RFC2570 日本語訳
2570 Introduction to Version 3 of the Internet-standard NetworkManagement Framework. J. Case, R. Mundy, D. Partain, B. Stewart. April 1999. (Format: TXT=50381 bytes) (Obsoleted by RFC3410) (Status: INFORMATIONAL)
プログラムでの自動翻訳です。
英語原文
Network Working Group J. Case
Request for Comments: 2570 SNMP Research, Inc.
Category: Informational R. Mundy
TIS Labs at Network Associates, Inc.
D. Partain
Ericsson
B. Stewart
Cisco Systems
April 1999
Network Working Group J. Case Request for Comments: 2570 SNMP Research, Inc. Category: Informational R. Mundy TIS Labs at Network Associates, Inc. D. Partain Ericsson B. Stewart Cisco Systems April 1999
Introduction to Version 3 of the
Internet-standard Network Management Framework
Introduction to Version 3 of the Internet-standard Network Management Framework
Status of this Memo
Status of this Memo
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
Copyright Notice
Copyright Notice
Copyright (C) The Internet Society (1999). All Rights Reserved.
Copyright (C) The Internet Society (1999). All Rights Reserved.
Abstract
Abstract
The purpose of this document is to provide an overview of the third version of the Internet-standard Management Framework, termed the SNMP version 3 Framework (SNMPv3). This Framework is derived from and builds upon both the original Internet-standard Management Framework (SNMPv1) and the second Internet-standard Management Framework (SNMPv2).
The purpose of this document is to provide an overview of the third version of the Internet-standard Management Framework, termed the SNMP version 3 Framework (SNMPv3). This Framework is derived from and builds upon both the original Internet-standard Management Framework (SNMPv1) and the second Internet-standard Management Framework (SNMPv2).
The architecture is designed to be modular to allow the evolution of the Framework over time.
The architecture is designed to be modular to allow the evolution of the Framework over time.
Table of Contents
Table of Contents
1 Introduction .....................................................2 2 The Internet Standard Management Framework .......................3 2.1 Basic Structure and Components .................................3 2.2 Architecture of the Internet Standard Management Framework .....3 3 The SNMPv1 Management Framework ..................................4 3.1 The SNMPv1 Data Definition Language ............................5 3.2 Management Information .........................................6 3.3 Protocol Operations ............................................6 3.4 SNMPv1 Security and Administration .............................6
1 Introduction .....................................................2 2 The Internet Standard Management Framework .......................3 2.1 Basic Structure and Components .................................3 2.2 Architecture of the Internet Standard Management Framework .....3 3 The SNMPv1 Management Framework ..................................4 3.1 The SNMPv1 Data Definition Language ............................5 3.2 Management Information .........................................6 3.3 Protocol Operations ............................................6 3.4 SNMPv1 Security and Administration .............................6
Case, et al. Informational [Page 1] RFC 2570 Introduction to SNMPv3 April 1999
Case, et al. Informational [Page 1] RFC 2570 Introduction to SNMPv3 April 1999
4 The SNMPv2 Management Framework ..................................7 5 The SNMPv3 Working Group .........................................8 6 SNMPv3 Framework Module Specifications ..........................10 6.1 Data Definition Language ......................................10 6.2 MIB Modules ...................................................11 6.3 Protocol Operations and Transport Mappings ....................12 6.4 SNMPv3 Security and Administration ............................12 7 Document Summaries ..............................................13 7.1 Structure of Management Information ...........................13 7.1.1 Base SMI Specification ......................................13 7.1.2 Textual Conventions .........................................14 7.1.3 Conformance Statements ......................................15 7.2 Protocol Operations ...........................................15 7.3 Transport Mappings ............................................15 7.4 Protocol Instrumentation ......................................16 7.5 Architecture / Security and Administration ....................16 7.6 Message Processing and Dispatch (MPD) .........................16 7.7 SNMP Applications .............................................17 7.8 User-based Security Model (USM) ...............................17 7.9 View-based Access Control (VACM) ..............................18 7.10 SNMPv3 Coexistence and Transition ............................18 8 Security Considerations .........................................19 9 Editors' Addresses ..............................................19 10 References .....................................................20 11 Full Copyright Statement .......................................23
4 The SNMPv2 Management Framework ..................................7 5 The SNMPv3 Working Group .........................................8 6 SNMPv3 Framework Module Specifications ..........................10 6.1 Data Definition Language ......................................10 6.2 MIB Modules ...................................................11 6.3 Protocol Operations and Transport Mappings ....................12 6.4 SNMPv3 Security and Administration ............................12 7 Document Summaries ..............................................13 7.1 Structure of Management Information ...........................13 7.1.1 Base SMI Specification ......................................13 7.1.2 Textual Conventions .........................................14 7.1.3 Conformance Statements ......................................15 7.2 Protocol Operations ...........................................15 7.3 Transport Mappings ............................................15 7.4 Protocol Instrumentation ......................................16 7.5 Architecture / Security and Administration ....................16 7.6 Message Processing and Dispatch (MPD) .........................16 7.7 SNMP Applications .............................................17 7.8 User-based Security Model (USM) ...............................17 7.9 View-based Access Control (VACM) ..............................18 7.10 SNMPv3 Coexistence and Transition ............................18 8 Security Considerations .........................................19 9 Editors' Addresses ..............................................19 10 References .....................................................20 11 Full Copyright Statement .......................................23
1 Introduction
1 Introduction
This document is an introduction to the third version of the Internet-standard Management Framework, termed the SNMP version 3 Management Framework (SNMPv3) and has multiple purposes.
This document is an introduction to the third version of the Internet-standard Management Framework, termed the SNMP version 3 Management Framework (SNMPv3) and has multiple purposes.
First, it describes the relationship between the SNMP version 3 (SNMPv3) specifications and the specifications of the SNMP version 1 (SNMPv1) Management Framework, the SNMP version 2 (SNMPv2) Management Framework, and the Community-based Administrative Framework for SNMPv2.
First, it describes the relationship between the SNMP version 3 (SNMPv3) specifications and the specifications of the SNMP version 1 (SNMPv1) Management Framework, the SNMP version 2 (SNMPv2) Management Framework, and the Community-based Administrative Framework for SNMPv2.
Second, it provides a roadmap to the multiple documents which contain the relevant specifications.
Second, it provides a roadmap to the multiple documents which contain the relevant specifications.
Third, this document provides a brief easy-to-read summary of the contents of each of the relevant specification documents.
Third, this document provides a brief easy-to-read summary of the contents of each of the relevant specification documents.
This document is intentionally tutorial in nature and, as such, may occasionally be "guilty" of oversimplification. In the event of a conflict or contradiction between this document and the more detailed documents for which this document is a roadmap, the specifications in
This document is intentionally tutorial in nature and, as such, may occasionally be "guilty" of oversimplification. In the event of a conflict or contradiction between this document and the more detailed documents for which this document is a roadmap, the specifications in
Case, et al. Informational [Page 2] RFC 2570 Introduction to SNMPv3 April 1999
Case, et al. Informational [Page 2] RFC 2570 Introduction to SNMPv3 April 1999
the more detailed documents shall prevail.
the more detailed documents shall prevail.
Further, the detailed documents attempt to maintain separation between the various component modules in order to specify well- defined interfaces between them. This roadmap document, however, takes a different approach and attempts to provide an integrated view of the various component modules in the interest of readability.
Further, the detailed documents attempt to maintain separation between the various component modules in order to specify well- defined interfaces between them. This roadmap document, however, takes a different approach and attempts to provide an integrated view of the various component modules in the interest of readability.
2 The Internet Standard Management Framework
2 The Internet Standard Management Framework
The third version of the Internet Standard Management Framework (the SNMPv3 Framework) is derived from and builds upon both the original Internet-standard Management Framework (SNMPv1) and the second Internet-standard Management Framework (SNMPv2).
The third version of the Internet Standard Management Framework (the SNMPv3 Framework) is derived from and builds upon both the original Internet-standard Management Framework (SNMPv1) and the second Internet-standard Management Framework (SNMPv2).
All versions (SNMPv1, SNMPv2, and SNMPv3) of the Internet Standard Management Framework share the same basic structure and components. Furthermore, all versions of the specifications of the Internet Standard Management Framework follow the same architecture.
All versions (SNMPv1, SNMPv2, and SNMPv3) of the Internet Standard Management Framework share the same basic structure and components. Furthermore, all versions of the specifications of the Internet Standard Management Framework follow the same architecture.
2.1 Basic Structure and Components
2.1 Basic Structure and Components
An enterprise deploying the Internet Standard Management Framework contains four basic components:
An enterprise deploying the Internet Standard Management Framework contains four basic components:
* several (typically many) managed nodes, each with an SNMP entity
which provides remote access to management instrumentation
(traditionally called an agent);
* several (typically many) managed nodes, each with an SNMP entity which provides remote access to management instrumentation (traditionally called an agent);
* at least one SNMP entity with management applications (typically
called a manager),
* at least one SNMP entity with management applications (typically called a manager),
* a management protocol used to convey management information
between the SNMP entities, and
* a management protocol used to convey management information between the SNMP entities, and
* management information.
* management information.
The management protocol is used to convey management information between SNMP entities such as managers and agents.
The management protocol is used to convey management information between SNMP entities such as managers and agents.
This basic structure is common to all versions of the Internet Standard Management Framework; i.e., SNMPv1, SNMPv2, and SNMPv3.
This basic structure is common to all versions of the Internet Standard Management Framework; i.e., SNMPv1, SNMPv2, and SNMPv3.
