IETF Logo Mail Archive

[tcpm] Re: Feedback on draft-ietf-tcpm-tcp-ao-algs-00

"Bonica, Ron" <ronald.bonica@hpe.com> Tue, 28 April 2026 17:42 UTC

Return-Path: <ronald.bonica@hpe.com>
X-Original-To: tcpm@mail2.ietf.org
Delivered-To: tcpm@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 48EE2E4F1AAD; Tue, 28 Apr 2026 10:42:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1777398142; bh=r6oucRFbUapN8q9ERDtwYUR8floqpicrTEBxVw6k7CQ=; h=From:To:CC:Subject:Date:References:In-Reply-To; b=WQ+EueAAjzyhltkaAUE9I1+k4yF64O75ULhNmSw8VzOPzjyExbqlAt5QqetsauSVJ KxFVsgF2X7HYlvUJW0SCzFoYvMsWFvxv9JmuOfUiHu+M5a+KjRqZH2mRpP4V/H0YRX iB3wr3IZsbJBX4mScKVpEeMnEtzI9irdgq6XXgEI=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.794
X-Spam-Level:
X-Spam-Status: No, score=-2.794 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=hpe.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sS2Uz9TU6xQt; Tue, 28 Apr 2026 10:42:19 -0700 (PDT)
Received: from mx0a-002e3701.pphosted.com (mx0a-002e3701.pphosted.com [148.163.147.86]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 9C5DBE4F1AA0; Tue, 28 Apr 2026 10:42:17 -0700 (PDT)
Received: from pps.filterd (m0150242.ppops.net [127.0.0.1]) by mx0a-002e3701.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 63SH39Km3170831; Tue, 28 Apr 2026 17:42:16 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hpe.com; h=cc :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=pps0720; bh=4nKEAymRXIXqfATcjKk6Xkimyj /svgU5AHGJBHmxMHE=; b=gF2CNfgyrue9uSh+dxvphQMN8Bm2I9IHlY7ojw85ad viv4OCpwuM/WxH7vI/wx+M6grai7uw0XZr8LBbKZG6ZeysepkGk6RkFmMsHQZoB3 cA2IfbmRHFWJXm9uFg4MU3iGWbmGfEJCMxDvfN13215dzRauU9o72/3AvXvqtjEA vOCvYEez/5GE2t/C1HgTP0FX72DaYGiVgu1oGyC12s2vZ49OlxM/LpEexCrc4l+R pgyg/ULeCPeXOm0vxyZfawubYZkQVyjdZihVhwipOkSq4lpY2Iuon5D6g7p+hyrY rwFtgIIusQcWnGU22FzK8CsZ/wy4lkFq8yMb9owai+fA==
Received: from p1lg14880.it.hpe.com (p1lg14880.it.hpe.com [16.230.97.201]) by mx0a-002e3701.pphosted.com (PPS) with ESMTPS id 4dtrpxf783-1 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Tue, 28 Apr 2026 17:42:16 +0000 (GMT)
Received: from p1wg14923.americas.hpqcorp.net (unknown [10.119.18.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by p1lg14880.it.hpe.com (Postfix) with ESMTPS id 11001801AD1; Tue, 28 Apr 2026 17:42:16 +0000 (UTC)
Received: from p1wg14927.americas.hpqcorp.net (10.119.18.117) by p1wg14923.americas.hpqcorp.net (10.119.18.111) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Tue, 28 Apr 2026 05:42:15 -1200
Received: from p1wg14919.americas.hpqcorp.net (16.230.19.122) by p1wg14927.americas.hpqcorp.net (10.119.18.117) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17 via Frontend Transport; Tue, 28 Apr 2026 05:42:15 -1200
