Internet Engineering Task Force (IETF)                    J. Merkle, Ed.
Request for Comments: 7860                     Secunet Security Networks
Obsoletes: 7630                                               M. Lochter
Category: Standards Track                                            BSI
ISSN: 2070-1721                                               April 2016
        
Internet Engineering Task Force (IETF)                    J. Merkle, Ed.
Request for Comments: 7860                     Secunet Security Networks
Obsoletes: 7630                                               M. Lochter
Category: Standards Track                                            BSI
ISSN: 2070-1721                                               April 2016
        

HMAC-SHA-2 Authentication Protocols in User-Based Security Model (USM) for SNMPv3

SNMPv3基于用户的安全模型(USM)中的HMAC-SHA-2认证协议

Abstract

摘要

This document specifies several authentication protocols based on the SHA-2 hash functions for the User-based Security Model (USM) for SNMPv3 defined in RFC 3414. It obsoletes RFC 7630, in which the MIB MODULE-IDENTITY value was incorrectly specified.

本文档为RFC 3414中定义的SNMPv3基于用户的安全模型(USM)指定了基于SHA-2哈希函数的几种身份验证协议。它淘汰了RFC 7630,其中错误地指定了MIB模块标识值。

Status of This Memo

关于下段备忘

This is an Internet Standards Track document.

这是一份互联网标准跟踪文件。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 5741第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7860.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7860.

Copyright Notice

版权公告

Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2016 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

Table of Contents

目录

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  The Internet-Standard Management Framework  . . . . . . . . .   3
   3.  Conventions . . . . . . . . . . . . . . . . . . . . . . . . .   3
   4.  The HMAC-SHA-2 Authentication Protocols . . . . . . . . . . .   4
     4.1.  Deviations from the HMAC-SHA-96 Authentication Protocol .   4
     4.2.  Processing  . . . . . . . . . . . . . . . . . . . . . . .   5
       4.2.1.  Processing an Outgoing Message  . . . . . . . . . . .   6
       4.2.2.  Processing an Incoming Message  . . . . . . . . . . .   6
   5.  Key Localization and Key Change . . . . . . . . . . . . . . .   7
   6.  Structure of the MIB Module . . . . . . . . . . . . . . . . .   7
   7.  Relationship to Other MIB Modules . . . . . . . . . . . . . .   7
     7.1.  Relationship to SNMP-USER-BASED-SM-MIB  . . . . . . . . .   7
     7.2.  Relationship to SNMP-FRAMEWORK-MIB  . . . . . . . . . . .   7
     7.3.  MIB Modules Required for IMPORTS  . . . . . . . . . . . .   8
   8.  Definitions . . . . . . . . . . . . . . . . . . . . . . . . .   8
   9.  Security Considerations . . . . . . . . . . . . . . . . . . .  10
     9.1.  Use of the HMAC-SHA-2 Authentication Protocols in USM . .  10
     9.2.  Cryptographic Strength of the Authentication Protocols  .  10
     9.3.  Derivation of Keys from Passwords . . . . . . . . . . . .  11
     9.4.  Access to the SNMP-USM-HMAC-SHA2-MIB  . . . . . . . . . .  11
   10. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  12
   11. References  . . . . . . . . . . . . . . . . . . . . . . . . .  12
     11.1.  Normative References . . . . . . . . . . . . . . . . . .  12
     11.2.  Informative References . . . . . . . . . . . . . . . . .  13
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  14
        
   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  The Internet-Standard Management Framework  . . . . . . . . .   3
   3.  Conventions . . . . . . . . . . . . . . . . . . . . . . . . .   3
   4.  The HMAC-SHA-2 Authentication Protocols . . . . . . . . . . .   4
     4.1.  Deviations from the HMAC-SHA-96 Authentication Protocol .   4
     4.2.  Processing  . . . . . . . . . . . . . . . . . . . . . . .   5
       4.2.1.  Processing an Outgoing Message  . . . . . . . . . . .   6
       4.2.2.  Processing an Incoming Message  . . . . . . . . . . .   6
   5.  Key Localization and Key Change . . . . . . . . . . . . . . .   7
   6.  Structure of the MIB Module . . . . . . . . . . . . . . . . .   7
   7.  Relationship to Other MIB Modules . . . . . . . . . . . . . .   7
     7.1.  Relationship to SNMP-USER-BASED-SM-MIB  . . . . . . . . .   7
     7.2.  Relationship to SNMP-FRAMEWORK-MIB  . . . . . . . . . . .   7
     7.3.  MIB Modules Required for IMPORTS  . . . . . . . . . . . .   8
   8.  Definitions . . . . . . . . . . . . . . . . . . . . . . . . .   8
   9.  Security Considerations . . . . . . . . . . . . . . . . . . .  10
     9.1.  Use of the HMAC-SHA-2 Authentication Protocols in USM . .  10
     9.2.  Cryptographic Strength of the Authentication Protocols  .  10
     9.3.  Derivation of Keys from Passwords . . . . . . . . . . . .  11
     9.4.  Access to the SNMP-USM-HMAC-SHA2-MIB  . . . . . . . . . .  11
   10. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  12
   11. References  . . . . . . . . . . . . . . . . . . . . . . . . .  12
     11.1.  Normative References . . . . . . . . . . . . . . . . . .  12
     11.2.  Informative References . . . . . . . . . . . . . . . . .  13
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  14
        
1. Introduction
1. 介绍

Within the Architecture for describing Simple Network Management Protocol (SNMP) Management Frameworks [RFC3411], the User-based Security Model (USM) [RFC3414] for SNMPv3 is defined as a Security Subsystem within an SNMP engine. In RFC 3414, two different authentication protocols, HMAC-MD5-96 and HMAC-SHA-96, are defined based on the hash functions MD5 and SHA-1, respectively.