2.2 Architecture of the Internet Standard Management Framework
2.2 Architecture of the Internet Standard Management Framework
The specifications of the Internet Standard Management Framework are based on a modular architecture. This framework is more than just a protocol for moving data. It consists of:
The specifications of the Internet Standard Management Framework are based on a modular architecture. This framework is more than just a protocol for moving data. It consists of:
Case, et al. Informational [Page 3] RFC 2570 Introduction to SNMPv3 April 1999
Case, et al. Informational [Page 3] RFC 2570 Introduction to SNMPv3 April 1999
* a data definition language,
* a data definition language,
* definitions of management information (the Management
Information Base, or MIB),
* definitions of management information (the Management Information Base, or MIB),
* a protocol definition, and
* a protocol definition, and
* security and administration.
* security and administration.
Over time, as the Framework has evolved from SNMPv1, through SNMPv2, to SNMPv3, the definitions of each of these architectural components have become richer and more clearly defined, but the fundamental architecture has remained consistent.
Over time, as the Framework has evolved from SNMPv1, through SNMPv2, to SNMPv3, the definitions of each of these architectural components have become richer and more clearly defined, but the fundamental architecture has remained consistent.
One prime motivator for this modularity was to enable the ongoing evolution of the Framework as is documented in RFC 1052 [14]. When originally envisioned, this capability was to be used to ease the transition from SNMP-based management of internets to management based on OSI protocols. To this end, the framework was architected with a protocol-independent data definition language and Management Information Base along with a MIB-independent protocol. This separation was designed to allow the SNMP-based protocol to be replaced without requiring the management information to be redefined or reinstrumented. History has shown that the selection of this architecture was the right decision for the wrong reason -- it turned out that this architecture has eased the transition from SNMPv1 to SNMPv2 and from SNMPv2 to SNMPv3 rather than easing the transition away from management based on the Simple Network Management Protocol.
One prime motivator for this modularity was to enable the ongoing evolution of the Framework as is documented in RFC 1052 [14]. When originally envisioned, this capability was to be used to ease the transition from SNMP-based management of internets to management based on OSI protocols. To this end, the framework was architected with a protocol-independent data definition language and Management Information Base along with a MIB-independent protocol. This separation was designed to allow the SNMP-based protocol to be replaced without requiring the management information to be redefined or reinstrumented. History has shown that the selection of this architecture was the right decision for the wrong reason -- it turned out that this architecture has eased the transition from SNMPv1 to SNMPv2 and from SNMPv2 to SNMPv3 rather than easing the transition away from management based on the Simple Network Management Protocol.
The SNMPv3 Framework builds and extends these architectural principles by:
The SNMPv3 Framework builds and extends these architectural principles by:
* building on these four basic architectural components, in some
cases incorporating them from the SNMPv2 Framework by reference,
and
* building on these four basic architectural components, in some cases incorporating them from the SNMPv2 Framework by reference, and
* by using these same layering principles in the definition of new
capabilities in the security and administration portion of the
architecture.
* by using these same layering principles in the definition of new capabilities in the security and administration portion of the architecture.
Those who are familiar with the architecture of the SNMPv1 Management Framework and the SNMPv2 Management Framework will find many familiar concepts in the architecture of the SNMPv3 Management Framework. However, in some cases, the terminology may be somewhat different.
Those who are familiar with the architecture of the SNMPv1 Management Framework and the SNMPv2 Management Framework will find many familiar concepts in the architecture of the SNMPv3 Management Framework. However, in some cases, the terminology may be somewhat different.
Case, et al. Informational [Page 4] RFC 2570 Introduction to SNMPv3 April 1999
Case, et al. Informational [Page 4] RFC 2570 Introduction to SNMPv3 April 1999
3 The SNMPv1 Management Framework
3 The SNMPv1 Management Framework
The original Internet-standard Network Management Framework (SNMPv1) is defined in the following documents:
The original Internet-standard Network Management Framework (SNMPv1) is defined in the following documents:
* STD 16, RFC 1155 [1] which defines the Structure of Management
Information (SMI), the mechanisms used for describing and naming
objects for the purpose of management.
* STD 16, RFC 1155 [1] which defines the Structure of Management Information (SMI), the mechanisms used for describing and naming objects for the purpose of management.
* STD 16, RFC 1212 [2] which defines a more concise description
mechanism for describing and naming management information objects,
but which is wholly consistent with the SMI.
* STD 16, RFC 1212 [2] which defines a more concise description mechanism for describing and naming management information objects, but which is wholly consistent with the SMI.
* STD 15, RFC 1157 [3] which defines the Simple Network Management
Protocol (SNMP), the protocol used for network access to managed
objects and event notification. Note this document also defines an
initial set of event notifications.
* STD 15, RFC 1157 [3] which defines the Simple Network Management Protocol (SNMP), the protocol used for network access to managed objects and event notification. Note this document also defines an initial set of event notifications.
Additionally, two documents are generally considered to be companions to these three:
Additionally, two documents are generally considered to be companions to these three:
* STD 17, RFC 1213 [13] which contains definitions for the base
set of management information
* STD 17, RFC 1213 [13] which contains definitions for the base set of management information
* RFC 1215 [25] defines a concise description mechanism for
defining event notifications, which are called traps in the SNMPv1
protocol. It also specifies the generic traps from RFC 1157 in the
concise notation.
* RFC 1215 [25] defines a concise description mechanism for defining event notifications, which are called traps in the SNMPv1 protocol. It also specifies the generic traps from RFC 1157 in the concise notation.
These documents describe the four parts of the first version of the SNMP Framework.
These documents describe the four parts of the first version of the SNMP Framework.
3.1 The SNMPv1 Data Definition Language
3.1 The SNMPv1 Data Definition Language
The first two and the last document describe the SNMPv1 data definition language. Note that due to the initial requirement that the SMI be protocol-independent, the first two SMI documents do not provide a means for defining event notifications (traps). Instead, the SNMP protocol document defines a few standardized event notifications (generic traps) and provides a means for additional event notifications to be defined. The last document specifies a straight-forward approach towards defining event notifications used with the SNMPv1 protocol. At the time that it was written, use of traps in the Internet-standard network management framework was controversial. As such, RFC 1215 was put forward with the status of "Informational", which was never updated because it was believed that the second version of the SNMP Framework would replace the first version. Note that the SNMPv1 data definition language is sometimes
The first two and the last document describe the SNMPv1 data definition language. Note that due to the initial requirement that the SMI be protocol-independent, the first two SMI documents do not provide a means for defining event notifications (traps). Instead, the SNMP protocol document defines a few standardized event notifications (generic traps) and provides a means for additional event notifications to be defined. The last document specifies a straight-forward approach towards defining event notifications used with the SNMPv1 protocol. At the time that it was written, use of traps in the Internet-standard network management framework was controversial. As such, RFC 1215 was put forward with the status of "Informational", which was never updated because it was believed that the second version of the SNMP Framework would replace the first version. Note that the SNMPv1 data definition language is sometimes
Case, et al. Informational [Page 5] RFC 2570 Introduction to SNMPv3 April 1999
Case, et al. Informational [Page 5] RFC 2570 Introduction to SNMPv3 April 1999
referred to as SMIv1.
referred to as SMIv1.
3.2 Management Information
3.2 Management Information
The data definition language described in the first two documents was first used to define the now-historic MIB-I as specified in RFC 1066 [12], and was subsequently used to define MIB-II as specified in RFC 1213 [13].
The data definition language described in the first two documents was first used to define the now-historic MIB-I as specified in RFC 1066 [12], and was subsequently used to define MIB-II as specified in RFC 1213 [13].
Later, after the publication of MIB-II, a different approach to management information definition was taken from the earlier approach of having a single committee staffed by generalists work on a single document to define the Internet-standard MIB. Rather, many mini-MIB documents were produced in a parallel and distributed fashion by groups chartered to produce a specification for a focused portion of the Internet-standard MIB and staffed by personnel with expertise in those particular areas ranging from various aspects of network management, to system management, and application management.
Later, after the publication of MIB-II, a different approach to management information definition was taken from the earlier approach of having a single committee staffed by generalists work on a single document to define the Internet-standard MIB. Rather, many mini-MIB documents were produced in a parallel and distributed fashion by groups chartered to produce a specification for a focused portion of the Internet-standard MIB and staffed by personnel with expertise in those particular areas ranging from various aspects of network management, to system management, and application management.
3.3 Protocol Operations
3.3 Protocol Operations
The third document, STD 15, describes the SNMPv1 protocol operations performed by protocol data units (PDUs) on lists of variable bindings and describes the format of SNMPv1 messages. The operators defined by SNMPv1 are: get, get-next, get-response, set-request, and trap. Typical layering of SNMP on a connectionless transport service is also defined.
The third document, STD 15, describes the SNMPv1 protocol operations performed by protocol data units (PDUs) on lists of variable bindings and describes the format of SNMPv1 messages. The operators defined by SNMPv1 are: get, get-next, get-response, set-request, and trap. Typical layering of SNMP on a connectionless transport service is also defined.
3.4 SNMPv1 Security and Administration
3.4 SNMPv1 Security and Administration
STD 15 also describes an approach to security and administration. Many of these concepts are carried forward and some, particularly security, are extended by the SNMPv3 Framework.
STD 15 also describes an approach to security and administration. Many of these concepts are carried forward and some, particularly security, are extended by the SNMPv3 Framework.
The SNMPv1 Framework describes the encapsulation of SNMPv1 PDUs in SNMP messages between SNMP entities and distinguishes between application entities and protocol entities. In SNMPv3, these are renamed applications and engines, respectively.
The SNMPv1 Framework describes the encapsulation of SNMPv1 PDUs in SNMP messages between SNMP entities and distinguishes between application entities and protocol entities. In SNMPv3, these are renamed applications and engines, respectively.
The SNMPv1 Framework also introduces the concept of an authentication service supporting one or more authentication schemes. In addition to authentication, SNMPv3 defines the additional security capability referred to as privacy. (Note: some literature from the security community would describe SNMPv3 security capabilities as providing data integrity, source authenticity, and confidentiality.) The modular nature of the SNMPv3 Framework permits both changes and additions to the security capabilities.
