| draft-ietf-opsawg-hmac-sha-2-usm-snmp-05.txt | draft-ietf-opsawg-hmac-sha-2-usm-snmp-06.txt | |||
|---|---|---|---|---|
| OPSAWG J. Merkle, Ed. | OPSAWG J. Merkle, Ed. | |||
| Internet-Draft Secunet Security Networks | Internet-Draft Secunet Security Networks | |||
| Intended status: Standards Track M. Lochter | Intended status: Standards Track M. Lochter | |||
| Expires: September 24, 2015 BSI | Expires: October 22, 2015 BSI | |||
| March 23, 2015 | April 20, 2015 | |||
| HMAC-SHA-2 Authentication Protocols in USM for SNMP | HMAC-SHA-2 Authentication Protocols in USM for SNMPv3 | |||
| draft-ietf-opsawg-hmac-sha-2-usm-snmp-05 | draft-ietf-opsawg-hmac-sha-2-usm-snmp-06 | |||
| Abstract | Abstract | |||
| This memo specifies new HMAC-SHA-2 authentication protocols for the | This memo specifies new HMAC-SHA-2 authentication protocols for the | |||
| User-based Security Model (USM) for SNMPv3 defined in RFC 3414. | User-based Security Model (USM) for SNMPv3 defined in RFC 3414. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| skipping to change at page 1, line 32 | skipping to change at page 1, line 32 | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on September 24, 2015. | This Internet-Draft will expire on October 22, 2015. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2015 IETF Trust and the persons identified as the | Copyright (c) 2015 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 23 | skipping to change at page 2, line 23 | |||
| 4.2. Processing . . . . . . . . . . . . . . . . . . . . . . . 5 | 4.2. Processing . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 4.2.1. Processing an Outgoing Message . . . . . . . . . . . 5 | 4.2.1. Processing an Outgoing Message . . . . . . . . . . . 5 | |||
| 4.2.2. Processing an Incoming Message . . . . . . . . . . . 6 | 4.2.2. Processing an Incoming Message . . . . . . . . . . . 6 | |||
| 5. Key Localization and Key Change . . . . . . . . . . . . . . . 6 | 5. Key Localization and Key Change . . . . . . . . . . . . . . . 6 | |||
| 6. Structure of the MIB Module . . . . . . . . . . . . . . . . . 6 | 6. Structure of the MIB Module . . . . . . . . . . . . . . . . . 6 | |||
| 7. Relationship to Other MIB Modules . . . . . . . . . . . . . . 7 | 7. Relationship to Other MIB Modules . . . . . . . . . . . . . . 7 | |||
| 7.1. Relationship to SNMP-USER-BASED-SM-MIB . . . . . . . . . 7 | 7.1. Relationship to SNMP-USER-BASED-SM-MIB . . . . . . . . . 7 | |||
| 7.2. Relationship to SNMP-FRAMEWORK-MIB . . . . . . . . . . . 7 | 7.2. Relationship to SNMP-FRAMEWORK-MIB . . . . . . . . . . . 7 | |||
| 7.3. MIB modules required for IMPORTS . . . . . . . . . . . . 7 | 7.3. MIB modules required for IMPORTS . . . . . . . . . . . . 7 | |||
| 8. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 7 | 8. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 9. Security Considerations . . . . . . . . . . . . . . . . . . . 10 | 9. Security Considerations . . . . . . . . . . . . . . . . . . . 9 | |||
| 9.1. Use of the HMAC-SHA-2 authentication protocols in USM . . 10 | 9.1. Use of the HMAC-SHA-2 authentication protocols in USM . . 10 | |||
| 9.2. Cryptographic strength of the authentication protocols . 10 | 9.2. Cryptographic strength of the authentication protocols . 10 | |||
| 9.3. Derivation of keys from passwords . . . . . . . . . . . . 11 | 9.3. Derivation of keys from passwords . . . . . . . . . . . . 11 | |||
| 9.4. Access to the SNMP-USM-HMAC-SHA2-MIB . . . . . . . . . . 11 | 9.4. Access to the SNMP-USM-HMAC-SHA2-MIB . . . . . . . . . . 11 | |||
| 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 | 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 | 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 11.1. Normative References . . . . . . . . . . . . . . . . . . 12 | 11.1. Normative References . . . . . . . . . . . . . . . . . . 12 | |||
| 11.2. Informative References . . . . . . . . . . . . . . . . . 13 | 11.2. Informative References . . . . . . . . . . . . . . . . . 13 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| skipping to change at page 3, line 30 | skipping to change at page 3, line 30 | |||
| 3. Conventions | 3. Conventions | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in BCP 14, RFC 2119 | document are to be interpreted as described in BCP 14, RFC 2119 | |||
| [RFC2119]. | [RFC2119]. | |||
| 4. The HMAC-SHA-2 Authentication Protocols | 4. The HMAC-SHA-2 Authentication Protocols | |||
