RFC 1446 (rfc1446) - Page 3 of 51
Security Protocols for version 2 of the Simple Network Management Protocol (SNMPv2)
Alternative Format: Original Text Document
RFC 1446 Security Protocols for SNMPv2 April 1993
The Digest Authentication Protocol is described in Section 3.
It provides a data integrity service by transmitting a message
digest - computed by the originator and verified by the
recipient - with each SNMPv2 message. The data origin
authentication service is provided by prefixing the message
with a secret value known only to the originator and
recipient, prior to computing the digest. Thus, data
integrity is supported explicitly while data origin
authentication is supported implicitly in the verification of
the digest.
The Symmetric Privacy Protocol is described in Section 4. It
protects messages from disclosure by encrypting their contents
according to a secret cryptographic key known only to the
originator and recipient. The additional functionality
afforded by this protocol is assumed to justify its additional
computational cost.
The Digest Authentication Protocol depends on the existence of
loosely synchronized clocks between the originator and
recipient of a message. The protocol specification makes no
assumptions about the strategy by which such clocks are
synchronized. Section 5.3 presents one strategy that is
particularly suited to the demands of SNMP network management.
Both protocols described here require the sharing of secret
information between the originator of a message and its
recipient. The protocol specifications assume the existence
of the necessary secrets. The selection of such secrets and
their secure distribution to appropriate parties may be
accomplished by a variety of strategies. Section 5.4 presents
one such strategy that is particularly suited to the demands
of SNMP network management.
1.1. A Note on Terminology
For the purpose of exposition, the original Internet-standard
Network Management Framework, as described in RFCs 1155, 1157,
and 1212, is termed the SNMP version 1 framework (SNMPv1).
The current framework is termed the SNMP version 2 framework
(SNMPv2).
Galvin & McCloghrie