idnits 2.17.1 draft-ietf-opsawg-hmac-sha-2-usm-snmp-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 23, 2015) is 3322 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 2104 -- Possible downref: Non-RFC (?) normative reference: ref. 'SHA' ** Downref: Normative reference to an Informational RFC: RFC 6234 Summary: 2 errors (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 OPSAWG J. Merkle, Ed. 3 Internet-Draft Secunet Security Networks 4 Intended status: Standards Track M. Lochter 5 Expires: September 24, 2015 BSI 6 March 23, 2015 8 HMAC-SHA-2 Authentication Protocols in USM for SNMP 9 draft-ietf-opsawg-hmac-sha-2-usm-snmp-05 11 Abstract 13 This memo specifies new HMAC-SHA-2 authentication protocols for the 14 User-based Security Model (USM) for SNMPv3 defined in RFC 3414. 16 Status of This Memo 18 This Internet-Draft is submitted in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF). Note that other groups may also distribute 23 working documents as Internet-Drafts. The list of current Internet- 24 Drafts is at http://datatracker.ietf.org/drafts/current/. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 This Internet-Draft will expire on September 24, 2015. 33 Copyright Notice 35 Copyright (c) 2015 IETF Trust and the persons identified as the 36 document authors. All rights reserved. 38 This document is subject to BCP 78 and the IETF Trust's Legal 39 Provisions Relating to IETF Documents 40 (http://trustee.ietf.org/license-info) in effect on the date of 41 publication of this document. Please review these documents 42 carefully, as they describe your rights and restrictions with respect 43 to this document. Code Components extracted from this document must 44 include Simplified BSD License text as described in Section 4.e of 45 the Trust Legal Provisions and are provided without warranty as 46 described in the Simplified BSD License. 48 Table of Contents 50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 51 2. The Internet-Standard Management Framework . . . . . . . . . 3 52 3. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 53 4. The HMAC-SHA-2 Authentication Protocols . . . . . . . . . . . 3 54 4.1. Deviations from the HMAC-SHA-96 Authentication 55 Protocol . . . . . . . . . . . . . . . . . . . . . . . . 4 56 4.2. Processing . . . . . . . . . . . . . . . . . . . . . . . 5 57 4.2.1. Processing an Outgoing Message . . . . . . . . . . . 5 58 4.2.2. Processing an Incoming Message . . . . . . . . . . . 6 59 5. Key Localization and Key Change . . . . . . . . . . . . . . . 6 60 6. Structure of the MIB Module . . . . . . . . . . . . . . . . . 6 61 7. Relationship to Other MIB Modules . . . . . . . . . . . . . . 7 62 7.1. Relationship to SNMP-USER-BASED-SM-MIB . . . . . . . . . 7 63 7.2. Relationship to SNMP-FRAMEWORK-MIB . . . . . . . . . . . 7 64 7.3. MIB modules required for IMPORTS . . . . . . . . . . . . 7 65 8. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 7 66 9. Security Considerations . . . . . . . . . . . . . . . . . . . 10 67 9.1. Use of the HMAC-SHA-2 authentication protocols in USM . . 10 68 9.2. Cryptographic strength of the authentication protocols . 10 69 9.3. Derivation of keys from passwords . . . . . . . . . . . . 11 70 9.4. Access to the SNMP-USM-HMAC-SHA2-MIB . . . . . . . . . . 11 71 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 72 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 73 11.1. Normative References . . . . . . . . . . . . . . . . . . 12 74 11.2. Informative References . . . . . . . . . . . . . . . . . 13 75 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13 77 1. Introduction 79 This memo defines a portion of the Management Information Base (MIB) 80 for use with network management protocols. In particular it defines 81 additional authentication protocols for the User-based Security Model 82 (USM) for version 3 of the Simple Network Management Protocol 83 (SNMPv3) specified in RFC 3414 [RFC3414]. 