Security Protocols for version 2 of the Simple Network Management Protocol (SNMPv2)
RFC 1446

Document Type RFC - Historic (April 1993; No errata)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 1446 (Historic)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                J. Galvin
          Request for Comments: 1446         Trusted Information Systems
                                                           K. McCloghrie
                                                      Hughes LAN Systems
                                                              April 1993

                                Security Protocols
                               for version 2 of the
                   Simple Network Management Protocol (SNMPv2)

          Status of this Memo

          This RFC specifes an IAB standards track protocol for the
          Internet community, and requests discussion and suggestions
          for improvements.  Please refer to the current edition of the
          "IAB Official Protocol Standards" for the standardization
          state and status of this protocol.  Distribution of this memo
          is unlimited.

          Table of Contents

          1 Introduction ..........................................    2
          1.1 A Note on Terminology ...............................    3
          1.2 Threats .............................................    4
          1.3 Goals and Constraints ...............................    5
          1.4 Security Services ...................................    6
          1.5 Mechanisms ..........................................    7
          1.5.1 Message Digest Algorithm ..........................    8
          1.5.2 Symmetric Encryption Algorithm ....................    9
          2 SNMPv2 Party ..........................................   11
          3 Digest Authentication Protocol ........................   14
          3.1 Generating a Message ................................   16
          3.2 Receiving a Message .................................   18
          4 Symmetric Privacy Protocol ............................   21
          4.1 Generating a Message ................................   21
          4.2 Receiving a Message .................................   22
          5 Clock and Secret Distribution .........................   24
          5.1 Initial Configuration ...............................   25
          5.2 Clock Distribution ..................................   28
          5.3 Clock Synchronization ...............................   29
          5.4 Secret Distribution .................................   31
          5.5 Crash Recovery ......................................   34
          6 Security Considerations ...............................   37
          6.1 Recommended Practices ...............................   37
          6.2 Conformance .........................................   39
          6.3 Protocol Correctness ................................   42

          Galvin & McCloghrie                                   [Page i]



          RFC 1446        Security Protocols for SNMPv2       April 1993

          6.3.1 Clock Monotonicity Mechanism ......................   43
          6.3.2 Data Integrity Mechanism ..........................   43
          6.3.3 Data Origin Authentication Mechanism ..............   44
          6.3.4 Restricted Administration Mechanism ...............   44
          6.3.5 Message Timeliness Mechanism ......................   45
          6.3.6 Selective Clock Acceleration Mechanism ............   46
          6.3.7 Confidentiality Mechanism .........................   47
          7 Acknowledgements ......................................   48
          8 References ............................................   49
          9 Authors' Addresses ....................................   51

          Galvin & McCloghrie                                   [Page 1]



          RFC 1446        Security Protocols for SNMPv2       April 1993

          1.  Introduction

          A network management system contains: several (potentially
          many) nodes, each with a processing entity, termed an agent,
          which has access to management instrumentation; at least one
          management station; and, a management protocol, used to convey
          management information between the agents and management
          stations.  Operations of the protocol are carried out under an
          administrative framework which defines both authentication and
          authorization policies.

          Network management stations execute management applications
          which monitor and control network elements.  Network elements
          are devices such as hosts, routers, terminal servers, etc.,
          which are monitored and controlled through access to their
          management information.

          In the Administrative Model for SNMPv2 document [1], each
          SNMPv2 party is, by definition, associated with a single
          authentication protocol and a single privacy protocol.  It is
          the purpose of this document, Security Protocols for SNMPv2,
          to define one such authentication and one such privacy
Show full document text