Technical Summary
The current SNMPv3 specifications describe use of DES for security. DES is not secure; it has been deprecated and replaced by AES. This document describes how to use AES with SNMPv3.
Working Group Summary
One obvious way to use AES would be to simply replace "DES" with "AES" and "8" (the block size) with "16". But that would expand the packet even more. This protocol uses CFB mode instead of CBC mode, to prevent packet expansion.
Protocol Quality
This protocol was reviewed for the IESG by Steve Bellovin and Bert Wijnen.