85 In RFC 3414, two different authentication protocols, HMAC-MD5-96 and 86 HMAC-SHA-96, are defined based on the hash functions MD5 and SHA-1, 87 respectively. This memo specifies new HMAC-SHA-2 authentication 88 protocols for USM using an HMAC based on the SHA-2 family of hash 89 functions [SHA] and truncated to 128 bits for SHA-224, to 192 bits 90 for SHA-256, to 256 bits for SHA-384, and to 384 bits for SHA-512. 91 These protocols are straightforward adaptations of the authentication 92 protocols HMAC-MD5-96 and HMAC-SHA-96 to the SHA-2 based HMAC. 94 2. The Internet-Standard Management Framework 96 For a detailed overview of the documents that describe the current 97 Internet-Standard Management Framework, please refer to section 7 of 98 RFC 3410 [RFC3410]. 100 Managed objects are accessed via a virtual information store, termed 101 the Management Information Base or MIB. MIB objects are generally 102 accessed through the Simple Network Management Protocol (SNMP). 103 Objects in the MIB are defined using the mechanisms defined in the 104 Structure of Management Information (SMI). This memo specifies a MIB 105 module that is compliant to the SMIv2, which is described in STD 58, 106 RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 107 [RFC2580]. 109 3. Conventions 111 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 112 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 113 document are to be interpreted as described in BCP 14, RFC 2119 114 [RFC2119]. 116 4. The HMAC-SHA-2 Authentication Protocols 118 This section describes the HMAC-SHA-2 authentication protocols. They 119 use the SHA-2 hash functions, which are described in [SHA] and 120 [RFC6234], in HMAC mode described in [RFC2104] and [RFC6234], 121 truncating the output to 128 bits for SHA-224, 192 bits for SHA-256, 122 256 bits for SHA-384, and 384 bits for SHA-512. [RFC6234] also 123 provides source code for all the SHA-2 algorithms and HMAC (without 124 truncation). It also includes test harness and standard test vectors 125 for all the defined hash functions and HMAC examples. 127 The following protocols are defined: 129 usmHMAC128SHA224AuthProtocol: uses SHA-224 and truncates the 130 output to 128 bits (16 octets); 132 usmHMAC192SHA256AuthProtocol: uses SHA-256 and truncates the 133 output to 192 bits (24 octets); 135 usmHMAC256SHA384AuthProtocol: uses SHA-384 and truncates the 136 output to 256 bits (32 octets); 138 usmHMAC384SHA512AuthProtocol: uses SHA-512 and truncates the 139 output to 384 bits (48 octets). 141 Implementations conforming to this specification MUST support 142 usmHMAC192SHA256AuthProtocol and SHOULD support 143 usmHMAC384SHA512AuthProtocol. The protocols 144 usmHMAC128SHA224AuthProtocol and usmHMAC256SHA384AuthProtocol are 145 OPTIONAL. 147 4.1. Deviations from the HMAC-SHA-96 Authentication Protocol 149 All the HMAC-SHA-2 authentication protocols are straightforward 150 adaptations of the HMAC-MD5-96 and HMAC-SHA-96 authentication 151 protocols. Precisely, they differ from the HMAC-MD5-96 and HMAC- 152 SHA-96 authentication protocols in the following aspects: 154 o The SHA-2 hash function is used to compute the message digest in 155 the HMAC computation according to [RFC2104] and [RFC6234], as 156 opposed to the MD5 hash function [RFC1321] and SHA-1 hash function 157 [SHA] used in HMAC-MD5-96 and HMAC-SHA-96, respectively. 158 Consequently, the length of the message digest prior to truncation 159 is 224 bits for SHA-224 based protocol, 256 bits for SHA-256 based 160 protocol, 384 bits for SHA-384 based protocol, and 512 bits for 161 SHA-512 based protocol. 163 o The resulting message digest (output of HMAC) is truncated to 165 * 16 octets for usmHMAC128SHA224AuthProtocol 167 * 24 octets for usmHMAC192SHA256AuthProtocol 169 * 32 octets for usmHMAC256SHA384AuthProtocol 171 * 48 octets for usmHMAC384SHA512AuthProtocol 173 as opposed to the truncation to 12 octets in HMAC-MD5-96 and HMAC- 174 SHA-96. 176 o The user's secret key to be used when calculating a digest MUST 177 be: 179 * 28 octets long and derived with SHA-224 for the SHA-224 based 180 protocol usmHMAC128SHA224AuthProtocol 182 * 32 octets long and derived with SHA-256 for the SHA-256 based 183 protocol usmHMAC192SHA256AuthProtocol 185 * 48 octets long and derived with SHA-384 for the SHA-384 based 186 protocol usmHMAC256SHA384AuthProtocol 188 * 64 octets long and derived with SHA-512 for the SHA-512 based 189 protocol usmHMAC384SHA512AuthProtocol 191 as opposed to the keys being 16 and 20 octets long in HMAC-MD5-96 192 and HMAC-SHA-96, respectively. 