blank.gif (43 bytes)

Church Of The
Swimming Elephant

5.2. Clock Distribution Connected: An Internet Encyclopedia
5.2. Clock Distribution

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 1446
Up: 5. Clock and Secret Distribution
Prev: 5.1. Initial Configuration
Next: 5.3. Clock Synchronization

5.2. Clock Distribution

5.2. Clock Distribution

A responsible management station must ensure that the authentication clock value for each SNMPv2 party for which it is responsible

  • is loosely synchronized among all the local databases in which it appears,

  • is reset, as indicated below, upon reaching its maximal value, and

  • is non-decreasing, except as indicated below.

The skew among the clock values must be accounted for in the lifetime value, in addition to the expected communication delivery delay.

A skewed authentication clock may be detected by a number of strategies, including knowledge of the accuracy of the system clock, unauthenticated queries of the party database, and recognition of authentication failures originated by the party.

Whenever clock skew is detected, and whenever the SNMPv2 entities at both the responsible management station and the relevant managed agent support an appropriate privacy protocol (e.g., the Symmetric Privacy Protocol), a straightforward strategy for the correction of clock skew is simultaneous alteration of authentication clock and private key for the relevant SNMPv2 party. If the request to alter the key and clock for a particular party originates from that same party, then, prior to transmitting that request, the local notion of the authentication clock is artificially advanced to assure acceptance of the request as authentic.

More generally, however, since an authentication clock value need not be protected from disclosure, it is not necessary that a managed agent support a privacy protocol in order for a responsible management station to correct skewed clock values. The procedure for correcting clock skew in the general case is presented in Section 5.3.

In addition to correcting skewed notions of authentication clocks, every SNMPv2 entity must react correctly as an authentication clock approaches its maximal value. If the authentication clock for a particular SNMPv2 party ever reaches the maximal time value, the clock must halt at that value. (The value of interest may be the maximum less lifetime. When authenticating a message, its authentication timestamp is added to lifetime and compared to the authentication clock. A SNMPv2 entity must guarantee that the sum is never greater than the maximal time value.) In this state, the only authenticated request a management station should generate for this party is one that alters the value of at least its authentication clock and private authentication key. In order to reset these values, the responsible management station may set the authentication timestamp in the message to the maximal time value.

The value of the authentication clock for a particular SNMPv2 party must never be altered such that its new value is less than its old value, unless its private authentication key is also altered at the same time.

Next: 5.3. Clock Synchronization

Connected: An Internet Encyclopedia
5.2. Clock Distribution


Protect yourself from cyberstalkers, identity thieves, and those who would snoop on you.
Stop spam from invading your inbox without losing the mail you want. We give you more control over your e-mail than any other service.
Block popups, ads, and malicious scripts while you surf the net through our anonymous proxies.
Participate in Usenet, host your web files, easily send anonymous messages, and more, much more.
All private, all encrypted, all secure, all in an easy to use service, and all for only $5.95 a month!

Service Details

Have you gone to church today?
All pages ©1999, 2000, 2001, 2002, 2003 Church of the Swimming Elephant unless otherwise stated
Church of the Swimming Elephant©1999, 2000, 2001, 2002, 2003 is a wholly owned subsidiary of Packetderm, LLC.

Packetderm, LLC
210 Park Ave #308
Worcester, MA 01609