1.3. Goals and Constraints

Based on the foregoing account of threats in the SNMP network management environment, the goals of a SNMPv2 security protocol are enumerated below.

1. The protocol should provide for verification that each received SNMPv2 message has not been modified during its transmission through the network in such a way that an unauthorized management operation might result.

2. The protocol should provide for verification of the identity of the originator of each received SNMPv2 message.

3. The protocol should provide that the apparent time of generation for each received SNMPv2 message is recent.

4. The protocol should provide, when necessary, that the contents of each received SNMPv2 message are protected from disclosure.

In addition to the principal goal of supporting secure network management, the design of any SNMPv2 security protocol is also influenced by the following constraints:

1. When the requirements of effective management in times of network stress are inconsistent with those of security, the former are preferred.

2. Neither the security protocol nor its underlying security mechanisms should depend upon the ready availability of other network services (e.g., Network Time Protocol (NTP) or secret/key management protocols).

3. A security mechanism should entail no changes to the basic SNMP network management philosophy.