----- Original Message ----- From: "David Reid" <r...@snmp.com> To: "Johannes Merkle" <johannes.mer...@secunet.com> Cc: <opsawg@ietf.org> Sent: Wednesday, November 20, 2013 8:15 PM Subject: Re: [OPSAWG] draft-hmac-sha-256-128-usm-snmp-00
> > >> > > >> The new protocol is a straightforward adaptation of the protocols > > >> HMAC-MD5-96 and HMAC-SHA-96 from RFC 3414 to the SHA-256 based HMAC > > >> with truncation to 128 bits. Comments and suggestions are welcome. > > > > > > Would it be valuable to also add SHA-512? > > > > > > We actually implemented all 4 bit lengths of SHA2. I think that's overkill. > > > But 512 might be valuable. > > > > > > > HMAC-SHA-256-128 already provides a very high level of security. So > > I'm not sure if a SHA-512-based HMAC is really needed. > > That's fine with me. I have not specifically seen demand for 512, but > wasn't sure what the broader market would want. SHA-384 is in Suite B, which is the argument I see advanced on the TLS list for its inclusion in ciphersuites (and which is where I learn most of my security:-( Separately, I have seen it stated that SHA-512 is no better than SHA-384. Tom Petch > > The next thing I'm going to do is to write down the MIB spec. As soon > > as I find time for it... > > OK. I'll be happy to review it when it's ready. > > -David Reid > _______________________________________________ > OPSAWG mailing list > OPSAWG@ietf.org > https://www.ietf.org/mailman/listinfo/opsawg > _______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