The SNMPv1 Framework also introduces the concept of an authentication service supporting one or more authentication schemes. In addition to authentication, SNMPv3 defines the additional security capability referred to as privacy. (Note: some literature from the security community would describe SNMPv3 security capabilities as providing data integrity, source authenticity, and confidentiality.) The modular nature of the SNMPv3 Framework permits both changes and additions to the security capabilities.
Case, et al. Informational [Page 6] RFC 2570 Introduction to SNMPv3 April 1999
Case, et al. Informational [Page 6] RFC 2570 Introduction to SNMPv3 April 1999
Finally, the SNMPv1 Framework introduces access control based on a concept called an SNMP MIB view. The SNMPv3 Framework specifies a fundamentally similar concept called view-based access control. With this capability, SNMPv3 provides the means for controlling access to information on managed devices.
Finally, the SNMPv1 Framework introduces access control based on a concept called an SNMP MIB view. The SNMPv3 Framework specifies a fundamentally similar concept called view-based access control. With this capability, SNMPv3 provides the means for controlling access to information on managed devices.
However, while the SNMPv1 Framework anticipated the definition of multiple authentication schemes, it did not define any such schemes other than a trivial authentication scheme based on community strings. This was a known fundamental weakness in the SNMPv1 Framework but it was thought at that time that the definition of commercial grade security might be contentious in its design and difficult to get approved because "security" means many different things to different people. To that end, and because some users do not require strong authentication, the SNMPv1 architected an authentication service as a separate block to be defined "later" and the SNMPv3 Framework provides an architecture for use within that block as well as a definition for its subsystems.
However, while the SNMPv1 Framework anticipated the definition of multiple authentication schemes, it did not define any such schemes other than a trivial authentication scheme based on community strings. This was a known fundamental weakness in the SNMPv1 Framework but it was thought at that time that the definition of commercial grade security might be contentious in its design and difficult to get approved because "security" means many different things to different people. To that end, and because some users do not require strong authentication, the SNMPv1 architected an authentication service as a separate block to be defined "later" and the SNMPv3 Framework provides an architecture for use within that block as well as a definition for its subsystems.
4 The SNMPv2 Management Framework
4 The SNMPv2 Management Framework
The SNMPv2 Management Framework is fully described in [4-9] and coexistence and transition issues relating to SNMPv1 and SNMPv2 are discussed in [10].
The SNMPv2 Management Framework is fully described in [4-9] and coexistence and transition issues relating to SNMPv1 and SNMPv2 are discussed in [10].
SNMPv2 provides several advantages over SNMPv1, including:
SNMPv2 provides several advantages over SNMPv1, including:
* expanded data types (e.g., 64 bit counter)
* expanded data types (e.g., 64 bit counter)
* improved efficiency and performance (get-bulk operator)
* improved efficiency and performance (get-bulk operator)
* confirmed event notification (inform operator)
* confirmed event notification (inform operator)
* richer error handling (errors and exceptions)
* richer error handling (errors and exceptions)
* improved sets, especially row creation and deletion
* improved sets, especially row creation and deletion
* fine tuning of the data definition language
* fine tuning of the data definition language
However, the SNMPv2 Framework, as described in these documents, is incomplete in that it does not meet the original design goals of the SNMPv2 project. The unmet goals included provision of security and administration delivering so-called "commercial grade" security with
However, the SNMPv2 Framework, as described in these documents, is incomplete in that it does not meet the original design goals of the SNMPv2 project. The unmet goals included provision of security and administration delivering so-called "commercial grade" security with
* authentication: origin identification, message integrity,
and some aspects of replay protection;
* authentication: origin identification, message integrity, and some aspects of replay protection;
* privacy: confidentiality;
* privacy: confidentiality;
Case, et al. Informational [Page 7] RFC 2570 Introduction to SNMPv3 April 1999
Case, et al. Informational [Page 7] RFC 2570 Introduction to SNMPv3 April 1999
* authorization and access control; and
* authorization and access control; and
* suitable remote configuration and administration capabilities
for these features.
* suitable remote configuration and administration capabilities for these features.
The SNMPv3 Management Framework, as described in this document and the companion documents, addresses these significant deficiencies.
The SNMPv3 Management Framework, as described in this document and the companion documents, addresses these significant deficiencies.
5 The SNMPv3 Working Group
5 The SNMPv3 Working Group
This document, and its companion documents, were produced by the SNMPv3 Working Group of the Internet Engineering Task Force (IETF). The SNMPv3 Working Group was chartered to prepare recommendations for the next generation of SNMP. The goal of the Working Group was to produce the necessary set of documents that provide a single standard for the next generation of core SNMP functions. The single, most critical need in the next generation is a definition of security and administration that makes SNMP-based management transactions secure in a way which is useful for users who wish to use SNMPv3 to manage networks, the systems that make up those networks, and the applications which reside on those systems, including manager-to- agent, agent-to-manager, and manager-to-manager transactions.
This document, and its companion documents, were produced by the SNMPv3 Working Group of the Internet Engineering Task Force (IETF). The SNMPv3 Working Group was chartered to prepare recommendations for the next generation of SNMP. The goal of the Working Group was to produce the necessary set of documents that provide a single standard for the next generation of core SNMP functions. The single, most critical need in the next generation is a definition of security and administration that makes SNMP-based management transactions secure in a way which is useful for users who wish to use SNMPv3 to manage networks, the systems that make up those networks, and the applications which reside on those systems, including manager-to- agent, agent-to-manager, and manager-to-manager transactions.
In the several years prior to the chartering of the Working Group, there were a number of activities aimed at incorporating security and other improvements to SNMP. These efforts included:
In the several years prior to the chartering of the Working Group, there were a number of activities aimed at incorporating security and other improvements to SNMP. These efforts included:
* "SNMP Security" circa 1991-1992 [RFC 1351 - RFC 1353],
* "SNMP Security" circa 1991-1992 [RFC 1351 - RFC 1353],
* "SMP" circa 1992-1993,
* "SMP" circa 1992-1993,
* "The Party-based SNMPv2" circa 1993-1995 [RFC 1441 - RFC 1452].
* "The Party-based SNMPv2" circa 1993-1995 [RFC 1441 - RFC 1452].
Each of these efforts incorporated commercial grade, industrial strength security including authentication, privacy, authorization, view-based access control, and administration, including remote configuration.
Each of these efforts incorporated commercial grade, industrial strength security including authentication, privacy, authorization, view-based access control, and administration, including remote configuration.
These efforts fed the development of the SNMPv2 Management Framework as described in RFCs 1902 - 1908. However, the Framework described in those RFCs had no standards-based security and administrative framework of its own; rather, it was associated with multiple security and administrative frameworks, including:
These efforts fed the development of the SNMPv2 Management Framework as described in RFCs 1902 - 1908. However, the Framework described in those RFCs had no standards-based security and administrative framework of its own; rather, it was associated with multiple security and administrative frameworks, including:
* "The Community-based SNMPv2" (SNMPv2c) [RFC 1901],
* "The Community-based SNMPv2" (SNMPv2c) [RFC 1901],
* "SNMPv2u" [RFCs 1909 - 1910] and
* "SNMPv2u" [RFCs 1909 - 1910] and
Case, et al. Informational [Page 8] RFC 2570 Introduction to SNMPv3 April 1999
Case, et al. Informational [Page 8] RFC 2570 Introduction to SNMPv3 April 1999
* "SNMPv2*".
* "SNMPv2*".
SNMPv2c had the endorsement of the IETF but no security and administration whereas both SNMPv2u and SNMPv2* had security but lacked the endorsement of the IETF.
SNMPv2c had the endorsement of the IETF but no security and administration whereas both SNMPv2u and SNMPv2* had security but lacked the endorsement of the IETF.
The SNMPv3 Working Group was chartered to produce a single set of specifications for the next generation of SNMP, based upon a convergence of the concepts and technical elements of SNMPv2u and SNMPv2*, as was suggested by an advisory team which was formed to provide a single recommended approach for SNMP evolution.
The SNMPv3 Working Group was chartered to produce a single set of specifications for the next generation of SNMP, based upon a convergence of the concepts and technical elements of SNMPv2u and SNMPv2*, as was suggested by an advisory team which was formed to provide a single recommended approach for SNMP evolution.
In so doing, the Working Group charter defined the following objectives:
In so doing, the Working Group charter defined the following objectives:
* accommodate the wide range of operational environments with
differing management demands;
* accommodate the wide range of operational environments with differing management demands;
* facilitate the need to transition from previous, multiple
protocols to SNMPv3;
* facilitate the need to transition from previous, multiple protocols to SNMPv3;
* facilitate the ease of setup and maintenance activities.
* facilitate the ease of setup and maintenance activities.
In the initial work of the SNMPv3 Working Group, the group focused on security and administration, including
In the initial work of the SNMPv3 Working Group, the group focused on security and administration, including
* authentication and privacy,
* authentication and privacy,
* authorization and view-based access control, and
* authorization and view-based access control, and
* standards-based remote configuration of the above.
* standards-based remote configuration of the above.
The SNMPv3 Working Group did not "reinvent the wheel," but reused the SNMPv2 Draft Standard documents, i.e., RFCs 1902 through 1908 for those portions of the design that were outside the focused scope.
The SNMPv3 Working Group did not "reinvent the wheel," but reused the SNMPv2 Draft Standard documents, i.e., RFCs 1902 through 1908 for those portions of the design that were outside the focused scope.
Rather, the primary contributors to the SNMPv3 Working Group, and the Working Group in general, devoted their considerable efforts to addressing the missing link -- security and administration -- and in the process made invaluable contributions to the state-of-the-art of management.
Rather, the primary contributors to the SNMPv3 Working Group, and the Working Group in general, devoted their considerable efforts to addressing the missing link -- security and administration -- and in the process made invaluable contributions to the state-of-the-art of management.
They produced a design based on a modular architecture with evolutionary capabilities with emphasis on layering. As a result, SNMPv3 can be thought of as SNMPv2 with additional security and administration capabilities.
