The protocols described in Sections 3 and 4 assume the existence of loosely synchronized clocks and shared secret values. Three requirements constrain the strategy by which clock values and secrets are distributed.
When the value of an authentication clock is decreased, messages that have been sent with a timestamp value between the value of the authentication clock and its new value may be replayed. Changing the private authentication key obviates this threat.
Protecting the secrets from disclosure is critical to the security of the protocols. Knowledge of the secrets must be as restricted as possible within an implementation. In particular, although the secrets may be known to one or more persons during the initial configuration of a device, the secrets should be changed immediately after configuration such that their actual value is known only to the software. A management station has the additional responsibility of recovering the state of all parties whenever it boots, and it may address this responsibility by recording the secrets on a long-term storage device. Access to information on this device must be as restricted as is practically possible.
This management station is responsible for ensuring that all authentication clocks are synchronized and for changing the secret values when necessary. Although more than one management station may share this responsibility, their coordination is essential to the secure management of the network. The mechanism by which multiple management stations ensure that no more than one of them attempts to synchronize the clocks or update the
secrets at any one time is a local implementation issue.
A responsible management station may either support clock synchronization and secret distribution as separate functions, or combine them into a single functional unit.
The first section below specifies the procedures by which a SNMPv2 entity is initially configured. The next two sections describe one strategy for distributing clock values and one for determining a synchronized clock value among SNMPv2 parties supporting the Digest Authentication Protocol. For SNMPv2 parties supporting the Symmetric Privacy Protocol, the next section describes a strategy for distributing secret values. The last section specifies the procedures by which a SNMPv2 entity recovers from a "crash."