Connected: An Internet Encyclopedia
3.2. Receiving a Message

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 1446
Up: 3. Digest Authentication Protocol
Prev: 3.1. Generating a Message
Next: 4. Symmetric Privacy Protocol

3.2. Receiving a Message

3.2. Receiving a Message

This section describes the behavior of a SNMPv2 entity upon receipt of a protocol message from a SNMPv2 party for which the authentication protocol is administratively specified as the Digest Authentication Protocol. Insofar as the behavior of a SNMPv2 entity when receiving protocol messages is defined generically in [1], only those aspects of that behavior that are specific to the Digest Authentication Protocol are described below.

According to Section 3.2 of [1], a SnmpAuthMsg value is evaluated during Step 9 of generic processing. In particular, it states the SnmpAuthMsg value is evaluated according to the authentication protocol identified for the SNMPv2 party that originated the message. When the relevant authentication protocol is the Digest Authentication Protocol, the procedure performed by a SNMPv2 entity whenever a management communication is received by a SNMPv2 party is as follows.

  1. If the ASN.1 type of the authInfo component is not AuthInformation, the message is evaluated as unauthentic, and the snmpStatsBadAuths counter [14] is incremented. Otherwise, the authSrcTimestamp, authDstTimestamp, and authDigest components are extracted from the SnmpAuthMsg value.

  2. The local database is consulted to determine the authentication clock, private authentication key (extracted, for example, according to the conventions defined in Section 1.5.1), and lifetime of the SNMPv2 party that originated the message.

  3. If the authSrcTimestamp component plus the lifetime is less than the authentication clock, the message is evaluated as unauthentic, and the snmpStatsNotInLifetimes counter [14] is incremented.

  4. The authDigest component is extracted and temporarily recorded.

  5. A new SnmpAuthMsg value is constructed such that its authDigest component is set to the private authentication key and its other components are set to the value of the corresponding components in the received SnmpAuthMsg value. This new SnmpAuthMsg value is serialized according to the conventions of [13] and [12]. A digest is computed over the octet sequence representing that serialized value using, for example, the algorithm specified in Section 1.5.1.

  6. If the computed digest value is not equal to the digest value temporarily recorded in step 4 above, the message is evaluated as unauthentic, and the snmpStatsWrongDigestValues counter [14] is incremented.

  7. The message is evaluated as authentic.

  8. The local database is consulted for access privileges permitted by the local access policy to the originating SNMPv2 party with respect to the receiving SNMPv2 party. If any level of access is permitted, then:

    (Note that this step is conceptually independent from Steps 15-17 of Section 3.2 in [1]).

If the SnmpAuthMsg value is evaluated as unauthentic, an authentication failure is noted and the received message is discarded without further processing. Otherwise, processing of the received message continues as specified in [1].


Next: 4. Symmetric Privacy Protocol

Connected: An Internet Encyclopedia
3.2. Receiving a Message