They produced a design based on a modular architecture with evolutionary capabilities with emphasis on layering. As a result, SNMPv3 can be thought of as SNMPv2 with additional security and administration capabilities.
Case, et al. Informational [Page 9] RFC 2570 Introduction to SNMPv3 April 1999
Case, et al. Informational [Page 9] RFC 2570 Introduction to SNMPv3 April 1999
In doing so, the Working Group achieved the goal of producing a single specification which has not only the endorsement of the IETF but also has security and administration.
In doing so, the Working Group achieved the goal of producing a single specification which has not only the endorsement of the IETF but also has security and administration.
6 SNMPv3 Framework Module Specifications
6 SNMPv3 Framework Module Specifications
The specification of the SNMPv3 Management Framework is partitioned in a modular fashion among several documents. It is the intention of the SNMPv3 Working Group that, with proper care, any or all of the individual documents can be revised, upgraded, or replaced as requirements change, new understandings are obtained, and new technologies become available.
The specification of the SNMPv3 Management Framework is partitioned in a modular fashion among several documents. It is the intention of the SNMPv3 Working Group that, with proper care, any or all of the individual documents can be revised, upgraded, or replaced as requirements change, new understandings are obtained, and new technologies become available.
Whenever feasible, the initial document set which defines the SNMPv3 Management Framework leverages prior investments defining and implementing the SNMPv2 Management Framework by incorporating by reference each of the specifications of the SNMPv2 Management Framework.
Whenever feasible, the initial document set which defines the SNMPv3 Management Framework leverages prior investments defining and implementing the SNMPv2 Management Framework by incorporating by reference each of the specifications of the SNMPv2 Management Framework.
The SNMPv3 Framework augments those specifications with specifications for security and administration for SNMPv3.
The SNMPv3 Framework augments those specifications with specifications for security and administration for SNMPv3.
The documents which specify the SNMPv3 Management Framework follow the same architecture as those of the prior versions and can be organized for expository purposes into four main categories as follows:
The documents which specify the SNMPv3 Management Framework follow the same architecture as those of the prior versions and can be organized for expository purposes into four main categories as follows:
* the data definition language,
* the data definition language,
* Management Information Base (MIB) modules,
* Management Information Base (MIB) modules,
* protocol operations, and
* protocol operations, and
* security and administration.
* security and administration.
The first three sets of documents are incorporated from SNMPv2. The fourth set of documents are new to SNMPv3, but, as described previously, build on significant prior related works.
The first three sets of documents are incorporated from SNMPv2. The fourth set of documents are new to SNMPv3, but, as described previously, build on significant prior related works.
6.1 Data Definition Language
6.1 Data Definition Language
The specifications of the data definition language includes STD 58, RFC 2578, "Structure of Management Information Version 2 (SMIv2)" [26], and related specifications. These documents are updates of RFCs 1902 - 1904 [4-6] which have evolved independently from the other parts of the framework and were republished as STD 58, RFCs 2578 - 2580 [26-28] when promoted from Draft Standard.
The specifications of the data definition language includes STD 58, RFC 2578, "Structure of Management Information Version 2 (SMIv2)" [26], and related specifications. These documents are updates of RFCs 1902 - 1904 [4-6] which have evolved independently from the other parts of the framework and were republished as STD 58, RFCs 2578 - 2580 [26-28] when promoted from Draft Standard.
Case, et al. Informational [Page 10] RFC 2570 Introduction to SNMPv3 April 1999
Case, et al. Informational [Page 10] RFC 2570 Introduction to SNMPv3 April 1999
The Structure of Management Information (SMIv2) defines fundamental data types, an object model, and the rules for writing and revising MIB modules. Related specifications include STD 58, RFCs 2579, 2580. The updated data definition language is sometimes referred to as SMIv2.
The Structure of Management Information (SMIv2) defines fundamental data types, an object model, and the rules for writing and revising MIB modules. Related specifications include STD 58, RFCs 2579, 2580. The updated data definition language is sometimes referred to as SMIv2.
STD 58, RFC 2579, "Textual Conventions for SMIv2" [27], defines an initial set of shorthand abbreviations which are available for use within all MIB modules for the convenience of human readers and writers.
STD 58, RFC 2579, "Textual Conventions for SMIv2" [27], defines an initial set of shorthand abbreviations which are available for use within all MIB modules for the convenience of human readers and writers.
STD 58, RFC 2580, "Conformance Statements for SMIv2" [28], defines the format for compliance statements which are used for describing requirements for agent implementations and capability statements which can be used to document the characteristics of particular implementations.
STD 58, RFC 2580, "Conformance Statements for SMIv2" [28], defines the format for compliance statements which are used for describing requirements for agent implementations and capability statements which can be used to document the characteristics of particular implementations.
6.2 MIB Modules
6.2 MIB Modules
MIB modules usually contain object definitions, may contain definitions of event notifications, and sometimes include compliance statements specified in terms of appropriate object and event notification groups. As such, MIB modules define the management information maintained by the instrumentation in managed nodes, made remotely accessible by management agents, conveyed by the management protocol, and manipulated by management applications.
MIBモジュールは、通常、オブジェクト定義を含んでいて、イベント通知の定義を含んでいて、時々適切なオブジェクトに関して指定された承諾声明とイベント通知グループを含むかもしれません。 そういうものとして、MIBモジュールは管理アプリケーションで管理されたノードにおける計装で維持されて、管理プロトコルによって運ばれた管理エージェントがほんの少しアクセスしやすく作られていて、操られた経営情報を定義します。
MIB modules are defined according the rules defined in the documents which specify the data definition language, principally the SMI as supplemented by the related specifications.
MIBモジュールはデータ定義言語を指定するドキュメント、主に関連する仕様で補われるSMIで定義された規則定義されます。
There is a large and growing number of standards-based MIB modules, as defined in the periodically updated list of standard protocols [STD 1, RFC 2400]. As of this writing, there are nearly 100 standards-based MIB modules with a total number of defined objects approaching 10,000. In addition, there is an even larger and growing number of enterprise-specific MIB modules defined unilaterally by various vendors, research groups, consortia, and the like resulting in an unknown and virtually uncountable number of defined objects.
大きくて増加している数の規格ベースのMIBモジュールがあります、標準プロトコル[STD1、RFC2400]の定期的にアップデートされたリストで定義されるように。 この書くこと現在、総数の定義されたオブジェクトが1万にアプローチしているおよそ100の規格ベースのMIBモジュールがあります。 さらに、未知の、そして、実際には数えられない数の定義されたオブジェクトをもたらす様々なベンダー、研究グループ、コンソーシアム、および同様のものによって一方的に定義された偶数の、より大きくて増加している数の企業特有のMIBモジュールがあります。
In general, management information defined in any MIB module, regardless of the version of the data definition language used, can be used with any version of the protocol. For example, MIB modules defined in terms of the SNMPv1 SMI (SMIv1) are compatible with the SNMPv3 Management Framework and can be conveyed by the protocols specified therein. Furthermore, MIB modules defined in terms of the SNMPv2 SMI (SMIv2) are compatible with SNMPv1 protocol operations and can be conveyed by it. However, there is one noteworthy exception:
一般に、プロトコルのどんなバージョンと共にも言語が使用したデータ定義のバージョンにかかわらずどんなMIBモジュールでも定義された経営情報は使用できます。 例えば、SNMPv1 SMI(SMIv1)に関して定義されたMIBモジュールは、SNMPv3 Management Frameworkと互換性があって、そこに指定されたプロトコルで伝えることができます。 その上、SNMPv2 SMI(SMIv2)に関して定義されたMIBモジュールは、SNMPv1プロトコル操作と互換性があって、それで伝えることができます。 しかしながら、1つの注目に値する例外があります:
Case, et al. Informational [Page 11] RFC 2570 Introduction to SNMPv3 April 1999
ケース、他 SNMPv3 April 1999への情報[11ページ]のRFC2570紹介
the Counter64 datatype which can be defined in a MIB module defined in SMIv2 format but which cannot be conveyed by an SNMPv1 protocol engine.
MIBモジュールで定義できるCounter64データ型式は、SMIv2で形式にもかかわらず、SNMPv1プロトコルエンジンでどれを運ぶことができないかを定義しました。
6.3 Protocol Operations and Transport Mappings
6.3 プロトコル操作と輸送マッピング
The specifications for the protocol operations and transport mappings of the SNMPv3 Framework are incorporated by reference to the two SNMPv2 Framework documents.
プロトコル操作とSNMPv3 Frameworkに関する輸送マッピングのための仕様は2通のSNMPv2 Frameworkドキュメントの参照で取り入れられます。
The specification for protocol operations is found in RFC 1905, "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)" [7]. The SNMPv3 Framework is designed to allow various portions of the architecture to evolve independently. For example, it might be possible for a new specification of protocol operations to be defined within the Framework to allow for additional protocol operations.
プロトコル操作のための仕様はRFC1905(「簡単なネットワーク管理プロトコル(SNMPv2)のバージョン2のためのプロトコル操作」[7])で見つけられます。 SNMPv3 Frameworkは、アーキテクチャの様々な部分が独自に発展するのを許容するように設計されています。 例えば、プロトコル操作の新しい仕様が追加議定書操作を考慮するためにFrameworkの中で定義されるのは、可能であるかもしれません。
The specification of transport mappings is found in RFC 1906, "Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)" [8].
輸送マッピングの仕様はRFC1906(「簡単なネットワーク管理プロトコル(SNMPv2)のバージョン2のための輸送マッピング」[8])で見つけられます。
6.4 SNMPv3 Security and Administration
6.4 SNMPv3セキュリティと政権
The SNMPv3 document series defined by the SNMPv3 Working Group consists of seven documents at this time:
このとき、SNMPv3作業部会によって定義されたSNMPv3ドキュメントシリーズは7通のドキュメントから成ります:
RFC 2570, "Introduction to Version 3 of the Internet-standard
Network Management Framework", which is this document.