Received: from DM5PR08CU004.outbound.protection.outlook.com (192.58.206.35) by edge.it.hpe.com (16.230.19.122) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Tue, 28 Apr 2026 05:42:15 -1200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=hkBef2MIfVpE5j5udjBpytbfU6CiFR+eSTbOdhYij6Q7p6M368hZ4OjC/FULTcOBs4FBYA2RGIECfyhv0hkKgVttTVt3rj83SKvIhGAWNGp/WS2n+YC9cLr/JuD28mIazk681NAzLMXu/wU35ZFWJnxIqcwT6s1MNDvjQY2gEH5YD9/ExGTWkdTb+8p/QUwzhbBtZ/SabGufLknNnoTMh52hWiqKoeQrJZ3COUQ0P+XtqQsMy6MseAhvBCZiggTmabEtQVcsO8dw+pmaiOb1Tzj/3aWtBBg/4+c3fi6Pkysn/eyRi0fVB7s8hUW2nnMpuxxBCU5vybmNCgVLd+R2Aw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4nKEAymRXIXqfATcjKk6Xkimyj/svgU5AHGJBHmxMHE=; b=jKZ6mezU+3/a9krPhoSWYvnuHPIbMZJ5eXTRFZo0vHKaiDMuP2RF0zdVyFf2gk5BS2zIXeanEgetJDaiLGP9OOkQb5Jy71fmDBOaAeDbQShOrViQJCW4RSXOmp4817UKzKy46pFROqaChO3lm4+DyB7vg4jYmdVp4Fh8/oUqm/+6dtI08rVlUl94oKC3XRjNwDM1sax52XM0TgX1nrpMxU1Iqmb8HxzZt0oGZ66ygnhfTSK75CCCYj6fX17bvlhZYTg7zs0aEstvbGKSR3TFYH87KJR5OFlKjj+nX7W3KdOnepfdgwgPDK5gyYHs+RelXU/idmvf+9035fdviOouWw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=hpe.com; dmarc=pass action=none header.from=hpe.com; dkim=pass header.d=hpe.com; arc=none
Received: from DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM (2603:10b6:8:51::18) by IA4PR84MB4057.NAMPRD84.PROD.OUTLOOK.COM (2603:10b6:208:554::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9846.26; Tue, 28 Apr 2026 17:42:14 +0000
Received: from DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM ([fe80::f9b2:4189:25fa:bd66]) by DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM ([fe80::f9b2:4189:25fa:bd66%3]) with mapi id 15.20.9846.025; Tue, 28 Apr 2026 17:42:14 +0000
From: "Bonica, Ron" <ronald.bonica@hpe.com>
To: Eric Biggers <ebiggers=40google.com@dmarc.ietf.org>, "Bonica, Ron" <ronald.bonica=40hpe.com@dmarc.ietf.org>
Thread-Topic: [tcpm] Re: Feedback on draft-ietf-tcpm-tcp-ao-algs-00
Thread-Index: AQHc1zLLuhArvynpjUWsoVRlxY49p7X0vZc2
Date: Tue, 28 Apr 2026 17:42:14 +0000
Message-ID: <DM4PR84MB23107B9C52B76D0859820A63F4372@DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM>
References: <20260428065832.GB3813922@google.com> <DM4PR84MB231066C41AAFD689B58D21FFF4372@DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM> <20260428171608.GA42950@google.com>
In-Reply-To: <20260428171608.GA42950@google.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM4PR84MB2310:EE_|IA4PR84MB4057:EE_
x-ms-office365-filtering-correlation-id: b1705050-baec-4fac-80bb-08dea54d7bbe
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|4022899009|376014|56012099003|18002099003|22082099003|38070700021|8096899003;
