telemetry-snmp 0.1.0

data/lib/telemetry/snmp/mibs/SNMP-USM-AES-MIB.txt

@@ -0,0 +1,62 @@
+SNMP-USM-AES-MIB DEFINITIONS ::= BEGIN
+    IMPORTS
+        MODULE-IDENTITY, OBJECT-IDENTITY,
+        snmpModules             FROM SNMPv2-SMI          -- [RFC2578]
+        snmpPrivProtocols       FROM SNMP-FRAMEWORK-MIB; -- [RFC3411]
+
+snmpUsmAesMIB  MODULE-IDENTITY
+    LAST-UPDATED "200406140000Z"
+    ORGANIZATION "IETF"
+    CONTACT-INFO "Uri Blumenthal
+                  Lucent Technologies / Bell Labs
+                  67 Whippany Rd.
+                  14D-318
+                  Whippany, NJ  07981, USA
+                  973-386-2163
+                  uri@bell-labs.com
+
+                  Fabio Maino
+                  Andiamo Systems, Inc.
+                  375 East Tasman Drive
+                  San Jose, CA  95134, USA
+                  408-853-7530
+                  fmaino@andiamo.com
+
+                  Keith McCloghrie
+                  Cisco Systems, Inc.
+                  170 West Tasman Drive
+                  San Jose, CA  95134-1706, USA
+
+                  408-526-5260
+                  kzm@cisco.com"
+    DESCRIPTION  "Definitions of Object Identities needed for
+                  the use of AES by SNMP's User-based Security
+                  Model.
+
+                  Copyright (C) The Internet Society (2004).
+
+            This version of this MIB module is part of RFC 3826;
+            see the RFC itself for full legal notices.
+            Supplementary information may be available on
+            http://www.ietf.org/copyrights/ianamib.html."
+
+    REVISION     "200406140000Z"
+    DESCRIPTION  "Initial version, published as RFC3826"
+    ::= { snmpModules 20 }
+
+usmAesCfb128Protocol OBJECT-IDENTITY
+    STATUS        current
+    DESCRIPTION  "The CFB128-AES-128 Privacy Protocol."
+    REFERENCE    "- Specification for the ADVANCED ENCRYPTION
+                    STANDARD. Federal Information Processing
+                    Standard (FIPS) Publication 197.
+                    (November 2001).
+
+                  - Dworkin, M., NIST Recommendation for Block
+                    Cipher Modes of Operation, Methods and
+                    Techniques. NIST Special Publication 800-38A
+                    (December 2001).
+                 "
+    ::= { snmpPrivProtocols 4 }
+
+END

data/lib/telemetry/snmp/mibs/SNMP-USM-DH-OBJECTS-MIB.txt

@@ -0,0 +1,532 @@
+SNMP-USM-DH-OBJECTS-MIB DEFINITIONS ::= BEGIN
+
+IMPORTS
+    MODULE-IDENTITY, OBJECT-TYPE,
+    -- OBJECT-IDENTITY,
+    experimental, Integer32
+        FROM SNMPv2-SMI
+    TEXTUAL-CONVENTION
+        FROM SNMPv2-TC
+    MODULE-COMPLIANCE, OBJECT-GROUP
+        FROM SNMPv2-CONF
+    usmUserEntry
+        FROM SNMP-USER-BASED-SM-MIB
+    SnmpAdminString
+        FROM SNMP-FRAMEWORK-MIB;
+
+snmpUsmDHObjectsMIB MODULE-IDENTITY
+    LAST-UPDATED "200003060000Z"  -- 6 March 2000, Midnight
+    ORGANIZATION "Excite@Home"
+    CONTACT-INFO "Author: Mike StJohns
+                  Postal: Excite@Home
+                          450 Broadway
+                          Redwood City, CA 94063
+                  Email:  stjohns@corp.home.net
+                  Phone:  +1-650-556-5368"
+    DESCRIPTION
+        "The management information definitions for providing forward
+    secrecy for key changes for the usmUserTable, and for providing a
+    method for 'kickstarting' access to the agent via a Diffie-Helman
+    key agreement."
+
+    REVISION     "200003060000Z"
+    DESCRIPTION
+       "Initial version published as RFC 2786."