| This section describes the HMAC-SHA-2 authentication protocols. They | This section describes the HMAC-SHA-2 authentication protocols. They | |||
| use the SHA-2 hash functions, which are described in [SHA] and | use the SHA-2 hash functions, which are described in FIPS PUB 180-4 | |||
| [RFC6234], in HMAC mode described in [RFC2104] and [RFC6234], | [SHA] and RFC 6234 [RFC6234], in HMAC mode described in RFC 2104 | |||
| truncating the output to 128 bits for SHA-224, 192 bits for SHA-256, | [RFC2104] and RFC 6234, truncating the output to 128 bits for SHA- | |||
| 256 bits for SHA-384, and 384 bits for SHA-512. [RFC6234] also | 224, 192 bits for SHA-256, 256 bits for SHA-384, and 384 bits for | |||
| provides source code for all the SHA-2 algorithms and HMAC (without | SHA-512. RFC 6234 also provides source code for all the SHA-2 | |||
| truncation). It also includes test harness and standard test vectors | algorithms and HMAC (without truncation). It also includes test | |||
| for all the defined hash functions and HMAC examples. | harness and standard test vectors for all the defined hash functions | |||
| and HMAC examples. | ||||
| The following protocols are defined: | The following protocols are defined: | |||
| usmHMAC128SHA224AuthProtocol: uses SHA-224 and truncates the | usmHMAC128SHA224AuthProtocol: uses SHA-224 and truncates the | |||
| output to 128 bits (16 octets); | output to 128 bits (16 octets); | |||
| usmHMAC192SHA256AuthProtocol: uses SHA-256 and truncates the | usmHMAC192SHA256AuthProtocol: uses SHA-256 and truncates the | |||
| output to 192 bits (24 octets); | output to 192 bits (24 octets); | |||
| usmHMAC256SHA384AuthProtocol: uses SHA-384 and truncates the | usmHMAC256SHA384AuthProtocol: uses SHA-384 and truncates the | |||
| skipping to change at page 4, line 19 | skipping to change at page 4, line 19 | |||
| OPTIONAL. | OPTIONAL. | |||
| 4.1. Deviations from the HMAC-SHA-96 Authentication Protocol | 4.1. Deviations from the HMAC-SHA-96 Authentication Protocol | |||
| All the HMAC-SHA-2 authentication protocols are straightforward | All the HMAC-SHA-2 authentication protocols are straightforward | |||
| adaptations of the HMAC-MD5-96 and HMAC-SHA-96 authentication | adaptations of the HMAC-MD5-96 and HMAC-SHA-96 authentication | |||
| protocols. Precisely, they differ from the HMAC-MD5-96 and HMAC- | protocols. Precisely, they differ from the HMAC-MD5-96 and HMAC- | |||
| SHA-96 authentication protocols in the following aspects: | SHA-96 authentication protocols in the following aspects: | |||
| o The SHA-2 hash function is used to compute the message digest in | o The SHA-2 hash function is used to compute the message digest in | |||
| the HMAC computation according to [RFC2104] and [RFC6234], as | the HMAC computation according to RFC 2104 and RFC 6234, as | |||
| opposed to the MD5 hash function [RFC1321] and SHA-1 hash function | opposed to the MD5 hash function [RFC1321] and SHA-1 hash function | |||
| [SHA] used in HMAC-MD5-96 and HMAC-SHA-96, respectively. | [SHA] used in HMAC-MD5-96 and HMAC-SHA-96, respectively. | |||
| Consequently, the length of the message digest prior to truncation | Consequently, the length of the message digest prior to truncation | |||
| is 224 bits for SHA-224 based protocol, 256 bits for SHA-256 based | is 224 bits for SHA-224 based protocol, 256 bits for SHA-256 based | |||
| protocol, 384 bits for SHA-384 based protocol, and 512 bits for | protocol, 384 bits for SHA-384 based protocol, and 512 bits for | |||
| SHA-512 based protocol. | SHA-512 based protocol. | |||
| o The resulting message digest (output of HMAC) is truncated to | o The resulting message digest (output of HMAC) is truncated to | |||
| * 16 octets for usmHMAC128SHA224AuthProtocol | * 16 octets for usmHMAC128SHA224AuthProtocol | |||
| skipping to change at page 5, line 16 | skipping to change at page 5, line 16 | |||
| protocol usmHMAC384SHA512AuthProtocol | protocol usmHMAC384SHA512AuthProtocol | |||
| as opposed to the keys being 16 and 20 octets long in HMAC-MD5-96 | as opposed to the keys being 16 and 20 octets long in HMAC-MD5-96 | |||
| and HMAC-SHA-96, respectively. | and HMAC-SHA-96, respectively. | |||
| 4.2. Processing | 4.2. Processing | |||
| This section describes the procedures for the HMAC-SHA-2 | This section describes the procedures for the HMAC-SHA-2 | |||