RFC2570、このドキュメントである「インターネット標準ネットワークマネージメントフレームワークのバージョン3への序論。」
RFC 2571, "An Architecture for Describing SNMP Management
Frameworks" [15], describes the overall architecture with special
emphasis on the architecture for security and administration.
RFC2571(「SNMP管理フレームワークについて説明するためのアーキテクチャ」[15])はセキュリティと管理のためにアーキテクチャへの特別な強調で総合的なアーキテクチャについて説明します。
RFC 2572, "Message Processing and Dispatching for the Simple
Network Management Protocol (SNMP)" [16], describes the possibly
multiple message processing models and the dispatcher portion that
can be a part of an SNMP protocol engine.
RFC2572(「メッセージ処理と簡単なネットワーク管理プロトコル(SNMP)のために急いでいる」[16])はSNMPプロトコルエンジンの一部であるかもしれないことによると複数のメッセージ処理モデルと発送者部分について説明します。
RFC 2573, "SNMP Applications" [17], describes the five types of
applications that can be associated with an SNMPv3 engine and
their elements of procedure.
RFC2573(「SNMPアプリケーション」[17])はSNMPv3エンジンとそれらの手順の要素に関連づけることができる5つのタイプのアプリケーションについて説明します。
RFC 2574, "The User-Based Security Model for Version 3 of the
Simple Network Management Protocol (SNMPv3)" [18], describes the
threats, mechanisms, protocols, and supporting data used to
provide SNMP message-level security.
RFC2574(「簡単なネットワーク管理プロトコル(SNMPv3)のバージョン3のためのユーザベースの機密保護モデル」[18])はメッセージレベルセキュリティをSNMPに供給するのに使用される脅威、メカニズム、プロトコル、および添付資料について説明します。
Case, et al. Informational [Page 12] RFC 2570 Introduction to SNMPv3 April 1999
ケース、他 SNMPv3 April 1999への情報[12ページ]のRFC2570紹介
RFC 2575, "View-based Access Control Model for the Simple Network
Management Protocol (SNMP)" [19], describes how view-based access
control can be applied within command responder and notification
originator applications.
RFC2575(「簡単なネットワーク管理プロトコル(SNMP)のための視点ベースのアクセス制御モデル」[19])はコマンド応答者と通知創始者アプリケーションの中でどう視点ベースのアクセスコントロールを適用できるかを説明します。
The Work in Progress, "Coexistence between Version 1, Version 2,
and Version 3 of the Internet-standard Network Management
Framework" [20], describes coexistence between the SNMPv3
Management Framework, the SNMPv2 Management Framework, and the
original SNMPv1 Management Framework.
ProgressのWork(「インターネット標準ネットワークマネージメントフレームワークのバージョン1と、バージョン2と、バージョン3の間の共存」[20])はSNMPv3 Management Frameworkと、SNMPv2 Management Frameworkと、オリジナルのSNMPv1 Management Frameworkの間の共存について説明します。
7 Document Summaries
7 ドキュメント概要
The following sections provide brief summaries of each document with slightly more detail than is provided in the overviews above.
以下のセクションがそれぞれのドキュメントの簡潔な概要にわずかに提供する、その他の詳細、上で概要に提供するより。
7.1 Structure of Management Information
7.1 経営情報の構造
Management information is viewed as a collection of managed objects, residing in a virtual information store, termed the Management Information Base (MIB). Collections of related objects are defined in MIB modules. These modules are written in the SNMP MIB module language, which contains elements of OSI's Abstract Syntax Notation One (ASN.1) [11] language. STD 58, RFCs 2578, 2579, 2580, together define the MIB module language, specify the base data types for objects, specify a core set of short-hand specifications for data types called textual conventions, and specify a few administrative assignments of object identifier (OID) values.
仮想情報店に住んでいて、管理オブジェクトの収集がInformation基地(MIB)とManagementを呼んだので、経営情報は見られます。 関連するオブジェクトの収集はMIBモジュールで定義されます。 これらのモジュールはSNMP MIBモジュール言語で書かれています。(それは、OSIの抽象的なSyntax Notation One(ASN.1)[11]言語の原理を含みます)。 STD58、RFCs2578、2579、一緒に2580、MIBモジュール言語を定義してください、そして、オブジェクトのためのベースデータ型を指定してください、そして、原文のコンベンションと呼ばれるデータ型のための1人の巻き癖の速記仕様を指定してください、そして、オブジェクト識別子(OID)値のいくつかの管理課題を指定してください。
The SMI is divided into three parts: module definitions, object definitions, and notification definitions.
SMIは3つの部品に分割されます: モジュール定義、オブジェクト定義、および通知定義。
(1) Module definitions are used when describing information modules.
An ASN.1 macro, MODULE-IDENTITY, is used to convey concisely the
semantics of an information module.
(1) 情報モジュールを説明するとき、モジュール定義は使用されています。 ASN.1マクロ(MODULE-IDENTITY)は、情報モジュールの意味論を簡潔に伝えるのに使用されます。
(2) Object definitions are used when describing managed objects. An
ASN.1 macro, OBJECT-TYPE, is used to convey concisely the syntax
and semantics of a managed object.
(2) 管理オブジェクトについて説明するとき、オブジェクト定義は使用されています。 ASN.1マクロ(OBJECT-TYPE)は、管理オブジェクトの構文と意味論を簡潔に伝えるのに使用されます。
(3) Notification definitions are used when describing unsolicited
transmissions of management information. An ASN.1 macro,
NOTIFICATION-TYPE, is used to convey concisely the syntax and
semantics of a notification.
(3) 経営情報の求められていない送信について説明するとき、通知定義は使用されています。 ASN.1マクロ(NOTIFICATION-TYPE)は、通知の構文と意味論を簡潔に伝えるのに使用されます。
Case, et al. Informational [Page 13] RFC 2570 Introduction to SNMPv3 April 1999
ケース、他 SNMPv3 April 1999への情報[13ページ]のRFC2570紹介
7.1.1 Base SMI Specification
7.1.1 基地のSMI仕様
STD 58, RFC 2578 specifies the base data types for the MIB module language, which include: Integer32, enumerated integers, Unsigned32, Gauge32, Counter32, Counter64, TimeTicks, INTEGER, OCTET STRING, OBJECT IDENTIFIER, IpAddress, Opaque, and BITS. It also assigns values to several object identifiers. STD 58, RFC 2578 further defines the following constructs of the MIB module language:
STD58、RFC2578はMIBモジュール言語のためのベースデータ型を指定します。(データ型は以下の通りです)。 Integer32、列挙された整数、Unsigned32、Gauge32、Counter32、Counter64、TimeTicks、INTEGER、OCTET STRING、OBJECT IDENTIFIER、IpAddress、Opaque、およびBITS。 また、それはいくつかのオブジェクト識別子に値を割り当てます。 STD58、RFC2578はさらにMIBモジュール言語の以下の構造物を定義します:
* IMPORTS to allow the specification of items that are used
in a MIB module, but defined in another MIB module.
* MIBモジュールで使用されますが、別のMIBモジュールで定義される項目の仕様を許容するIMPORTS。
* MODULE-IDENTITY to specify for a MIB module a description
and administrative information such as contact and revision
history.
* 接触や改訂履歴などのMIBモジュールに記述を指定するMODULE-IDENTITYと管理情報。
* OBJECT-IDENTITY and OID value assignments to specify a
an OID value.
* OBJECT-IDENTITYとOIDはOIDを指定する課題を評価します。値。
* OBJECT-TYPE to specify the data type, status, and the semantics
of managed objects.
* 管理オブジェクトのデータ型、状態、および意味論を指定するOBJECT-TYPE。
* SEQUENCE type assignment to list the columnar objects in
a table.
* SEQUENCEは、テーブルに円柱状のオブジェクトを記載するために課題をタイプします。
* NOTIFICATION-TYPE construct to specify an event notification.
* イベント通知を指定するNOTIFICATION-TYPE構造物。
7.1.2 Textual Conventions
7.1.2 原文のコンベンション
When designing a MIB module, it is often useful to specify in a short-hand way the semantics for a set of objects with similar behavior. This is done by defining a new data type using a base data type specified in the SMI. Each new type has a different name, and specifies a base type with more restrictive semantics. These newly defined types are termed textual conventions, and are used for the convenience of humans reading a MIB module and potentially by "intelligent" management applications. It is the purpose of STD 58, RFC 2579, Textual Conventions for SMIv2 [27], to define the construct, TEXTUAL-CONVENTION, of the MIB module language used to define such new types and to specify an initial set of textual conventions available to all MIB modules.
MIBモジュールを設計するとき、同様の振舞いで速記方法で1セットのオブジェクトに意味論を指定するのはしばしば役に立ちます。 SMIで指定されたベースデータ型を使用することで新しいデータ型を定義することによって、これをします。 それぞれの新しいタイプは、異なった名前を持って、より制限している意味論でベースタイプを指定します。 これらの新たに定義されたタイプは、「知的な」管理アプリケーションで潜在的に原文のコンベンションと呼ばれて、MIBモジュールを読んでいる人間の都合のために使用されます。 それはSTD58の目的です、RFC2579、SMIv2[27]、構造物、そのような新しいタイプを定義するのに使用されるMIBモジュール言語のTEXTUAL-CONVENTIONを定義して、すべてのMIBモジュールに利用可能な原文のコンベンションの始発を指定するTextual Conventions。
Case, et al. Informational [Page 14] RFC 2570 Introduction to SNMPv3 April 1999
ケース、他 SNMPv3 April 1999への情報[14ページ]のRFC2570紹介
7.1.3 Conformance Statements
7.1.3 順応声明
It may be useful to define the acceptable lower-bounds of implementation, along with the actual level of implementation achieved. It is the purpose of STD 58, RFC 2580, Conformance Statements for SMIv2 [28], to define the constructs of the MIB module language used for these purposes. There are two kinds of constructs:
実装の許容できる下界を定義するのは達成された実装の実際のレベルと共に役に立つかもしれません。 それは、これらの目的に使用されるMIBモジュール言語の構造物を定義するためにはSTD58、RFC2580、SMIv2[28]のためのConformance Statementsの目的です。 2種類の構造物があります:
(1) Compliance statements are used when describing requirements for
agents with respect to object and event notification
definitions. The MODULE-COMPLIANCE construct is used to convey
concisely such requirements.
