Hi. I've reviewed both draft-hartman-snmp-sha2 and draft-hmac-sha-2-usm-snmp.
In general, I believe that draft-hartman-snmp-sha2 provides a better starting point for a SHA2 authentication algorithm for USM. draft-hmac-sha-2-usm-snmp provides differences between the MD5 algorithm described in RFC 3414 and the SHa2 algorithm. In general I've found that describing a specification in terms of differences in cases where there is not a clear abstraction present is problematic. It tends to lead to implementation errors by focusing on the steps that are different rather than on all the steps that need to be performed. In this case, I think that we'll tend to see key derivation and to a lesser extent messaging processing errors because of the brief text pointing at these issues. In our draft (draft-hartman), we create an abstraction for an HMAC-based hash authentication in USM and plug sha-2 into that abstraction. I think that's a cleaner approach that will lead to higher implementation quality than the draft-hmac-sha-2-usm-snmp approach. In addition, I'm not convinced that truncating the HMAC is a good idea in this instance. If the WG decides that truncation of the HMAC is desirable, we should add a description of why that's the case and a security discussion. (I don't think the truncation proposed has significant security problems) My recommendation would be that the WG start with draft-hartman-snmp-sha2 as a basis for this work, but that the authors of draft-hmac and draft-hartman work together to make sure that all the best ideas from both proposals make their way into the final product. _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