194 4.2. Processing 196 This section describes the procedures for the HMAC-SHA-2 197 authentication protocols. The descriptions are based on the 198 definition of services and data elements defined for HMAC-SHA-96 in 199 RFC 3414 [RFC3414] with the deviations listed in Section 4.1. 201 4.2.1. Processing an Outgoing Message 203 Values of constants M (the length of the secret key in octets) and N 204 (the length of the MAC output in octets) used below, are: 206 usmHMAC128SHA224AuthProtocol: M=28, N=16; 208 usmHMAC192SHA256AuthProtocol: M=32, N=24; 210 usmHMAC256SHA384AuthProtocol: M=48, N=32; 212 usmHMAC384SHA512AuthProtocol: M=64, N=48. 214 correspondingly. 216 This section describes the procedure followed by an SNMP engine 217 whenever it must authenticate an outgoing message using one of the 218 authentication protocols defined above. 220 1. The msgAuthenticationParameters field is set to serialization, 221 according to the rules in [RFC3417], of an OCTET STRING 222 containing N zero octets. 224 2. From the secret authKey of M octets, calculate the HMAC-SHA-2 225 digest over it according to [RFC6234]. Take the first N octets 226 of the final digest - this is the Message Authentication Code 227 (MAC). 229 3. Replace the msgAuthenticationParameters field with the MAC 230 obtained in the previous step. 232 4. The authenticatedWholeMsg is then returned to the caller together 233 with statusInformation indicating success. 235 4.2.2. Processing an Incoming Message 237 Values of the constants M and N are the same as in Section 4.2.1, and 238 are selected based on which authentication protocol is configured for 239 the given USM usmUser Table entry. 241 This section describes the procedure followed by an SNMP engine 242 whenever it must authenticate an incoming message using one of the 243 HMAC-SHA-2 authentication protocols. 245 1. If the digest received in the msgAuthenticationParameters field 246 is not N octets long, then an failure and an errorIndication 247 (authenticationError) is returned to the calling module. 249 2. The MAC received in the msgAuthenticationParameters field is 250 saved. 252 3. The digest in the msgAuthenticationParameters field is replaced 253 by the N zero octets. 255 4. Using the secret authKey, the HMAC is calculated over the 256 wholeMsg. 258 5. N first octets of the above HMAC are taken as the computed MAC 259 value. 261 6. The msgAuthenticationParameters field is replaced with the MAC 262 value that was saved in step 2. 264 7. The newly calculated MAC is compared with the MAC saved in step 265 2. If they do not match, then a failure and an errorIndication 266 (authenticationFailure) are returned to the calling module. 268 8. The authenticatedWholeMsg and statusInformation indicating 269 success are then returned to the caller. 271 5. Key Localization and Key Change 273 For any of the protocols defined in Section 4, key localization and 274 key change SHALL be performed according to RFC 3414 [RFC3414] using 275 the SHA-2 hash function applied in the respective protocol. 277 6. Structure of the MIB Module 279 The MIB module specified in this memo does not define any managed 280 objects, subtrees, notifications or tables, but only object 281 identities (for authentication protocols) under a subtree of an 282 existing MIB. 284 7. Relationship to Other MIB Modules 286 7.1. Relationship to SNMP-USER-BASED-SM-MIB 288 RFC 3414 [RFC3414] specifies the MIB module for the User-based 289 Security Model (USM) for SNMPv3 (SNMP-USER-BASED-SM-MIB), which 290 defines authentication protocols for USM based on the hash functions 291 MD5 and SHA-1, respectively. The following MIB module defines new 292 HMAC-SHA2 authentication protocols for USM based on the SHA-2 hash 293 functions [SHA]. The use of the HMAC-SHA2 authentication protocols 294 requires the usage of the objects defined in the SNMP-USER-BASED-SM- 295 MIB. 297 7.2. Relationship to SNMP-FRAMEWORK-MIB 299 RFC 3411 [RFC3411] specifies the SNMP-FRAMEWORK-MIB, which defines a 300 subtree snmpAuthProtocols for SNMP authentication protocols. The 301 following MIB module defines new authentication protocols in the 302 snmpAuthProtocols subtree. 