在用于描述简单网络管理协议(SNMP)管理框架[RFC3411]的体系结构中,SNMPv3的基于用户的安全模型(USM)[RFC3414]被定义为SNMP引擎中的安全子系统。在RFC 3414中,分别基于散列函数MD5和SHA-1定义了两种不同的身份验证协议HMAC-MD5-96和HMAC-SHA-96。

This memo specifies new HMAC-SHA-2 authentication protocols for USM using a Hashed Message Authentication Code (HMAC) based on the SHA-2 family of hash functions [SHA] and truncated to 128 bits for SHA-224, to 192 bits for SHA-256, to 256 bits for SHA-384, and to 384 bits for SHA-512. These protocols are straightforward adaptations of the authentication protocols HMAC-MD5-96 and HMAC-SHA-96 to the SHA-2-based HMAC.

本备忘录使用基于SHA-2哈希函数系列[SHA]的哈希消息身份验证码(HMAC)为USM指定了新的HMAC-SHA-2身份验证协议,并将SHA-224截断为128位,SHA-256截断为192位,SHA-384截断为256位,SHA-512截断为384位。这些协议是认证协议HMAC-MD5-96和HMAC-SHA-96对基于SHA-2的HMAC的直接改编。

This document obsoletes RFC 7630, in which the MIB MODULE-IDENTITY value was incorrectly specified.

本文件淘汰了RFC 7630,其中错误指定了MIB模块标识值。

2. The Internet-Standard Management Framework
2. 因特网标准管理框架

For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410].

有关描述当前互联网标准管理框架的文件的详细概述,请参阅RFC 3410[RFC3410]第7节。

Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, [RFC2578], STD 58, [RFC2579] and STD 58, [RFC2580].

托管对象通过虚拟信息存储(称为管理信息库或MIB)进行访问。MIB对象通常通过简单网络管理协议(SNMP)进行访问。MIB中的对象是使用管理信息结构(SMI)中定义的机制定义的。本备忘录规定了符合SMIv2的MIB模块,如STD 58、[RFC2578]、STD 58、[RFC2579]和STD 58、[RFC2580]所述。

3. Conventions
3. 习俗

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14, RFC 2119 [RFC2119].

本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照BCP 14、RFC 2119[RFC2119]中的说明进行解释。

4. The HMAC-SHA-2 Authentication Protocols
4. HMAC-SHA-2认证协议

This section describes the HMAC-SHA-2 authentication protocols, which use the SHA-2 hash functions (described in FIPS PUB 180-4 [SHA] and RFC 6234 [RFC6234]) in the HMAC mode (described in [RFC2104] and [RFC6234]), truncating the output to 128 bits for SHA-224, 192 bits for SHA-256, 256 bits for SHA-384, and 384 bits for SHA-512. RFC 6234 also provides source code for all the SHA-2 algorithms and HMAC (without truncation). It also includes test harness and standard test vectors for all the defined hash functions and HMAC examples.

本节描述了HMAC-SHA-2认证协议,该协议在HMAC模式下(在[RFC2104]和[RFC6234]中描述)使用SHA-2哈希函数(在FIPS PUB 180-4[SHA]和RFC 6234[RFC6234]中描述),将SHA-224的输出截断为128位,SHA-256的输出截断为192位,SHA-384的输出截断为256位,SHA-512的输出截断为384位。RFC6234还提供了所有SHA-2算法和HMAC(无截断)的源代码。它还包括所有定义的哈希函数和HMAC示例的测试工具和标准测试向量。

The following protocols are defined:

定义了以下协议:

usmHMAC128SHA224AuthProtocol: uses SHA-224 and truncates the output to 128 bits (16 octets);

usmHMAC128SHA224AuthProtocol:使用SHA-224并将输出截断为128位(16个八位字节);

usmHMAC192SHA256AuthProtocol: uses SHA-256 and truncates the output to 192 bits (24 octets);

usmHMAC192SHA256AuthProtocol:使用SHA-256并将输出截断为192位(24个八位字节);

usmHMAC256SHA384AuthProtocol: uses SHA-384 and truncates the output to 256 bits (32 octets);

usmHMAC256SHA384AuthProtocol:使用SHA-384并将输出截断为256位(32个八位字节);

usmHMAC384SHA512AuthProtocol: uses SHA-512 and truncates the output to 384 bits (48 octets).

usmHMAC384SHA512AuthProtocol:使用SHA-512并将输出截断为384位(48个八位字节)。

Implementations conforming to this specification MUST support usmHMAC192SHA256AuthProtocol and SHOULD support usmHMAC384SHA512AuthProtocol. The protocols usmHMAC128SHA224AuthProtocol and usmHMAC256SHA384AuthProtocol are OPTIONAL.

符合本规范的实现必须支持usmHMAC192SHA256AuthProtocol,并应支持usmHMAC384SHA512AuthProtocol。协议usmHMAC128SHA224AuthProtocol和usmHMAC256SHA384AuthProtocol是可选的。

4.1. Deviations from the HMAC-SHA-96 Authentication Protocol
4.1. 与HMAC-SHA-96认证协议的偏差

All the HMAC-SHA-2 authentication protocols are straightforward adaptations of the HMAC-MD5-96 and HMAC-SHA-96 authentication protocols. Specifically, they differ from the HMAC-MD5-96 and HMAC-SHA-96 authentication protocols in the following aspects:

所有HMAC-SHA-2认证协议都是HMAC-MD5-96和HMAC-SHA-96认证协议的直接改编。具体而言,它们在以下方面与HMAC-MD5-96和HMAC-SHA-96认证协议不同:

o The SHA-2 hash function is used to compute the message digest in the HMAC computation according to RFC 2104 and RFC 6234, as opposed to the MD5 hash function [RFC1321] and the SHA-1 hash function [SHA] used in HMAC-MD5-96 and HMAC-SHA-96, respectively. Consequently, the length of the message digest prior to truncation is 224 bits for the SHA-224-based protocol, 256 bits for the SHA-256-based protocol, 384 bits for the SHA-384-based protocol, and 512 bits for the SHA-512-based protocol.

