5.2. Clock Distribution

A responsible management station must ensure that the authentication clock value for each SNMPv2 party for which it is responsible

• is loosely synchronized among all the local databases in which it appears,

• is reset, as indicated below, upon reaching its maximal value, and

• is non-decreasing, except as indicated below.

The skew among the clock values must be accounted for in the lifetime value, in addition to the expected communication delivery delay.

A skewed authentication clock may be detected by a number of strategies, including knowledge of the accuracy of the system clock, unauthenticated queries of the party database, and recognition of authentication failures originated by the party.

Whenever clock skew is detected, and whenever the SNMPv2 entities at both the responsible management station and the relevant managed agent support an appropriate privacy protocol (e.g., the Symmetric Privacy Protocol), a straightforward strategy for the correction of clock skew is simultaneous alteration of authentication clock and private key for the relevant SNMPv2 party. If the request to alter the key and clock for a particular party originates from that same party, then, prior to transmitting that request, the local notion of the authentication clock is artificially advanced to assure acceptance of the request as authentic.

More generally, however, since an authentication clock value need not be protected from disclosure, it is not necessary that a managed agent support a privacy protocol in order for a responsible management station to correct skewed clock values. The procedure for correcting clock skew in the general case is presented in Section 5.3.

In addition to correcting skewed notions of authentication clocks, every SNMPv2 entity must react correctly as an authentication clock approaches its maximal value. If the authentication clock for a particular SNMPv2 party ever reaches the maximal time value, the clock must halt at that value. (The value of interest may be the maximum less lifetime. When authenticating a message, its authentication timestamp is added to lifetime and compared to the authentication clock. A SNMPv2 entity must guarantee that the sum is never greater than the maximal time value.) In this state, the only authenticated request a management station should generate for this party is one that alters the value of at least its authentication clock and private authentication key. In order to reset these values, the responsible management station may set the authentication timestamp in the message to the maximal time value.

The value of the authentication clock for a particular SNMPv2 party must never be altered such that its new value is less than its old value, unless its private authentication key is also altered at the same time.