x-microsoft-antispam-message-info: JTyS6+ypuv+WvWlVfP+VTrmIKfrek4cFbWGKFgddi1wgq8ANAYJ5Mqf6MmQGE6xvMd1yp9OBy8Ujs2Ngecsn1NEQAnxUlw72RNqGMOW499KeXveKuWUZav1Olg/scldbxzgOLJQoCnSPAkL2++CPSMHxXuK25rlgSWublsPAZbQdxXwv707VYUSqz/PK5r78t/xb6DwgIOL6flSNVzcGvSHFrJdBsy4Jt4G3kZ68gOV2B/w5oA2M8LhF0XpxqohP5cwIAhmXxmyAMXmvoOOghK1Lg53/LcWMBLSqwGpK9qAbhCOuhVL39aBgeFviy/59bBoxFl49AeENE3lpY/X+BCkDmDeSVhr2ypaENGHTMGdQdwUnu4ToMgqBpe1qKjNKWEBhvHFsZUqlovnPqSSiPvzV+KYw2ksEWfnQm37YFdo2cAQ2dfWMtiWSzmMLBkfzhYMfewJC11yhCJ+pDnKAlpjOhFk4bKHy9O9cCqCTryrSD3U6lRrtMoOn7Sq2Th0Gk+8L7KFjEmczFgZhkNnnnfJ1ninPJYHGYJ5tQoV4FwV5L3ad+8SLqDT1KyzivMH+2SknOK9VlJN8RsmMm1cMuSqkwJBmQ5v0om8mTPXdFrYjNP1mbuFam63I2/6c7pPW1wtcvmOvRH4pnLE/e1G4pLIAptkNSkqZk/in1Ojfzmn6Z+B/EUxnqx+DZ3iF629U2lL5iTJ3V0hKXcGEhUzWTE0eOB5N/p1KK1tInpbxZkX1kmNw4fkN5IGNk3DiEfxDJe5oiZezgeqsnyAArIl/OZh1uFvSTmVDoKa7TCWb8LBBbIdwgAuIR3otSL2bcOn/
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(4022899009)(376014)(56012099003)(18002099003)(22082099003)(38070700021)(8096899003);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 2KBRdolt8TipPMvpor0gdsPSGqY/QCJd64A11DPHnwONiuk9l7i3JV/8/R6p4aJVh6bP8adSbSPJz50MpaFR5tEZQevVVWijbqzxWkZX562YBzhuRRQx3UIhr3/5lvARQbakeE2O9S99u6fi2+C2NxgYv+JtsMOH+KI9j/WYuGG/mxRmOQ2mlEuuJZUL9IzQL/xKYVO+RjNAP+BbC5UzxMsBDaGh/pNWrzgJOBbYU7pPNDmfsua+tSpAHJWrRPUzd5VZogC2ZA9voYBggSLeYrrQYPUC6WJrnWM+D0EcD73guuo/V62iKdBiMkSfKA411O9sO43myEQ7v1HbjYqqq0dudmzfkDQQ8ehbpdWS70Mo1ffk8wSNZQpOeRMK7GhegomnPd/bGciA5TYyou2GDRwY3bp/Qt/CUPfYUyYrY9IzAQcAEqSUoyC7Pa3yD3TTRcwgeIDBIe4MjJ4g4jAW2+l4JwOjmyZL3qXDwqJ/WIK0/sPH3FobhJsGR1w8fmFJUVxl22R4hZQLtDmWXL30yoeTyHwHHJUzodSIR7Pu26cxxTi9sLuOlzDwaDGKNuMWtjy6SR5JemjQJ/B3yw5mr33m/VdMBg0QoRUeLbzN0gll2SS1RuqQuwlOQFXGLm14QT0Sx74EEWTtOA7A+DnoiwuqluFrQG4KBiUfPM/26M9XAsno/RsJfLugU/fBWQmryE2teFFB4S4UtnlO/GSSuWV5vrnQ9i8fhtErtU8y/hqtB0dLOwbSVHyv/4CG+S7Jdts8t5F4JABl4r4JEwnDyPAi7eTJWE2r7G8megdhtLGmgwUrCd6O7kyZsoIEzH4uts8h8pjlDa4ubIzIwnY2hTqEk1yNJmTFkPA1cIlN6xfHOf3rHv9d7uAqqsMDcEjPCVwm22+xkKclEWvn63QIxiOWz5p/MUOtal8u/dBxb2/EkP5OtOAoRueQdIwI9s3XO3EsT6kkfaV9X4QdmL4U42rweK3vEpcqp12HHFf4s1oDrCROubIVrdl/a7RiTUdeFt9YOTPD9DqdBUFp7ir/ol5d7C8ffB7z9ESbCj36eQcHkeBMZGeql9VVmu+D2a0hnzBbYNFsE3I7PcFAO130jfr2iUMyjKT0qSZ0Z4l9Ow06I7Q7rGwFV0kigWbf3EghzT4860zdiT69YVavj+RYqsg90KAPGdqpS974HAcV+LLHk7PPN8O15boi6LkHNrTWiQkJvVIQEjxSGDCF6X8C4QM6mcpuEl8C4lW5jtnOZ33LbGrTAczqyudFMbrRcMrROjgnddQVWDhzoqWn/RoKcosmUkV+BUTI2iRr12qpCxSMtoFdgz7EI8p3SnQz92+UaD45kvIURhxcJhs0nPrZ/4hitbtaUnZ80oryyUy5zpshFQDeroP7YaEZkerFwJL3G8AT49k0F8sgRyL9eCMl2eMonvKMNPJ231CNTGCafYrzLS6Tl9qoOy1Gl8heh9nMS5fpt8UE1ZfvuJh8DCeKTG9rILeIlyiMHQXJLX5hQhx2u+Wi0MN06ddBVGf493Owj+ChMFURtbXz7YahbfOaBy+CYyIPJiSS+InPZAv8DiWU85g0cBxV7ntG42nEfRfsjePba98WKCkxx6xi9qp3NPjhqiAkShJFoLMEM0o+fPs72nigNE7cukmydBvEPNebWPgiILkB4pS68mv60l9lHYlfIAce4pPsz6cI2ZVFJe/KHSv8Q6Y6TvUtB4WPjmwR
Content-Type: multipart/alternative; boundary="_000_DM4PR84MB23107B9C52B76D0859820A63F4372DM4PR84MB2310NAMP_"
MIME-Version: 1.0
