

     identified with the receiving SNMP party according to

     identified with the receiving SNMP party according to

     the procedures set forth in [1].

     the procedures set forth in [1].

17. If the proxied party associated with the receiving SNMP

17. If the proxied party associated with the receiving SNMP

     party in the local database is not identified as noProxy,

     party in the local database is not identified as noProxy,

     appropriate cooperation between the receiving SNMP

     appropriate cooperation between the receiving SNMP

     party and the identified proxied party.

     party and the identified proxied party.

     In particular, if the transport domain associated with

     In particular, if the transport domain associated with

     the identified proxied party in the local database is

     the identified proxied party in the local database is

     any) received from the proxied party corresponding to

     any) received from the proxied party corresponding to

     the newly generated request.

     the newly generated request.

3.13.3  Generating a Response

3.13.3  Generating a Response

This section describes the procedure followed by a SNMP protocol

This section describes the procedure followed by a SNMP protocol

entity whenever a response to a management request is generated.

entity whenever a response to a management request is generated.

The procedure for generating a response to a SNMP management request

The procedure for generating a response to a SNMP management request

is identical to the procedure for transmitting a request (see Section

is identical to the procedure for transmitting a request (see Section

originated -- even if that is different from the transport

originated -- even if that is different from the transport

information recorded in the local database.

information recorded in the local database.

This section describes how the administrative model set forth above

This section describes how the administrative model set forth above

is applied to realize effective network management in a variety of

is applied to realize effective network management in a variety of

configurations and environments. Several types of administrative

configurations and environments. Several types of administrative

configurations are identified, and an example of each is presented.

configurations are identified, and an example of each is presented.

known both to the minimal agent and to the manager, while Table 3

known both to the minimal agent and to the manager, while Table 3

presents similarly common information about the local access policy.

presents similarly common information about the local access policy.

As represented in Table 2, the example agent party operates at UDP

As represented in Table 2, the example agent party operates at UDP

port 161 at IP address 1.2.3.4 using the party identity gracie; the

port 161 at IP address 1.2.3.4 using the party identity gracie; the

information about these two parties (including access policy

information about these two parties (including access policy

information) need not be configurable.

information) need not be configurable.

Suppose that the managing party george wishes to interrogate the

Suppose that the managing party george wishes to interrogate the

agent named gracie by issuing a SNMP GetNext request message. The

agent named gracie by issuing a SNMP GetNext request message. The

authentication protocol for the party george is recorded as noAuth,

authentication protocol for the party george is recorded as noAuth,

the GetNext request message generated by the manager is not

the GetNext request message generated by the manager is not

  Identity          gracie                george

  Identity          gracie                george

                   (agent)              (manager)

                   (agent)              (manager)

  Priv Priv Key    ""                    ""

  Priv Priv Key    ""                    ""

  Priv Pub Key      ""                    ""

  Priv Pub Key      ""                    ""

       Table 2: Party Information for Minimal Agent

       Table 2: Party Information for Minimal Agent

           gracie    george    3

           gracie    george    3

           george    gracie    20

           george    gracie    20

     Table 3: Access Information for Minimal Agent

     Table 3: Access Information for Minimal Agent

authenticated as to origin and integrity. Because, according to the

authenticated as to origin and integrity. Because, according to the

manager's database, the privacy protocol for the party gracie is

manager's database, the privacy protocol for the party gracie is

noPriv, the GetNext request message is not protected from disclosure.

noPriv, the GetNext request message is not protected from disclosure.

transport address (IP address 1.2.3.4, UDP port 161) associated in

transport address (IP address 1.2.3.4, UDP port 161) associated in

the manager's database with the party gracie.

the manager's database with the party gracie.

When the GetNext request message is received at the agent, the

When the GetNext request message is received at the agent, the

identity of the party to which it is directed (gracie) is extracted

identity of the party to which it is directed (gracie) is extracted

party george is recorded as noAuth, the received message is

party george is recorded as noAuth, the received message is

immediately accepted as authentic.

immediately accepted as authentic.

The received message is fully processed only if the access policy

The received message is fully processed only if the access policy

database local to the agent authorizes GetNext request communications

database local to the agent authorizes GetNext request communications

access policy database presented as Table 3 authorizes such

access policy database presented as Table 3 authorizes such

communications (as well as Get operations).

communications (as well as Get operations).

When the received request is processed, a GetResponse message is

When the received request is processed, a GetResponse message is

generated with gracie as the source party and george, the party from

generated with gracie as the source party and george, the party from

corresponding request originated -- without regard for the transport

corresponding request originated -- without regard for the transport

address associated with george in the local database.

address associated with george in the local database.

When the generated response is received by the manager, the identity

When the generated response is received by the manager, the identity

of the party to which it is directed (george) is extracted from the

of the party to which it is directed (george) is extracted from the

is recorded as noAuth, the received response is immediately accepted

is recorded as noAuth, the received response is immediately accepted

as authentic.

as authentic.

The received message is fully processed only if the access policy

The received message is fully processed only if the access policy

database local to the manager authorizes GetResponse communications

database local to the manager authorizes GetResponse communications

This section presents an example configuration for a secure, minimal

This section presents an example configuration for a secure, minimal

SNMP agent that interacts with a single SNMP management station.

SNMP agent that interacts with a single SNMP management station.

the minimal agent and to the manager, while Table 5 presents

the minimal agent and to the manager, while Table 5 presents

similarly common information about the local access policy.

similarly common information about the local access policy.

The interaction of manager and agent in this configuration is very

The interaction of manager and agent in this configuration is very

similar to that sketched above for the non-secure minimal agent --

similar to that sketched above for the non-secure minimal agent --

of SNMP parties could support the exchange of non-secret information

of SNMP parties could support the exchange of non-secret information

in authenticated messages without incurring the cost of encryption.

in authenticated messages without incurring the cost of encryption.

An actual secure agent configuration may require SNMP parties for

An actual secure agent configuration may require SNMP parties for

which the authentication and privacy protocols are noAuth and noPriv,

which the authentication and privacy protocols are noAuth and noPriv,

For clarity, these additional parties are not represented in this

For clarity, these additional parties are not represented in this

example.

example.

   Identity          ollie                stan

   Identity          ollie                stan

                     (agent)              (manager)

                     (agent)              (manager)

   Priv Priv Key    "MNOPQR0123456789"  "STUVWX0123456789"

   Priv Priv Key    "MNOPQR0123456789"  "STUVWX0123456789"

   Priv Pub Key      ""                  ""

   Priv Pub Key      ""                  ""

   Table 4: Party Information for Secure Minimal Agent

   Table 4: Party Information for Secure Minimal Agent

             Target  Subject  Privileges

             Target  Subject  Privileges

             ollie    stan      3

             ollie    stan      3

             stan    ollie    20

             stan    ollie    20

human beings and is confined to those portions of the protocol

human beings and is confined to those portions of the protocol

implementation that require it.

implementation that require it.

When using the md5AuthProtocol, the public authentication key for

When using the md5AuthProtocol, the public authentication key for

each SNMP party is never used in authentication and verification of

each SNMP party is never used in authentication and verification of

protocols would not depend upon sharing of a private key for their

protocols would not depend upon sharing of a private key for their

operation.

operation.

All protocol messages originated by the party stan are encrypted on

All protocol messages originated by the party stan are encrypted on

transmission using the desPrivProtocol privacy protocol and the

transmission using the desPrivProtocol privacy protocol and the

normally afforded to human beings and is confined to those portions

normally afforded to human beings and is confined to those portions

of the protocol implementation that require it.

of the protocol implementation that require it.

This section presents examples of SNMP proxy configurations.  On one

This section presents examples of SNMP proxy configurations.  On one

hand, foreign proxy configurations provide the capability to manage

hand, foreign proxy configurations provide the capability to manage

configurations may also reduce the bandwidth requirements of large-

configurations may also reduce the bandwidth requirements of large-

scale management activities.

scale management activities.

clarity: actual configurations may require additional parties in

clarity: actual configurations may require additional parties in

order to support clock synchronization and distribution of secrets.

order to support clock synchronization and distribution of secrets.

This section presents an example configuration by which a SNMP

This section presents an example configuration by which a SNMP

management station may manage network elements that do not themselves

management station may manage network elements that do not themselves

that realizes SNMP management operations by interacting with a non-

that realizes SNMP management operations by interacting with a non-

SNMP device using a proprietary protocol.

SNMP device using a proprietary protocol.

Table 6 presents information about SNMP parties that is recorded in

Table 6 presents information about SNMP parties that is recorded in

the local database of the SNMP proxy agent.  Table 7 presents

the local database of the SNMP proxy agent.  Table 7 presents

of the SNMP management station. Table 8 presents information about

of the SNMP management station. Table 8 presents information about

the access policy specified by the local administration.

the access policy specified by the local administration.

