RFC 1352 (rfc1352) - Page 1 of 41

SNMP Security Protocols

Alternative Format: Original Text Document
Next >
Network Working Group                                         J. Galvin
Request for Comments: 1352            Trusted Information Systems, Inc.
                                                          K. McCloghrie
                                               Hughes LAN Systems, Inc.
                                                               J. Davin
                                    MIT Laboratory for Computer Science
                                                              July 1992


                        SNMP Security Protocols

Status of this Memo

   This document specifies an IAB standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements. Please refer to the current edition of the "IAB
   Official Protocol Standards" for the standardization state and status
   of this protocol. Distribution of this memo is unlimited.

Table of Contents

   1.    Abstract . . . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.    Introduction . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.1   Threats  . . . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.2   Goals and Constraints  . . . . . . . . . . . . . . . . . . .   5
   2.3   Security Services  . . . . . . . . . . . . . . . . . . . . .   6
   2.4   Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . .   6
   2.4.1   Message Digest Algorithm . . . . . . . . . . . . . . . . .   7
   2.4.2   Symmetric Encryption Algorithm . . . . . . . . . . . . . .   8
   3.    SNMP Party   . . . . . . . . . . . . . . . . . . . . . . . .   9
   4.    Digest Authentication Protocol . . . . . . . . . . . . . . .  11
   4.1   Generating a Message   . . . . . . . . . . . . . . . . . . .  14
   4.2   Receiving a Message  . . . . . . . . . . . . . . . . . . . .  15
   5.    Symmetric Privacy Protocol . . . . . . . . . . . . . . . . .  16
   5.1   Generating a Message   . . . . . . . . . . . . . . . . . . .  17
   5.2   Receiving a Message  . . . . . . . . . . . . . . . . . . . .  18
   6.    Clock and Secret Distribution  . . . . . . . . . . . . . . .  19
   6.1   Initial Configuration    . . . . . . . . . . . . . . . . . .  20
   6.2   Clock Distribution   . . . . . . . . . . . . . . . . . . . .  22
   6.3   Clock Synchronization  . . . . . . . . . . . . . . . . . . .  24
   6.4   Secret Distribution  . . . . . . . . . . . . . . . . . . . .  26
   6.5   Crash Recovery   . . . . . . . . . . . . . . . . . . . . . .  28
   7.    Security Considerations  . . . . . . . . . . . . . . . . . .  30
   7.1   Recommended Practices  . . . . . . . . . . . . . . . . . . .  30
   7.2   Conformance    . . . . . . . . . . . . . . . . . . . . . . .  33
   7.3   Protocol Correctness . . . . . . . . . . . . . . . . . . . .  34
   7.3.1   Clock Monotonicity Mechanism . . . . . . . . . . . . . . .  35
   7.3.2   Data Integrity Mechanism . . . . . . . . . . . . . . . . .  36



Galvin, McCloghrie, & Davin
Next >