(1) オブジェクトとイベント通知定義に関してエージェントのための要件について説明するとき、承諾声明は使用されています。 MODULE-COMPLIANCE構造物は、そのような要件を簡潔に伝えるのに使用されます。
(2) Capability statements are used when describing capabilities of
agents with respect to object and event notification
definitions. The AGENT-CAPABILITIES construct is used to convey
concisely such capabilities.
(2) オブジェクトとイベント通知定義に関してエージェントの能力について説明するとき、能力声明は使用されています。 エージェント-CAPABILITIES構造物は、そのような能力を簡潔に伝えるのに使用されます。
Finally, collections of related objects and collections of related event notifications are grouped together to form a unit of conformance. The OBJECT-GROUP construct is used to convey concisely the objects in and the semantics of an object group. The NOTIFICATION-GROUP construct is used to convey concisely the event notifications in and the semantics of an event notification group.
最終的に、関連するオブジェクトの収集と関連するイベント通知の収集は、順応のユニットを形成するために一緒に分類されます。 OBJECT-GROUP構造物は、オブジェクトを簡潔に運ぶのにおいて使用されていてオブジェクトグループの意味論です。 NOTIFICATION-GROUP構造物は、イベント通知を簡潔に伝えるのにおいて使用されていてイベント通知グループの意味論です。
7.2 Protocol Operations
7.2 プロトコル操作
The management protocol provides for the exchange of messages which convey management information between the agents and the management stations. The form of these messages is a message "wrapper" which encapsulates a Protocol Data Unit (PDU).
管理プロトコルはエージェントと管理局の間に経営情報を伝えるメッセージの交換に備えます。 これらのメッセージのフォームはプロトコルData Unit(PDU)をカプセル化する「ラッパー」というメッセージです。
It is the purpose of RFC 1905, Protocol Operations for SNMPv2 [7], to define the operations of the protocol with respect to the sending and receiving of the PDUs.
それは、PDUsの送受信に関してプロトコルの操作を定義するためにはRFC1905、SNMPv2[7]のためのプロトコルOperationsの目的です。
7.3 Transport Mappings
7.3 輸送マッピング
SNMP Messages may be used over a variety of protocol suites. It is the purpose of RFC 1906, Transport Mappings for SNMPv2 [8], to define how SNMP messages maps onto an initial set of transport domains. Other mappings may be defined in the future.
SNMP Messagesはさまざまなプロトコル群にわたって使用されるかもしれません。 それは、SNMPメッセージがどう1人の始発の輸送にドメインを写像するかを定義するためにはRFC1906、SNMPv2[8]のためのTransport Mappingsの目的です。 他のマッピングは将来、定義されるかもしれません。
Although several mappings are defined, the mapping onto UDP is the preferred mapping. As such, to provide for the greatest level of interoperability, systems which choose to deploy other mappings should also provide for proxy service to the UDP mapping.
いくつかのマッピングが定義されますが、UDPへのマッピングは都合のよいマッピングです。 また、そういうものとして、最も大きいレベルの相互運用性に備えるために、他のマッピングを配布するのを選ぶシステムはUDPマッピングへの代理業務に備えるはずです。
Case, et al. Informational [Page 15] RFC 2570 Introduction to SNMPv3 April 1999
ケース、他 SNMPv3 April 1999への情報[15ページ]のRFC2570紹介
7.4 Protocol Instrumentation
7.4 プロトコル計装
It is the purpose of RFC 1907, the Management Information Base for SNMPv2 document [9] to define managed objects which describe the behavior of an SNMPv2 entity.
SNMPv2ドキュメント[9]がSNMPv2実体の振舞いについて説明する管理オブジェクトを定義するのは、RFC1907、Management Information基地の目的です。
7.5 Architecture / Security and Administration
7.5 アーキテクチャ/セキュリティと政権
It is the purpose of RFC 2571, "An Architecture for Describing SNMP Management Frameworks" [15], to define an architecture for specifying SNMP Management Frameworks. While addressing general architectural issues, it focuses on aspects related to security and administration. It defines a number of terms used throughout the SNMPv3 Management Framework and, in so doing, clarifies and extends the naming of
それは、SNMP Management Frameworksを指定するためにアーキテクチャを定義するためにはRFC2571の目的、「SNMP管理フレームワークについて説明するためのアーキテクチャ」[15]です。 一般的な構造的な問題を扱っている間、それはセキュリティと管理に関連する局面に焦点を合わせます。 それは、SNMPv3 Management Framework中で使用される項数を定義して、そうする際にはっきりさせて、命名を広げています。
* engines and applications,
* エンジンとアプリケーション
* entities (service providers such as the engines in agents
and managers),
* 実体(エージェントとマネージャのエンジンなどのサービスプロバイダー)
* identities (service users), and
* そしてアイデンティティ(サービス利用者)。
* management information, including support for multiple
logical contexts.
* 複数の論理的な関係のサポートを含む経営情報。
The document contains a small MIB module which is implemented by all authoritative SNMPv3 protocol engines.
ドキュメントはすべての正式のSNMPv3プロトコルエンジンによって実装される小さいMIBモジュールを含んでいます。
7.6 Message Processing and Dispatch (MPD)
7.6 メッセージ処理と発信(MPD)
RFC 2572, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)" [16], describes the Message Processing and Dispatching for SNMP messages within the SNMP architecture. It defines the procedures for dispatching potentially multiple versions of SNMP messages to the proper SNMP Message Processing Models, and for dispatching PDUs to SNMP applications. This document also describes one Message Processing Model - the SNMPv3 Message Processing Model.
RFC2572(「メッセージ処理と簡単なネットワーク管理プロトコル(SNMP)のために急いでいる」[16])はSNMPメッセージのためにSNMPアーキテクチャの中でMessage ProcessingとDispatchingについて説明します。 それはSNMPメッセージの潜在的に複数のバージョンを適切なSNMP Message Processing Modelsに派遣して、SNMPアプリケーションにPDUsを派遣するための手順を定義します。 また、このドキュメントは1Message Processing Modelについて説明します--SNMPv3 Message Processing Model。
It is expected that an SNMPv3 protocol engine MUST support at least one Message Processing Model. An SNMPv3 protocol engine MAY support more than one, for example in a multi-lingual system which provides simultaneous support of SNMPv3 and SNMPv1 and/or SNMPv2c.
SNMPv3プロトコルエンジンが少なくとも1Message Processing Modelをサポートしなければならないと予想されます。 SNMPv3プロトコルエンジンは1つ以上をサポートするかもしれません、例えば、SNMPv3とSNMPv1、そして/または、SNMPv2cの同時のサポートを提供する多言語システムで。
Case, et al. Informational [Page 16] RFC 2570 Introduction to SNMPv3 April 1999
ケース、他 SNMPv3 April 1999への情報[16ページ]のRFC2570紹介
7.7 SNMP Applications
7.7 SNMPアプリケーション
It is the purpose of RFC 2573, "SNMP Applications" to describe the five types of applications which can be associated with an SNMP engine. They are: Command Generators, Command Responders, Notification Originators, Notification Receivers, and Proxy Forwarders.
SNMPエンジンに関連づけることができる5つのタイプのアプリケーションについて説明するのは、RFC2573、「SNMPアプリケーション」の目的です。 それらは以下の通りです。 コマンドジェネレータ、コマンド応答者、通知創始者、通知受信機、およびプロキシ混載業者。
The document also defines MIB modules for specifying targets of management operations (including notifications), for notification filtering, and for proxy forwarding.
また、ドキュメントは管理操作の目標を指定するためのMIBモジュールを定義します(通知を含んでいて)、推進をフィルターにかけてプロキシ推進のための通知のために。
7.8 User-based Security Model (USM)
7.8 ユーザベースの機密保護モデル(USM)
RFC 2574, the "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)" describes the User-based Security Model for SNMPv3. It defines the Elements of Procedure for providing SNMP message-level security.
RFC2574、「Simple Network Managementプロトコル(SNMPv3)のバージョン3のためのユーザベースのSecurity Model(USM)」はSNMPv3のためにUserベースのSecurity Modelについて説明します。 それは、メッセージレベルセキュリティをSNMPに供給するためにProcedureのElementsを定義します。
The document describes the two primary and two secondary threats which are defended against by the User-based Security Model. They are: modification of information, masquerade, message stream modification, and disclosure.
ドキュメントはUserベースのSecurity Modelによって防御される2予備選挙と2つのセカンダリ脅威について説明します。 それらは以下の通りです。 情報、仮面舞踏会、メッセージストリーム変更、および公開の変更。
The USM utilizes MD5 [21] and the Secure Hash Algorithm [22] as keyed hashing algorithms [23] for digest computation to provide data integrity
USMは、ダイジェスト計算がデータ保全を提供するアルゴリズム[23]を論じ尽くしながら、合わせられるとしてMD5[21]とSecure Hash Algorithm[22]を利用します。
* to directly protect against data modification attacks,
* 直接データ変更から守るのは攻撃されます。
* to indirectly provide data origin authentication, and
* そして間接的にデータ発生源認証を提供するために。
* to defend against masquerade attacks.
* 仮面舞踏会に対して防御するのは攻撃されます。
The USM uses loosely synchronized monotonically increasing time indicators to defend against certain message stream modification attacks. Automatic clock synchronization mechanisms based on the protocol are specified without dependence on third-party time sources and concomitant security considerations.