X-Exchange-RoutingPolicyChecked: l4vgJ/mYLRPkgxeszRS1k+vtyne+kQ4as8+iUuU/t/Q21OEK7LpAa3WwmpbWT2trMnUTenFFIOvtzPFYXDI3Fx3y2lKgCN64wyTuh77p8B5/JwHZ3d/uGsWSzAaRDnwwORzM2fxEh4WnMYJnVGSXN3q/liB2vYuIUFt4uHygX2xXYL0gP+35c1+P+k60WFXzroP2iFblaQ3yj96ymp55l3nV+1/U41j7y3E4ZZLh97v12fZUQa/Y/nVKGy5y82COmCVN9JfEHJcYkL7mm/cGW5bd+GpbeS8Us3zHVk/mcvxYeSbigl39U2FzAFsQP1gMIRuiqb3hvA7aT+50Iym4bA==
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: b1705050-baec-4fac-80bb-08dea54d7bbe
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Apr 2026 17:42:14.0181 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 105b2061-b669-4b31-92ac-24d304d195dc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: QhF+bvrCDjsOON1bEkB1jxkZ6ae630yFbR4hBECddtpI+drecPbJsxilvBpjZqTcNNhDmL5DIpIL+4K0xzBxXg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA4PR84MB4057
X-OriginatorOrg: hpe.com
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNDI4MDE3MSBTYWx0ZWRfX/YGlFh4jNz+T O7UpOjoO2EyjjqX4fR/C0BJ5BkSR1s4N6arEjpxdjTFVruP7n7Musma4PIu1gwbjr+B/lfm5PvT glsdLh4doiDcIA+CUXMptp/v0dLO+W+Q7XKSIYnMnC5VekOIZU7evxocSWBwFxGfi7lXmaOobll yBOXUFe+efVFm1x1/wH9NmW6WA5whGSNG172YGwXsqTAzk+4mje1zRkumNomVbdfZ/DFxe5kKh6 3q2EPURpzy6NXk3iPLAvQRehvrCz6M0gzH6DGrGQlhHcsYzRhJWkKDqazCUQ+E4sOmX9iEC5tDy 5h6u6Hab6zy2Y8DQ1s/ENXfmCpbI4dt2Piw+SCGlXfl2aIy32ygvB6sFCVmEYgwVN1RIRyyEKn3 QYi/zlragWomHNEe1jANSIGVYpPLzoOxYbv8fwYJb6FSoCfTl1ATm1A0iGdePYwxCVPeDG74W+V aT1+bNBHdwGWE5QNLHg==
X-Proofpoint-GUID: HLXtHP1bm7apJwQTOhuYLkYhUr7TiBdB
X-Proofpoint-ORIG-GUID: HLXtHP1bm7apJwQTOhuYLkYhUr7TiBdB
X-Authority-Analysis: v=2.4 cv=Qs9uG1yd c=1 sm=1 tr=0 ts=69f0f178 cx=c_pps a=A+SOMQ4XYIH4HgQ50p3F5Q==:117 a=A+SOMQ4XYIH4HgQ50p3F5Q==:17 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=A5OVakUREuEA:10 a=VkNPw1HP01LnGYTKEx00:22 a=gQcMVamqm3wCPoSYhaRC:22 a=J0OTuHAx6l5K1fCpvPfz:22 a=48vgC7mUAAAA:8 a=Kr0OcBA9z1-FtGOv2-cA:9 a=CjuIK1q_8ugA:10 a=Ry_rjjxz9vTZOXwQ:21 a=frz4AuCg-hUA:10 a=_W_S_7VecoQA:10
X-HPE-SCL: -1
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-04-28_05,2026-04-28_01,2025-10-01_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 malwarescore=0 spamscore=0 impostorscore=0 bulkscore=0 phishscore=0 priorityscore=1501 suspectscore=0 clxscore=1015 lowpriorityscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2604200000 definitions=main-2604280171
Message-ID-Hash: VJZIHWUARAQY4LLE6X6Y6Z2CZY7L5FT5
X-Message-ID-Hash: VJZIHWUARAQY4LLE6X6Y6Z2CZY7L5FT5
X-MailFrom: ronald.bonica@hpe.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tcpm.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "tcpm@ietf.org" <tcpm@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [tcpm] Re: Feedback on draft-ietf-tcpm-tcp-ao-algs-00
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/ADRisEb5AY-HAt13-igVTvN_WUs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Owner: <mailto:tcpm-owner@ietf.org>
List-Post: <mailto:tcpm@ietf.org>
List-Subscribe: <mailto:tcpm-join@ietf.org>
List-Unsubscribe: <mailto:tcpm-leave@ietf.org>

