On Mon, Nov 24, 2014 at 1:50 PM, David Reid <[email protected]> wrote: > Is there any progress on this? >
Wow. Yes, sorry, there is... We mentioned in the face to face meeting at IETF91 that we would be adopting draft-hmac-sha-2-usm-snmp (and thanking Sam et al. for supporting this decision) - however, we never actually sent the "Dear authors, please resubmit draft-hmac-sha-2-usm-snmp as draft-ietf-opsawg-hmac-sha-2-usm-snmp"[0]. So, dear authors, please resubmit as.. etc. Also, thanks to the authors of draft-hartman-snmp-sha2 and draft-hmac-sha-2-usm-snmp, and the WG participants for all of their work and input on this. W [0]: I took the week after IETF off as vacation, then looked at the unread email and have been hiding under the covers ever since, hoping it might all just disappear... > I like the proposal from Johannes to continue with draft-hmac-sha-2-usm-snmp > and to shorten the list of protocols. > > -David Reid > >> > A month on, what is the WG chairs take on this? >> >> Good question. Even more time has passed by now. >> >> Maybe it helps, if I summarize the results of my poll. Hereby, I assume that >> the authors of the two drafts prefer their >> respective approach (a presumption, I can confirm for >> draft-hmac-sha-2-usm-snmp). >> >> Question 1: Should the protocols be described >> a) as "diff" to the previous protocols like done in >> draft-hmac-sha-2-usm-snmp, or >> b) completely and based on a description of a generic hmac-based >> authentication protocol, as done in draft-hartman? >> >> Result: >> a) is preferred by the authors of draft-hmac-sha-2-usm-snmp, and by David >> Reid, Tom Petch, Uri Blumenthal >> b) is preferred by the authors of draft-hartman-snmp-sha2. >> >> Question 2: Should the protocols be based on complete or truncated HMACs? >> - complete is preferred by the authors of draft-hartman-snmp-sha2. >> - truncated is preferred by the authors of draft-hmac-sha-2-usm-snmp, and by >> David Reid, Tom Petch, Uri Blumenthal >> >> Question 3: Which (sub)set of protocols (hash function, MAC length) should >> be selected? >> - Johannes: SHA-256-192 as MUST, SHA-512-256 as SHOULD, all other can be MAY >> or omitted. >> - Uri: SHA-256-192 and SHA-384-320 as MUST, SHA-512-256 as SHOULD, and >> SHA-224-??? as MAY >> - Tom: AFAIU, he agrees with the preferences expressed by David, Johannes >> and Uri. >> - David: SHA-256-192 and SHA-512-384. >> (In all the above cases, the preferences were not that strong, there was >> mainly the wish to reduce the number of >> protocols in the current draft.) >> - Again, I assume, that the authors of draft-hartman-snmp-sha2 prefer their >> proposals. >> >> The preferences are clearly split between two groups, the authors of >> draft-hartman-snmp-sha2 on one side, the authors of >> draft-hmac-sha-2-usm-snmp, David Reid, Tom Petch, and Uri Blumenthal on the >> other. I don't see any potential compromise >> here. >> >> My proposal, which is clearly biased due to my role as author, is to >> continue with draft-hmac-sha-2-usm-snmp and to >> shorten the list of protocols, e.g. to >> usmHMAC192SHA256AuthProtocol as MUST >> usmHMAC384SHA512AuthProtocol as SHOULD >> usmHMAC256SHA384AuthProtocol and usmHMAC128SHA224AuthProtocol as MAY >> >> In these proposals the truncation is reduced to 25% which is in line with >> the preferences expressed by Uri and David, >> and may even reduce the concerns of the authors of draft-hartman-snmp-sha2 >> about truncation. >> >> >> So, chairs, what is your decision? >> >> Johannes >> -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
