4.2. Secure Minimal Agent Configuration

This section presents an example configuration for a secure, minimal SNMPv2 agent that interacts with a single SNMPv2 management station. Table 4 presents information about SNMPv2 parties that is known both to the minimal agent and to the manager, while Table 5 presents similarly common information about the local access policy.

The interaction of manager and agent in this configuration is very similar to that sketched above for the non-secure minimal agent - except that all protocol messages are authenticated as to origin and integrity and protected from disclosure. This example requires encryption in order to support distribution of secret keys via the SNMPv2 itself. A more elaborate example comprising an additional pair of SNMPv2 parties could support the exchange of non-secret information in authenticated messages without incurring the cost of encryption.

An actual secure agent configuration may require SNMPv2 parties for which the authentication and privacy protocols are noAuth and noPriv, respectively, in order to support clock synchronization (see [6]). For clarity, these additional parties are not represented in this example.

        Identity          ollie                stan
                          (agent)              (manager)
        Domain            snmpUDPDomain        snmpUDPDomain
        Address           1.2.3.4, 161         1.2.3.5, 2001
        Auth Prot         v2md5AuthProtocol    v2md5AuthProtocol
        Auth Priv Key     "0123456789ABCDEF"   "GHIJKL0123456789"
        Auth Pub Key      ""                   ""
        Auth Clock        0                    0
        Auth Lifetime     300                  300
        Priv Prot         desPrivProtocol     desPrivProtocol
        Priv Priv Key     "MNOPQR0123456789"   "STUVWX0123456789"
        Priv Pub Key      ""                   ""

        Table 4: Party Information for Secure Minimal Agent

   Target    Subject    Context    Privileges
   ollie     stan       local       35 (Get, GetNext & GetBulk)
   stan      ollie      local      132 (Response & SNMPv2-Trap)

        Table 5: Access Information for Secure Minimal Agent

As represented in Table 4, the example agent party operates at UDP port 161 at IP address 1.2.3.4 using the party identity ollie; the example manager operates at UDP port 2001 at IP address 1.2.3.5 using the identity stan. At minimum, a secure SNMPv2 agent implementation must provide for administrative configuration (and non-volatile storage) of relevant information about two SNMPv2 parties: itself and a remote peer. Both ollie and stan authenticate all messages that they generate by using the SNMPv2 authentication protocol v2md5AuthProtocol and their distinct, private authentication keys. Although these private authentication key values ("0123456789ABCDEF" and "GHIJKL0123456789") are presented here for expository purposes, knowledge of private authentication keys is not normally afforded to human beings and is confined to those portions of the protocol implementation that require it.

When using the v2md5AuthProtocol, the public authentication key for each SNMPv2 party is never used in authentication and verification of SNMPv2 exchanges. Also, because the v2md5AuthProtocol is symmetric in character, the private authentication key for each party must be known to another SNMPv2 party with which authenticated communication is desired. In contrast, asymmetric (public key) authentication protocols would not depend upon sharing of a private key for their operation.

All protocol messages generated for transmission to the party stan are encrypted using the desPrivProtocol privacy protocol and the private key "STUVWX0123456789"; they are decrypted upon reception according to the same protocol and key. Similarly, all messages generated for transmission to the party ollie are encrypted using the desPrivProtocol protocol and private privacy key "MNOPQR0123456789"; they are correspondingly decrypted on reception. As with authentication keys, knowledge of private privacy keys is not normally afforded to human beings and is confined to those portions of the protocol implementation that require it.