2. SNMPv2 Party

Recall from [1] that a SNMPv2 party is a conceptual, virtual execution context whose operation is restricted (for security or other purposes) to an administratively defined subset of all possible operations of a particular SNMPv2 entity. A SNMPv2 entity is an actual process which performs network management operations by generating and/or responding to SNMPv2 protocol messages in the manner specified in [12]. Architecturally, every SNMPv2 entity maintains a local database that represents all SNMPv2 parties known to it.

A SNMPv2 party may be represented by an ASN.1 value with the following syntax:

        SnmpParty ::= SEQUENCE {
          partyIdentity
             OBJECT IDENTIFIER,
          partyTDomain
             OBJECT IDENTIFIER,
          partyTAddress
             OCTET STRING,
          partyMaxMessageSize
             INTEGER,
          partyAuthProtocol
             OBJECT IDENTIFIER,
          partyAuthClock
             INTEGER,
          partyAuthPrivate
             OCTET STRING,
          partyAuthPublic
             OCTET STRING,
          partyAuthLifetime
             INTEGER,
          partyPrivProtocol
             OBJECT IDENTIFIER,
          partyPrivPrivate
             OCTET STRING,
          partyPrivPublic
             OCTET STRING
        }

For each SnmpParty value that represents a SNMPv2 party, the generic significance of each of its components is defined in [1]. For each SNMPv2 party that supports the generation of messages using the Digest Authentication Protocol, additional, special significance is attributed to certain components of that party's representation:

• Its partyAuthProtocol component is called the authentication protocol and identifies a combination of the Digest Authentication Protocol with a particular digest algorithm (such as that defined in Section 1.5.1). This combined mechanism is used to authenticate the origin and integrity of all messages generated by the party.

• Its partyAuthClock component is called the authentication clock and represents a notion of the current time that is specific to the party.

• Its partyAuthPrivate component is called the private authentication key and represents any secret value needed to support the Digest Authentication Protocol and associated digest algorithm.

• Its partyAuthPublic component is called the public authentication key and represents any public value that may be needed to support the authentication protocol. This component is not significant except as suggested in Section 5.4.

• Its partyAuthLifetime component is called the lifetime and represents an administrative upper bound on acceptable delivery delay for protocol messages generated by the party.

For each SNMPv2 party that supports the receipt of messages via the Symmetric Privacy Protocol, additional, special significance is attributed to certain components of that party's representation:

• Its partyPrivProtocol component is called the privacy protocol and identifies a combination of the Symmetric Privacy Protocol with a particular encryption algorithm (such as that defined in Section 1.5.2). This combined mechanism is used to protect from disclosure all protocol messages received by the party.

• Its partyPrivPrivate component is called the private privacy key and represents any secret value needed to support the Symmetric Privacy Protocol and associated encryption algorithm.

• Its partyPrivPublic component is called the public privacy key and represents any public value that may be needed to support the privacy protocol. This component is not significant except as suggested in Section 5.4.