| authentication protocols. The descriptions are based on the | authentication protocols. The descriptions are based on the | |||
| definition of services and data elements defined for HMAC-SHA-96 in | definition of services and data elements defined for HMAC-SHA-96 in | |||
| RFC 3414 [RFC3414] with the deviations listed in Section 4.1. | RFC 3414 with the deviations listed in Section 4.1. | |||
| 4.2.1. Processing an Outgoing Message | 4.2.1. Processing an Outgoing Message | |||
| Values of constants M (the length of the secret key in octets) and N | Values of constants M (the length of the secret key in octets) and N | |||
| (the length of the MAC output in octets) used below, are: | (the length of the MAC output in octets) used below, are: | |||
| usmHMAC128SHA224AuthProtocol: M=28, N=16; | usmHMAC128SHA224AuthProtocol: M=28, N=16; | |||
| usmHMAC192SHA256AuthProtocol: M=32, N=24; | usmHMAC192SHA256AuthProtocol: M=32, N=24; | |||
| skipping to change at page 5, line 38 | skipping to change at page 5, line 38 | |||
| usmHMAC384SHA512AuthProtocol: M=64, N=48. | usmHMAC384SHA512AuthProtocol: M=64, N=48. | |||
| correspondingly. | correspondingly. | |||
| This section describes the procedure followed by an SNMP engine | This section describes the procedure followed by an SNMP engine | |||
| whenever it must authenticate an outgoing message using one of the | whenever it must authenticate an outgoing message using one of the | |||
| authentication protocols defined above. | authentication protocols defined above. | |||
| 1. The msgAuthenticationParameters field is set to serialization, | 1. The msgAuthenticationParameters field is set to serialization, | |||
| according to the rules in [RFC3417], of an OCTET STRING | according to the rules in RFC 3417 [RFC3417], of an OCTET STRING | |||
| containing N zero octets. | containing N zero octets. | |||
| 2. From the secret authKey of M octets, calculate the HMAC-SHA-2 | 2. From the secret authKey of M octets, calculate the HMAC-SHA-2 | |||
| digest over it according to [RFC6234]. Take the first N octets | digest over it according to RFC 6234. Take the first N octets of | |||
| of the final digest - this is the Message Authentication Code | the final digest - this is the Message Authentication Code (MAC). | |||
| (MAC). | ||||
| 3. Replace the msgAuthenticationParameters field with the MAC | 3. Replace the msgAuthenticationParameters field with the MAC | |||
| obtained in the previous step. | obtained in the previous step. | |||
| 4. The authenticatedWholeMsg is then returned to the caller together | 4. The authenticatedWholeMsg is then returned to the caller together | |||
| with statusInformation indicating success. | with statusInformation indicating success. | |||
| 4.2.2. Processing an Incoming Message | 4.2.2. Processing an Incoming Message | |||
| Values of the constants M and N are the same as in Section 4.2.1, and | Values of the constants M and N are the same as in Section 4.2.1, and | |||
| skipping to change at page 6, line 44 | skipping to change at page 6, line 44 | |||
| 7. The newly calculated MAC is compared with the MAC saved in step | 7. The newly calculated MAC is compared with the MAC saved in step | |||
| 2. If they do not match, then a failure and an errorIndication | 2. If they do not match, then a failure and an errorIndication | |||
| (authenticationFailure) are returned to the calling module. | (authenticationFailure) are returned to the calling module. | |||
| 8. The authenticatedWholeMsg and statusInformation indicating | 8. The authenticatedWholeMsg and statusInformation indicating | |||
| success are then returned to the caller. | success are then returned to the caller. | |||
| 5. Key Localization and Key Change | 5. Key Localization and Key Change | |||
| For any of the protocols defined in Section 4, key localization and | For any of the protocols defined in Section 4, key localization and | |||
| key change SHALL be performed according to RFC 3414 [RFC3414] using | key change SHALL be performed according to RFC 3414 using the SHA-2 | |||
| the SHA-2 hash function applied in the respective protocol. | hash function applied in the respective protocol. | |||
| 6. Structure of the MIB Module | 6. Structure of the MIB Module | |||
| The MIB module specified in this memo does not define any managed | The MIB module specified in this memo does not define any managed | |||
| objects, subtrees, notifications or tables, but only object | objects, subtrees, notifications or tables, but only object | |||
| identities (for authentication protocols) under a subtree of an | identities (for authentication protocols) under a subtree of an | |||
| existing MIB. | existing MIB. | |||
| 7. Relationship to Other MIB Modules | 7. Relationship to Other MIB Modules | |||
| 7.1. Relationship to SNMP-USER-BASED-SM-MIB | 7.1. Relationship to SNMP-USER-BASED-SM-MIB | |||
| RFC 3414 [RFC3414] specifies the MIB module for the User-based | RFC 3414 specifies the MIB module for the User-based Security Model | |||
| Security Model (USM) for SNMPv3 (SNMP-USER-BASED-SM-MIB), which | (USM) for SNMPv3 (SNMP-USER-BASED-SM-MIB), which defines | |||
| defines authentication protocols for USM based on the hash functions | authentication protocols for USM based on the hash functions MD5 and | |||
| MD5 and SHA-1, respectively. The following MIB module defines new | SHA-1, respectively. The following MIB module defines new HMAC-SHA2 | |||
| HMAC-SHA2 authentication protocols for USM based on the SHA-2 hash | authentication protocols for USM based on the SHA-2 hash functions | |||
| functions [SHA]. The use of the HMAC-SHA2 authentication protocols | [SHA]. The use of the HMAC-SHA2 authentication protocols requires | |||
| requires the usage of the objects defined in the SNMP-USER-BASED-SM- | the usage of the objects defined in the SNMP-USER-BASED-SM-MIB. | |||
| MIB. | ||||
| 7.2. Relationship to SNMP-FRAMEWORK-MIB | 7.2. Relationship to SNMP-FRAMEWORK-MIB | |||
| RFC 3411 [RFC3411] specifies the SNMP-FRAMEWORK-MIB, which defines a | RFC 3411 [RFC3411] specifies the SNMP-FRAMEWORK-MIB, which defines a | |||
| subtree snmpAuthProtocols for SNMP authentication protocols. The | subtree snmpAuthProtocols for SNMP authentication protocols. The | |||
| following MIB module defines new authentication protocols in the | following MIB module defines new authentication protocols in the | |||
| snmpAuthProtocols subtree. | snmpAuthProtocols subtree. | |||
| 7.3. MIB modules required for IMPORTS | 7.3. MIB modules required for IMPORTS | |||
| skipping to change at page 10, line 6 | skipping to change at page 10, line 4 | |||
| Keyed-Hashing for Message Authentication, RFC 2104. | Keyed-Hashing for Message Authentication, RFC 2104. | |||
| - National Institute of Standards and Technology, | - National Institute of Standards and Technology, | |||
| Secure Hash Standard (SHS), FIPS PUB 180-4, 2012." | Secure Hash Standard (SHS), FIPS PUB 180-4, 2012." | |||
| ::= { snmpAuthProtocols dd } -- dd to be assigned by IANA | ::= { snmpAuthProtocols dd } -- dd to be assigned by IANA | |||
| -- RFC Ed.: replace dd with actual number assigned by IANA & remove | -- RFC Ed.: replace dd with actual number assigned by IANA & remove | |||
| -- this comment | -- this comment | |||
| END | END | |||
| 9. Security Considerations | 9. Security Considerations | |||
| 9.1. Use of the HMAC-SHA-2 authentication protocols in USM | 9.1. Use of the HMAC-SHA-2 authentication protocols in USM | |||
| The security considerations of [RFC3414] also apply to the HMAC-SHA-2 | The security considerations of RFC 3414 also apply to the HMAC-SHA-2 | |||
| authentication protocols defined in this document. | authentication protocols defined in this document. | |||
| 9.2. Cryptographic strength of the authentication protocols | 9.2. Cryptographic strength of the authentication protocols | |||
| At the time of publication of this document, all of the HMAC-SHA-2 | At the time of publication of this document, all of the HMAC-SHA-2 | |||
| authentication protocols provide a very high level of security. The | authentication protocols provide a very high level of security. The | |||
| security of each HMAC-SHA-2 authentication protocol depends on the | security of each HMAC-SHA-2 authentication protocol depends on the | |||
| parameters used in the corresponding HMAC computation, which are the | parameters used in the corresponding HMAC computation, which are the | |||
| length of the key (if the key has maximum entropy), the size of the | length of the key (if the key has maximum entropy), the size of the | |||
| hash function's internal state, and the length of the truncated MAC. | hash function's internal state, and the length of the truncated MAC. | |||
| skipping to change at page 10, line 49 | skipping to change at page 10, line 46 | |||
| function. | function. | |||
