Browse Prior Art Database

SNMP Security Protocols (RFC1352)

IP.com Disclosure Number: IPCOM000002176D
Original Publication Date: 1992-Jul-01
Included in the Prior Art Database: 2000-Sep-12
Document File: 35 page(s) / 89K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

J. Galvin,K. McCloghrie,J. Davin: AUTHOR

Abstract

The Simple Network Management Protocol (SNMP) specification [1] allows for the protection of network management operations by a variety of security protocols. The SNMP administrative model described in [2] provides a framework for securing SNMP network management. In the context of that framework, this memo defines protocols to support the following three security services:

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 3% of the total text.

Network Working Group J. Galvin

Request for Comments: 1352 Trusted Information Systems, Inc.

K. McCloghrie

Hughes LAN Systems, Inc.

J. Davin

MIT Laboratory for Computer Science

July 1992

SNMP Security Protocols

Status of this Memo

This document specifies an IAB standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "IAB

Official Protocol Standards" for the standardization state and status

of this protocol. Distribution of this memo is unlimited.

Table of Contents

1. Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . 2

2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2

2.1 Threats . . . . . . . . . . . . . . . . . . . . . . . . . . 3

2.2 Goals and Constraints . . . . . . . . . . . . . . . . . . . 5

2.3 Security Services . . . . . . . . . . . . . . . . . . . . . 6

2.4 Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . 6

2.4.1 Message Digest Algorithm . . . . . . . . . . . . . . . . . 7

2.4.2 Symmetric Encryption Algorithm . . . . . . . . . . . . . . 8

3. SNMP Party . . . . . . . . . . . . . . . . . . . . . . . . 9

4. Digest Authentication Protocol . . . . . . . . . . . . . . . 11

4.1 Generating a Message . . . . . . . . . . . . . . . . . . . 14

4.2 Receiving a Message . . . . . . . . . . . . . . . . . . . . 15

5. Symmetric Privacy Protocol . . . . . . . . . . . . . . . . . 16

5.1 Generating a Message . . . . . . . . . . . . . . . . . . . 17

5.2 Receiving a Message . . . . . . . . . . . . . . . . . . . . 18

6. Clock and Secret Distribution . . . . . . . . . . . . . . . 19

6.1 Initial Configuration . . . . . . . . . . . . . . . . . . 20

6.2 Clock Distribution . . . . . . . . . . . . . . . . . . . . 22

6.3 Clock Synchronization . . . . . . . . . . . . . . . . . . . 24

6.4 Secret Distribution . . . . . . . . . . . . . . . . . . . . 26

6.5 Crash Recovery . . . . . . . . . . . . . . . . . . . . . . 28

7. Security Considerations . . . . . . . . . . . . . . . . . . 30

7.1 Recommended Practices . . . . . . . . . . . . . . . . . . . 30

7.2 Conformance . . . . . . . . . . . . . . . . . . . . . . . 33

7.3 Protocol Correctness . . . . . . . . . . . . . . . . . . . . 34

7.3.1 Clock Monotonicity Mechanism . . . . . . . . . . . . . . . 35

7.3.2 Data Integrity Mechanism . . . . . . . . . . . . . . . . . 36

7.3.3 Data Origin Authentication Mechanism . . . . . . . . . . . 36

7.3.4 Restricted Administration Mechanism ...