Network Working Group J. Galvin Request for Comments: 1446 Trusted Information Systems K. McCloghrie Hughes LAN Systems April 1993 Security Protocols for version 2 of the Simple Network Management Protocol (SNMPv2) Status of this Memo This RFC specifes an IAB standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "IAB Official Protocol Standards" for the standardization state and status of this protocol. Distribution of this memo is unlimited. Table of Contents 1 Introduction .......................................... 2 1.1 A Note on Terminology ............................... 3 1.2 Threats ............................................. 4 1.3 Goals and Constraints ............................... 5 1.4 Security Services ................................... 6 1.5 Mechanisms .......................................... 7 1.5.1 Message Digest Algorithm .......................... 8 1.5.2 Symmetric Encryption Algorithm .................... 9 2 SNMPv2 Party .......................................... 11 3 Digest Authentication Protocol ........................ 14 3.1 Generating a Message ................................ 16 3.2 Receiving a Message ................................. 18 4 Symmetric Privacy Protocol ............................ 21 4.1 Generating a Message ................................ 21 4.2 Receiving a Message ................................. 22 5 Clock and Secret Distribution ......................... 24 5.1 Initial Configuration ............................... 25 5.2 Clock Distribution .................................. 28 5.3 Clock Synchronization ............................... 29 5.4 Secret Distribution ................................. 31 5.5 Crash Recovery ...................................... 34 6 Security Considerations ............................... 37 6.1 Recommended Practices ............................... 37 6.2 Conformance ......................................... 39 6.3 Protocol Correctness ................................ 42 Galvin & McCloghrie [Page i] RFC 1446 Security Protocols for SNMPv2 April 1993 6.3.1 Clock Monotonicity Mechanism ...................... 43 6.3.2 Data Integrity Mechanism .......................... 43 6.3.3 Data Origin Authentication Mechanism .............. 44 6.3.4 Restricted Administration Mechanism ............... 44 6.3.5 Message Timeliness Mechanism ...................... 45 6.3.6 Selective Clock Acceleration Mechanism ............ 46 6.3.7 Confidentiality Mechanism ......................... 47 7 Acknowledgements ...................................... 48 8 References ............................................ 49 9 Authors' Addresses .................................... 51 Galvin & McCloghrie