USMは、あるメッセージストリーム変更攻撃に対して防御するのに緩く連動している単調に増加する期間表示を使用します。 プロトコルに基づく自動時計同期メカニズムは第三者時間ソースと並立しているセキュリティ問題への依存なしで指定されます。
The USM uses the Data Encryption Standard (DES) [24] in the cipher block chaining mode (CBC) if disclosure protection is desired. Support for DES in the USM is optional, primarily because export and usage restrictions in many countries make it difficult to export and use products which include cryptographic technology.
公開保護が望まれているなら、暗号ブロック連鎖モード(CBC)でUSMはデータ暗号化規格(DES)[24]を使用します。 USMのDESのサポートは任意です、主として暗号の技術を含んでいる製品をエクスポートして、使用するのが多くの国での輸出と使用制限で難しくなるので。
Case, et al. Informational [Page 17] RFC 2570 Introduction to SNMPv3 April 1999
ケース、他 SNMPv3 April 1999への情報[17ページ]のRFC2570紹介
The document also includes a MIB suitable for remotely monitoring and managing the configuration parameters for the USM, including key distribution and key management.
また、ドキュメントはUSMのための設定パラメータを離れてモニターして、管理するのに適当なMIBを含んでいます、主要な分配とかぎ管理を含んでいて。
An entity may provide simultaneous support for multiple security models as well as multiple authentication and privacy protocols. All of the protocols used by the USM are based on pre-placed keys, i.e., private key mechanisms. The SNMPv3 architecture permits the use of asymmetric mechanisms and protocols (commonly called "public key cryptography") but as of this writing, no such SNMPv3 security models utilizing public key cryptography have been published.
実体は複数の認証とプライバシープロトコルと同様に複数の機密保護モデルの同時のサポートを提供するかもしれません。 USMによって使用されたプロトコルのすべてがあらかじめ置かれたキーに基づいています、すなわち、秘密鍵メカニズム。SNMPv3アーキテクチャは非対称のメカニズムとプロトコル(一般的に「公開鍵暗号」と呼ばれる)の使用を可能にしますが、この書くこと付けで、公開鍵暗号を利用しているどんなそのようなSNMPv3機密保護モデルも発表されていません。
7.9 View-based Access Control (VACM)
7.9 視点ベースのアクセスコントロール(VACM)
The purpose of RFC 2575, the "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)" is to describe the View-based Access Control Model for use in the SNMP architecture. The VACM can simultaneously be associated in a single engine implementation with multiple Message Processing Models and multiple Security Models.
RFC2575の目的、「簡単なネットワーク管理プロトコル(SNMP)のための視点ベースのアクセス制御モデル(VACM)」はSNMPアーキテクチャにおける使用のためにViewベースのAccess Control Modelについて説明することになっています。 同時に、VACMはただ一つのエンジン実装で複数のMessage Processing Modelsに関連し複数のSecurity Modelsであるかもしれません。
It is architecturally possible to have multiple, different, Access Control Models active and present simultaneously in a single engine implementation, but this is expected to be *_very_* rare in practice and *_far_* less common than simultaneous support for multiple Message Processing Models and/or multiple Security Models.
It is architecturally possible to have multiple, different, Access Control Models active and present simultaneously in a single engine implementation, but this is expected to be *_very_* rare in practice and *_far_* less common than simultaneous support for multiple Message Processing Models and/or multiple Security Models.
7.10 SNMPv3 Coexistence and Transition
7.10 SNMPv3共存と変遷
The purpose of "Coexistence between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework" is to describe coexistence between the SNMPv3 Management Framework, the SNMPv2 Management Framework, and the original SNMPv1 Management Framework. In particular, this document describes four aspects of coexistence:
「インターネット標準ネットワークマネージメントフレームワークのバージョン1と、バージョン2と、バージョン3の間の共存」の目的はSNMPv3 Management Frameworkと、SNMPv2 Management Frameworkと、オリジナルのSNMPv1 Management Frameworkの間の共存について説明することです。 特に、このドキュメントは共存の4つの局面について説明します:
* Conversion of MIB documents from SMIv1 to SMIv2 format
* MIBドキュメントのSMIv1からSMIv2形式までの変換
* Mapping of notification parameters
* 通知パラメタに関するマッピング
* Approaches to coexistence between entities which support
the various versions of SNMP in a multi-lingual network, in
particular the processing of protocol operations in
multi-lingual implementations, as well as behavior of
proxy implementations
* 多言語ネットワークにおける、SNMPの様々なバージョン、特に多言語実装における、プロトコル操作の処理、およびプロキシ実装の振舞いをサポートする実体の間の共存へのアプローチ
Case, et al. Informational [Page 18] RFC 2570 Introduction to SNMPv3 April 1999
ケース、他 SNMPv3 April 1999への情報[18ページ]のRFC2570紹介
* The SNMPv1 Message Processing Model and Community-Based
Security Model, which provides mechanisms for adapting
SNMPv1 and SNMPv2c into the View-Based Access Control Model
(VACM) [19]
* SNMPv1 Message Processing ModelとベースのCommunity Security Model。(そのSecurity ModelはベースのView Access Control Model(VACM)にSNMPv1とSNMPv2cを適合させるのにメカニズムを提供します)。[19]
8 Security Considerations
8 セキュリティ問題
As this document is primarily a roadmap document, it introduces no new security considerations. The reader is referred to the relevant sections of each of the referenced documents for information about security considerations.
このドキュメントが主として道路地図ドキュメントであるので、それはどんな新しいセキュリティ問題も紹介しません。 読者はセキュリティ問題の情報のためのそれぞれの参照をつけられたドキュメントの関連セクションを参照されます。
9 Editors' Addresses
9人のエディタのアドレス
Jeffrey Case SNMP Research, Inc. 3001 Kimberlin Heights Road Knoxville, TN 37920-9716 USA Phone: +1 423 573 1434 EMail: case@snmp.com
ジェフリーケースSNMPはKimberlin高さのRoadテネシー37920-9716ノクスビル(米国)が電話をするInc.3001について研究します: +1 1434年の423 573メール: case@snmp.com
Russ Mundy TIS Labs at Network Associates 3060 Washington Rd Glenwood, MD 21738 USA Phone: +1 301 854 6889 EMail: mundy@tislabs.com
ネットワーク関連3060ワシントン第グレンウッド、Md21738米国電話のラスマンディTIS研究室: +1 6889年の301 854メール: mundy@tislabs.com
David Partain Ericsson Radio Systems Research and Innovation P.O. Box 1248 SE-581 12 Linkoping Sweden Phone: +46 13 28 41 44 EMail: David.Partain@ericsson.com
デヴィッドパーテインのエリクソンのラジオシステム研究と革新私書箱1248SE-581 12リンチェピングスウェーデン電話: +46 13 28 41 44はメールされます: David.Partain@ericsson.com
Bob Stewart Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 U.S.A. Phone: +1 603 654 6923 EMail: bstewart@cisco.com
西タスマン・Driveボブ・スチュワートシスコシステムズInc.170カリフォルニア95134-1706サンノゼ(米国)は以下に電話をします。 +1 6923年の603 654メール: bstewart@cisco.com
Case, et al. Informational [Page 19] RFC 2570 Introduction to SNMPv3 April 1999
ケース、他 SNMPv3 April 1999への情報[19ページ]のRFC2570紹介
10 References
10の参照箇所
[1] Rose, M. and K. McCloghrie, "Structure and Identification of
Management Information for TCP/IP-based internets", STD 16, RFC
1155, May 1990.
[1]ローズ、M.、およびK.のMcCloghrieと、「TCP/IPベースのインターネットのためのManagement情報の構造とIdentification」、STD16、RFC1155(1990年5月)
[2] Rose, M. and K. McCloghrie, "Concise MIB Definitions", STD 16,
RFC 1212, March 1991.
[2] ローズとM.とK.McCloghrie、「簡潔なMIB定義」、STD16、RFC1212、1991年3月。
[3] Case, J., Fedor, M., Schoffstall, M. and J. Davin, "Simple
Network Management Protocol", STD 15, RFC 1157, May 1990.
[3] ケース、J.、ヒョードル、M.、Schoffstall、M.、およびJ.デーヴィン(「簡単なネットワーク管理プロトコル」、STD15、RFC1157)は1990がそうするかもしれません。
[4] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S.
Waldbusser, "Structure of Management Information for Version 2
of the Simple Network Management Protocol (SNMPv2)", RFC 1902,
January 1996.
[4]SNMPv2作業部会、ケース、J.、McCloghrie、K.、ローズ、M.、およびS.Waldbusser、「簡単なネットワーク管理プロトコル(SNMPv2)のバージョン2のための経営情報の構造」、RFC1902(1996年1月)。
[5] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S.
Waldbusser, "Textual Conventions for Version 2 of the Simple
Network Management Protocol (SNMPv2)", RFC 1903, January 1996.
[5]SNMPv2作業部会、ケース、J.、McCloghrie、K.、ローズ、M.、およびS.Waldbusser、「簡単なネットワークマネージメントのバージョン2のための原文のコンベンションは(SNMPv2)について議定書の中で述べます」、RFC1903、1996年1月。
[6] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S.
Waldbusser, "Conformance Statements for Version 2 of the Simple
Network Management Protocol (SNMPv2)", RFC 1904, January 1996.
[6]SNMPv2作業部会、ケース、J.、McCloghrie、K.、ローズ、M.、およびS.Waldbusser、「簡単なネットワークマネージメントのバージョン2のための順応声明は(SNMPv2)について議定書の中で述べます」、RFC1904、1996年1月。
[7] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M. and S.
Waldbusser, "Protocol Operations for Version 2 of the Simple
Network Management Protocol (SNMPv2)", RFC 1905, January 1996.
