mini-snmpd

mini-snmpd copied to clipboard

First of all thank you for your effort put into maintaining this project!

I've got a question regarding your plans for the future. Is there any chance they would include implementing SNMPv3 User-Based Security (RFC 2574) and possibly more of v3? I realize it's not a simple matter, especially in a program focused on such a small footprint, but any extra security is always welcome :}.

I also think that your decision, whatever it may be, would be worth noting somewhere in the project docs (roadmap, perhaps).

Best regards!

Not at the moment, no, but you're more than welcome to pitch in with a pull request! 😜

Meanwhile, I'll put that restriction in the TODO file and maybe the README 👍

Thanks for the reply!

Well… if it wasn't for the “time” (yup, who does have it ;}) I'd love to help that way and, frankly, I simply would've instead of just asking the question ;}.

And thanks for putting an info about the matter—I'm sure it'll be useful!

What would be a minimum viable implementation of the SNMP v3 encryption and authentication - support receiving encrypted messages and decrypting them with some credentials ?

As far as I understand from the RFCs the protocol is the same between v2 and v3, just that v3 messages are wrapped around with an authentication and encryption ?

I would like to help with this, any guidance on the spec is highly appreciated :)

Was waiting for someone else to pitch in here ...

It's almost the same, but you have proper per-user authentication, with an optional OID tree for scoping instead of the whole tree, and the communication is encrypted. So it's a part where you set up users (I'm adding .conf file support right now, so that should be helpful) and another where you need to wrap the transaction using OpenSSL/LibreSSL.