Connected: An Internet Encyclopedia
2. SNMPv2 Party
Up:
Connected: An Internet Encyclopedia
Up:
Requests For Comments
Up:
RFC 1446
Prev: 1.5.2. Symmetric Encryption Algorithm
Next: 3. Digest Authentication Protocol
2. SNMPv2 Party
2. SNMPv2 Party
Recall from [1] that a SNMPv2 party is a conceptual, virtual
execution context whose operation is restricted (for security
or other purposes) to an administratively defined subset of
all possible operations of a particular SNMPv2 entity. A
SNMPv2 entity is an actual process which performs network
management operations by generating and/or responding to
SNMPv2 protocol messages in the manner specified in [12].
Architecturally, every SNMPv2 entity maintains a local
database that represents all SNMPv2 parties known to it.
A SNMPv2 party may be represented by an ASN.1 value with the
following syntax:
SnmpParty ::= SEQUENCE {
partyIdentity
OBJECT IDENTIFIER,
partyTDomain
OBJECT IDENTIFIER,
partyTAddress
OCTET STRING,
partyMaxMessageSize
INTEGER,
partyAuthProtocol
OBJECT IDENTIFIER,
partyAuthClock
INTEGER,
partyAuthPrivate
OCTET STRING,
partyAuthPublic
OCTET STRING,
partyAuthLifetime
INTEGER,
partyPrivProtocol
OBJECT IDENTIFIER,
partyPrivPrivate
OCTET STRING,
partyPrivPublic
OCTET STRING
}
For each SnmpParty value that represents a SNMPv2 party, the
generic significance of each of its components is defined in
[1]. For each SNMPv2 party that supports the generation of
messages using the Digest Authentication Protocol, additional,
special significance is attributed to certain components of
that party's representation:
- Its partyAuthProtocol component is called the
authentication protocol and identifies a combination of
the Digest Authentication Protocol with a particular
digest algorithm (such as that defined in Section 1.5.1).
This combined mechanism is used to authenticate the
origin and integrity of all messages generated by the
party.
- Its partyAuthClock component is called the authentication
clock and represents a notion of the current time that is
specific to the party.
- Its partyAuthPrivate component is called the private
authentication key and represents any secret value needed
to support the Digest Authentication Protocol and
associated digest algorithm.
- Its partyAuthPublic component is called the public
authentication key and represents any public value that
may be needed to support the authentication protocol.
This component is not significant except as suggested in
Section 5.4.
- Its partyAuthLifetime component is called the lifetime
and represents an administrative upper bound on
acceptable delivery delay for protocol messages generated
by the party.
For each SNMPv2 party that supports the receipt of messages
via the Symmetric Privacy Protocol, additional, special
significance is attributed to certain components of that
party's representation:
- Its partyPrivProtocol component is called the privacy
protocol and identifies a combination of the Symmetric
Privacy Protocol with a particular encryption algorithm
(such as that defined in Section 1.5.2). This combined
mechanism is used to protect from disclosure all protocol
messages received by the party.
- Its partyPrivPrivate component is called the private
privacy key and represents any secret value needed to
support the Symmetric Privacy Protocol and associated
encryption algorithm.
- Its partyPrivPublic component is called the public
privacy key and represents any public value that may be
needed to support the privacy protocol. This component
is not significant except as suggested in Section 5.4.
Next: 3. Digest Authentication Protocol
Connected: An Internet Encyclopedia
2. SNMPv2 Party