[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Key Managment Query/Comments...

To: atkinson@itd.nrl.navy.mil
Subject: Re: Key Managment Query/Comments...
From: kasten@ftp.com (Frank Kastenholz)
Date: Wed, 13 Oct 93 14:41:25 -0400
Cc: glenn@sloth.ncsl.nist.gov, ipsec@ans.net
Reply-To: kasten@ftp.com

 > % As for algorithm independence, SNMPv2 (in RFC 1446) does adhere
 > % to algorithm independence.  For the sake of interoperability it
 > % "suggests" the use of DES, but DES is not required (just as MD5 is
 > % suggested but not required for integrity).
 > 
 > It is not clear to me that this really is so.  
 > 
 > Could you please give an example where DES could be replaced by some 
 > arbitrary algorithm "FOO" throughout SNMPv2 and yet that implementation 
 > could be said to fully conform/comply with the SNMPv2 specs and not have 
 > extended the SNMP MIBs, administrative structure, (etc) or changed them 
 > in some manner ?
 > 
 > That would greatly help.

The encryption and authentication algorithms that are in use for a
specific pair of SNMPv2 parties (basically, parties are the two sides of
a particular SNMP communication) are identified in the configuration
MIBs by ASN.1 Object Identifiers (OIDs), which are tree structured numbers that
provide distributed assignmenty authority -- similar to domain names.

So, FTP Software could develop its own special encryption algorithm and
assign an OID out of our proprietary subtree to identify that algorithm.
Then, presumably, our code -- both manager and agent -- would support that
algorithm; as would anyone else's code IF they wish to do the
development. So, nodes that support our special encryption algorithm
could be configured, within the SNMP management framework, to use that
algorithm.

Finally, if someone attempts to configure some node that does not
support our algorithm to use it, the node would give a well-known error
message back to the manager station.


In short, the use of any specific algorithm (other than NONE) is not
mandated by the SNMPv2 protocols. The protocols define a standard method
to define, identify, configure, and use (i.e. encode packets) any
algorithm you wish. The standards DO pre-define one encryption and one
authentication algorithm (DES and MD5).

--
Frank Kastenholz
FTP Software
2 High Street
North Andover, Mass. USA 01845
(508)685-4000

Prev by Date: Re: Key Managment Query/Comments...
Next by Date: Re: Key Managment Query/Comments...
Prev by thread: Re: Key Managment Query/Comments...
Next by thread: Re: Key Managment Query/Comments...
Index(es):
- Main
- Thread