RFC 1446 (rfc1446) - Page 1 of 51


Security Protocols for version 2 of the Simple Network Management Protocol (SNMPv2)



Alternative Format: Original Text Document



Network Working Group                                J. Galvin
          Request for Comments: 1446         Trusted Information Systems
                                                           K. McCloghrie
                                                      Hughes LAN Systems
                                                              April 1993


                                Security Protocols
                               for version 2 of the
                   Simple Network Management Protocol (SNMPv2)


          Status of this Memo

          This RFC specifes an IAB standards track protocol for the
          Internet community, and requests discussion and suggestions
          for improvements.  Please refer to the current edition of the
          "IAB Official Protocol Standards" for the standardization
          state and status of this protocol.  Distribution of this memo
          is unlimited.


          Table of Contents


          1 Introduction ..........................................    2
          1.1 A Note on Terminology ...............................    3
          1.2 Threats .............................................    4
          1.3 Goals and Constraints ...............................    5
          1.4 Security Services ...................................    6
          1.5 Mechanisms ..........................................    7
          1.5.1 Message Digest Algorithm ..........................    8
          1.5.2 Symmetric Encryption Algorithm ....................    9
          2 SNMPv2 Party ..........................................   11
          3 Digest Authentication Protocol ........................   14
          3.1 Generating a Message ................................   16
          3.2 Receiving a Message .................................   18
          4 Symmetric Privacy Protocol ............................   21
          4.1 Generating a Message ................................   21
          4.2 Receiving a Message .................................   22
          5 Clock and Secret Distribution .........................   24
          5.1 Initial Configuration ...............................   25
          5.2 Clock Distribution ..................................   28
          5.3 Clock Synchronization ...............................   29
          5.4 Secret Distribution .................................   31
          5.5 Crash Recovery ......................................   34
          6 Security Considerations ...............................   37
          6.1 Recommended Practices ...............................   37
          6.2 Conformance .........................................   39
          6.3 Protocol Correctness ................................   42




          Galvin & McCloghrie                                   [Page i]





          RFC 1446        Security Protocols for SNMPv2       April 1993


          6.3.1 Clock Monotonicity Mechanism ......................   43
          6.3.2 Data Integrity Mechanism ..........................   43
          6.3.3 Data Origin Authentication Mechanism ..............   44
          6.3.4 Restricted Administration Mechanism ...............   44
          6.3.5 Message Timeliness Mechanism ......................   45
          6.3.6 Selective Clock Acceleration Mechanism ............   46
          6.3.7 Confidentiality Mechanism .........................   47
          7 Acknowledgements ......................................   48
          8 References ............................................   49
          9 Authors' Addresses ....................................   51








































          Galvin & McCloghrie