o 与HMAC-MD5-96和HMAC-SHA-96中分别使用的MD5哈希函数[RFC1321]和SHA-1哈希函数[SHA]相反,SHA-2哈希函数用于根据RFC 2104和RFC 6234计算HMAC计算中的消息摘要。因此,对于基于SHA-224的协议,截断之前的消息摘要的长度为224位,对于基于SHA-256的协议为256位,对于基于SHA-384的协议为384位,对于基于SHA-512的协议为512位。

o The resulting message digest (output of HMAC) is truncated to:

o 生成的消息摘要(HMAC的输出)被截断为:

* 16 octets for usmHMAC128SHA224AuthProtocol

* USMHMAC128SHA224AUTH协议的16个八位字节

* 24 octets for usmHMAC192SHA256AuthProtocol

* USMHMAC192SHA256AUTH协议的24个八位字节

* 32 octets for usmHMAC256SHA384AuthProtocol

* USMHMAC256SHA384AUTH协议的32个八位字节

* 48 octets for usmHMAC384SHA512AuthProtocol

* USMHMAC384SHA512AUTH协议的48个八位字节

as opposed to the truncation to 12 octets in HMAC-MD5-96 and HMAC-SHA-96.

与HMAC-MD5-96和HMAC-SHA-96中的12个八位字节截短相反。

o The user's secret key to be used when calculating a digest MUST be

o 计算摘要时要使用的用户密钥必须是

* 28 octets long and derived with SHA-224 for the SHA-224-based protocol usmHMAC128SHA224AuthProtocol

* 基于SHA-224的协议USMHMAC128SHA224AUTH协议的28个八位字节长,由SHA-224派生

* 32 octets long and derived with SHA-256 for the SHA-256-based protocol usmHMAC192SHA256AuthProtocol

* 基于SHA-256的协议USMHMAC192SHA256AUTH协议的32个八位字节长,由SHA-256派生

* 48 octets long and derived with SHA-384 for the SHA-384-based protocol usmHMAC256SHA384AuthProtocol

* 基于SHA-384的协议usmHMAC256SHA384AuthProtocol使用SHA-384派生的48个八位字节长

* 64 octets long and derived with SHA-512 for the SHA-512-based protocol usmHMAC384SHA512AuthProtocol

* 基于SHA-512的协议usmHMAC384SHA512AuthProtocol的64个八位字节长,由SHA-512派生

as opposed to the keys being 16 and 20 octets long in HMAC-MD5-96 and HMAC-SHA-96, respectively.

而HMAC-MD5-96和HMAC-SHA-96中的键分别为16和20个八位字节。

4.2. Processing
4.2. 处理

This section describes the procedures for the HMAC-SHA-2 authentication protocols. The descriptions are based on the definition of services and data elements specified for HMAC-SHA-96 in RFC 3414 with the deviations listed in Section 4.1.

本节介绍HMAC-SHA-2认证协议的程序。描述基于RFC 3414中HMAC-SHA-96规定的服务和数据元素定义,偏差见第4.1节。

Values of constants M (the length of the secret key in octets) and N (the length of the Message Authentication Code (MAC) output in octets), and the hash function H used below are:

下面使用的常量M(以八位字节表示的密钥长度)和N(以八位字节表示的消息认证码(MAC)输出长度)以及散列函数H的值为:

      usmHMAC128SHA224AuthProtocol: M=28, N=16, H=SHA-224;
        
      usmHMAC128SHA224AuthProtocol: M=28, N=16, H=SHA-224;
        
      usmHMAC192SHA256AuthProtocol: M=32, N=24, H=SHA-256;
        
      usmHMAC192SHA256AuthProtocol: M=32, N=24, H=SHA-256;
        
      usmHMAC256SHA384AuthProtocol: M=48, N=32, H=SHA-384;
        
      usmHMAC256SHA384AuthProtocol: M=48, N=32, H=SHA-384;
        

usmHMAC384SHA512AuthProtocol: M=64, N=48, H=SHA-512.

usmHMAC384SHA512AuthProtocol:M=64,N=48,H=SHA-512。

4.2.1. Processing an Outgoing Message
4.2.1. 处理传出消息

This section describes the procedure followed by an SNMP engine whenever it must authenticate an outgoing message using one of the authentication protocols defined above. Values of the constants M and N, and the hash function H are as defined in Section 4.2 and are selected based on which authentication protocol is configured for the given USM usmUser Table entry.

本节介绍SNMP引擎在必须使用上面定义的验证协议之一验证传出消息时所遵循的过程。常数M和N的值以及散列函数H如第4.2节所定义,并根据为给定USM usmUser表条目配置的认证协议进行选择。

1. The msgAuthenticationParameters field is set to the serialization of an OCTET STRING containing N zero octets; it is serialized according to the rules in [RFC3417].

1. msgAuthenticationParameters字段设置为包含N个零八位字节的八位字节字符串的序列化;它根据[RFC3417]中的规则进行序列化。

2. Using the secret authKey of M octets, the HMAC is calculated over the wholeMsg according to RFC 6234 with hash function H.

2. 使用M个八位字节的秘密身份验证密钥,根据RFC 6234和哈希函数H在整个MSG上计算HMAC。

3. The N first octets of the above HMAC are taken as the computed MAC value.

3. 将上述HMAC的N个前八位字节作为计算的MAC值。

4. The msgAuthenticationParameters field is replaced with the MAC obtained in the previous step.

4. msgAuthenticationParameters字段将替换为在上一步中获得的MAC。

5. The authenticatedWholeMsg is then returned to the caller together with the statusInformation indicating success.

5. 然后,authenticatedWholeMsg与指示成功的状态信息一起返回给调用者。

4.2.2. Processing an Incoming Message
4.2.2. 处理传入消息

This section describes the procedure followed by an SNMP engine whenever it must authenticate an incoming message using one of the HMAC-SHA-2 authentication protocols. Values of the constants M and N, and the hash function H are as defined in Section 4.2 and are selected based on which authentication protocol is configured for the given USM usmUser Table entry.