304 7.3. MIB modules required for IMPORTS 306 The following MIB module IMPORTS definitions from SNMPv2-SMI 307 [RFC2578] and SNMP-FRAMEWORK-MIB [RFC3411]. 309 8. Definitions 311 SNMP-USM-HMAC-SHA2-MIB DEFINITIONS ::= BEGIN 312 IMPORTS 313 MODULE-IDENTITY, OBJECT-IDENTITY, 314 snmpModules FROM SNMPv2-SMI -- [RFC2578] 315 snmpAuthProtocols FROM SNMP-FRAMEWORK-MIB; -- [RFC3411] 317 snmpUsmHmacSha2MIB MODULE-IDENTITY 318 LAST-UPDATED "201503090000Z" -- 9th Mar 2015, midnight 319 -- RFC Ed.: replace with publication date & remove this line 320 ORGANIZATION "SNMPv3 Working Group" 321 CONTACT-INFO "WG email: OPSAWG@ietf.org 322 Subscribe: 323 https://www.ietf.org/mailman/listinfo/opsawg 324 Editor: Johannes Merkle 325 secunet Security Networks 326 postal: Mergenthaler Allee 77 327 D-65760 Eschborn 328 Germany 329 phone: +49 20154543091 330 email: johannes.merkle@secunet.com 332 Co-Editor: Manfred Lochter 333 Bundesamt fuer Sicherheit in der 334 Informationstechnik (BSI) 335 postal: Postfach 200363 336 D-53133 Bonn 337 Germany 338 phone: +49 228 9582 5643 339 email: manfred.lochter@bsi.bund.de" 341 DESCRIPTION "Definitions of Object Identities needed 342 for the use of HMAC-SHA2 by SNMP's User-based 343 Security Model. 345 Copyright (c) 2014 IETF Trust and the persons identified 346 as authors of the code. All rights reserved. 348 Redistribution and use in source and binary forms, with 349 or without modification, is permitted pursuant to, and 350 subject to the license terms contained in, the Simplified 351 BSD License set forth in Section 4.c of the IETF Trust's 352 Legal Provisions Relating to IETF Documents 353 (http://trustee.ietf.org/license-info)." 355 REVISION "201503090000Z" -- 9th Mar 2015, midnight 356 -- RFC Ed.: replace with publication date & remove this line 357 DESCRIPTION "Initial version, published as RFC TBD" 358 -- RFC Ed.: replace TBD with actual RFC number & remove this line 360 ::= { snmpModules nn } -- nn to be assigned by IANA 361 -- RFC Ed.: replace nn with actual number assigned by IANA & remove 362 -- this comment 364 usmHMAC128SHA224AuthProtocol OBJECT-IDENTITY 365 STATUS current 366 DESCRIPTION "The Authentication Protocol 367 usmHMAC128SHA224AuthProtocol uses HMAC-SHA-224 and 368 truncates output to 128 bits." 369 REFERENCE "- Krawczyk, H., Bellare, M., and R. Canetti, HMAC: 370 Keyed-Hashing for Message Authentication, RFC 2104. 371 - National Institute of Standards and Technology, 372 Secure Hash Standard (SHS), FIPS PUB 180-4, 2012." 373 ::= { snmpAuthProtocols aa } -- aa to be assigned by IANA 374 -- RFC Ed.: replace aa with actual number assigned by IANA & remove 375 -- this comment 377 usmHMAC192SHA256AuthProtocol OBJECT-IDENTITY 378 STATUS current 379 DESCRIPTION "The Authentication Protocol 380 usmHMAC192SHA256AuthProtocol uses HMAC-SHA-256 and 381 truncates output to 192 bits." 382 REFERENCE "- Krawczyk, H., Bellare, M., and R. Canetti, HMAC: 383 Keyed-Hashing for Message Authentication, RFC 2104. 384 - National Institute of Standards and Technology, 385 Secure Hash Standard (SHS), FIPS PUB 180-4, 2012." 386 ::= { snmpAuthProtocols bb } -- bb to be assigned by IANA 387 -- RFC Ed.: replace bb with actual number assigned by IANA & remove 388 -- this comment 390 usmHMAC256SHA384AuthProtocol OBJECT-IDENTITY 391 STATUS current 392 DESCRIPTION "The Authentication Protocol 393 usmHMAC256SHA384AuthProtocol uses HMAC-SHA-384 and 394 truncates output to 256 bits." 395 REFERENCE "- Krawczyk, H., Bellare, M., and R. Canetti, HMAC: 396 Keyed-Hashing for Message Authentication, RFC 2104. 397 - National Institute of Standards and Technology, 398 Secure Hash Standard (SHS), FIPS PUB 180-4, 2012." 