2. SNMPv2 Party (original) (raw)
Connected: An Internet Encyclopedia
2. SNMPv2 Party
Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 1446
Prev: 1.5.2. Symmetric Encryption Algorithm
Next: 3. Digest Authentication Protocol
2. SNMPv2 Party
2. SNMPv2 Party
Recall from [1] that a SNMPv2 party is a conceptual, virtual execution context whose operation is restricted (for security or other purposes) to an administratively defined subset of all possible operations of a particular SNMPv2 entity. A SNMPv2 entity is an actual process which performs network management operations by generating and/or responding to SNMPv2 protocol messages in the manner specified in [12]. Architecturally, every SNMPv2 entity maintains a local database that represents all SNMPv2 parties known to it.
A SNMPv2 party may be represented by an ASN.1 value with the following syntax:
SnmpParty ::= SEQUENCE {
partyIdentity
OBJECT IDENTIFIER,
partyTDomain
OBJECT IDENTIFIER,
partyTAddress
OCTET STRING,
partyMaxMessageSize
INTEGER,
partyAuthProtocol
OBJECT IDENTIFIER,
partyAuthClock
INTEGER,
partyAuthPrivate
OCTET STRING,
partyAuthPublic
OCTET STRING,
partyAuthLifetime
INTEGER,
partyPrivProtocol
OBJECT IDENTIFIER,
partyPrivPrivate
OCTET STRING,
partyPrivPublic
OCTET STRING
}For each SnmpParty value that represents a SNMPv2 party, the generic significance of each of its components is defined in [1]. For each SNMPv2 party that supports the generation of messages using the Digest Authentication Protocol, additional, special significance is attributed to certain components of that party's representation:
- Its partyAuthProtocol component is called the authentication protocol and identifies a combination of the Digest Authentication Protocol with a particular digest algorithm (such as that defined in Section 1.5.1). This combined mechanism is used to authenticate the origin and integrity of all messages generated by the party.
- Its partyAuthClock component is called the authentication clock and represents a notion of the current time that is specific to the party.
- Its partyAuthPrivate component is called the private authentication key and represents any secret value needed to support the Digest Authentication Protocol and associated digest algorithm.
- Its partyAuthPublic component is called the public authentication key and represents any public value that may be needed to support the authentication protocol. This component is not significant except as suggested in Section 5.4.
- Its partyAuthLifetime component is called the lifetime and represents an administrative upper bound on acceptable delivery delay for protocol messages generated by the party.
For each SNMPv2 party that supports the receipt of messages via the Symmetric Privacy Protocol, additional, special significance is attributed to certain components of that party's representation:
- Its partyPrivProtocol component is called the privacy protocol and identifies a combination of the Symmetric Privacy Protocol with a particular encryption algorithm (such as that defined in Section 1.5.2). This combined mechanism is used to protect from disclosure all protocol messages received by the party.
- Its partyPrivPrivate component is called the private privacy key and represents any secret value needed to support the Symmetric Privacy Protocol and associated encryption algorithm.
- Its partyPrivPublic component is called the public privacy key and represents any public value that may be needed to support the privacy protocol. This component is not significant except as suggested in Section 5.4.
Next: 3. Digest Authentication Protocol
Connected: An Internet Encyclopedia
2. SNMPv2 Party