本节介绍SNMP引擎在必须使用HMAC-SHA-2身份验证协议之一对传入消息进行身份验证时所遵循的过程。常数M和N的值以及散列函数H如第4.2节所定义,并根据为给定USM usmUser表条目配置的认证协议进行选择。

1. If the digest received in the msgAuthenticationParameters field is not N octets long, then a failure and an errorIndication (authenticationError) are returned to the calling module.

1. 如果在msgAuthenticationParameters字段中接收到的摘要长度不是N个八位字节,则会向调用模块返回故障和错误指示(authenticationError)。

2. The MAC received in the msgAuthenticationParameters field is saved.

2. 将保存在msgAuthenticationParameters字段中接收的MAC。

3. The digest in the msgAuthenticationParameters field is replaced by the N zero octets.

3. msgAuthenticationParameters字段中的摘要将替换为N个零八位字节。

4. Using the secret authKey of M octets, the HMAC is calculated over the wholeMsg according to RFC 6234 with hash function H.

4. 使用M个八位字节的秘密身份验证密钥,根据RFC 6234和哈希函数H在整个MSG上计算HMAC。

5. The N first octets of the above HMAC are taken as the computed MAC value.

5. 将上述HMAC的N个前八位字节作为计算的MAC值。

6. The msgAuthenticationParameters field is replaced with the MAC value that was saved in step 2.

6. msgAuthenticationParameters字段将替换为步骤2中保存的MAC值。

7. The newly calculated MAC is compared with the MAC saved in step 2. If they do not match, then a failure and an errorIndication (authenticationFailure) are returned to the calling module.

7. 将新计算的MAC与步骤2中保存的MAC进行比较。如果它们不匹配,则会向调用模块返回失败和错误指示(authenticationFailure)。

8. The authenticatedWholeMsg and statusInformation indicating success are then returned to the caller.

8. 然后将authenticatedWholeMsg和指示成功的状态信息返回给调用方。

5. Key Localization and Key Change
5. 密钥本地化和密钥更改

For any of the protocols defined in Section 4, key localization and key change SHALL be performed according to [RFC3414] using the same SHA-2 hash function as in the HMAC-SHA-2 authentication protocol.

对于第4节中定义的任何协议,应根据[RFC3414]使用与HMAC-SHA-2认证协议相同的SHA-2哈希函数执行密钥本地化和密钥更改。

6. Structure of the MIB Module
6. MIB模块的结构

The MIB module specified in this memo does not define any managed objects, subtrees, notifications, or tables; rather, it only defines object identities (for authentication protocols) under a subtree of an existing MIB.

本备忘录中指定的MIB模块不定义任何托管对象、子树、通知或表;相反,它仅在现有MIB的子树下定义对象标识(用于身份验证协议)。

7. Relationship to Other MIB Modules
7. 与其他MIB模块的关系
7.1. Relationship to SNMP-USER-BASED-SM-MIB
7.1. 与SNMP-USER-BASED-SM-MIB的关系

[RFC3414] specifies the MIB module for USM for SNMPv3 (SNMP-USER-BASED-SM-MIB), which defines authentication protocols for USM based on the hash functions MD5 and SHA-1, respectively. The following MIB module defines new HMAC-SHA2 authentication protocols for USM based on the SHA-2 hash functions [SHA]. The use of the HMAC-SHA2 authentication protocols requires the usage of the objects defined in the SNMP-USER-BASED-SM-MIB.

[RFC3414]为SNMPv3的USM指定MIB模块(SNMP-USER-BASED-SM-MIB),该模块分别基于散列函数MD5和SHA-1定义USM的身份验证协议。以下MIB模块基于SHA-2哈希函数[SHA]为USM定义了新的HMAC-SHA2身份验证协议。使用HMAC-SHA2身份验证协议需要使用SNMP-USER-BASED-SM-MIB中定义的对象。

7.2. Relationship to SNMP-FRAMEWORK-MIB
7.2. 与SNMP-FRAMEWORK-MIB的关系

[RFC3411] specifies the SNMP-FRAMEWORK-MIB, which defines a subtree snmpAuthProtocols for SNMP authentication protocols. The following MIB module defines new authentication protocols in the snmpAuthProtocols subtree.

[RFC3411]指定SNMP-FRAMEWORK-MIB,它为SNMP身份验证协议定义了一个子树snmpAuthProtocols。以下MIB模块在snmpAuthProtocols子树中定义了新的身份验证协议。

7.3. MIB Modules Required for IMPORTS
7.3. 导入所需的MIB模块

The following MIB module IMPORTS definitions from SNMPv2-SMI [RFC2578] and SNMP-FRAMEWORK-MIB [RFC3411].

