Need AES-256 added as option for Privacy Protocol for Discovery Profiles in CAPC
Our company decided the standard they would use for SNMP V3 is SHA1 with AES-256 encryption, current options only support AES-128.
We plan to support polling and trap based notifications via SNMPv3 with an 'AES 256 with 3DES key extension' privacy protocol option in our upcoming 3.5 release. Check out the recording of our last CA PM 3.5 end of sprint demo to see an example of how to configure an SNMP Profile with this new privacy protocol.
The engineering team has begun looking into this request and has raised a question about which flavor of SNMPv3 AES 256 privacy protocol encryption is needed.
There are two flavors we're aware of:
1) AES 256 in CFB mode – see https://tools.ietf.org/html/draft-blumenthal-aes-usm-04
2) AES 256 with 3DES key extension – see https://tools.ietf.org/html/draft-reeder-snmpv3-usm-3desede-00e
Spectrum currently supports option #2, so I suspect that is what folks are looking for, but I don't want to make that assumption and possibly miss the mark.
In case these IETF draft descriptions aren’t enough to determine which flavor is needed, the engineering team has created a command line tool that can be used to test each method against one or more of their network devices to see which one responds. If anyone is interested in trying this just email me (Matthew.Stormann@ca.com) and I'll send it to you.
Appreciate any help.