5. Clock and Secret Distribution (original) (raw)

Connected: An Internet Encyclopedia
5. Clock and Secret Distribution

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 1446

Prev: 4.2. Receiving a Message
Next: 5.1. Initial Configuration

5. Clock and Secret Distribution

5. Clock and Secret Distribution

The protocols described in Sections 3 and 4 assume the existence of loosely synchronized clocks and shared secret values. Three requirements constrain the strategy by which clock values and secrets are distributed.

• If the value of an authentication clock is decreased, the private authentication key must be changed concurrently.
  When the value of an authentication clock is decreased, messages that have been sent with a timestamp value between the value of the authentication clock and its new value may be replayed. Changing the private authentication key obviates this threat.
• The private authentication key and private privacy key must be known only to the parties requiring knowledge of them.
  Protecting the secrets from disclosure is critical to the security of the protocols. Knowledge of the secrets must be as restricted as possible within an implementation. In particular, although the secrets may be known to one or more persons during the initial configuration of a device, the secrets should be changed immediately after configuration such that their actual value is known only to the software. A management station has the additional responsibility of recovering the state of all parties whenever it boots, and it may address this responsibility by recording the secrets on a long-term storage device. Access to information on this device must be as restricted as is practically possible.
• There must exist at least one SNMPv2 entity that assumes the role of a responsible management station.
  This management station is responsible for ensuring that all authentication clocks are synchronized and for changing the secret values when necessary. Although more than one management station may share this responsibility, their coordination is essential to the secure management of the network. The mechanism by which multiple management stations ensure that no more than one of them attempts to synchronize the clocks or update the
  secrets at any one time is a local implementation issue.
  A responsible management station may either support clock synchronization and secret distribution as separate functions, or combine them into a single functional unit.

The first section below specifies the procedures by which a SNMPv2 entity is initially configured. The next two sections describe one strategy for distributing clock values and one for determining a synchronized clock value among SNMPv2 parties supporting the Digest Authentication Protocol. For SNMPv2 parties supporting the Symmetric Privacy Protocol, the next section describes a strategy for distributing secret values. The last section specifies the procedures by which a SNMPv2 entity recovers from a "crash."

• 5.1. Initial Configuration
• 5.2. Clock Distribution
• 5.3. Clock Synchronization
• 5.4. Secret Distribution
• 5.5. Crash Recovery

Next: 5.1. Initial Configuration

Connected: An Internet Encyclopedia
5. Clock and Secret Distribution