[7] SNMPv2作業部会、ケース、J.、McCloghrie(K.、ローズ、M.、およびS.Waldbusser)は「簡単なネットワーク管理プロトコル(SNMPv2)のバージョン2のための操作について議定書の中で述べます」、RFC1905、1996年1月。
[8] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M. and S.
Waldbusser, "Transport Mappings for Version 2 of the Simple
Network Management Protocol (SNMPv2)", RFC 1906, January 1996.
[8]SNMPv2作業部会、ケース、J.、McCloghrie、K.、ローズ、M.、およびS.Waldbusser、「簡単なネットワークマネージメントのバージョン2のための輸送マッピングは(SNMPv2)について議定書の中で述べます」、RFC1906、1996年1月。
[9] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M. and S.
Waldbusser, "Management Information Base for Version 2 of the
Simple Network Management Protocol (SNMPv2)", RFC 1907, January
1996.
[9]SNMPv2作業部会、ケース、J.、McCloghrie、K.、ローズ、M.、およびS.Waldbusser、「簡単なネットワーク管理プロトコルのバージョン2のための管理情報ベース(SNMPv2)」、RFC1907(1996年1月)。
[10] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M. and S.
Waldbusser, "Coexistence between Version 1 and Version 2 of the
Internet-standard Network Management Framework", RFC 1908,
January 1996.
[10]SNMPv2作業部会、ケース、J.、McCloghrie、K.、ローズ、M.、およびS.Waldbusser、「インターネット標準ネットワークマネージメントフレームワークのバージョン1とバージョン2の間の共存」、RFC1908(1996年1月)。
[11] Information processing systems - Open Systems Interconnection -
Specification of Abstract Syntax Notation One (ASN.1),
International Organization for Standardization. International
Standard 8824, (December, 1987).
[11] 情報処理システム--オープン・システム・インターコネクション--抽象的なSyntax Notation One(ASN.1)、国際標準化機構の仕様。 国際規格8824、(1987年12月。)
Case, et al. Informational [Page 20] RFC 2570 Introduction to SNMPv3 April 1999
ケース、他 SNMPv3 April 1999への情報[20ページ]のRFC2570紹介
[12] McCloghrie, K. and M. Rose, "Management Information Base for
Network Management of TCP/IP-based Internets", RFC 1066, August
1988.
[12]McCloghrieとK.とM.ローズ、「TCP/IPベースのインターネットのネットワークマネージメントのための管理情報ベース」、RFC1066、1988年8月。
[13] McCloghrie, K. and M. Rose, "Management Information Base for
Network Management of TCP/IP-based internets: MIB-II, STD 17,
RFC 1213, March 1991.
[13]McCloghrie、K.、およびM.ローズ、「TCP/IPベースのインターネットのNetwork Managementのための管理Information基地:」 MIB-II、STD17、RFC1213、1991年3月。
[14] Cerf, V., "IAB Recommendations for the Development of Internet
Network Management Standards", RFC 1052, April 1988.
[14] サーフ、V.、「インターネットネットワークマネージメント規格の開発のためのIAB推薦」、RFC1052、1988年4月。
[15] Harrington, D., Presuhn, R. and B. Wijnen, "An Architecture for
Describing SNMP Management Frameworks", RFC 2571, April 1999.
[15] ハリントンとD.とPresuhnとR.とB.Wijnen、「SNMP管理フレームワークについて説明するためのアーキテクチャ」、RFC2571、1999年4月。
[16] Case, J., Harrington, D., Presuhn, R. and B. Wijnen, "Message
Processing and Dispatching for the Simple Network Management
Protocol (SNMP)", RFC 2572, April 1999.
[16]ケース、J.、ハリントン、D.、Presuhn、R.、およびB.Wijnen、「メッセージ処理と簡単なネットワークマネージメントのために急いでいるのは(SNMP)について議定書の中で述べます」、RFC2572、1999年4月。
[17] Levi, D., Meyer, P. and B. Stewart, "SNMP Applications", RFC
2573, April 1999.
[17] レビとD.とマイヤーとP.とB.スチュワート、「SNMPアプリケーション」、RFC2573、1999年4月。
[18] Blumenthal, U. and B. Wijnen, "The User-Based Security Model for
Version 3 of the Simple Network Management Protocol (SNMPv3)",
RFC 2574, April 1999.
[18] ブルーメンソル、U.、およびB.Wijnen、「ユーザベースのセキュリティは簡単なネットワーク管理プロトコル(SNMPv3)のバージョン3のためにモデル化します」、RFC2574、1999年4月。
[19] Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based Access
Control Model for the Simple Network Management Protocol
(SNMP)", RFC 2575, April 1999.
[19]WijnenとB.とPresuhn、R.とK.McCloghrie、「簡単なネットワーク管理プロトコル(SNMP)のための視点ベースのアクセス制御モデル」RFC2575(1999年4月)。
[20] Frye, R., Levi, D., Routhier, S., and B. Wijnen, "Coexistence
between Version 1, Version 2, and Version 3 of the Internet-
standard Network Management Framework", Work in Progress.
Progressの[20] フライとR.とレビとD.とRouthier、S.とB.Wijnen、「インターネットの標準のNetwork Management Frameworkのバージョン1と、バージョン2と、バージョン3の間の共存」Work。
[21] Rivest, R., "Message Digest Algorithm MD5", RFC 1321, April
1992.
[21] 最もRivest、R.、「メッセージダイジェストアルゴリズムMD5"、RFC1321、1992年4月。」
[22] Secure Hash Algorithm. NIST FIPS 180-1, (April, 1995)
http://csrc.nist.gov/fips/fip180-1.txt (ASCII)
http://csrc.nist.gov/fips/fip180-1.ps (Postscript)
[22] ハッシュアルゴリズムを保証してください。 NIST FIPS180-1、(1995年4月) http://csrc.nist.gov/fips/fip180-1.txt (ASCII) http://csrc.nist.gov/fips/fip180-1.ps (追伸)
[23] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: Keyed-Hashing
for Message Authentication", RFC 2104, February 1997.
[23]Krawczyk、H.、Bellare、M.、およびR.カネッティ、「HMAC:」 「通報認証のための合わせられた論じ尽くす」RFC2104、1997年2月。
[24] Data Encryption Standard, National Institute of Standards and
Technology. Federal Information Processing Standard (FIPS)
Publication 46-1. Supersedes FIPS Publication 46, (January,
1977; reaffirmed January, 1988).
[24] データ暗号化規格、米国商務省標準技術局。 連邦情報処理基準(FIPS)公表46-1。 FIPS Publication46、(再び断言された1月、1977年1月;1988)に取って代わります。
Case, et al. Informational [Page 21] RFC 2570 Introduction to SNMPv3 April 1999
ケース、他 SNMPv3 April 1999への情報[21ページ]のRFC2570紹介
[25] Rose, M., "A Convention for Defining Traps for use with the
SNMP", RFC 1215, March 1991.
[25] ローズ、1991年3月、M.、「SNMPとの使用のためのDefining TrapsのためのConvention」RFC1215。
[26] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose,
M. and S. Waldbusser, "Structure of Management Information
Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.
[26]McCloghrie、K.、パーキンス、D.、Schoenwaelder、J.、ケース、J.、ローズ、M.、およびS.Waldbusser、「経営情報バージョン2(SMIv2)の構造」、STD58、RFC2578(1999年4月)。
[27] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose,
M. and S. Waldbusser, "Textual Conventions for SMIv2", STD 58,
RFC 2579, April 1999.
[27]McCloghrie、K.、パーキンス、D.、Schoenwaelder、J.、ケース、J.、ローズ、M.、およびS.Waldbusser、「SMIv2"、STD58、RFC2579、1999年4月の原文のコンベンション。」
[28] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose,
M. and S. Waldbusser, "Conformance Statements for SMIv2", STD
58, RFC 2580, April 1999.
[28]McCloghrie、K.、パーキンス、D.、Schoenwaelder、J.、ケース、J.、ローズ、M.、およびS.Waldbusser、「SMIv2"、STD58、RFC2580、1999年4月のための順応声明。」
Case, et al. Informational [Page 22] RFC 2570 Introduction to SNMPv3 April 1999
ケース、他 SNMPv3 April 1999への情報[22ページ]のRFC2570紹介
11 Full Copyright Statement
11 完全な著作権宣言文
Copyright (C) The Internet Society (1998). All Rights Reserved.
Copyright(C)インターネット協会(1998)。 All rights reserved。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
それに関するこのドキュメントと翻訳は、コピーして、それが批評するか、またはそうでなければわかる他のもの、および派生している作品に提供するか、または準備されているかもしれなくて、コピーされて、発行されて、全体か一部広げられた実現を助けるかもしれません、どんな種類の制限なしでも、上の版権情報とこのパラグラフがそのようなすべてのコピーと派生している作品の上に含まれていれば。 しかしながら、このドキュメント自体は何らかの方法で変更されないかもしれません、インターネット協会か他のインターネット組織の版権情報か参照を取り除くのなどように、それを英語以外の言語に翻訳するのが著作権のための手順がインターネットStandardsの過程で定義したどのケースに従わなければならないか、必要に応じてさもなければ、インターネット標準を開発する目的に必要であるのを除いて。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上に承諾された限られた許容は、永久であり、インターネット協会、後継者または案配によって取り消されないでしょう。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."
「このドキュメントとそして、「そのままで」という基礎とインターネットの振興発展を目的とする組織に、インターネット・エンジニアリング・タスク・フォースが速達の、または、暗示しているすべての保証を放棄するかどうかというここにことであり、他を含んでいて、含まれて、情報の使用がここに侵害しないどんな保証も少しもまっすぐになるという情報か市場性か特定目的への適合性のどんな黙示的な保証。」
Acknowledgement
承認
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC Editor機能のための基金は現在、インターネット協会によって提供されます。
Case, et al. Informational [Page 23]
ケース、他 情報[23ページ]
一覧
スポンサーリンク
