SNMP Security Protocols
RFC 1352

 
Document Type RFC - Historic (July 1992; No errata)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 1352 (Historic)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                         J. Galvin
Request for Comments: 1352            Trusted Information Systems, Inc.
                                                          K. McCloghrie
                                               Hughes LAN Systems, Inc.
                                                               J. Davin
                                    MIT Laboratory for Computer Science
                                                              July 1992

                        SNMP Security Protocols

Status of this Memo

   This document specifies an IAB standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements. Please refer to the current edition of the "IAB
   Official Protocol Standards" for the standardization state and status
   of this protocol. Distribution of this memo is unlimited.

Table of Contents

   1.    Abstract . . . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.    Introduction . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.1   Threats  . . . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.2   Goals and Constraints  . . . . . . . . . . . . . . . . . . .   5
   2.3   Security Services  . . . . . . . . . . . . . . . . . . . . .   6
   2.4   Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . .   6
   2.4.1   Message Digest Algorithm . . . . . . . . . . . . . . . . .   7
   2.4.2   Symmetric Encryption Algorithm . . . . . . . . . . . . . .   8
   3.    SNMP Party   . . . . . . . . . . . . . . . . . . . . . . . .   9
   4.    Digest Authentication Protocol . . . . . . . . . . . . . . .  11
   4.1   Generating a Message   . . . . . . . . . . . . . . . . . . .  14
   4.2   Receiving a Message  . . . . . . . . . . . . . . . . . . . .  15
   5.    Symmetric Privacy Protocol . . . . . . . . . . . . . . . . .  16
   5.1   Generating a Message   . . . . . . . . . . . . . . . . . . .  17
   5.2   Receiving a Message  . . . . . . . . . . . . . . . . . . . .  18
   6.    Clock and Secret Distribution  . . . . . . . . . . . . . . .  19
   6.1   Initial Configuration    . . . . . . . . . . . . . . . . . .  20
   6.2   Clock Distribution   . . . . . . . . . . . . . . . . . . . .  22
   6.3   Clock Synchronization  . . . . . . . . . . . . . . . . . . .  24
   6.4   Secret Distribution  . . . . . . . . . . . . . . . . . . . .  26
   6.5   Crash Recovery   . . . . . . . . . . . . . . . . . . . . . .  28
   7.    Security Considerations  . . . . . . . . . . . . . . . . . .  30
   7.1   Recommended Practices  . . . . . . . . . . . . . . . . . . .  30
   7.2   Conformance    . . . . . . . . . . . . . . . . . . . . . . .  33
   7.3   Protocol Correctness . . . . . . . . . . . . . . . . . . . .  34
   7.3.1   Clock Monotonicity Mechanism . . . . . . . . . . . . . . .  35
   7.3.2   Data Integrity Mechanism . . . . . . . . . . . . . . . . .  36

Galvin, McCloghrie, & Davin                                     [Page 1]
RFC 1352                SNMP Security Protocols                July 1992

   7.3.3   Data Origin Authentication Mechanism . . . . . . . . . . .  36
   7.3.4   Restricted Administration Mechanism  . . . . . . . . . . .  36
   7.3.5   Ordered Delivery Mechanism   . . . . . . . . . . . . . . .  37
   7.3.6   Message Timeliness Mechanism . . . . . . . . . . . . . . .  38
   7.3.7   Selective Clock Acceleration Mechanism . . . . . . . . . .  38
   7.3.8   Confidentiality Mechanism  . . . . . . . . . . . . . . . .  39
   8.    Acknowledgements . . . . . . . . . . . . . . . . . . . . . .  39
   9.    References . . . . . . . . . . . . . . . . . . . . . . . . .  40
   10.   Authors' Addresses . . . . . . . . . . . . . . . . . . . . .  41

1.  Abstract

   The Simple Network Management Protocol (SNMP) specification [1]
   allows for the protection of network management operations by a
   variety of security protocols.  The SNMP administrative model
   described in [2] provides a framework for securing SNMP network
   management. In the context of that framework, this memo defines
   protocols to support the following three security services:

     o data integrity,

     o data origin authentication, and

     o data confidentiality.

   Please send comments to the SNMP Security Developers mailing list
   (snmp-sec-dev@tis.com).

2.  Introduction

   In the model described in [2], each SNMP party is, by definition,
   associated with a single authentication protocol.  The authentication
   protocol provides a mechanism by which SNMP management communications
   transmitted by the party may be reliably identified as having
   originated from that party. The authentication protocol defined in
   this memo also reliably determines that the message received is the
   message that was sent.

   Similarly, each SNMP party is, by definition, associated with a
Show full document text