SNMPv3 AES Auth Fix

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

SNMPv3 AES Auth Fix

Samuel Warters
The project I work on does extensive SNMPv2c reads from network devices, as part of a PCI requirement, we need to migrate to using SNMPv3. While researching the upgrade path, I stumbled upon this mailing list post: http://erlang.org/pipermail/erlang-questions/2017-June/092546.html, which basically states AES auth is broken. 

Having AES encryption/authentication is a must as many network devices use it. I was wondering has the AES auth fix ever gone out in an official OTP release? Looking at the main OTP source, It doesn't look like it, but I wanted to confirm.

Thanks.
---
Sam

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: SNMPv3 AES Auth Fix

Daniel Goertzen-3
Github says the last work done in that part of the code was 2013, so no.  SNMPv3 agent does work (I use it), but it looks like the manager is still picking the wrong engineid/boots.




On Tue, 10 Apr 2018 at 15:25 Samuel Warters <[hidden email]> wrote:
The project I work on does extensive SNMPv2c reads from network devices, as part of a PCI requirement, we need to migrate to using SNMPv3. While researching the upgrade path, I stumbled upon this mailing list post: http://erlang.org/pipermail/erlang-questions/2017-June/092546.html, which basically states AES auth is broken. 

Having AES encryption/authentication is a must as many network devices use it. I was wondering has the AES auth fix ever gone out in an official OTP release? Looking at the main OTP source, It doesn't look like it, but I wanted to confirm.

Thanks.
---
Sam
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions