My understanding of RFC 2786 to support Diffie Hellman key change is as follows:
1. EMS SET to usmDHUserAuthKeyChange and usmDHUserPrivKeyChange to trigger key change
2. Agent generates and publishes DH public nmuber "y" to usmDHUserAuthKeyChange and usmDHUserPrivKeyChange
3. EMS GET usmDHUserAuthKeyChange and usmDHUserPrivKeyChange (obtain "y")
4. EMS calculates own public number "z" and SET "y + z" (concatenation) to usmDHUserAuthKeyChange and usmDHUserPrivKeyChange
5. Agent verifies that the "y" is the same "y" it generated, if yes, accepts "z"
6. Both EMS and Agent generate the shared secret with y and z.
However when i look at the net-snmp implementation of the DH keychange it is a single get and a set instead of 2 sets and get as mentioned above.
snmpusm makes one get and set request. First it sends get on
1. usmDHParameters ( scalar )
2. usmDHUserAuthKeyChange ( with index engineID.username )
3. usmDHUserPrivKeyChange ( with index engineID.username )
and then set on
1. usmDHUserAuthKeyChange ( with index engineID.username )
2. usmDHUserPrivKeyChange ( with index engineID.username )
Want to make sure that if the implementation is correct or not. Is something wrong with my understanding of RFC. Also what triggers the agent to generate it's new public key. Is it the set on usmDHUserAuthKeyChange and usmDHUserPrivKeyChange with new public keys from EMS. If this true how does EMS know the new agent public key since there is no subsequent get.
Manish
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