以下MIB模块从SNMPv2 SMI[RFC2578]和SNMP-FRAMEWORK-MIB[RFC3411]导入定义。

8. Definitions
8. 定义
 SNMP-USM-HMAC-SHA2-MIB DEFINITIONS ::= BEGIN
    IMPORTS
       MODULE-IDENTITY, OBJECT-IDENTITY,
           mib-2 FROM SNMPv2-SMI -- RFC 2578
           snmpAuthProtocols FROM SNMP-FRAMEWORK-MIB; -- RFC 3411
        
 SNMP-USM-HMAC-SHA2-MIB DEFINITIONS ::= BEGIN
    IMPORTS
       MODULE-IDENTITY, OBJECT-IDENTITY,
           mib-2 FROM SNMPv2-SMI -- RFC 2578
           snmpAuthProtocols FROM SNMP-FRAMEWORK-MIB; -- RFC 3411
        
snmpUsmHmacSha2MIB MODULE-IDENTITY
    LAST-UPDATED    "201604180000Z" -- 18 April 2016, midnight
    ORGANIZATION    "SNMPv3 Working Group"
    CONTACT-INFO    "WG email: OPSAWG@ietf.org
                    Subscribe:
                        https://www.ietf.org/mailman/listinfo/opsawg
                    Editor:    Johannes Merkle
                               secunet Security Networks
                    Postal:    Mergenthaler Allee 77
                               D-65760 Eschborn
                               Germany
                    Phone:     +49 20154543091
                    Email:     johannes.merkle@secunet.com
        
snmpUsmHmacSha2MIB MODULE-IDENTITY
    LAST-UPDATED    "201604180000Z" -- 18 April 2016, midnight
    ORGANIZATION    "SNMPv3 Working Group"
    CONTACT-INFO    "WG email: OPSAWG@ietf.org
                    Subscribe:
                        https://www.ietf.org/mailman/listinfo/opsawg
                    Editor:    Johannes Merkle
                               secunet Security Networks
                    Postal:    Mergenthaler Allee 77
                               D-65760 Eschborn
                               Germany
                    Phone:     +49 20154543091
                    Email:     johannes.merkle@secunet.com
        

Co-Editor: Manfred Lochter Bundesamt fuer Sicherheit in der Informationstechnik (BSI) Postal: Postfach 200363 D-53133 Bonn Germany Phone: +49 228 9582 5643 Email: manfred.lochter@bsi.bund.de"

共同编辑:Manfred Lochter Bundesamt fuer Sicherheit in der Information Stechnik(BSI)邮政:Postfach 200363 D-53133波恩德国电话:+49 228 9582 5643电子邮件:Manfred。lochter@bsi.bund.de"

DESCRIPTION "Definitions of Object Identities needed for the use of HMAC-SHA2 Authentication Protocols by SNMP's User-based Security Model.

DESCRIPTION“SNMP基于用户的安全模型使用HMAC-SHA2身份验证协议所需的对象标识定义。

Copyright (c) 2016 IETF Trust and the persons identified as authors of the code. All rights reserved.

版权所有(c)2016 IETF信托基金和被确定为代码作者的人员。版权所有。

Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions

根据IETF信托法律条款第4.c节规定的简化BSD许可证中包含的许可条款,允许以源代码和二进制格式重新分发和使用,无论是否修改

        Relating to IETF Documents
        (http://trustee.ietf.org/license-info)."
        
        Relating to IETF Documents
        (http://trustee.ietf.org/license-info)."
        

REVISION "201604180000Z" -- 18 April 2016, midnight DESCRIPTION "Version correcting the MODULE-IDENTITY value, published as RFC 7860"

修订版“20160418000Z”-2016年4月18日午夜描述“修正模块标识值的版本,发布为RFC 7860”

REVISION "201510140000Z" -- 14 October 2015, midnight DESCRIPTION "Initial version, published as RFC 7630"

修订版“201510140000Z”-2015年10月14日午夜描述“初始版本,发布为RFC 7630”

    ::= { mib-2 235 }
        
    ::= { mib-2 235 }
        
usmHMAC128SHA224AuthProtocol OBJECT-IDENTITY
    STATUS      current
    DESCRIPTION "The Authentication Protocol
                usmHMAC128SHA224AuthProtocol uses HMAC-SHA-224 and
                truncates output to 128 bits."
    REFERENCE   "- Krawczyk, H., Bellare, M., and R. Canetti,
                HMAC: Keyed-Hashing for Message Authentication,
                RFC 2104.
                - National Institute of Standards and Technology,
                Secure Hash Standard (SHS), FIPS PUB 180-4, 2012."
    ::= { snmpAuthProtocols 4 }
        
usmHMAC128SHA224AuthProtocol OBJECT-IDENTITY
    STATUS      current
    DESCRIPTION "The Authentication Protocol
                usmHMAC128SHA224AuthProtocol uses HMAC-SHA-224 and
                truncates output to 128 bits."
    REFERENCE   "- Krawczyk, H., Bellare, M., and R. Canetti,
                HMAC: Keyed-Hashing for Message Authentication,
                RFC 2104.
                - National Institute of Standards and Technology,
                Secure Hash Standard (SHS), FIPS PUB 180-4, 2012."
    ::= { snmpAuthProtocols 4 }
        
usmHMAC192SHA256AuthProtocol OBJECT-IDENTITY
    STATUS      current
    DESCRIPTION "The Authentication Protocol
                usmHMAC192SHA256AuthProtocol uses HMAC-SHA-256 and
                truncates output to 192 bits."
    REFERENCE   "- Krawczyk, H., Bellare, M., and R. Canetti,
                HMAC: Keyed-Hashing for Message Authentication,
                RFC 2104.
                - National Institute of Standards and Technology,
                Secure Hash Standard (SHS), FIPS PUB 180-4, 2012."
    ::= { snmpAuthProtocols 5 }
        
usmHMAC192SHA256AuthProtocol OBJECT-IDENTITY
    STATUS      current
    DESCRIPTION "The Authentication Protocol
                usmHMAC192SHA256AuthProtocol uses HMAC-SHA-256 and
                truncates output to 192 bits."
    REFERENCE   "- Krawczyk, H., Bellare, M., and R. Canetti,
                HMAC: Keyed-Hashing for Message Authentication,
                RFC 2104.
                - National Institute of Standards and Technology,
                Secure Hash Standard (SHS), FIPS PUB 180-4, 2012."
    ::= { snmpAuthProtocols 5 }
        

usmHMAC256SHA384AuthProtocol OBJECT-IDENTITY STATUS current DESCRIPTION "The Authentication Protocol usmHMAC256SHA384AuthProtocol uses HMAC-SHA-384 and truncates output to 256 bits." REFERENCE "- Krawczyk, H., Bellare, M., and R. Canetti, HMAC: Keyed-Hashing for Message Authentication, RFC 2104. - National Institute of Standards and Technology,

usmHMAC256SHA384AuthProtocol对象标识状态当前描述“身份验证协议usmHMAC256SHA384AuthProtocol使用HMAC-SHA-384并将输出截断为256位。“参考”-Krawczyk,H.,Bellare,M.和R.Canetti,HMAC:用于消息身份验证的键控哈希,RFC 2104.-国家标准与技术研究所,

