Some more stray thoughts, having now read it all (but not followed up the details of HMAC-SHA-2 - too gory).
s4.2.1 step 2 uses RFC6234 in a way that I think must make it a Normative reference. RFC6234 is not Standards Track but that is ok, it is already in the list of IESG permitted downrefs (does that need calling out at IETF Last Call?) s9.1 /apply the use /apply to the use / s9.2 is it the length of the key that gives it strength or its entropy? Is abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd0004 really stronger than !qaurk/99SS~ ? I look at RFC5310 here (although there may be something more recent and better). s9.4 refers to OBJECTS, but there aren't any, only IDENTITY so I think that s9.4 should reflect that (lest it confuses, or am I confused having missed an OBJECT somewhere?) Tom Petch ----- Original Message ----- From: "t.petch" <[email protected]> To: "Warren Kumari" <[email protected]>; "Johannes Merkle" <[email protected]> Cc: <[email protected]>; "Scott Bradner" <[email protected]> Sent: Tuesday, January 27, 2015 6:09 PM > I think that there are still some glitches (and I have yet to finish > reading it). > > The names used for the four protocols are not consistent within the > document. Following RFC3414, I think that including Auth is correct. > > Updates to this registry requires a Standards Track document which this > is not. > > MIB Module copyright is 2004 > > Does this document update RFC3414? It adds to the registry that that > RFC created which some ADs say is NOT an update, some ADs say it IS an > update; I think that we need guidance here (the update by RFC5590 of > RFC3414 is a whole different ball game). > > Tom Petch > > ----- Original Message ----- > From: "Warren Kumari" <[email protected]> > To: "Johannes Merkle" <[email protected]> > Cc: <[email protected]>; "Scott Bradner" <[email protected]> > Sent: Friday, January 16, 2015 9:21 P > > > > Yup, please revise the document to address David's comment. > > > > There was a fair bit of discussion around this document before it was > > adopted, and so it did get a fair bit of review then, but some more > > would be even better... We could get that at LC, but getting that > > before WGLC would be nicer -- so, can some folk please volunteer to > > review? > > > > If we don't get any volunteers in the next week or two we'll force the > > issue by going to LC... so, y'all can read it now, or you can read it > > later. Now would be better :-) > > > > W > > > > > > > > On Thu, Jan 15, 2015 at 5:19 AM, Johannes Merkle > > <[email protected]> wrote: > > > Warren, Scott, > > > > > > just one comment was received on the new draft (from David). Shall I > revise the document accordingly and resubmit so > > > that we can go for LC? > > > > > > Johannes > > > > > > > > > [email protected] schrieb am 12.12.2014 um 23:30: > > >> > > >> A New Internet-Draft is available from the on-line Internet-Drafts > directories. > > >> This draft is a work item of the Operations and Management Area > Working Group Working Group of the IETF. > > >> > > >> Title : HMAC-SHA-2 Authentication Protocols in > USM for SNMP > > >> Authors : Johannes Merkle > > >> Manfred Lochter > > >> Filename : > draft-ietf-opsawg-hmac-sha-2-usm-snmp-00.txt > > >> Pages : 13 > > >> Date : 2014-12-12 > > >> > > >> Abstract: > > >> This memo specifies new HMAC-SHA-2 authentication protocols for > the > > >> User-based Security Model (USM) for SNMPv3 defined in RFC 3414. > > >> > > >> > > >> The IETF datatracker status page for this draft is: > > >> > https://datatracker.ietf.org/doc/draft-ietf-opsawg-hmac-sha-2-usm-snmp/ > > >> > > >> There's also a htmlized version available at: > > >> http://tools.ietf.org/html/draft-ietf-opsawg-hmac-sha-2-usm-snmp-00 > > >> > > >> > > >> Please note that it may take a couple of minutes from the time of > submission > > >> until the htmlized version and diff are available at > tools.ietf.org. > > >> > > >> Internet-Drafts are also available by anonymous FTP at: > > >> ftp://ftp.ietf.org/internet-drafts/ > > >> > > >> _______________________________________________ > > >> OPSAWG mailing list > > >> [email protected] > > >> https://www.ietf.org/mailman/listinfo/opsawg > > >> > > >> > > > > > > > > > > > > > > -- > > I don't think the execution is relevant when it was obviously a bad > > idea in the first place. > > This is like putting rabid weasels in your pants, and later expressing > > regret at having chosen those particular rabid weasels and that pair > > of pants. > > ---maf > > > > _______________________________________________ > > OPSAWG mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/opsawg > > _______________________________________________ > OPSAWG mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/opsawg _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
