RFC 1446 (rfc1446) - Page 3 of 51

Security Protocols for version 2 of the Simple Network Management Protocol (SNMPv2)

          RFC 1446        Security Protocols for SNMPv2       April 1993


          The Digest Authentication Protocol is described in Section 3.
          It provides a data integrity service by transmitting a message
          digest - computed by the originator and verified by the
          recipient - with each SNMPv2 message.  The data origin
          authentication service is provided by prefixing the message
          with a secret value known only to the originator and
          recipient, prior to computing the digest.  Thus, data
          integrity is supported explicitly while data origin
          authentication is supported implicitly in the verification of
          the digest.

          The Symmetric Privacy Protocol is described in Section 4.  It
          protects messages from disclosure by encrypting their contents
          according to a secret cryptographic key known only to the
          originator and recipient.  The additional functionality
          afforded by this protocol is assumed to justify its additional
          computational cost.

          The Digest Authentication Protocol depends on the existence of
          loosely synchronized clocks between the originator and
          recipient of a message.  The protocol specification makes no
          assumptions about the strategy by which such clocks are
          synchronized.  Section 5.3 presents one strategy that is
          particularly suited to the demands of SNMP network management.

          Both protocols described here require the sharing of secret
          information between the originator of a message and its
          recipient.  The protocol specifications assume the existence
          of the necessary secrets.  The selection of such secrets and
          their secure distribution to appropriate parties may be
          accomplished by a variety of strategies.  Section 5.4 presents
          one such strategy that is particularly suited to the demands
          of SNMP network management.


          1.1.  A Note on Terminology

          For the purpose of exposition, the original Internet-standard
          Network Management Framework, as described in RFCs 1155, 1157,
          and 1212, is termed the SNMP version 1 framework (SNMPv1).
          The current framework is termed the SNMP version 2 framework
          (SNMPv2).








          Galvin & McCloghrie