On Wed, 18 Jul 2012 16:51:27 +0200, Mike Belopuhov <m...@crypt.org.ru> wrote:
On Wed, Jul 18, 2012 at 4:16 PM, Gerhard Roth wrote:
same here, wouldn't it be possible to match the ipsec.conf grammar and
ignore the SNMPv3 naming a bit?
auth hmac-sha1 authkey "fooobar" enc aes enckey "dkjdkj"
- instead of -
hmac sha authpass "foobar" cipher aes privpass "dkjdkj"
or maybe authpass and encpass, but what does "priv" mean.
So instead of
user <name> [authpass <pass> hmac [MD5|SHA]] \
[privpass <pass> cipher [DES|AES]]
let's use
user <name> [hmac-[md5|sha1] authkey <key>] \
[enc [des|aes] enckey <key>]
Is that ipsec.conf like enough?
why weren't all the other _priv instances renamed to _encr?
is there any value in keeping SNMP_MSGFLAG_PRIV and such around?
uu_privkey looks a bif of an alien alongside uu_authkey.
I agree with Reyk that the configuration of snmpd should be possible
to anyone who has not read all the SNMPv3 RFCs.
OTOH, shouldn't the code somehow reflect which part of the RFCs
it implements? Otherwise its hard to understand whats happening.
And unfortunately the RFCs use the word "priv" or "privacy" consistenly
instead of "encryption".
Gerhard
