Connected: An Internet Encyclopedia
3.2. Receiving a Message
Up:
Connected: An Internet Encyclopedia
Up:
Requests For Comments
Up:
RFC 1446
Up:
3. Digest Authentication Protocol
Prev: 3.1. Generating a Message
Next: 4. Symmetric Privacy Protocol
3.2. Receiving a Message
3.2. Receiving a Message
This section describes the behavior of a SNMPv2 entity upon
receipt of a protocol message from a SNMPv2 party for which
the authentication protocol is administratively specified as
the Digest Authentication Protocol. Insofar as the behavior
of a SNMPv2 entity when receiving protocol messages is defined
generically in [1], only those aspects of that behavior that
are specific to the Digest Authentication Protocol are
described below.
According to Section 3.2 of [1], a SnmpAuthMsg value is
evaluated during Step 9 of generic processing. In particular,
it states the SnmpAuthMsg value is evaluated according to the
authentication protocol identified for the SNMPv2 party that
originated the message. When the relevant authentication
protocol is the Digest Authentication Protocol, the procedure
performed by a SNMPv2 entity whenever a management
communication is received by a SNMPv2 party is as follows.
- If the ASN.1 type of the authInfo component is not
AuthInformation, the message is evaluated as unauthentic,
and the snmpStatsBadAuths counter [14] is incremented.
Otherwise, the authSrcTimestamp, authDstTimestamp, and
authDigest components are extracted from the SnmpAuthMsg
value.
- The local database is consulted to determine the
authentication clock, private authentication key
(extracted, for example, according to the conventions
defined in Section 1.5.1), and lifetime of the SNMPv2
party that originated the message.
- If the authSrcTimestamp component plus the lifetime is
less than the authentication clock, the message is
evaluated as unauthentic, and the snmpStatsNotInLifetimes
counter [14] is incremented.
- The authDigest component is extracted and temporarily
recorded.
- A new SnmpAuthMsg value is constructed such that its
authDigest component is set to the private authentication
key and its other components are set to the value of the
corresponding components in the received SnmpAuthMsg
value. This new SnmpAuthMsg value is serialized
according to the conventions of [13] and [12]. A digest
is computed over the octet sequence representing that
serialized value using, for example, the algorithm
specified in Section 1.5.1.
NOTE:
Because serialization rules are unambiguous but may
not be unique, great care must be taken in
reconstructing the serialized value prior to
computing the digest. Implementations may find it
useful to keep a copy of the original serialized
value and then simply modify the octets which
directly correspond to the placement of the
authDigest component, rather than re-applying the
serialization algorithm to the new SnmpAuthMsg
value.
- If the computed digest value is not equal to the digest
value temporarily recorded in step 4 above, the message
is evaluated as unauthentic, and the
snmpStatsWrongDigestValues counter [14] is incremented.
- The message is evaluated as authentic.
- The local database is consulted for access privileges
permitted by the local access policy to the originating
SNMPv2 party with respect to the receiving SNMPv2 party.
If any level of access is permitted, then:
the authentication clock value locally recorded for the
originating SNMPv2 party is advanced to the
authSrcTimestamp value if this latter exceeds the
recorded value; and,
the authentication clock value locally recorded for the
receiving SNMPv2 party is advanced to the
authDstTimestamp value if this latter exceeds the
recorded value.
(Note that this step is conceptually independent from
Steps 15-17 of Section 3.2 in [1]).
If the SnmpAuthMsg value is evaluated as unauthentic, an
authentication failure is noted and the received message is
discarded without further processing. Otherwise, processing
of the received message continues as specified in [1].
Next: 4. Symmetric Privacy Protocol
Connected: An Internet Encyclopedia
3.2. Receiving a Message