----- Original Message ----- From: "Zhangdacheng (Dacheng)" <[email protected]> To: "Hedanping (Ana)" <[email protected]>; <[email protected]> Cc: <[email protected]> Sent: Saturday, November 29, 2014 3:59 AM
> Let me help clarify Danping's point. > > We found there was a problem in the localization algorithm, but we are not sure whether this issue is worthwhile for us to address, or the effort of addressing this issue is out of scope of the SNMP specification. So, we raise this question here, and hope to get comments or suggestions. The new algorithm that you propose seems to offer very little improvement. You suggest that after replicating the password, you then add the password length in the last four octets to bring the length up to 64 octet. This seems to add very little entropy. Also, an 8 character string, containing upper case, lower case, digit and extended punctuation would have been regarded as too weak many years ago and we should not be documenting such an approach now. Again, anyone who uses a password based system and does not have a extra module to ensure that passwords meet current standards deserves all the security breaches they get! Tom Petch > > Cheers > > Dacheng > > > -----Original Message----- > > From: OPSAWG [mailto:[email protected]] On Behalf Of Hedanping > > (Ana) > > Sent: Saturday, November 29, 2014 10:52 AM > > To: [email protected] > > Cc: [email protected] > > Subject: [OPSAWG] FW: New Version Notification for > > draft-du-opsawg-snmp-key-localization-00.txt > > > > Dear all, > > We find a security problem in the current SNMP key localization algorithm, but > > we are not sure whether IETF is the right place to improve it. The draft is > > submitted and comments are appreciated. > > > > A new version of I-D, draft-du-opsawg-snmp-key-localization-00.txt > > has been successfully submitted by Danping He and posted to the IETF > > repository. > > > > Name: draft-du-opsawg-snmp-key-localization > > Revision: 00 > > Title: A New Algorithm for SNMP Key Localization > > Document date: 2014-11-28 > > Group: Individual Submission > > Pages: 4 > > URL: > > http://www.ietf.org/internet-drafts/draft-du-opsawg-snmp-key-localizatio n-00. > > txt > > Status: > > https://datatracker.ietf.org/doc/draft-du-opsawg-snmp-key-localization/ > > Htmlized: > > http://tools.ietf.org/html/draft-du-opsawg-snmp-key-localization-00 > > > > > > Abstract: > > This draft discusses a security issue with the algorithm for > > generating SNMP localized keys and introduce a new algorithm to > > address this problem. > > > > > > Regards, > > Ana (Danping) _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