As represented in Table 6, the proxy agent party operates at UDP port

As represented in Table 6, the proxy agent party operates at UDP port

161 at IP address 1.2.3.5 using the party identity moe; the example

161 at IP address 1.2.3.5 using the party identity moe; the example

distinct, private authentication keys. Although these private

distinct, private authentication keys. Although these private

authentication key values ("0123456789ABCDEF" and

authentication key values ("0123456789ABCDEF" and

Identity        larry              moe                curly

Identity        larry              moe                curly

                 (manager)          (proxy)            (proxied)

                 (manager)          (proxy)            (proxied)

Priv Priv Key  ""                  ""                  ""

Priv Priv Key  ""                  ""                  ""

Priv Pub Key    ""                  ""                  ""

Priv Pub Key    ""                  ""                  ""

   Priv Priv Key  ""                  ""

   Priv Priv Key  ""                  ""

   Priv Pub Key    ""                  ""

   Priv Pub Key    ""                  ""

     Table 7: Party Information for Management Station

     Table 7: Party Information for Management Station

             moe      larry    3

             moe      larry    3

             larry    moe      20

             larry    moe      20

       Table 8: Access Information for Foreign Proxy

       Table 8: Access Information for Foreign Proxy

"GHIJKL0123456789") are presented here for expository purposes,

"GHIJKL0123456789") are presented here for expository purposes,

knowledge of private keys is not normally afforded to human beings

knowledge of private keys is not normally afforded to human beings

and is confined to those portions of the protocol implementation that

and is confined to those portions of the protocol implementation that

require it.

require it.

Although all SNMP agents that use cryptographic keys in their

Although all SNMP agents that use cryptographic keys in their

communication with other protocol entities will almost certainly

communication with other protocol entities will almost certainly

proxy agent sends or receives private SNMP communications. Thus, the

proxy agent sends or receives private SNMP communications. Thus, the

privacy protocol for each of them is recorded as noPriv.

privacy protocol for each of them is recorded as noPriv.

The party curly does not send or receive SNMP protocol messages;

The party curly does not send or receive SNMP protocol messages;

rather, all communication with that party proceeds via a hypothetical

rather, all communication with that party proceeds via a hypothetical

the party curly does not participate in the SNMP, many of the

the party curly does not participate in the SNMP, many of the

attributes recorded for that party in a local database are ignored.

attributes recorded for that party in a local database are ignored.

In order to interrogate the proprietary device associated with the

In order to interrogate the proprietary device associated with the

party curly, the management station larry constructs a SNMP GetNext

party curly, the management station larry constructs a SNMP GetNext

UDP port 161, and IP address 1.2.3.5. This request is authenticated

UDP port 161, and IP address 1.2.3.5. This request is authenticated

using the private authentication key "0123456789ABCDEF."

using the private authentication key "0123456789ABCDEF."

at party curly. These new operations are transmitted to the party

at party curly. These new operations are transmitted to the party

curly at the address 0x98765432 in the acmeMgmtPrtcl domain.

curly at the address 0x98765432 in the acmeMgmtPrtcl domain.

When and if the proprietary protocol exchange between the proxy agent

When and if the proprietary protocol exchange between the proxy agent

and the proprietary device concludes, a SNMP GetResponse management

and the proprietary device concludes, a SNMP GetResponse management

address 1.2.3.4 and UDP port 2002 (the source address for the

address 1.2.3.4 and UDP port 2002 (the source address for the

corresponding request).

corresponding request).

When this response is received by the party larry, the originator of

When this response is received by the party larry, the originator of

the message is verified as being the party moe by using local

the message is verified as being the party moe by using local

relevant access control policy (Table 8), the response is accepted,

relevant access control policy (Table 8), the response is accepted,

and the interrogation of the proprietary device is complete.

and the interrogation of the proprietary device is complete.

It is especially useful to observe that the database of SNMP parties

It is especially useful to observe that the database of SNMP parties

recorded at the proxy agent (Table 6) need be neither static nor

recorded at the proxy agent (Table 6) need be neither static nor

analogous to that for party moe (representing a proxy for that new

analogous to that for party moe (representing a proxy for that new

station in the SNMP domain).

station in the SNMP domain).

by the SNMP proxy agent, a SNMP management station can discover and

by the SNMP proxy agent, a SNMP management station can discover and

interact with new stations as they are attached to the LAN.

interact with new stations as they are attached to the LAN.

This section presents an example configuration that supports SNMP

This section presents an example configuration that supports SNMP

native proxy operations -- indirect interaction between a SNMP agent

native proxy operations -- indirect interaction between a SNMP agent

and a management station that is mediated by a second SNMP (proxy)

and a management station that is mediated by a second SNMP (proxy)

agent.

agent.

This example configuration is similar to that presented in the

This example configuration is similar to that presented in the

discussion of SNMP foreign proxy above. In this example, however, the

discussion of SNMP foreign proxy above. In this example, however, the

SNMP, and, accordingly interacts with the SNMP proxy agent moe using

SNMP, and, accordingly interacts with the SNMP proxy agent moe using

authenticated SNMP communications.

authenticated SNMP communications.

Table 9 presents information about SNMP parties that is recorded in

Table 9 presents information about SNMP parties that is recorded in

the local database of the SNMP proxy agent.  Table 7 presents

the local database of the SNMP proxy agent.  Table 7 presents

of the SNMP management station. Table 10 presents information about

of the SNMP management station. Table 10 presents information about

the access policy specified by the local administration.

the access policy specified by the local administration.

As represented in Table 9, the proxy party operates at UDP port 161

As represented in Table 9, the proxy party operates at UDP port 161

at IP address 1.2.3.5 using the party identity moe;

at IP address 1.2.3.5 using the party identity moe;

   Identity      larry              moe                curly

   Identity      larry              moe                curly

               (manager)          (proxy)            (proxied)

               (manager)          (proxy)            (proxied)

   Priv Priv Key  ""                ""                ""

   Priv Priv Key  ""                ""                ""

   Priv Pub Key  ""                ""                ""

   Priv Pub Key  ""                ""                ""

             curly    moe      3

             curly    moe      3

             moe      curly    20

             moe      curly    20

       Table 10: Access Information for Native Proxy

       Table 10: Access Information for Native Proxy

the example manager operates at UDP port 2002 at IP address 1.2.3.4

the example manager operates at UDP port 2002 at IP address 1.2.3.4

using the identity larry; the proxied party operates at UDP port 161

using the identity larry; the proxied party operates at UDP port 161

and is confined to those portions of the protocol implementation that

and is confined to those portions of the protocol implementation that

require it.

require it.

In order to interrogate the proxied device associated with the party

In order to interrogate the proxied device associated with the party

curly, the management station larry constructs a SNMP GetNext request

curly, the management station larry constructs a SNMP GetNext request

161 and IP address 1.2.3.5. This request is authenticated using the

161 and IP address 1.2.3.5. This request is authenticated using the

private authentication key "0123456789ABCDEF."

private authentication key "0123456789ABCDEF."

When that request is received by the party moe, the originator of the

When that request is received by the party moe, the originator of the

message is verified as being the party larry by using local knowledge

message is verified as being the party larry by using local knowledge

"GHIJKL0123456789" and transmitted to party curly at the IP address

"GHIJKL0123456789" and transmitted to party curly at the IP address

1.2.3.6.

1.2.3.6.

When this new request is received by the party curly, the originator

When this new request is received by the party curly, the originator

of the message is verified as being the party moe by using local

of the message is verified as being the party moe by using local

GetNext request is satisfied by local mechanisms. A SNMP GetResponse

GetNext request is satisfied by local mechanisms. A SNMP GetResponse

message representing the results of the query is then generated by

message representing the results of the query is then generated by

"MNOPQR0123456789" and transmitted to party moe at IP address 1.2.3.5

"MNOPQR0123456789" and transmitted to party moe at IP address 1.2.3.5

(the source address for the corresponding request).

(the source address for the corresponding request).

When this response is received by party moe, the originator of the

When this response is received by party moe, the originator of the

message is verified as being the party curly by using local knowledge

message is verified as being the party curly by using local knowledge

the party larry at IP address 1.2.3.4 (the source address for the

the party larry at IP address 1.2.3.4 (the source address for the

original request).

original request).

When this response is received by the party larry, the originator of

When this response is received by the party larry, the originator of

the message is verified as being the party moe by using local

the message is verified as being the party moe by using local

relevant access control policy (Table 10), the response is accepted,

relevant access control policy (Table 10), the response is accepted,

and the interrogation is complete.

and the interrogation is complete.

This section presents an example configuration predicated upon a

This section presents an example configuration predicated upon a

hypothetical security protocol. This hypothetical protocol would be

hypothetical security protocol. This hypothetical protocol would be

the example to support protection against disclosure should be

the example to support protection against disclosure should be

apparent.

apparent.

