Sam Hartman wrote on 26.08.2014 22:26: > I've reviewed both draft-hartman-snmp-sha2 and > draft-hmac-sha-2-usm-snmp. > > In general, I believe that draft-hartman-snmp-sha2 provides a better > starting point for a SHA2 authentication algorithm for USM.
In general, I would have no objections with this proposal (saves me some work, I guess) - if your draft really was a better starting point. However, I do not agree with this. > > draft-hmac-sha-2-usm-snmp provides differences between the MD5 algorithm > described in RFC 3414 and the SHa2 algorithm. > > In general I've found that describing a specification in terms of > differences in cases where there is not a clear abstraction present is > problematic. It tends to lead to implementation errors by focusing on > the steps that are different rather than on all the steps that need to > be performed. > The purpose of our delta-description was to make clear that the basic protocol design of RFC 3414 does not change (only the hash function and the lengths of some data) and to facilitate implementation. Existing implementations of the RFC 3414 auth protocols can be easily modified. No need to implement the protocol from scratch. In contrast, your description is very different from that in RFC 3414. So an implementor would need to re-implement the protocol from your description. I don't see why this should be less error-prone. But I am open to the approach of providing both types of description. > > In addition, I'm not convinced that truncating the HMAC is a good idea Many well-reputed cryptographers (e.g. Preneel and van Oorschot) advocate HMAC truncation. Could you please elaborate on why you think that truncation is not a good idea? > in this instance. If the WG decides that truncation of the HMAC is > desirable, we should add a description of why that's the case and a > security discussion. (I don't think the truncation proposed has > significant security problems) We have included a detailed discussion in Security Considerations. > > My recommendation would be that the WG start with > draft-hartman-snmp-sha2 as a basis for this work, but that the authors > of draft-hmac and draft-hartman work together to make sure that all the > best ideas from both proposals make their way into the final product. > I suggest that others on the list speak up and declare their preference. -- Johannes _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
