I am working on an embedded system that should support SNMPv3, and I am wondering how to let the user add new USM? Is it reasonable to let the user add it by SNMP? by HTTPS?
Thanks
Avner
Depends on where you are aiming at with your product:
There are users out there that will only expect to receive some traps from your SNMPv3 device - Those users might not necessarily have access to tooling allowing them to add users via SNMP (or don't want to be bothered with having to install and operate free tooling).
Whether it makes sense to implement a user administration frontpage using HTTPS strongly depends on the amount of muscle your platform has. To me, that sounds a bit heavy-weight.
Most SNMPv3 devices I have come across so far had a simple ssh command-line-based interface for user management, so I would expect that is common practice in the market. Remember, adding users is a one-time activity in most environments.
What you should and must allow in any case is changing users' encryption and authentication keys using the USM MIB - The whole SNMPv3 security concept will cease to be of any value when keys cannot be frequently (ideally, in an automated way) changed.