  Priv Priv Key    ""                        ""

  Priv Priv Key    ""                        ""

  Priv Pub Key      ""                        ""

  Priv Pub Key      ""                        ""

     Table 11: Party Information for Public Key Agent

     Table 11: Party Information for Public Key Agent

The example configuration comprises a single SNMP agent that

The example configuration comprises a single SNMP agent that

interacts with a single SNMP management station.  Tables 11 and 12

interacts with a single SNMP management station.  Tables 11 and 12

manager, respectively, while Table 5 presents information about the

manager, respectively, while Table 5 presents information about the

local access policy that is known to both manager and agent.

local access policy that is known to both manager and agent.

As represented in Table 11, the example agent party operates at UDP

As represented in Table 11, the example agent party operates at UDP

port 161 at IP address 1.2.3.4 using the party identity ollie; the

port 161 at IP address 1.2.3.4 using the party identity ollie; the

SNMP authentication protocol pkAuthProtocol and their distinct,

SNMP authentication protocol pkAuthProtocol and their distinct,

private

private

  Identity          ollie                  stan

  Identity          ollie                  stan

                   (agent)                (manager)

                   (agent)                (manager)

  Priv Priv Key    ""                    ""

  Priv Priv Key    ""                    ""

  Priv Pub Key      ""                    ""

  Priv Pub Key      ""                    ""

Table 12:  Party Information for Public Key Management

Table 12:  Party Information for Public Key Management

           Station

           Station

afforded to human beings and is confined to those portions of the

afforded to human beings and is confined to those portions of the

protocol implementation that require it.

protocol implementation that require it.

In most respects, the interaction between manager and agent in this

In most respects, the interaction between manager and agent in this

configuration is almost identical to that in the example of the

configuration is almost identical to that in the example of the

key ("0123456789abcdef") but not its private key

key ("0123456789abcdef") but not its private key

("0123456789ABCDEF").

("0123456789ABCDEF").

For simplicity, privacy protocols are not addressed in this example

For simplicity, privacy protocols are not addressed in this example

configuration, although their use would be necessary to the secure,

configuration, although their use would be necessary to the secure,

automated distribution of secret keys.

automated distribution of secret keys.

This section describes a convention for the definition of MIB views

This section describes a convention for the definition of MIB views

and, using that convention, presents example configurations of MIB

and, using that convention, presents example configurations of MIB

views for SNMP parties.

views for SNMP parties.

A MIB view is defined by a collection of view subtrees (see Section

A MIB view is defined by a collection of view subtrees (see Section

3.6), and any MIB view may be represented in this way. Because MIB

3.6), and any MIB view may be represented in this way. Because MIB

of view subtrees, a convention for abbreviating MIB view definitions

of view subtrees, a convention for abbreviating MIB view definitions

is desirable.

is desirable.

The convention adopted in [5] supports abbreviation of MIB view

The convention adopted in [5] supports abbreviation of MIB view

definitions in terms of families of view subtrees that are either

definitions in terms of families of view subtrees that are either

value (called the family name) together with a bitstring value

value (called the family name) together with a bitstring value

(called the family mask). The family mask indicates which

(called the family mask). The family mask indicates which

object instance, that instance belongs to the view subtree family

object instance, that instance belongs to the view subtree family

represented by a particular table entry if

represented by a particular table entry if

   o the OBJECT IDENTIFIER name of that MIB

   o the OBJECT IDENTIFIER name of that MIB

     object instance comprises at least as many subidentifiers

     object instance comprises at least as many subidentifiers

     as does the family name for said table entry, and

     as does the family name for said table entry, and

   o each subidentifier in the name of said MIB object

   o each subidentifier in the name of said MIB object

     instance matches the corresponding subidentifier of the

     instance matches the corresponding subidentifier of the

     relevant family name whenever the corresponding bit of

     relevant family name whenever the corresponding bit of

     the associated family mask is non-zero.

     the associated family mask is non-zero.

