t.petch wrote on 25.09.2014 18:42: > A month on, what is the WG chairs take on this?
Good question. Even more time has passed by now. Maybe it helps, if I summarize the results of my poll. Hereby, I assume that the authors of the two drafts prefer their respective approach (a presumption, I can confirm for draft-hmac-sha-2-usm-snmp). Question 1: Should the protocols be described a) as "diff" to the previous protocols like done in draft-hmac-sha-2-usm-snmp, or b) completely and based on a description of a generic hmac-based authentication protocol, as done in draft-hartman? Result: a) is preferred by the authors of draft-hmac-sha-2-usm-snmp, and by David Reid, Tom Petch, Uri Blumenthal b) is preferred by the authors of draft-hartman-snmp-sha2. Question 2: Should the protocols be based on complete or truncated HMACs? - complete is preferred by the authors of draft-hartman-snmp-sha2. - truncated is preferred by the authors of draft-hmac-sha-2-usm-snmp, and by David Reid, Tom Petch, Uri Blumenthal Question 3: Which (sub)set of protocols (hash function, MAC length) should be selected? - Johannes: SHA-256-192 as MUST, SHA-512-256 as SHOULD, all other can be MAY or omitted. - Uri: SHA-256-192 and SHA-384-320 as MUST, SHA-512-256 as SHOULD, and SHA-224-??? as MAY - Tom: AFAIU, he agrees with the preferences expressed by David, Johannes and Uri. - David: SHA-256-192 and SHA-512-384. (In all the above cases, the preferences were not that strong, there was mainly the wish to reduce the number of protocols in the current draft.) - Again, I assume, that the authors of draft-hartman-snmp-sha2 prefer their proposals. The preferences are clearly split between two groups, the authors of draft-hartman-snmp-sha2 on one side, the authors of draft-hmac-sha-2-usm-snmp, David Reid, Tom Petch, and Uri Blumenthal on the other. I don't see any potential compromise here. My proposal, which is clearly biased due to my role as author, is to continue with draft-hmac-sha-2-usm-snmp and to shorten the list of protocols, e.g. to usmHMAC192SHA256AuthProtocol as MUST usmHMAC384SHA512AuthProtocol as SHOULD usmHMAC256SHA384AuthProtocol and usmHMAC128SHA224AuthProtocol as MAY In these proposals the truncation is reduced to 25% which is in line with the preferences expressed by Uri and David, and may even reduce the concerns of the authors of draft-hartman-snmp-sha2 about truncation. So, chairs, what is your decision? Johannes > > Tom Petch > > ----- Original Message ----- > From: "Warren Kumari" <[email protected]> > To: "[email protected]" <[email protected]>; > <[email protected]> > Sent: Wednesday, August 27, 2014 8:11 PM >> >> Scott and I just chatted about this. >> We see that there is interest in this topic, we think it is an >> important topic, and we would like to adopt /a/ document that >> addresses this. >> >> We'd appreciate it if the authors of draft-hmac-sha-2-usm-snmp and >> draft-hartman-snmp-sha2 can discuss how to move forward, possibly by >> combining the documents into one, or selecting one and folding in >> comments from the other. >> >> Again, we think that this is an important topic, and would like to get >> the best possible document adopted. >> >> Warren and Scott. >> >> >> >> On Mon, Aug 11, 2014 at 5:28 PM, Warren Kumari <[email protected]> > wrote: >>> Dear OpsAWG WG, >>> >>> This starts a Call for Adoption for draft-hmac-sha-2-usm-snmp. >>> >>> The draft is available here: >>> https://datatracker.ietf.org/doc/draft-hmac-sha-2-usm-snmp/ >>> >>> Please review this draft to see if you think it is suitable for >>> adoption by OpsAWG, >>> and comments to the list, clearly stating your view. >>> >>> Please also indicate if you are willing to contribute text, review, > etc. >>> >>> This call for adoption ends Mon 25-Aug-2014. >>> >>> In addition, to satisfy RFC 6702 ("Promoting Compliance with >>> Intellectual Property Rights (IPR)"): >>> If you are personally aware of any IPR that applies to >>> draft-hmac-sha-2-usm-snmp, has this IPR been disclosed in compliance >>> with IETF IPR rules? (See RFCs 3979, 4879, 3669, and 5378 for more >>> details.) >>> >>> >>> >>> Thanks, >>> Warren Kumari >>> (as OpsAWG WG co-chair) >> >> >> > > _______________________________________________ > OPSAWG mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/opsawg > > _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