399 ::= { snmpAuthProtocols cc } -- cc to be assigned by IANA 400 -- RFC Ed.: replace cc with actual number assigned by IANA & remove 401 -- this comment 403 usmHMAC384SHA512AuthProtocol OBJECT-IDENTITY 404 STATUS current 405 DESCRIPTION "The Authentication Protocol 406 usmHMAC384SHA512AuthProtocol uses HMAC-SHA-512 and 407 truncates output to 384 bits." 408 REFERENCE "- Krawczyk, H., Bellare, M., and R. Canetti, HMAC: 409 Keyed-Hashing for Message Authentication, RFC 2104. 410 - National Institute of Standards and Technology, 411 Secure Hash Standard (SHS), FIPS PUB 180-4, 2012." 412 ::= { snmpAuthProtocols dd } -- dd to be assigned by IANA 413 -- RFC Ed.: replace dd with actual number assigned by IANA & remove 414 -- this comment 416 END 418 9. Security Considerations 420 9.1. Use of the HMAC-SHA-2 authentication protocols in USM 422 The security considerations of [RFC3414] also apply to the HMAC-SHA-2 423 authentication protocols defined in this document. 425 9.2. Cryptographic strength of the authentication protocols 427 At the time of publication of this document, all of the HMAC-SHA-2 428 authentication protocols provide a very high level of security. The 429 security of each HMAC-SHA-2 authentication protocol depends on the 430 parameters used in the corresponding HMAC computation, which are the 431 length of the key (if the key has maximum entropy), the size of the 432 hash function's internal state, and the length of the truncated MAC. 433 For the HMAC-SHA-2 authentication protocols these values are as 434 follows (values are given in bits). 436 +------------------------------+---------+----------------+---------+ 437 | Protocol | Key | Size of | MAC | 438 | | length | internal state | length | 439 +------------------------------+---------+----------------+---------+ 440 | usmHMAC128SHA224AuthProtocol | 224 | 256 | 128 | 441 | usmHMAC192SHA256AuthProtocol | 256 | 256 | 192 | 442 | usmHMAC256SHA384AuthProtocol | 384 | 512 | 256 | 443 | usmHMAC384SHA512AuthProtocol | 512 | 512 | 384 | 444 +------------------------------+---------+----------------+---------+ 446 Table 1: HMAC parameters of the HMAC-SHA-2 authentication protocols 448 The security of the HMAC scales with both the key length and the size 449 of the internal state: longer keys render key guessing attacks more 450 difficult, and a larger internal state decreases the success 451 probability of MAC forgeries based on internal collisions of the hash 452 function. 454 The role of the truncated output length is more complicated: 455 according to [BCK], there is a trade-off in that "by outputting less 456 bits the attacker has less bits to predict in a MAC forgery but, on 457 the other hand, the attacker also learns less about the output of the 458 compression function from seeing the authentication tags computed by 459 legitimate parties"; thus, truncation weakens the HMAC against 460 forgery by guessing, but at the same time strengthens it against 461 chosen message attacks aiming at MAC forgery based on internal 462 collisions or at key guessing. [RFC2104] and [BCK] allow truncation 463 to any length that is not less than half the size of the internal 464 state. 466 Further discussion of the security of the HMAC construction is given 467 in [RFC2104]. 469 9.3. Derivation of keys from passwords 471 If secret keys to be used for HMAC-SHA-2 authentication protocols are 472 derived from passwords, the derivation SHOULD be performed using the 473 password-to-key algorithm from Appendix A.1 of RFC 3414 with MD5 474 being replaced by the SHA-2 hash function H used in the HMAC-SHA-2 475 authentication protocol. Specifically, the password is converted 476 into the required secret key by the following steps: 478 o forming a string of length 1,048,576 octets by repeating the value 479 of the password as often as necessary, truncating accordingly, and 480 using the resulting string as the input to the hash function H. 481 The resulting digest, termed "digest1", is used in the next step. 483 o a second string is formed by concatenating digest1, the SNMP 484 engine's snmpEngineID value, and digest1. This string is used as 485 input to the hash function H. 487 9.4. Access to the SNMP-USM-HMAC-SHA2-MIB 489 The SNMP-USM-HMAC-SHA2-MIB module defines OBJECT IDENTIFIER values 490 for use in other MIB modules. It does not define any objects that 491 can be accessed. As such, the SNMP-USM-HMAC-SHA2-MIB does not, by 492 itself, have any effect on the security of the Internet. 