Skip to main content

Appendix B - Change Log

Appendix B. Change Log

This appendix documents the changes made to the User-based Security Model from RFC 2574 to RFC 3414.

B.1. Changes from RFC 2574

RFC 3414 replaces RFC 2574, which was the original specification of the User-based Security Model for SNMPv3. The following changes have been made:

Editorial Changes

  1. Updated References: References to other SNMP documents have been updated to reflect the new RFC numbers in the SNMPv3 document set (RFC 3410-3418).

  2. Clarifications: Various sections have been rewritten or expanded to provide better clarity, including:

    • More detailed explanations of time synchronization mechanisms
    • Clearer descriptions of the discovery process
    • Enhanced security considerations

  3. Terminology: Consistent terminology has been applied throughout the document to align with other SNMPv3 specifications.

Technical Changes

  1. MIB Module Updates:

    • The MIB module has been updated to SMIv2 compliance
    • MODULE-COMPLIANCE and OBJECT-GROUP definitions have been refined
    • Descriptions of MIB objects have been enhanced for clarity

  2. Key Management:

    • Additional guidance on password-to-key algorithms
    • Clarified procedures for key localization
    • Enhanced descriptions of key change protocols

  3. Security Considerations:

    • Expanded security considerations section (Section 11)
    • Additional recommendations for implementation security
    • More detailed discussion of potential threats and mitigations

  4. Report Mechanisms:

    • Clarified the use of Report-PDUs for error notification
    • Better descriptions of when reports should and should not be generated
    • Enhanced guidance on report security levels

  5. Algorithm Specifications:

    • More precise descriptions of authentication protocols (HMAC-MD5-96, HMAC-SHA-96)
    • Clearer specification of the privacy protocol (CBC-DES)
    • Addition of explicit test vectors in appendices

Conformance Changes

  1. Mandatory-to-Implement Requirements: Clarified which protocols are mandatory (HMAC-MD5-96 and CBC-DES) versus optional (HMAC-SHA-96).

  2. MIB Conformance: Enhanced conformance statements in the MIB module definition.

Bug Fixes

  1. Time Synchronization: Corrected edge cases in time window verification logic.

  2. Discovery Process: Fixed ambiguities in the discovery procedure descriptions.

  3. Error Handling: Corrected inconsistencies in error report generation requirements.

B.2. Changes from Earlier Drafts

During the development process from draft to RFC, several changes were made based on working group feedback:

  1. Intellectual Property Section: Added detailed discussion of intellectual property considerations for DES and HMAC algorithms.

  2. Localization Algorithm: Refined the key localization algorithm description with additional examples.

  3. Replay Protection: Enhanced the description of replay protection mechanisms and their limitations.

  4. IANA Considerations: Updated the IANA Considerations section to reflect current registration procedures.

B.3. Implementation Notes

Implementers upgrading from RFC 2574 to RFC 3414 should note:

  1. Wire Protocol Compatibility: The on-the-wire protocol remains unchanged. Implementations conforming to RFC 2574 are wire-compatible with RFC 3414 implementations.

  2. MIB Compatibility: The MIB structure is backward compatible. Existing management applications should continue to function without modification.

  3. Algorithm Identifiers: The OIDs for authentication and privacy protocols remain unchanged.

  4. Configuration Migration: Existing user configurations can be migrated without requiring re-provisioning of keys.

B.4. Obsoleted RFCs

RFC 3414 obsoletes:

  • RFC 2574: "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)"

All implementations should migrate to RFC 3414 as RFC 2574 is now considered obsolete.

B.5. Acknowledgment of Changes

The changes documented in this appendix reflect contributions and feedback from the SNMPv3 Working Group, security reviewers, and implementers who provided valuable input during the standardization process. The editors acknowledge the collective effort in refining and improving the User-based Security Model specification.

Last updated on