Current implementation of this Add method allows for multiple UsmSecurityParameters to be associated with the same userName. This approach seems to offer some interesting flexibility. However, I'm keen to understand the specific scenarios or requirements that led to this design choice.

In light of the specifications outlined in RFC 3414, particularly the one-to-one relationship between userName and securityName, The RFC suggests that each userName should correspond to a unique set of security parameters. Were you aware of this?

If all reviewers eventually decide this behavior is OK we could perhaps log the specific occurrence where we append SP's to an existing userName, but lets not get ahead of things yet.

i did know about the specifications outlined in rfc 3414 - for my use case (for my team) we wanted to reduce the overhead of requiring those wanting to set up a listener of traps for multiple devices (and thus multiple securityNames/engine IDs) and reducing friction that way.

if we followed the unique set of security parameters per key of username/security name it would definitely not need the for loop to try each credential (as there would only be one possible one)

there could be the possibility of supporting that by changing the getIdentifier to return the username/securityName combo to follow the RFC guidelines, but maybe we can discuss further if we want to support both or have a strong opinion (for strictly following the RFC or the current path forward)

also (a tangent), i was curious about the gosnmp struct's contextEngineId - what should expected to be populated here? i might have missed something but i don't see it used very often beyond when snmp packets are made / should the informs be using that to discover the engine ID?

after talking w/ a coworker: maybe there can be some configuration based on however the user wants to set up:

• if a security parameter is added with the authoritative engine ID then getIdentifier will return both username / security name
• otherwise, it will defer to only adding the key as the username

for flexibility between both.

what do you think?

Sorry for slow replies. I'm sick and not really up for code(review) at this very moment but let's try:

My main point was that I'm a proponent to be verbose when appending multiple security parameters for the same userName, As that behavior is not specifically outlined in the RFC as best-practice nor requirement. Please log the occurrence.

What confuses me about the current implementation of the UsmSecurityParameters struct is that we seem to mix some Engine and User configs. This was never a problem but becomes confusing now that we allow multiple sec params to be defined by this code. Also the fact that we need to define 4 loggers in the example code convinces me that this implementation needs some care. If this would block your PR it would need to become a TODO item so that we can think and discuss this in a separate issue?

@SuperQ @Hipska what do you think about last mentioned item?

I have no further opinion on this.

I addressed some of the logging concerns with my latest commit, let me know your thoughts on that aspect of your feedback!

As for the mixing of engine / user configs - I just want to clarify: that would be around the engine ID, engine boots, engine time and username (as well as if they've configured authentication / privacy protocols)?