2.1. SNMPv2 Party

A SNMPv2 party is a conceptual, virtual execution environment whose operation is restricted (for security or other purposes) to an administratively defined subset of all possible operations of a particular SNMPv2 entity (see Section 2.2). Whenever a SNMPv2 entity processes a SNMPv2 message, it does so by acting as a SNMPv2 party and is thereby restricted to the set of operations defined for that party. The set of possible operations specified for a SNMPv2 party may be overlapping or disjoint with respect to the sets of other SNMPv2 parties; it may also be a proper or improper subset of all possible operations of the SNMPv2 entity.

Architecturally, each SNMPv2 party comprises

• a single, unique party identity,

• a logical network location at which the party executes, characterized by a transport protocol domain and transport addressing information,

• a single authentication protocol and associated parameters by which all protocol messages originated by the party are authenticated as to origin and integrity, and

• a single privacy protocol and associated parameters by which all protocol messages received by the party are protected from disclosure.

Conceptually, each SNMPv2 party may be represented by an ASN.1 value with the following syntax:

        SnmpParty ::= SEQUENCE {
          partyIdentity
             OBJECT IDENTIFIER,
          partyTDomain
             OBJECT IDENTIFIER,
          partyTAddress
             OCTET STRING,
          partyMaxMessageSize
             INTEGER,
          partyAuthProtocol
             OBJECT IDENTIFIER,
          partyAuthClock
             INTEGER,
          partyAuthPrivate
             OCTET STRING,
          partyAuthPublic
             OCTET STRING,
          partyAuthLifetime
             INTEGER,
          partyPrivProtocol
             OBJECT IDENTIFIER,
          partyPrivPrivate
             OCTET STRING,
          partyPrivPublic
             OCTET STRING
        }

For each SnmpParty value that represents a SNMPv2 party, the following statements are true:

• Its partyIdentity component is the party identity.

• Its partyTDomain component is called the transport domain and indicates the kind of transport service by which the party receives network management traffic. An example of a transport domain is snmpUDPDomain (SNMPv2 over UDP, using SNMPv2 parties).

• Its partyTAddress component is called the transport addressing information and represents a transport service address by which the party receives network management traffic.

• Its partyMaxMessageSize component is called the maximum message size and represents the length in octets of the largest SNMPv2 message this party is prepared to accept.

• Its partyAuthProtocol component is called the authentication protocol and identifies a protocol and a mechanism by which all messages generated by the party are authenticated as to integrity and origin. In this context, the value noAuth signifies that messages generated by the party are not authenticated as to integrity and origin.

• Its partyAuthClock component is called the authentication clock and represents a notion of the current time that is specific to the party. The significance of this component is specific to the authentication protocol.

• Its partyAuthPrivate component is called the private authentication key and represents any secret value needed to support the authentication protocol. The significance of this component is specific to the authentication protocol.

• Its partyAuthPublic component is called the public authentication key and represents any public value that may be needed to support the authentication protocol. The significance of this component is specific to the authentication protocol.

• Its partyAuthLifetime component is called the lifetime and represents an administrative upper bound on acceptable delivery delay for protocol messages generated by the party. The significance of this component is specific to the authentication protocol.

• Its partyPrivProtocol component is called the privacy protocol and identifies a protocol and a mechanism by which all protocol messages received by the party are protected from disclosure. In this context, the value noPriv signifies that messages received by the party are not protected from disclosure.

• Its partyPrivPrivate component is called the private privacy key and represents any secret value needed to support the privacy protocol. The significance of this component is specific to the privacy protocol.

• Its partyPrivPublic component is called the public privacy key and represents any public value that may be needed to support the privacy protocol. The significance of this component is specific to the privacy protocol.

If, for all SNMPv2 parties realized by a SNMPv2 entity, the authentication protocol is noAuth and the privacy protocol is noPriv, then that entity is called non-secure.