Hi all, Please see my comments between [Danping----->>]...[<<-----Danping].
-----Original Message----- From: Sam Hartman [mailto:[email protected]] Sent: Wednesday, August 27, 2014 4:26 AM To: Warren Kumari Cc: [email protected]; [email protected]; [email protected] Subject: Re: Call for Adoption: draft-hmac-sha-2-usm-snmp Hi. I've reviewed both draft-hartman-snmp-sha2 and draft-hmac-sha-2-usm-snmp. In general, I believe that draft-hartman-snmp-sha2 provides a better starting point for a SHA2 authentication algorithm for USM. draft-hmac-sha-2-usm-snmp provides differences between the MD5 algorithm described in RFC 3414 and the SHa2 algorithm. In general I've found that describing a specification in terms of differences in cases where there is not a clear abstraction present is problematic. It tends to lead to implementation errors by focusing on the steps that are different rather than on all the steps that need to be performed. In this case, I think that we'll tend to see key derivation and to a lesser extent messaging processing errors because of the brief text pointing at these issues. In our draft (draft-hartman), we create an abstraction for an HMAC-based hash authentication in USM and plug sha-2 into that abstraction. I think that's a cleaner approach that will lead to higher implementation quality than the draft-hmac-sha-2-usm-snmp approach. [Danping----->>] Agree. The complexity of implementing the 'draft-hmac' would tend to result in confusions and missing steps related to the key derivation etc. 'draft-hartman' has a better explanation of how the protocol fits into USM and SNMP, as well as a clearer explanation of how the overall system works. It seems that this document is more likely to provide good long-term implementation results. [<<-----Danping] In addition, I'm not convinced that truncating the HMAC is a good idea in this instance. If the WG decides that truncation of the HMAC is desirable, we should add a description of why that's the case and a security discussion. (I don't think the truncation proposed has significant security problems) [Danping----->>] Agree. Although truncation is fairly well analyzed, there are security disadvantages to do it, and I don't really see significant advantages to truncation. I've searched the mailing list about comments on 'draft-hmac', several members who contributed to improve it, still had doubts and confusions on the truncation to various output lengths. [<<-----Danping] My recommendation would be that the WG start with draft-hartman-snmp-sha2 as a basis for this work, but that the authors of draft-hmac and draft-hartman work together to make sure that all the best ideas from both proposals make their way into the final product. [Danping----->>] I support 'draft-hartman' as a basis and a proper direction towards enhancing USM of SNMP. [<<-----Danping] _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