494 The values defined in this module are expected to be used with the 495 usmUserTable defined in the SNMP-USER-BASED-SM-MIB [RFC3414]. The 496 considerations in Section 11.5 of [RFC3414] should be taken into 497 account. 499 10. IANA Considerations 501 IANA is requested to assign an OID for 503 +--------------------+-------------------------+ 504 | Descriptor | OBJECT IDENTIFIER value | 505 +--------------------+-------------------------+ 506 | snmpUsmHmacSha2MIB | { snmpModules nn } | 507 +--------------------+-------------------------+ 509 Table 2: OID of MIB 511 with nn appearing in the MIB module definition in Section 8. 513 Furthermore, IANA is requested to assign a value in the 514 SnmpAuthProtocols registry for each of the following protocols. 516 +------------------------------+-------+-----------+ 517 | Description | Value | Reference | 518 +------------------------------+-------+-----------+ 519 | usmHMAC128SHA224AuthProtocol | aa | RFC YYYY | 520 | usmHMAC192SHA256AuthProtocol | bb | RFC YYYY | 521 | usmHMAC256SHA384AuthProtocol | cc | RFC YYYY | 522 | usmHMAC384SHA512AuthProtocol | dd | RFC YYYY | 523 +------------------------------+-------+-----------+ 525 Table 3: Code points assigned to HMAC-SHA-2 authentication protocols 527 -- RFC Ed.: replace YYYY with actual RFC number and remove this line 529 with aa, bb, cc, etc. appearing in the MIB module definition in 530 Section 8. 532 11. References 534 11.1. Normative References 536 [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- 537 Hashing for Message Authentication", RFC 2104, February 538 1997. 540 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 541 Requirement Levels", BCP 14, RFC 2119, March 1997. 543 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 544 Schoenwaelder, Ed., "Structure of Management Information 545 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 547 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 548 Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 549 58, RFC 2579, April 1999. 551 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 552 "Conformance Statements for SMIv2", STD 58, RFC 2580, 553 April 1999. 555 [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model 556 (USM) for version 3 of the Simple Network Management 557 Protocol (SNMPv3)", STD 62, RFC 3414, December 2002. 559 [SHA] National Institute of Standards and Technology, "Secure 560 Hash Standard (SHS)", FIPS PUB 180-4, March 2012. 562 [RFC6234] Eastlate 3rd, D. and T. Hansen, "US Secure Hash Algorithms 563 (SHA and SHA-based HMAC and HKDF)", RFC 6234, May 2011. 565 11.2. Informative References 567 [RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, 568 April 1992. 570 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 571 "Introduction and Applicability Statements for Internet- 572 Standard Management Framework", RFC 3410, December 2002. 574 [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An 575 Architecture for Describing Simple Network Management 576 Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, 577 December 2002. 579 [RFC3417] Presuhn, R., "Transport Mappings for the Simple Network 580 Management Protocol (SNMP)", STD 62, RFC 3417, December 581 2002. 583 [BCK] Bellare, M., Canetti, R., and H. Krawczyk, "Keyed Hash 584 Functions for Message Authentication", Advances in 585 Cryptology - CRYPTO 99, Lecture Notes in Computer Science 586 1109, Springer Verlag, 1996. 588 Authors' Addresses 590 Johannes Merkle (editor) 591 Secunet Security Networks 592 Mergenthaler Allee 77 593 65760 Eschborn 594 Germany 596 Phone: +49 201 5454 3091 597 EMail: johannes.merkle@secunet.com 599 Manfred Lochter 600 BSI 601 Postfach 200363 602 53133 Bonn 603 Germany 605 Phone: +49 228 9582 5643 606 EMail: manfred.lochter@bsi.bund.de