blank.gif (43 bytes)

Church Of The
Swimming Elephant

Search:
4.5. Public Key Configuration Connected: An Internet Encyclopedia
4.5. Public Key Configuration

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 1445
Up: 4. Application of the Model
Prev: 4.4.2. Native Proxy Configuration
Next: 5. Security Considerations

4.5. Public Key Configuration

4.5. Public Key Configuration

This section presents an example configuration predicated upon a hypothetical security protocol. This hypothetical protocol would be based on asymmetric (public key) cryptography as a means for providing data origin authentication (but not protection against disclosure). This example illustrates the consistency of the administrative model with public key technology, and the extension of the example to support protection against disclosure should be apparent.

        Identity          ollie                stan
                          (agent)              (manager)
        Domain            snmpUDPDomain        snmpUDPDomain
        Address           1.2.3.4, 161         1.2.3.5, 2004
        Auth Prot         pkAuthProtocol       pkAuthProtocol
        Auth Priv Key     "0123456789ABCDEF"   ""
        Auth Pub Key      "0123456789abcdef"   "ghijkl0123456789"
        Auth Clock        0                    0
        Auth Lifetime     300                  300
        Priv Prot         noPriv               noPriv
        Priv Priv Key     ""                   ""
        Priv Pub Key      ""                   ""

          Table 16: Party Information for Public Key Agent

The example configuration comprises a single SNMPv2 agent that interacts with a single SNMPv2 management station. Tables 16 and 17 present information about SNMPv2 parties that is by the agent and manager, respectively, while Table 5 presents information about the local access policy that is known to both manager and agent.

        Identity          ollie                stan
                          (agent)              (manager)
        Domain            snmpUDPDomain        snmpUDPDomain
        Address           1.2.3.4, 161         1.2.3.5, 2004
        Auth Prot         pkAuthProtocol       pkAuthProtocol
        Auth Priv Key     ""                   "GHIJKL0123456789"
        Auth Pub Key      "0123456789abcdef"   "ghijkl0123456789"
        Auth Clock        0                    0
        Auth Lifetime     300                  300
        Priv Prot         noPriv               noPriv
        Priv Priv Key     ""                   ""
        Priv Pub Key      ""                   ""

   Table 17: Party Information for Public Key Management Station

As represented in Table 16, the example agent party operates at UDP port 161 at IP address 1.2.3.4 using the party identity ollie; the example manager operates at UDP port 2004 at IP address 1.2.3.5 using the identity stan. Both ollie and stan authenticate all messages that they generate as to origin and integrity by using the hypothetical SNMPv2 authentication protocol pkAuthProtocol and their distinct, private authentication keys. Although these private authentication key values ("0123456789ABCDEF" and "GHIJKL0123456789") are presented here for expository purposes, knowledge of private keys is not normally afforded to human beings and is confined to those portions of the protocol implementation that require it.

In most respects, the interaction between manager and agent in this configuration is almost identical to that in the example of the minimal, secure SNMPv2 agent described above. The most significant difference is that neither SNMPv2 party in the public key configuration has knowledge of the private key by which the other party authenticates its transmissions. Instead, for each received authenticated SNMPv2 communication, the identity of the originator is verified by applying an asymmetric cryptographic algorithm to the received message together with the public authentication key for the originating party. Thus, in this configuration, the agent knows the manager's public key ("ghijkl0123456789") but not its private key ("GHIJKL0123456789"); similarly, the manager knows the agent's public key ("0123456789abcdef") but not its private key ("0123456789ABCDEF").


Next: 5. Security Considerations

Connected: An Internet Encyclopedia
4.5. Public Key Configuration

Cotse.Net

Protect yourself from cyberstalkers, identity thieves, and those who would snoop on you.
Stop spam from invading your inbox without losing the mail you want. We give you more control over your e-mail than any other service.
Block popups, ads, and malicious scripts while you surf the net through our anonymous proxies.
Participate in Usenet, host your web files, easily send anonymous messages, and more, much more.
All private, all encrypted, all secure, all in an easy to use service, and all for only $5.95 a month!

Service Details

 
.
www.cotse.com
Have you gone to church today?
.
All pages ©1999, 2000, 2001, 2002, 2003 Church of the Swimming Elephant unless otherwise stated
Church of the Swimming Elephant©1999, 2000, 2001, 2002, 2003 Cotse.com.
Cotse.com is a wholly owned subsidiary of Packetderm, LLC.

Packetderm, LLC
210 Park Ave #308
Worcester, MA 01609