Is there any progress on this? I like the proposal from Johannes to continue with draft-hmac-sha-2-usm-snmp and to shorten the list of protocols.
-David Reid > > A month on, what is the WG chairs take on this? > > Good question. Even more time has passed by now. > > Maybe it helps, if I summarize the results of my poll. Hereby, I assume that > the authors of the two drafts prefer their > respective approach (a presumption, I can confirm for > draft-hmac-sha-2-usm-snmp). > > Question 1: Should the protocols be described > a) as "diff" to the previous protocols like done in > draft-hmac-sha-2-usm-snmp, or > b) completely and based on a description of a generic hmac-based > authentication protocol, as done in draft-hartman? > > Result: > a) is preferred by the authors of draft-hmac-sha-2-usm-snmp, and by David > Reid, Tom Petch, Uri Blumenthal > b) is preferred by the authors of draft-hartman-snmp-sha2. > > Question 2: Should the protocols be based on complete or truncated HMACs? > - complete is preferred by the authors of draft-hartman-snmp-sha2. > - truncated is preferred by the authors of draft-hmac-sha-2-usm-snmp, and by > David Reid, Tom Petch, Uri Blumenthal > > Question 3: Which (sub)set of protocols (hash function, MAC length) should be > selected? > - Johannes: SHA-256-192 as MUST, SHA-512-256 as SHOULD, all other can be MAY > or omitted. > - Uri: SHA-256-192 and SHA-384-320 as MUST, SHA-512-256 as SHOULD, and > SHA-224-??? as MAY > - Tom: AFAIU, he agrees with the preferences expressed by David, Johannes and > Uri. > - David: SHA-256-192 and SHA-512-384. > (In all the above cases, the preferences were not that strong, there was > mainly the wish to reduce the number of > protocols in the current draft.) > - Again, I assume, that the authors of draft-hartman-snmp-sha2 prefer their > proposals. > > The preferences are clearly split between two groups, the authors of > draft-hartman-snmp-sha2 on one side, the authors of > draft-hmac-sha-2-usm-snmp, David Reid, Tom Petch, and Uri Blumenthal on the > other. I don't see any potential compromise > here. > > My proposal, which is clearly biased due to my role as author, is to continue > with draft-hmac-sha-2-usm-snmp and to > shorten the list of protocols, e.g. to > usmHMAC192SHA256AuthProtocol as MUST > usmHMAC384SHA512AuthProtocol as SHOULD > usmHMAC256SHA384AuthProtocol and usmHMAC128SHA224AuthProtocol as MAY > > In these proposals the truncation is reduced to 25% which is in line with the > preferences expressed by Uri and David, > and may even reduce the concerns of the authors of draft-hartman-snmp-sha2 > about truncation. > > > So, chairs, what is your decision? > > Johannes > _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
