On Wed, Dec 03, 2014 at 10:00:16AM +0000, Hedanping (Ana) wrote: > > Hacker communities have mentioned the current key localization method as a > loophole, and plan to submit it to CVE. >
[..] > > Hence why don't we change the key localization algorithm together with > authentication method and enhance the SNMP to a better security level, and > most importantly with interoperability? > There seems to be some confusion here. The key localization used in RFC 3414 has nothing to do with the password-to-key transformation. It can be applied to keys that are not derived from a password. /js -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany Fax: +49 421 200 3103 <http://www.jacobs-university.de/> _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
