RFC 1446 (rfc1446) - Page 2 of 51


Security Protocols for version 2 of the Simple Network Management Protocol (SNMPv2)



Alternative Format: Original Text Document







          RFC 1446        Security Protocols for SNMPv2       April 1993


          1.  Introduction

          A network management system contains: several (potentially
          many) nodes, each with a processing entity, termed an agent,
          which has access to management instrumentation; at least one
          management station; and, a management protocol, used to convey
          management information between the agents and management
          stations.  Operations of the protocol are carried out under an
          administrative framework which defines both authentication and
          authorization policies.

          Network management stations execute management applications
          which monitor and control network elements.  Network elements
          are devices such as hosts, routers, terminal servers, etc.,
          which are monitored and controlled through access to their
          management information.

          In the Administrative Model for SNMPv2 document [1], each
          SNMPv2 party is, by definition, associated with a single
          authentication protocol and a single privacy protocol.  It is
          the purpose of this document, Security Protocols for SNMPv2,
          to define one such authentication and one such privacy
          protocol.

          The authentication protocol provides a mechanism by which
          SNMPv2 management communications transmitted by the party may
          be reliably identified as having originated from that party.
          The authentication protocol defined in this memo also reliably
          determines that the message received is the message that was
          sent.

          The privacy protocol provides a mechanism by which SNMPv2
          management communications transmitted to said party are
          protected from disclosure.  The privacy protocol in this memo
          specifies that only authenticated messages may be protected
          from disclosure.

          These protocols are secure alternatives to the so-called
          "trivial" protocol defined in [2].

               USE OF THE TRIVIAL PROTOCOL ALONE DOES NOT CONSTITUTE
               SECURE NETWORK MANAGEMENT.  THEREFORE, A NETWORK
               MANAGEMENT SYSTEM THAT IMPLEMENTS ONLY THE TRIVIAL
               PROTOCOL IS NOT CONFORMANT TO THIS SPECIFICATION.






          Galvin & McCloghrie