+    ::= { experimental 101 }  -- IANA DHKEY-CHANGE 101
+
+-- Administrative assignments
+
+usmDHKeyObjects OBJECT IDENTIFIER ::= { snmpUsmDHObjectsMIB 1 }
+usmDHKeyConformance OBJECT IDENTIFIER ::= { snmpUsmDHObjectsMIB 2 }
+
+-- Textual conventions
+
+DHKeyChange ::=         TEXTUAL-CONVENTION
+    STATUS              current
+    DESCRIPTION
+        "Upon initialization, or upon creation of a row containing an
+    object of this type, and after any successful SET of this value, a
+    GET of this value returns 'y' where y = g^xa MOD p, and where g is
+    the base from usmDHParameters, p is the prime from
+    usmDHParameters, and xa is a new random integer selected by the
+    agent in the interval 2^(l-1) <= xa < 2^l < p-1.  'l' is the
+    optional privateValueLength from usmDHParameters in bits.  If 'l'
+    is omitted, then xa (and xr below) is selected in the interval 0
+    <= xa < p-1.  y is expressed as an OCTET STRING 'PV' of length 'k'
+    which satisfies
+
+              k
+        y =  SUM   2^(8(k-i)) PV'i
+             i=1
+
+        where PV1,...,PVk are the octets of PV from first to last, and
+        where PV1 <> 0.
+
+    A successful SET consists of the value 'y' expressed as an OCTET
+    STRING as above concatenated with the value 'z'(expressed as an
+    OCTET STRING in the same manner as y) where z = g^xr MOD p, where
+    g, p and l are as above, and where xr is a new random integer
+    selected by the manager in the interval 2^(l-1) <= xr < 2^l <
+    p-1. A SET to an object of this type will fail with the error
+    wrongValue if the current 'y' does not match the 'y' portion of
+    the value of the varbind for the object. (E.g. GET yout, SET
+    concat(yin, z), yout <> yin).
+
+    Note that the private values xa and xr are never transmitted from
+    manager to device or vice versa, only the values y and z.
+    Obviously, these values must be retained until a successful SET on
+    the associated object.
+
+    The shared secret 'sk' is calculated at the agent as sk = z^xa MOD
+    p, and at the manager as sk = y^xr MOD p.
+
+    Each object definition of this type MUST describe how to map from
+    the shared secret 'sk' to the operational key value used by the
+    protocols and operations related to the object.  In general, if n
+    bits of key are required, the author suggests using the n
+    right-most bits of the shared secret as the operational key value."
+    REFERENCE
+        "-- Diffie-Hellman Key-Agreement Standard, PKCS #3;
+            RSA Laboratories, November 1993"
+    SYNTAX              OCTET STRING
+
+-- Diffie Hellman public values
+
+usmDHPublicObjects      OBJECT IDENTIFIER ::= { usmDHKeyObjects 1 }
+
+usmDHParameters OBJECT-TYPE
+    SYNTAX  OCTET STRING
+    MAX-ACCESS read-write
+    STATUS  current
+    DESCRIPTION
+        "The public Diffie-Hellman parameters for doing a Diffie-Hellman
+    key agreement for this device.  This is encoded as an ASN.1
+    DHParameter per PKCS #3, section 9.  E.g.
+
+        DHParameter ::= SEQUENCE {
+           prime   INTEGER,   -- p
+           base    INTEGER,   -- g
+           privateValueLength  INTEGER OPTIONAL }
+
+    Implementors are encouraged to use either the values from
+    Oakley Group 1  or the values of from Oakley Group 2 as specified
+    in RFC-2409, The Internet Key Exchange, Section 6.1, 6.2 as the
+    default for this object.  Other values may be used, but the
+    security properties of those values MUST be well understood and
+    MUST meet the requirements of PKCS #3 for the selection of
+    Diffie-Hellman primes.
+
+        In addition, any time usmDHParameters changes, all values of
+    type DHKeyChange will change and new random numbers MUST be
+    generated by the agent for each DHKeyChange object."
+    REFERENCE
+        "-- Diffie-Hellman Key-Agreement Standard, PKCS #3,
+            RSA Laboratories, November 1993
+         -- The Internet Key Exchange, RFC 2409, November 1998,
+            Sec 6.1, 6.2"
+    ::= { usmDHPublicObjects 1 }
+
+usmDHUserKeyTable OBJECT-TYPE
+    SYNTAX  SEQUENCE OF UsmDHUserKeyEntry
+    MAX-ACCESS not-accessible
+    STATUS  current
+    DESCRIPTION
+        "This table augments and extends the usmUserTable and provides
+    4 objects which exactly mirror the objects in that table with the
+    textual convention of 'KeyChange'.  This extension allows key
+    changes to be done in a manner where the knowledge of the current
+    secret plus knowledge of the key change data exchanges (e.g. via
+    wiretapping)  will not reveal the new key."
+    ::= { usmDHPublicObjects 2 }
+
+usmDHUserKeyEntry OBJECT-TYPE
+    SYNTAX  UsmDHUserKeyEntry
+    MAX-ACCESS not-accessible
+    STATUS  current
+    DESCRIPTION
+        "A row of DHKeyChange objects which augment or replace the
+    functionality of the KeyChange objects in the base table row."
+    AUGMENTS { usmUserEntry }
+    ::= {usmDHUserKeyTable 1 }
+
+UsmDHUserKeyEntry ::= SEQUENCE {
+        usmDHUserAuthKeyChange          DHKeyChange,
+    usmDHUserOwnAuthKeyChange   DHKeyChange,
+        usmDHUserPrivKeyChange          DHKeyChange,
+        usmDHUserOwnPrivKeyChange       DHKeyChange
+        }
+
+usmDHUserAuthKeyChange OBJECT-TYPE
+    SYNTAX  DHKeyChange
+    MAX-ACCESS read-create
+    STATUS  current
+    DESCRIPTION
+        "The object used to change any given user's Authentication Key
+    using a Diffie-Hellman key exchange.
+
+    The right-most n bits of the shared secret 'sk', where 'n' is the
+    number of bits required for the protocol defined by
+    usmUserAuthProtocol, are installed as the operational
+    authentication key for this row after a successful SET."
+    ::= { usmDHUserKeyEntry 1 }
+
+usmDHUserOwnAuthKeyChange OBJECT-TYPE
+    SYNTAX  DHKeyChange
+    MAX-ACCESS read-create
+    STATUS  current
+    DESCRIPTION
+        "The object used to change the agents own Authentication Key
+    using a Diffie-Hellman key exchange.
+
+    The right-most n bits of the shared secret 'sk', where 'n' is the
+    number of bits required for the protocol defined by
+    usmUserAuthProtocol, are installed as the operational
+    authentication key for this row after a successful SET."
+    ::= { usmDHUserKeyEntry 2 }
+
+usmDHUserPrivKeyChange OBJECT-TYPE
+    SYNTAX  DHKeyChange
+    MAX-ACCESS read-create
+    STATUS  current
+    DESCRIPTION
+        "The object used to change any given user's Privacy Key using
+    a Diffie-Hellman key exchange.
+
+    The right-most n bits of the shared secret 'sk', where 'n' is the
+    number of bits required for the protocol defined by
+    usmUserPrivProtocol, are installed as the operational privacy key
+    for this row after a successful SET."
+    ::= { usmDHUserKeyEntry 3 }
+
+usmDHUserOwnPrivKeyChange OBJECT-TYPE
+    SYNTAX  DHKeyChange
+    MAX-ACCESS read-create
+    STATUS  current
+    DESCRIPTION
+        "The object used to change the agent's own Privacy Key using a
+    Diffie-Hellman key exchange.
+
+    The right-most n bits of the shared secret 'sk', where 'n' is the
+    number of bits required for the protocol defined by
+    usmUserPrivProtocol, are installed as the operational privacy key
+    for this row after a successful SET."
+    ::= { usmDHUserKeyEntry 4 }
+
+usmDHKickstartGroup OBJECT IDENTIFIER ::= { usmDHKeyObjects 2 }
+
+usmDHKickstartTable OBJECT-TYPE
+    SYNTAX      SEQUENCE OF UsmDHKickstartEntry
+    MAX-ACCESS  not-accessible
+    STATUS      current
+    DESCRIPTION
+        "A table of mappings between zero or more Diffie-Helman key
+    agreement values and entries in the usmUserTable.  Entries in this
+    table are created by providing the associated device with a
+    Diffie-Helman public value and a usmUserName/usmUserSecurityName
+    pair during initialization. How these values are provided is
+    outside the scope of this MIB, but could be provided manually, or
+    through a configuration file.  Valid public value/name pairs
+    result in the creation of a row in this table as well as the
+    creation of an associated row (with keys derived as indicated) in
+    the usmUserTable.  The actual access the related usmSecurityName
+    has is dependent on the entries in the VACM tables.  In general,
+    an implementor will specify one or more standard security names
+    and will provide entries in the VACM tables granting various
+    levels of access to those names.  The actual content of the VACM
+
+    table is beyond the scope of this MIB.
