Hi Craig Small,

Thank you . This is really helpful.
If AES192 and AES192C are AES standard from different entity  then are they
interchangeable ?
Eg: I did configure AES192 on snmpd and use AES192C from mibbrowser.   Tool
'snmpget'  fails.

It would help me if I know why CFB-AES192 (on silvercreek browser) fails
with AES192 configured on snmp-agent.  It works fine when AES192C
configured on snmpd.


On Wed, Sep 15, 2021 at 4:10 AM Craig Small <csm...@dropbear.xyz> wrote:

> Hi Pushpa,
>   As you have discovered, there are two AES192 standards.
>
> When you select AES192 (with no C) this is the IETF draft Blumenthal
> standard.
>
> When you select AES192C this is the Cisco "standard".
>
> What is the actual difference? As far as I can tell, it comes down to the
> OID used for some of the parameters like the IV.
>
> The Cisco standard uses something under enterprises.Cisco, as you would
> expect, while the draft IETF standard uses something under enterprises.ESO
> ESO is Extended Security Options consortium, you can see their MIB at
> http://www.snmp.com/eso/esoConsortiumMIB.txt
>
> To me, it looks like the same protocol, just how it identifies itself and
> where it stores things changes. So it's not like one is doing CFB and the
> other thought for some reason ECB was the way to go.
>
> If you look online for SNMP and AES 192 or 256, you can see this confuses
> a bunch of people (e.g. AES192 works for device X, but not device Y, why?)
>
>  - Craig
>
> ObXKCD https://xkcd.com/927/
>
>
> On Wed, 15 Sept 2021 at 01:51, Pushpa Thimmaiah <
> pushpa.thimma...@gmail.com> wrote:
>
>> Hi Folks,
>>
>> I am using SilverCreek as mib browser(windows10)  and net-snmp-.5.9 on
>> snmp-agent(linux).
>>
>> *snmp-agent*
>> creatUser testmd5aes192 MD5  testingauth AES192 testingpriv
>>
>> *SilverCreek*
>> It provides CFB-AES192 option for privprotocol . So I selected
>> authprotocol as 'MD5' and priv protocol 'CFB-AES192'
>> snmpquery on fails for this
>>
>> So, I  changed AES192 to AES192C at snmp-agent side as mentioned below
>> and it works
>> creatUser testmd5aes192 MD5  testingauth AES192C testingpriv
>>
>> Kindly let me know when to use AES192 and AES192C. Is it based on cipher
>> methods of AES?
>>
>> Thanks,
>> Pushpa.T
>>
>>
>> _______________________________________________
>> Net-snmp-coders mailing list
>> Net-snmp-coders@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>>
>
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Reply via email to