Add support for SNMPv3 user-based security

[thebodzio]

First of all thank you for your effort put into maintaining this project!

I've got a question regarding your plans for the future. Is there any chance they would include implementing SNMPv3 User-Based Security (RFC 2574) and possibly more of v3? I realize it's not a simple matter, especially in a program focused on such a small footprint, but any extra security is always welcome :}.

I also think that your decision, whatever it may be, would be worth noting somewhere in the project docs (roadmap, perhaps).

Best regards!

[troglobit]

Not at the moment, no, but you're more than welcome to pitch in with a pull request! 😜

Meanwhile, I'll put that restriction in the TODO file and maybe the README 👍

[thebodzio]

Thanks for the reply!

Well… if it wasn't for the “time” (yup, who does have it ;}) I'd love to help that way and, frankly, I simply would've instead of just asking the question ;}.

And thanks for putting an info about the matter—I'm sure it'll be useful!

[spaskalev]

What would be a minimum viable implementation of the SNMP v3 encryption and authentication - support receiving encrypted messages and decrypting them with some credentials ?

As far as I understand from the RFCs the protocol is the same between v2 and v3, just that v3 messages are wrapped around with an authentication and encryption ?

I would like to help with this, any guidance on the spec is highly appreciated :)

[troglobit]

Was waiting for someone else to pitch in here ...

It's almost the same, but you have proper per-user authentication, with an optional OID tree for scoping instead of the whole tree, and the communication is encrypted. So it's a part where you set up users (I'm adding .conf file support right now, so that should be helpful) and another where you need to wrap the transaction using OpenSSL/LibreSSL.