Uri Blumenthal asked me to forward his answers below to the list (he is not subscribed).
Johannes -------- Original Message -------- Betreff: Re: [OPSAWG] Call for Adoption: draft-hmac-sha-2-usm-snmp Datum: Mon, 22 Sep 2014 17:19:38 +0000 Von: Blumenthal, Uri - 0558 - MITLL <[email protected]> An: Johannes Merkle <[email protected]> Please feel free to forward my answers (below) to the list. >As Warren asked us to check the option of combining both drafts, I'm not >sure if a general vote for one draft is the >best way forward. > >I would appreciate if all interested parties (incl Tom and David) could >indicate their preference in the following 3 >questions: > >1. Should the protocols be described >a) as "diff" to the previous protocols like done in >draft-hmac-sha-2-usm-snmp, or >b) completely and based on a decription of a generic hmac-based >authentication protocol, as done in draft-hartman? Considering that these protocols comprise an addition to USM, and follow/complement the existing USM approach, it seems reasonable to describe them in a form that you (imprecisely, IMHO) characterize as “diff”. This saves time and space without economizining on clarity. >2. Should the protocols be based on complete or truncated HMACs? Not crucially important, given the size of resulting mac’s, but it seems to make sense to save some real estate on the wire, and to make verification of a lucky guess a bit harder. I am for HMAC truncation. >3. Which (sub)set of protocols (hash function, MAC length) should be >selected? There probably is no doubt that protocols based on SHA-256 and SHA-384 need to be there. SHA-512 might cause some raised brows, as could SHA-224. I still would add them - SHA-512 as SHOULD, and SHA-224 as MAY. How much to truncate - is a good question. For SHA-512 I’d say it’s perfectly OK to truncate half of its output and still be in a good and safe place (who can now envision the need of a 512-bit MAC?). For SHA-256 and SHA-384 I’d consider truncating 64 bits of its output, but would like to hear suggestions (justified) to cut more or less. _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
