Connected: An Internet Encyclopedia
2.1. SNMPv2 Party
Up:
Connected: An Internet Encyclopedia
Up:
Requests For Comments
Up:
RFC 1445
Up:
2. Elements of the Model
Prev: 2. Elements of the Model
Next: 2.2. SNMPv2 Entity
2.1. SNMPv2 Party
2.1. SNMPv2 Party
A SNMPv2 party is a conceptual, virtual execution environment
whose operation is restricted (for security or other purposes)
to an administratively defined subset of all possible
operations of a particular SNMPv2 entity (see Section 2.2).
Whenever a SNMPv2 entity processes a SNMPv2 message, it does
so by acting as a SNMPv2 party and is thereby restricted to
the set of operations defined for that party. The set of
possible operations specified for a SNMPv2 party may be
overlapping or disjoint with respect to the sets of other
SNMPv2 parties; it may also be a proper or improper subset of
all possible operations of the SNMPv2 entity.
Architecturally, each SNMPv2 party comprises
- a single, unique party identity,
- a logical network location at which the party executes,
characterized by a transport protocol domain and
transport addressing information,
- a single authentication protocol and associated
parameters by which all protocol messages originated by
the party are authenticated as to origin and integrity,
and
- a single privacy protocol and associated parameters by
which all protocol messages received by the party are
protected from disclosure.
Conceptually, each SNMPv2 party may be represented by an ASN.1
value with the following syntax:
SnmpParty ::= SEQUENCE {
partyIdentity
OBJECT IDENTIFIER,
partyTDomain
OBJECT IDENTIFIER,
partyTAddress
OCTET STRING,
partyMaxMessageSize
INTEGER,
partyAuthProtocol
OBJECT IDENTIFIER,
partyAuthClock
INTEGER,
partyAuthPrivate
OCTET STRING,
partyAuthPublic
OCTET STRING,
partyAuthLifetime
INTEGER,
partyPrivProtocol
OBJECT IDENTIFIER,
partyPrivPrivate
OCTET STRING,
partyPrivPublic
OCTET STRING
}
For each SnmpParty value that represents a SNMPv2 party, the
following statements are true:
- Its partyIdentity component is the party identity.
- Its partyTDomain component is called the transport domain
and indicates the kind of transport service by which the
party receives network management traffic. An example of
a transport domain is snmpUDPDomain (SNMPv2 over UDP,
using SNMPv2 parties).
- Its partyTAddress component is called the transport
addressing information and represents a transport service
address by which the party receives network management
traffic.
- Its partyMaxMessageSize component is called the maximum
message size and represents the length in octets of the
largest SNMPv2 message this party is prepared to accept.
- Its partyAuthProtocol component is called the
authentication protocol and identifies a protocol and a
mechanism by which all messages generated by the party
are authenticated as to integrity and origin. In this
context, the value noAuth signifies that messages
generated by the party are not authenticated as to
integrity and origin.
- Its partyAuthClock component is called the authentication
clock and represents a notion of the current time that is
specific to the party. The significance of this
component is specific to the authentication protocol.
- Its partyAuthPrivate component is called the private
authentication key and represents any secret value needed
to support the authentication protocol. The significance
of this component is specific to the authentication
protocol.
- Its partyAuthPublic component is called the public
authentication key and represents any public value that
may be needed to support the authentication protocol.
The significance of this component is specific to the
authentication protocol.
- Its partyAuthLifetime component is called the lifetime
and represents an administrative upper bound on
acceptable delivery delay for protocol messages generated
by the party. The significance of this component is
specific to the authentication protocol.
- Its partyPrivProtocol component is called the privacy
protocol and identifies a protocol and a mechanism by
which all protocol messages received by the party are
protected from disclosure. In this context, the value
noPriv signifies that messages received by the party are
not protected from disclosure.
- Its partyPrivPrivate component is called the private
privacy key and represents any secret value needed to
support the privacy protocol. The significance of this
component is specific to the privacy protocol.
- Its partyPrivPublic component is called the public
privacy key and represents any public value that may be
needed to support the privacy protocol. The significance
of this component is specific to the privacy protocol.
If, for all SNMPv2 parties realized by a SNMPv2 entity, the
authentication protocol is noAuth and the privacy protocol is
noPriv, then that entity is called non-secure.
Next: 2.2. SNMPv2 Entity
Connected: An Internet Encyclopedia
2.1. SNMPv2 Party