The correctness of these SNMPv2 security protocols with
respect to the stated goals depends on the following
assumptions:
The chosen message digest algorithm satisfies its design
criteria. In particular, it must be computationally
infeasible to discover two messages that share the same
digest value.
It is computationally infeasible to determine the secret
used in calculating a digest on the concatenation of the
secret and a message when both the digest and the message
are known.
The chosen symmetric encryption algorithm satisfies its
design criteria. In particular, it must be
computationally infeasible to determine the cleartext
message from the ciphertext message without knowledge of
the key used in the transformation.
Local notions of a party's authentication clock while it
is associated with a specific private key value are
monotonically non-decreasing (i.e., they never run
backwards) in the absence of administrative
manipulations.
The secrets for a particular SNMPv2 party are known only
to authorized SNMPv2 protocol entities.
Local notions of the authentication clock for a
particular SNMPv2 party are never altered such that the
authentication clock's new value is less than the current
value without also altering the private authentication
key.
For each mechanism of the protocol, an informal account of its
contribution to the required goals is presented below.
Pseudocode fragments are provided where appropriate to
exemplify possible implementations; they are intended to be
self-explanatory.