The appearance of a MIB object instance in the MIB view for a

The appearance of a MIB object instance in the MIB view for a

particular SNMP party is related to the membership of that instance

particular SNMP party is related to the membership of that instance

in the subtree families associated with that party in local table

in the subtree families associated with that party in local table

entries:

entries:

   o If a MIB object instance belongs to none of the relevant

   o If a MIB object instance belongs to none of the relevant

     subtree families, then that instance is not in the MIB

     subtree families, then that instance is not in the MIB

     view for the relevant SNMP party.

     view for the relevant SNMP party.

   o If a MIB object instance belongs to the subtree family

   o If a MIB object instance belongs to the subtree family

     represented by exactly one of the relevant table entries,

     represented by exactly one of the relevant table entries,

     then that instance is included in, or excluded from, the

     then that instance is included in, or excluded from, the

     relevant MIB view according to the status of that entry.

     relevant MIB view according to the status of that entry.

   o If a MIB object instance belongs to the subtree families

   o If a MIB object instance belongs to the subtree families

     represented by more than one of the relevant table

     represented by more than one of the relevant table

     subidentifiers, and, second, the associated family name is

     subidentifiers, and, second, the associated family name is

     lexicographically greatest.

     lexicographically greatest.

The subtree family represented by a table entry for which the

The subtree family represented by a table entry for which the

associated family mask is all ones corresponds to the single view

associated family mask is all ones corresponds to the single view

with a family mask of zero length always corresponds to a single view

with a family mask of zero length always corresponds to a single view

subtree.

subtree.

   Party Identity  Status    Family Name    Family Mask

   Party Identity  Status    Family Name    Family Mask

   lucy            include    internet      ""h

   lucy            include    internet      ""h

       Table 13: View Definition for Minimal Agent

       Table 13: View Definition for Minimal Agent

Using this convention for abbreviating MIB view definitions, some of

Using this convention for abbreviating MIB view definitions, some of

the most common definitions of MIB views may be conveniently

the most common definitions of MIB views may be conveniently

signifies that the relevant subtree family corresponds to the single

signifies that the relevant subtree family corresponds to the single

view subtree rooted at that node.

view subtree rooted at that node.

Another example of MIB view definition (see Table 14) is that of a

Another example of MIB view definition (see Table 14) is that of a

SNMP protocol entity that locally realizes multiple SNMP parties with

SNMP protocol entity that locally realizes multiple SNMP parties with

system group of the internet-standard MIB together with those object

system group of the internet-standard MIB together with those object

instances by which SNMP parties are administered.

instances by which SNMP parties are administered.

A more complicated example of MIB view configuration illustrates the

A more complicated example of MIB view configuration illustrates the

abbreviation of related collections of view subtrees by view subtree

abbreviation of related collections of view subtrees by view subtree

families (see Table 15). In this

families (see Table 15). In this

   Party Identity  Status    Family Name    Family Mask

   Party Identity  Status    Family Name    Family Mask

   ricky          include    system        ""h

   ricky          include    system        ""h

   ricky          include    snmpParties    ""h

   ricky          include    snmpParties    ""h

       Table 14: View Definition for Multiple Parties

       Table 14: View Definition for Multiple Parties

example, the MIB view associated with party lucy includes all object

example, the MIB view associated with party lucy includes all object

instances in the system group of the internet-standard MIB together

instances in the system group of the internet-standard MIB together

attached to the managed device. However, this interface-related

attached to the managed device. However, this interface-related

information does not include the speed of the interface. The family

information does not include the speed of the interface. The family

lexicographically greater of the relevant family names appears in the

lexicographically greater of the relevant family names appears in the

table entry with status exclude.

table entry with status exclude.

The MIB view for party ricky is also defined in this example.  The

The MIB view for party ricky is also defined in this example.  The

MIB view attributed to the party ricky includes all object instances

MIB view attributed to the party ricky includes all object instances

includes the number of octets received on the fourth attached network

includes the number of octets received on the fourth attached network

interface.

interface.

While, as suggested by the examples above, a wide range of MIB view

While, as suggested by the examples above, a wide range of MIB view

configurations are efficiently supported by the abbreviated

configurations are efficiently supported by the abbreviated

representation of [5], prudent MIB design can sometimes further

representation of [5], prudent MIB design can sometimes further

reduce the size and complexity of the most

reduce the size and complexity of the most

  Party Identity  Status    Family Name        Family Mask

  Party Identity  Status    Family Name        Family Mask

  ricky          include    { ifEntry 0 5 }    "FFA0"h

  ricky          include    { ifEntry 0 5 }    "FFA0"h

  ricky          include    { ifInOctets 4 }  ""h

  ricky          include    { ifInOctets 4 }  ""h

       Table 15: More Elaborate View Definitions

       Table 15: More Elaborate View Definitions

likely MIB view definitions. On one hand, it is critical that

likely MIB view definitions. On one hand, it is critical that

mechanisms for MIB view configuration impose no absolute constraints

mechanisms for MIB view configuration impose no absolute constraints