                Secure Hash Standard (SHS), FIPS PUB 180-4, 2012."
    ::= { snmpAuthProtocols 6 }
        
                Secure Hash Standard (SHS), FIPS PUB 180-4, 2012."
    ::= { snmpAuthProtocols 6 }
        
usmHMAC384SHA512AuthProtocol OBJECT-IDENTITY
    STATUS      current
    DESCRIPTION "The Authentication Protocol
                usmHMAC384SHA512AuthProtocol uses HMAC-SHA-512 and
                truncates output to 384 bits."
    REFERENCE   "- Krawczyk, H., Bellare, M., and R. Canetti,
                HMAC: Keyed-Hashing for Message Authentication,
                RFC 2104.
                - National Institute of Standards and Technology,
                Secure Hash Standard (SHS), FIPS PUB 180-4, 2012."
    ::= { snmpAuthProtocols 7 }
        
usmHMAC384SHA512AuthProtocol OBJECT-IDENTITY
    STATUS      current
    DESCRIPTION "The Authentication Protocol
                usmHMAC384SHA512AuthProtocol uses HMAC-SHA-512 and
                truncates output to 384 bits."
    REFERENCE   "- Krawczyk, H., Bellare, M., and R. Canetti,
                HMAC: Keyed-Hashing for Message Authentication,
                RFC 2104.
                - National Institute of Standards and Technology,
                Secure Hash Standard (SHS), FIPS PUB 180-4, 2012."
    ::= { snmpAuthProtocols 7 }
        

END

终止

9. Security Considerations
9. 安全考虑
9.1. Use of the HMAC-SHA-2 Authentication Protocols in USM
9.1. HMAC-SHA-2认证协议在USM中的使用

The security considerations of [RFC3414] also apply to the HMAC-SHA-2 authentication protocols defined in this document.

[RFC3414]的安全注意事项也适用于本文件中定义的HMAC-SHA-2认证协议。

9.2. Cryptographic Strength of the Authentication Protocols
9.2. 认证协议的加密强度

At the time of publication of this document, all of the HMAC-SHA-2 authentication protocols provide a very high level of security. The security of each HMAC-SHA-2 authentication protocol depends on the parameters used in the corresponding HMAC computation, which are the length of the key (if the key has maximum entropy), the size of the hash function's internal state, and the length of the truncated MAC. For the HMAC-SHA-2 authentication protocols, these values are as follows (values are given in bits).

在本文档发布时,所有HMAC-SHA-2认证协议都提供了非常高的安全级别。每个HMAC-SHA-2认证协议的安全性取决于相应HMAC计算中使用的参数,即密钥长度(如果密钥具有最大熵)、哈希函数内部状态的大小以及截断MAC的长度。对于HMAC-SHA-2认证协议,这些值如下所示(值以位为单位)。

   +------------------------------+---------+----------------+---------+
   |           Protocol           |   Key   |    Size of     |   MAC   |
   |                              |  length | internal state |  length |
   +------------------------------+---------+----------------+---------+
   | usmHMAC128SHA224AuthProtocol |   224   |      256       |   128   |
   | usmHMAC192SHA256AuthProtocol |   256   |      256       |   192   |
   | usmHMAC256SHA384AuthProtocol |   384   |      512       |   256   |
   | usmHMAC384SHA512AuthProtocol |   512   |      512       |   384   |
   +------------------------------+---------+----------------+---------+
        
   +------------------------------+---------+----------------+---------+
   |           Protocol           |   Key   |    Size of     |   MAC   |
   |                              |  length | internal state |  length |
   +------------------------------+---------+----------------+---------+
   | usmHMAC128SHA224AuthProtocol |   224   |      256       |   128   |
   | usmHMAC192SHA256AuthProtocol |   256   |      256       |   192   |
   | usmHMAC256SHA384AuthProtocol |   384   |      512       |   256   |
   | usmHMAC384SHA512AuthProtocol |   512   |      512       |   384   |
   +------------------------------+---------+----------------+---------+
        

Table 1: HMAC Parameters of the HMAC-SHA-2 Authentication Protocols

表1:HMAC-SHA-2认证协议的HMAC参数

The security of the HMAC scales with both the key length and the size of the internal state: longer keys render key guessing attacks more difficult, and a larger internal state decreases the success probability of MAC forgeries based on internal collisions of the hash function.

HMAC的安全性随密钥长度和内部状态的大小而变化:较长的密钥使得密钥猜测攻击更加困难,较大的内部状态降低了基于哈希函数内部冲突的MAC伪造的成功概率。

The role of the truncated output length is more complicated: according to [BCK], there is a trade-off in that

截断输出长度的作用更为复杂:根据[BCK],这是一种折衷

by outputting less bits the attacker has less bits to predict in a MAC forgery but, on the other hand, the attacker also learns less about the output of the compression function from seeing the authentication tags computed by legitimate parties.

通过输出较少的比特,攻击者在MAC伪造中可以预测的比特数较少,但另一方面,攻击者通过查看合法方计算的身份验证标签,对压缩函数输出的了解也较少。

Thus, truncation weakens the HMAC against forgery by guessing but, at the same time, strengthens it against chosen message attacks aiming at MAC forgery based on internal collisions or at key guessing. RFC 2104 and [BCK] allow truncation to any length that is not less than half the size of the internal state.

