[SNMP4J] Java9+ required now?

Maayan, Elhanan Elhanan.Maayan at sbdinc.com
Thu Oct 4 07:23:48 CEST 2018 

But snmp4jv3 is still snmp?, we are using a custom binary protocol allready on place with vendors?

Get Outlook for Android<https://aka.ms/ghei36>



From: Frank Fock
Sent: Thursday, October 4, 03:09
Subject: Re: [SNMP4J] Java9+ required now?
To: Maayan, Elhanan
Cc: Jeremy Norris, snmp4j at agentpp.org


*External Message, please be cautious.*
Hi,

As there is already Java 10 available, we do not need to talk about.Java 9 anymore ;-)

DTLS works as expected although the interoperability with OpenSSL DTLS and its NET-SNMP implementation of that was not easy, because NET-SNMP sends some packets in a way the Java DTLS SSLEngine leaves the API user in a state where the SSLEngine documentation lacks information how to continue processing. I figured it out finally, but it was not straight forward.

Nevertheless, DTLS works fine. With Java 10, the implementation seems to have improved further regarding error handling and debugging.
If you need encryption on UDP, then why not using plain SNMPv3? Its handshake and privacy is much faster and uses much less bandwidth than using (unoptimised) DTLS.
With DTLS you should reduce the number of offered algorithms to a minimum on both communication ends to reduce handshake packet sizes.
But even then, SNMPv3 is more lightweight.
DTLS advantage is using certificate chains. If you do not already have them in place, plain SNMPv3 over UDP would be the better choice.

Best regards,
Frank

On 2. Oct 2018, at 11:11, Maayan, Elhanan <Elhanan.Maayan at sbdinc.com<mailto:Elhanan.Maayan at sbdinc.com>> wrote:

Hi, I'd like to "hijack" this thread, if it's ok, and ask a few questions about DTLS

We have a java app that communicates with device over UDP, with custom binary protocol, and we are considering a few options on how to encrypt them.

One of them was DTLS, but this was rejected, because of several reasons.

1. DTLS was only recently inserted into java, so we don't really know how stable it is
2. the java implementation, still leaves you with a lot of "low level" implementation like message ordering, (I'm not sure if this can be handled on any other level with UDP and DTLS)
3. java 9 itself is considered broken, eol, and on top of that migrating to it , extremely problematic , I suspect many organizations won't go for it due to those reasons.


How hard was it to integrate DTLS? Have you considered other options?

More information about the SNMP4J mailing list