INTERNET-DRAFT Steven M. Bellovin draft-ietf-snmpv3-as-00.txt Randy Bush 2001.12.26 AT&T Research Applicability Statement for SNMPv3 Cryptographic Algorithms Copyright (C) The Internet Society (2002). All Rights Reserved. This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. 0. Abstract This document attempts to put in perspective the use of cryptographic algorithms in the Simple Network Monitoring Protocol Version 3 standard. In particular, it notes that today's standard is infinitely more secure than previous versions, as the previous versions had zero security. It further notes that, as cryptographic algorthim developments change over time, we expect that the recommended algorithms will change when the security community has reached new consensus. 1. The Current Standard is Infinitely Better SNMPv1 [RFC1157] and SNMPv2c [RFC1901] SNMP transmitted community strings, analogous to passwords, as cleartext over the internet. This is clearly against common sense as well as the prescription in [RFC2316]. Bellovin & Bush Expires 2002.08.22 [Page 1] INTERNET-DRAFT AS for SNMPv3 Cryptographic Algorithms 2002.02.22 But, we also note that single-DES, as used in the SNMPv3 privacy protocols, is a very old cryptographic algorithm, and cryptographic algorithms do not improve with age [DESCRACK]. Moore's Law means algorithims become more vulnerable to computational attacks over time. And mathematical analysis of any algorithm over time tends to reveal weaknesses previously missed. 2. The Standard Allows for Change Having the foresight to anticipate advances in cryptography, the SNMPv3 standard allows for future additions of new cryptographic algorithms, and even changes in which algorithms are mandatory to implement. 3. Change should be Anticipated While CBC single mode DES is used in the current standard, it is rather old and it is anticipated that the community should expect to see an evolution to AES or some more modern algorithm in the future. HMAC MD5 and HMAC SHA-1, as used in the SNMPv3 authentication protocols, are considered to be the state of the art at the current time, 4. Security Considerations This document is about security, specifically that of the cryptographic algorithms used by SNMPv3. It notes the status and anticipated development of these algorithms, but is not believed to change the security of the SNMPv3 protocol. 5. Acknowledgments Bert Wijnen, Marcus Leech, and Jeff Schiller were instrumental in the development of this document. 6. References [RFC1157] Simple Network Management Protocol (SNMP). J.D. Case, M. Fedor, M.L. Schoffstall, C. Davin. May-01-1990. [RFC1901] Introduction to Community-based SNMPv2. J. Case, K. McCloghrie, M. Rose, S. Waldbusser. [RFC2316] Report of the IAB Security Architecture Workshop. S. Bellovin. Bellovin & Bush Expires 2002.08.22 [Page 2] INTERNET-DRAFT AS for SNMPv3 Cryptographic Algorithms 2002.02.22 April 1998. [DESCRACK] "Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design". J. Gilmore. O'Reilly and Associates. 1998. 7. Authors' Addresses Steven M Bellovin AT&T Shannon Laboratory, Room E-215 180 Park Ave. Bldg. 103 Florham Park, NJ US-07932-0000 +1 973 360 8656 +1 973 360 8077 fax smb@research.att.com Randy Bush 5147 Crystal Springs Bainbridge Island, WA US-98110 +1 206 780 0431 randy@psg.com 8. Full Copyright Statement Copyright (C) The Internet Society (2002). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Bellovin & Bush Expires 2002.08.22 [Page 3]