因此,截断通过猜测削弱了HMAC的防伪能力,但同时增强了HMAC的防伪能力,使其能够抵御针对基于内部冲突或密钥猜测的MAC伪造的选定消息攻击。RFC 2104和[BCK]允许截断到不小于内部状态大小一半的任何长度。

Further discussion of the security of the HMAC construction is given in RFC 2104.

RFC 2104中对HMAC施工的安全性进行了进一步讨论。

9.3. Derivation of Keys from Passwords
9.3. 从密码派生密钥

If secret keys to be used for HMAC-SHA-2 authentication protocols are derived from passwords, the derivation SHOULD be performed using the password-to-key algorithm from Appendix A.1 of RFC 3414 with MD5 being replaced by the SHA-2 hash function H used in the HMAC-SHA-2 authentication protocol. Specifically, the password is converted into the required secret key by the following steps:

如果用于HMAC-SHA-2认证协议的密钥是从密码派生出来的,则应使用RFC 3414附录A.1中的密码到密钥算法执行派生,MD5由HMAC-SHA-2认证协议中使用的SHA-2哈希函数H替换。具体而言,通过以下步骤将密码转换为所需的密钥:

o forming a string of length 1,048,576 octets by repeating the value of the password as often as necessary, truncating accordingly, and using the resulting string as the input to the hash function H. The resulting digest, termed "digest1", is used in the next step.

o 通过尽可能频繁地重复密码值、相应地截断并将结果字符串用作哈希函数H的输入,形成长度为1048576个八位字节的字符串。在下一步中使用结果摘要,称为“摘要1”。

o forming a second string by concatenating digest1, the SNMP engine's snmpEngineID value, and digest1. This string is used as input to the hash function H.

o 通过连接digest1、SNMP引擎的snmpEngineID值和digest1形成第二个字符串。此字符串用作哈希函数H的输入。

9.4. Access to the SNMP-USM-HMAC-SHA2-MIB
9.4. 访问SNMP-USM-HMAC-SHA2-MIB

The SNMP-USM-HMAC-SHA2-MIB module defines OBJECT IDENTIFIER values for use in other MIB modules. It does not define any objects that can be accessed. As such, the SNMP-USM-HMAC-SHA2-MIB does not, by itself, have any effect on the security of the Internet.

SNMP-USM-HMAC-SHA2-MIB模块定义在其他MIB模块中使用的对象标识符值。它不定义任何可以访问的对象。因此,SNMP-USM-HMAC-SHA2-MIB本身不会对Internet的安全性产生任何影响。

The values defined in this module are expected to be used with the usmUserTable defined in the SNMP-USER-BASED-SM-MIB [RFC3414]. The considerations in Section 11.5 of RFC 3414 should be taken into account.

此模块中定义的值预计将与SNMP-USER-BASED-SM-MIB[RFC3414]中定义的usmUserTable一起使用。应考虑RFC 3414第11.5节中的考虑因素。

10. IANA Considerations
10. IANA考虑

IANA has assigned an OID for the MIB as follows.

IANA为MIB分配了一个OID,如下所示。

             +--------------------+-------------------------+
             |     Descriptor     | OBJECT IDENTIFIER value |
             +--------------------+-------------------------+
             | snmpUsmHmacSha2MIB |      { mib-2 235 }      |
             +--------------------+-------------------------+
        
             +--------------------+-------------------------+
             |     Descriptor     | OBJECT IDENTIFIER value |
             +--------------------+-------------------------+
             | snmpUsmHmacSha2MIB |      { mib-2 235 }      |
             +--------------------+-------------------------+
        

Table 2: OID of MIB

表2:MIB的OID

Furthermore, IANA has assigned a value in the SnmpAuthProtocols registry for each of the following protocols.

此外,IANA已在SnmpAuthProtocols注册表中为以下每个协议分配了一个值。

           +------------------------------+-------+-----------+
           |         Description          | Value | Reference |
           +------------------------------+-------+-----------+
           | usmHMAC128SHA224AuthProtocol |   4   |  RFC 7860 |
           | usmHMAC192SHA256AuthProtocol |   5   |  RFC 7860 |
           | usmHMAC256SHA384AuthProtocol |   6   |  RFC 7860 |
           | usmHMAC384SHA512AuthProtocol |   7   |  RFC 7860 |
           +------------------------------+-------+-----------+
        
           +------------------------------+-------+-----------+
           |         Description          | Value | Reference |
           +------------------------------+-------+-----------+
           | usmHMAC128SHA224AuthProtocol |   4   |  RFC 7860 |
           | usmHMAC192SHA256AuthProtocol |   5   |  RFC 7860 |
           | usmHMAC256SHA384AuthProtocol |   6   |  RFC 7860 |
           | usmHMAC384SHA512AuthProtocol |   7   |  RFC 7860 |
           +------------------------------+-------+-----------+
        

Table 3: Code Points Assigned to HMAC-SHA-2 Authentication Protocols

表3:分配给HMAC-SHA-2认证协议的代码点

11. References
11. 工具书类
11.1. Normative References
11.1. 规范性引用文件

[RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication", RFC 2104, DOI 10.17487/RFC2104, February 1997, <http://www.rfc-editor.org/info/rfc2104>.

[RFC2104]Krawczyk,H.,Bellare,M.,和R.Canetti,“HMAC:用于消息认证的键控哈希”,RFC 2104,DOI 10.17487/RFC2104,1997年2月<http://www.rfc-editor.org/info/rfc2104>.

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <http://www.rfc-editor.org/info/rfc2119>.

[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,DOI 10.17487/RFC2119,1997年3月<http://www.rfc-editor.org/info/rfc2119>.

[RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, DOI 10.17487/RFC2578, April 1999, <http://www.rfc-editor.org/info/rfc2578>.

[RFC2578]McCloghrie,K.,Ed.,Perkins,D.,Ed.,和J.Schoenwaeld,Ed.“管理信息的结构版本2(SMIv2)”,STD 58,RFC 2578,DOI 10.17487/RFC2578,1999年4月<http://www.rfc-editor.org/info/rfc2578>.

[RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 58, RFC 2579, DOI 10.17487/RFC2579, April 1999, <http://www.rfc-editor.org/info/rfc2579>.

[RFC2579]McCloghrie,K.,Ed.,Perkins,D.,Ed.,和J.Schoenwaeld,Ed.“SMIv2的文本约定”,STD 58,RFC 2579,DOI 10.17487/RFC2579,1999年4月<http://www.rfc-editor.org/info/rfc2579>.

[RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Conformance Statements for SMIv2", STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999, <http://www.rfc-editor.org/info/rfc2580>.

[RFC2580]McCloghrie,K.,Ed.,Perkins,D.,Ed.,和J.Schoenwaeld,Ed.“SMIv2的一致性声明”,STD 58,RFC 2580,DOI 10.17487/RFC2580,1999年4月<http://www.rfc-editor.org/info/rfc2580>.

[RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", STD 62, RFC 3414, DOI 10.17487/RFC3414, December 2002, <http://www.rfc-editor.org/info/rfc3414>.

[RFC3414]Blumenthal,U.和B.Wijnen,“简单网络管理协议(SNMPv3)版本3的基于用户的安全模型(USM)”,STD 62,RFC 3414,DOI 10.17487/RFC3414,2002年12月<http://www.rfc-editor.org/info/rfc3414>.

[RFC6234] Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)", RFC 6234, DOI 10.17487/RFC6234, May 2011, <http://www.rfc-editor.org/info/rfc6234>.

[RFC6234]Eastlake 3rd,D.和T.Hansen,“美国安全哈希算法(基于SHA和SHA的HMAC和HKDF)”,RFC 6234,DOI 10.17487/RFC6234,2011年5月<http://www.rfc-editor.org/info/rfc6234>.

[SHA] National Institute of Standards and Technology, "Secure Hash Standard (SHS)", FIPS PUB 180-4, DOI 10.6028/NIST.FIPS.180-4, August 2015, <http://nvlpubs.nist.gov/nistpubs/FIPS/ NIST.FIPS.180-4.pdf>.

[SHA]国家标准与技术研究所,“安全哈希标准(SHS)”,FIPS PUB 180-4,DOI 10.6028/NIST.FIPS.180-42015年8月<http://nvlpubs.nist.gov/nistpubs/FIPS/ NIST.FIPS.180-4.pdf>。

11.2. Informative References
11.2. 资料性引用

[BCK] Bellare, M., Canetti, R., and H. Krawczyk, "Keyed Hash Functions for Message Authentication", Advances in Cryptology - CRYPTO 96, Lecture Notes in Computer Science 1109, Springer-Verlag Berlin Heidelberg, DOI 10.1007/3-540-68697-5_1, 1996.

[BCK]Bellare,M.,Canetti,R.,和H.Krawczyk,“用于消息认证的键控哈希函数”,密码学进展-加密96,计算机科学讲稿1109,Springer Verlag Berlin Heidelberg,DOI 10.1007/3-540-68697-5_1196。

[RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, DOI 10.17487/RFC1321, April 1992, <http://www.rfc-editor.org/info/rfc1321>.

[RFC1321]Rivest,R.,“MD5消息摘要算法”,RFC 1321,DOI 10.17487/RFC1321,1992年4月<http://www.rfc-editor.org/info/rfc1321>.

[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet-Standard Management Framework", RFC 3410, DOI 10.17487/RFC3410, December 2002, <http://www.rfc-editor.org/info/rfc3410>.

[RFC3410]Case,J.,Mundy,R.,Partain,D.,和B.Stewart,“互联网标准管理框架的介绍和适用性声明”,RFC 3410,DOI 10.17487/RFC3410,2002年12月<http://www.rfc-editor.org/info/rfc3410>.

[RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, DOI 10.17487/RFC3411, December 2002, <http://www.rfc-editor.org/info/rfc3411>.

[RFC3411]Harrington,D.,Presohn,R.,和B.Wijnen,“描述简单网络管理协议(SNMP)管理框架的体系结构”,STD 62,RFC 3411,DOI 10.17487/RFC34112002年12月<http://www.rfc-editor.org/info/rfc3411>.

[RFC3417] Presuhn, R., Ed., "Transport Mappings for the Simple Network Management Protocol (SNMP)", STD 62, RFC 3417, DOI 10.17487/RFC3417, December 2002, <http://www.rfc-editor.org/info/rfc3417>.

[RFC3417]Presohn,R.,Ed.“简单网络管理协议(SNMP)的传输映射”,STD 62,RFC 3417,DOI 10.17487/RFC3417,2002年12月<http://www.rfc-editor.org/info/rfc3417>.

Authors' Addresses

作者地址

Johannes Merkle (editor) Secunet Security Networks Mergenthaler Allee 77 65760 Eschborn Germany

Johannes Merkle(编辑)德国埃斯伯恩安全网络公司

   Phone: +49 201 5454 3091
   Email: johannes.merkle@secunet.com
        
   Phone: +49 201 5454 3091
   Email: johannes.merkle@secunet.com
        

Manfred Lochter BSI Postfach 200363 53133 Bonn Germany

德国波恩Manfred Lochter BSI Postfach 200363 53133

   Phone: +49 228 9582 5643
   Email: manfred.lochter@bsi.bund.de
        
   Phone: +49 228 9582 5643
   Email: manfred.lochter@bsi.bund.de