+
+    Note: This table is expected to be readable without authentication
+    using the usmUserSecurityName 'dhKickstart'.  See the conformance
+    statements for details."
+    ::= { usmDHKickstartGroup 1 }
+
+usmDHKickstartEntry OBJECT-TYPE
+    SYNTAX      UsmDHKickstartEntry
+    MAX-ACCESS  not-accessible
+    STATUS      current
+    DESCRIPTION
+        "An entry in the usmDHKickstartTable.  The agent SHOULD either
+    delete this entry or mark it as inactive upon a successful SET of
+    any of the KeyChange-typed objects in the usmUserEntry or upon a
+    successful SET of any of the DHKeyChange-typed objects in the
+    usmDhKeyChangeEntry where the related usmSecurityName (e.g. row of
+    usmUserTable or row of ushDhKeyChangeTable) equals this entry's
+    usmDhKickstartSecurityName.  In otherwords, once you've changed
+    one or more of the keys for a row in usmUserTable with a
+    particular security name, the row in this table with that same
+    security name is no longer useful or meaningful."
+    INDEX   { usmDHKickstartIndex }
+    ::= {usmDHKickstartTable 1 }
+
+UsmDHKickstartEntry ::= SEQUENCE  {
+        usmDHKickstartIndex     Integer32,
+        usmDHKickstartMyPublic  OCTET STRING,
+        usmDHKickstartMgrPublic OCTET STRING,
+        usmDHKickstartSecurityName      SnmpAdminString
+        }
+
+usmDHKickstartIndex OBJECT-TYPE
+    SYNTAX      Integer32  (1..2147483647)
+    MAX-ACCESS  not-accessible
+    STATUS      current
+    DESCRIPTION
+        "Index value for this row."
+    ::= { usmDHKickstartEntry 1 }
+
+usmDHKickstartMyPublic OBJECT-TYPE
+    SYNTAX      OCTET STRING
+    MAX-ACCESS  read-only
+    STATUS      current
+    DESCRIPTION
+        "The agent's Diffie-Hellman public value for this row.  At
+
+    initialization, the agent generates a random number and derives
+    its public value from that number.  This public value is published
+    here.  This public value 'y' equals g^r MOD p where g is the from
+    the set of Diffie-Hellman parameters, p is the prime from those
+    parameters, and r is a random integer selected by the agent in the
+    interval 2^(l-1) <= r < p-1 < 2^l.  If l is unspecified, then r is
+    a random integer selected in the interval 0 <= r < p-1
+
+    The public value is expressed as an OCTET STRING 'PV' of length
+    'k' which satisfies
+
+              k
+        y =  SUM   2^(8(k-i)) PV'i
+             i = 1
+
+        where PV1,...,PVk are the octets of PV from first to last, and
+        where PV1 != 0.
+
+    The following DH parameters (Oakley group #2, RFC 2409, sec 6.1,
+    6.2) are used for this object:
+
+    g = 2
+    p = FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1
+        29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD
+        EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245
+        E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED
+        EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381
+        FFFFFFFF FFFFFFFF
+    l=1024
+    "
+    REFERENCE
+        "-- Diffie-Hellman Key-Agreement Standard, PKCS#3v1.4;
+            RSA Laboratories, November 1993
+         -- The Internet Key Exchange, RFC2409;
+            Harkins, D., Carrel, D.; November 1998"
+    ::= { usmDHKickstartEntry 2 }
+
+usmDHKickstartMgrPublic OBJECT-TYPE
+    SYNTAX      OCTET STRING
+    MAX-ACCESS  read-only
+    STATUS      current
+    DESCRIPTION
+        "The manager's Diffie-Hellman public value for this row.  Note
+    that this value is not set via the SNMP agent, but may be set via
+    some out of band method, such as the device's configuration file.
+
+    The manager calculates this value in the same manner and using the
+    same parameter set as the agent does.  E.g. it selects a random
+    number 'r', calculates y = g^r mod p and provides 'y' as the
+    public number expressed as an OCTET STRING.  See
+    usmDHKickstartMyPublic for details.
+
+    When this object is set with a valid value during initialization,
+    a row is created in the usmUserTable with the following values:
+
+    usmUserEngineID             localEngineID
+    usmUserName                 [value of usmDHKickstartSecurityName]
+    usmUserSecurityName         [value of usmDHKickstartSecurityName]
+    usmUserCloneFrom            ZeroDotZero
+    usmUserAuthProtocol         usmHMACMD5AuthProtocol
+    usmUserAuthKeyChange        -- derived from set value
+    usmUserOwnAuthKeyChange     -- derived from set value
+    usmUserPrivProtocol         usmDESPrivProtocol
+    usmUserPrivKeyChange        -- derived from set value
+    usmUserOwnPrivKeyChange     -- derived from set value
+    usmUserPublic               ''
+    usmUserStorageType          permanent
+    usmUserStatus               active
+
+    A shared secret 'sk' is calculated at the agent as sk =
+    mgrPublic^r mod p where r is the agents random number and p is the
+    DH prime from the common parameters.  The underlying privacy key
+    for this row is derived from sk by applying the key derivation
+    function PBKDF2 defined in PKCS#5v2.0 with a salt of 0xd1310ba6,
+    and iterationCount of 500, a keyLength of 16 (for
+    usmDESPrivProtocol), and a prf (pseudo random function) of
+    'id-hmacWithSHA1'.  The underlying authentication key for this row
+    is derived from sk by applying the key derivation function PBKDF2
+    with a salt of 0x98dfb5ac , an interation count of 500, a
+    keyLength of 16 (for usmHMAC5AuthProtocol), and a prf of
+    'id-hmacWithSHA1'.  Note: The salts are the first two words in the
+    ks0 [key schedule 0] of the BLOWFISH cipher from 'Applied
+    Cryptography' by Bruce Schnier - they could be any relatively
+    random string of bits.
+
+    The manager can use its knowledge of its own random number and the
+    agent's public value to kickstart its access to the agent in a
+    secure manner.  Note that the security of this approach is
+    directly related to the strength of the authorization security of
+    the out of band provisioning of the managers public value
+    (e.g. the configuration file), but is not dependent at all on the
+    strength of the confidentiality of the out of band provisioning
+    data."
+    REFERENCE
+        "-- Password-Based Cryptography Standard, PKCS#5v2.0;
+            RSA Laboratories, March 1999
+         -- Applied Cryptography, 2nd Ed.; B. Schneier,
+            Counterpane Systems; John Wiley & Sons, 1996"
+    ::= { usmDHKickstartEntry 3 }
+
+usmDHKickstartSecurityName OBJECT-TYPE
+    SYNTAX      SnmpAdminString
+    MAX-ACCESS  read-only
+    STATUS      current
+    DESCRIPTION
+        "The usmUserName and usmUserSecurityName in the usmUserTable
+    associated with this row.  This is provided in the same manner and
+    at the same time as the usmDHKickstartMgrPublic value -
+    e.g. possibly manually, or via the device's configuration file."
+    ::= { usmDHKickstartEntry 4 }
+
+-- Conformance Information
+
+usmDHKeyMIBCompliances  OBJECT IDENTIFIER ::= { usmDHKeyConformance 1 }
+usmDHKeyMIBGroups       OBJECT IDENTIFIER ::= { usmDHKeyConformance 2 }
+
+-- Compliance statements
+
+usmDHKeyMIBCompliance   MODULE-COMPLIANCE
+    STATUS      current
+    DESCRIPTION
+        "The compliance statement for this module."
+    MODULE
+        GROUP usmDHKeyMIBBasicGroup
+        DESCRIPTION
+        "This group MAY be implemented by any agent which
+        implements the usmUserTable and which wishes to provide the
+        ability to change user and agent authentication and privacy
+        keys via Diffie-Hellman key exchanges."
+
+        GROUP usmDHKeyParamGroup
+        DESCRIPTION
+            "This group MUST be implemented by any agent which
+        implements a MIB containing the DHKeyChange Textual
+        Convention defined in this module."
+
+        GROUP usmDHKeyKickstartGroup
+        DESCRIPTION
+            "This group MAY be implemented by any agent which
+        implements the usmUserTable and which wishes the ability to
+        populate the USM table based on out-of-band provided DH
+        ignition values.
+
+             Any agent implementing this group is expected to provide
+        preinstalled entries in the vacm tables as follows:
+
+             In the usmUserTable: This entry allows access to the
+        system and dhKickstart groups
+
+        usmUserEngineID         localEngineID
+        usmUserName             'dhKickstart'
+        usmUserSecurityName     'dhKickstart'
+        usmUserCloneFrom        ZeroDotZero
+        usmUserAuthProtocol     none
+        usmUserAuthKeyChange    ''
+        usmUserOwnAuthKeyChange ''
+        usmUserPrivProtocol     none
+        usmUserPrivKeyChange    ''
+        usmUserOwnPrivKeyChange ''
+        usmUserPublic           ''
+        usmUserStorageType      permanent
+        usmUserStatus           active
+
+            In the vacmSecurityToGroupTable: This maps the initial
+        user into the accessible objects.
+
+        vacmSecurityModel               3 (USM)
+        vacmSecurityName                'dhKickstart'
+        vacmGroupName                   'dhKickstart'
+        vacmSecurityToGroupStorageType  permanent
+        vacmSecurityToGroupStatus       active
+
+            In the vacmAccessTable: Group name to view name translation.
+
+        vacmGroupName                   'dhKickstart'
+    vacmAccessContextPrefix             ''
+        vacmAccessSecurityModel         3 (USM)
+        vacmAccessSecurityLevel         noAuthNoPriv
+        vacmAccessContextMatch          exact
+        vacmAccessReadViewName          'dhKickRestricted'
+        vacmAccessWriteViewName         ''
+        vacmAccessNotifyViewName        'dhKickRestricted'
+        vacmAccessStorageType           permanent
+        vacmAccessStatus                active
+
+            In the vacmViewTreeFamilyTable: Two entries to allow the
+        initial entry to access the system and kickstart groups.
+
+        vacmViewTreeFamilyViewName      'dhKickRestricted'
+        vacmViewTreeFamilySubtree       1.3.6.1.2.1.1  (system)
+        vacmViewTreeFamilyMask          ''
+
+        vacmViewTreeFamilyType          1
+        vacmViewTreeFamilyStorageType   permanent
+        vacmViewTreeFamilyStatus        active
+
+        vacmViewTreeFamilyViewName      'dhKickRestricted'
+        vacmViewTreeFamilySubtree         (usmDHKickstartTable OID)
+        vacmViewTreeFamilyMask          ''
+        vacmViewTreeFamilyType          1
+        vacmViewTreeFamilyStorageType   permanent
+        vacmViewTreeFamilyStatus        active
+        "
+
+        OBJECT usmDHParameters
+        MIN-ACCESS      read-only
+        DESCRIPTION
+            "It is compliant to implement this object as read-only for
+        any device."
+    ::= { usmDHKeyMIBCompliances 1 }
+
+-- Units of Compliance
+
+usmDHKeyMIBBasicGroup OBJECT-GROUP
+    OBJECTS     {
+                  usmDHUserAuthKeyChange,
+                  usmDHUserOwnAuthKeyChange,
+                  usmDHUserPrivKeyChange,
+                  usmDHUserOwnPrivKeyChange
+                }
+    STATUS      current
+    DESCRIPTION
+        ""
+    ::= { usmDHKeyMIBGroups 1 }
+
+usmDHKeyParamGroup OBJECT-GROUP
+    OBJECTS     {
+                  usmDHParameters
+                }
+    STATUS      current
+    DESCRIPTION
+        "The mandatory object for all MIBs which use the DHKeyChange
+    textual convention."
+    ::= { usmDHKeyMIBGroups 2 }
+
+usmDHKeyKickstartGroup OBJECT-GROUP
+    OBJECTS     {
+                  usmDHKickstartMyPublic,
+                  usmDHKickstartMgrPublic,
+                  usmDHKickstartSecurityName
+                }
+    STATUS      current
+    DESCRIPTION
+        "The objects used for kickstarting one or more SNMPv3 USM
+    associations via a configuration file or other out of band,
+    non-confidential access."
+    ::= { usmDHKeyMIBGroups 3 }
+
+END