Hi, We use NetSNMP in our product and we would like to use more up to date algorithms for authorisation and privacy with SNMP v3.
I see RFC3414 from 2002, 'describes the use of HMAC-MD5-96 and HMAC-SHA-96 as the authentication protocols and the use of CBC-DES as the privacy protocol. The User-based Security Model however allows for other such protocols to be used instead of or concurrent with these protocols.' This seems to be the most up to date RFC on security in SNMP v3 but please correct me if I'm wrong. I see from http://www.net-snmp.org/wiki/index.php/Strong_Authentication_or_Encryption (last updated 2011) that work was started on implementing AES192 and 256 in NetSNMP but that it was never supported completely. Is this still the case? Can someone please clarify the current status of AES support in the latest Net SNMP? Is AES128 supported? Is it the case that SHA1 and MD5 are the only supported hash algorithms? Are there currently any plans to implement support for algorithms not specified in the RFC but which are recommended as best practise such as SHA2 given that the USM design allows for this? While NIST SP 800-131A states that SHA1 is acceptable for HMAC applications it is deprecated for signature verification and is legacy use only for generation. See table 9, page 17 of http://csrc.nist.gov/publications/drafts/800-131A/sp800-131a_r1_draft.pdf Thanks, Mark -- ------------------------------ ***** Email confidentiality notice ***** This message is private and confidential. If you have received this message in error, please notify us and remove it from your system. Insider Technologies Limited is a company registered in England and Wales (Company Number: 2352867) and its registered office is at: Spinnaker Court, Chandlers Point, 37 Broadway, Salford Quays, MANCHESTER, United Kingdom, M50 2YR
------------------------------------------------------------------------------
_______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