Folks,

I would be happy to trim the draft down to 1 KDF (HMAC-SHA236) and one MAC (HMAC-SHA256-128).

Does the WG agree?

                                                         Ron
________________________________
From: Eric Biggers <ebiggers=40google.com@dmarc.ietf.org>
Sent: Tuesday, April 28, 2026 1:16 PM
To: Bonica, Ron <ronald.bonica=40hpe.com@dmarc.ietf.org>
Cc: Eric Biggers <ebiggers=40google.com@dmarc.ietf.org>; tcpm@ietf.org <tcpm@ietf.org>
Subject: [tcpm] Re: Feedback on draft-ietf-tcpm-tcp-ao-algs-00

On Tue, Apr 28, 2026 at 03:23:59PM +0000, Bonica, Ron wrote:
> Eric,
>
> Thanks for the review. I suspect that we will trim the list of proposed algorithms. Version-00 of the draft was just a starting point.
>
> You say:
>
> "I suggest simplifying the proposal to just HMAC-SHA256 for now.  That's the only one that seems like an obvious choice.  Indeed, SHA-256 is the usual replacement for the outdated SHA-1."
>
> Do you mean HMAC-SHA256-128? Or do you really mean HMAC-SHA256?
>
> I propose HMAC-SHA256 in draft-bonica-tcpm-tcp-ao-long-algs<https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-bonica-tcpm-tcp-ao-long-algs/__;!!NpxR!ibHEtcU57NxmKdu5whL8_6s1wUbjBsR7qPAFLrNdke5w3vsAIt5w7fVNN7MW3xVHj_Vg_ZvX7QCqOxUoVyyuWWCBmS3zv_3s$ >. But if we go there, we need to solve the problem identified in TCP Extended Options<https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-bonica-tcpm-extended-options/__;!!NpxR!ibHEtcU57NxmKdu5whL8_6s1wUbjBsR7qPAFLrNdke5w3vsAIt5w7fVNN7MW3xVHj_Vg_ZvX7QCqOxUoVyyuWWCBmVcDn5IJ$ >.

By "HMAC-SHA256-128" you just mean HMAC-SHA256 with the output truncated
to 128 bits, right?  I wasn't implying that you wouldn't need to do that
truncation.  The TCP options header doesn't have enough space for the
full output, after all.

Note that the full HMAC-SHA256 output still must be used in the KDF.

- Eric

_______________________________________________
tcpm mailing list -- tcpm@ietf.org
To unsubscribe send an email to tcpm-leave@ietf.org

v2.43.4 | Report a Bug | By Email | System Status