| The role of the truncated output length is more complicated: | The role of the truncated output length is more complicated: | |||
| according to [BCK], there is a trade-off in that "by outputting less | according to [BCK], there is a trade-off in that "by outputting less | |||
| bits the attacker has less bits to predict in a MAC forgery but, on | bits the attacker has less bits to predict in a MAC forgery but, on | |||
| the other hand, the attacker also learns less about the output of the | the other hand, the attacker also learns less about the output of the | |||
| compression function from seeing the authentication tags computed by | compression function from seeing the authentication tags computed by | |||
| legitimate parties"; thus, truncation weakens the HMAC against | legitimate parties"; thus, truncation weakens the HMAC against | |||
| forgery by guessing, but at the same time strengthens it against | forgery by guessing, but at the same time strengthens it against | |||
| chosen message attacks aiming at MAC forgery based on internal | chosen message attacks aiming at MAC forgery based on internal | |||
| collisions or at key guessing. [RFC2104] and [BCK] allow truncation | collisions or at key guessing. RFC 2104 and [BCK] allow truncation | |||
| to any length that is not less than half the size of the internal | to any length that is not less than half the size of the internal | |||
| state. | state. | |||
| Further discussion of the security of the HMAC construction is given | Further discussion of the security of the HMAC construction is given | |||
| in [RFC2104]. | in RFC 2104. | |||
| 9.3. Derivation of keys from passwords | 9.3. Derivation of keys from passwords | |||
| If secret keys to be used for HMAC-SHA-2 authentication protocols are | If secret keys to be used for HMAC-SHA-2 authentication protocols are | |||
| derived from passwords, the derivation SHOULD be performed using the | derived from passwords, the derivation SHOULD be performed using the | |||
| password-to-key algorithm from Appendix A.1 of RFC 3414 with MD5 | password-to-key algorithm from Appendix A.1 of RFC 3414 with MD5 | |||
| being replaced by the SHA-2 hash function H used in the HMAC-SHA-2 | being replaced by the SHA-2 hash function H used in the HMAC-SHA-2 | |||
| authentication protocol. Specifically, the password is converted | authentication protocol. Specifically, the password is converted | |||
| into the required secret key by the following steps: | into the required secret key by the following steps: | |||
| skipping to change at page 11, line 35 | skipping to change at page 11, line 32 | |||
| 9.4. Access to the SNMP-USM-HMAC-SHA2-MIB | 9.4. Access to the SNMP-USM-HMAC-SHA2-MIB | |||
| The SNMP-USM-HMAC-SHA2-MIB module defines OBJECT IDENTIFIER values | The SNMP-USM-HMAC-SHA2-MIB module defines OBJECT IDENTIFIER values | |||
| for use in other MIB modules. It does not define any objects that | for use in other MIB modules. It does not define any objects that | |||
| can be accessed. As such, the SNMP-USM-HMAC-SHA2-MIB does not, by | can be accessed. As such, the SNMP-USM-HMAC-SHA2-MIB does not, by | |||
| itself, have any effect on the security of the Internet. | itself, have any effect on the security of the Internet. | |||
| The values defined in this module are expected to be used with the | The values defined in this module are expected to be used with the | |||
| usmUserTable defined in the SNMP-USER-BASED-SM-MIB [RFC3414]. The | usmUserTable defined in the SNMP-USER-BASED-SM-MIB [RFC3414]. The | |||
| considerations in Section 11.5 of [RFC3414] should be taken into | considerations in Section 11.5 of RFC 3414 should be taken into | |||
| account. | account. | |||
| 10. IANA Considerations | 10. IANA Considerations | |||
| IANA is requested to assign an OID for | IANA is requested to assign an OID for | |||
| +--------------------+-------------------------+ | +--------------------+-------------------------+ | |||
| | Descriptor | OBJECT IDENTIFIER value | | | Descriptor | OBJECT IDENTIFIER value | | |||
| +--------------------+-------------------------+ | +--------------------+-------------------------+ | |||
| | snmpUsmHmacSha2MIB | { snmpModules nn } | | | snmpUsmHmacSha2MIB | { snmpModules nn } | | |||
| End of changes. 16 change blocks. | ||||
| 34 lines changed or deleted | 32 lines changed or added | |||
This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||