[tcpm] Re: Feedback on draft-ietf-tcpm-tcp-ao-algs-00

"Bonica, Ron" <ronald.bonica@hpe.com> Tue, 28 April 2026 15:26 UTC

From: "Bonica, Ron" <ronald.bonica@hpe.com>
To: Eric Biggers <ebiggers=40google.com@dmarc.ietf.org>, "tcpm@ietf.org" <tcpm@ietf.org>
Thread-Topic: [tcpm] Feedback on draft-ietf-tcpm-tcp-ao-algs-00
Thread-Index: AQHc1t0flqYabqOUrkixIDYX2qeh87X0lhl8
Date: Tue, 28 Apr 2026 15:23:59 +0000
Message-ID: <DM4PR84MB231066C41AAFD689B58D21FFF4372@DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM>
References: <20260428065832.GB3813922@google.com>
In-Reply-To: <20260428065832.GB3813922@google.com>
Accept-Language: en-US
Content-Language: en-US
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM4PR84MB2310:EE_|DS0PR84MB3648:EE_
x-ms-office365-filtering-correlation-id: 26886478-61b1-467f-28ae-08dea53a2bf7
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|1800799024|4022899009|376014|38070700021|8096899003|56012099003|22082099003|18002099003;
x-microsoft-antispam-message-info: FBdpQhTdkN1ntOlxWDQOoRB4GHg6C1OuZhoH4B//zQFp5CGEPMa4i1ErLiXsRuCUTb9gfVa7KcU9hMwJSC24L5xRIoJC9AYvEaLxdJY2K1mHWe2LRbVYXikQ/YnD+vdRKsx//KM/mAFuKgEL7mkbOUG5IFiZMZByM84fYjsMv7ZhkNDSflTAn7cYRXWcLBvokcAwx6DLVtfmRwScmk+Oeum4IglyBIWOfhh+UzBBxQsdcqAwn1buJ78nPpFjin6EBEj4J3aS61pvPwkr7KFsPAVLUmdLL+U+6kkiGYWQah8qRH9KgklQhk3fgn6/z1JZPYz6gQ5uKoyluPTcFx1SinbFvacqtQJzlCFeCASmsN8BW29j/VinbjkBZPgWyKUcaYeE+eti9k1TPHcfhotf+SpaaT5LEDpqiNGEGwilCFTUUh3azg+2WJDDqjJKbwXbA0yn0Lkcucw+7cEt867up4pscyiTOKy1bCi6XZs6NpmJwjSRUczIQdrBE6TIFVOzbFru8DJG+qlbGGTMJ976VawfDoTagbioZPWdyhmcY2RkbICe71VKr+UBcnRyu1Zv96gIAeclcSLYYRRhI0jMMls0jWkZc/4KdUfNVIcdXX0sEcM7emwT4TamowtUWENP3haYUD0E/39krXnZv+ftc/snGM7jYuuXla+4cIfnpypC5jt/FStKPE6IcqQhsfBgV4zldehbwRBpi3IR3zojNnxViCZLFjAidb7IykvZTe/bQ8PQb/8Iyo2aYCiXqRSee+wzZOOLzlORd8mko0ObP32XyNiv8OWev433V7FZwQqxE0sVJYHINE3Dp+3YPjBw
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(4022899009)(376014)(38070700021)(8096899003)(56012099003)(22082099003)(18002099003);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: AoT2rDfrHy+RN2MLJsZgYUYcNyyJg8CZTeFobI+cjen66y7Ew8cCwEuSJMb9wqGbSSzIFYXPCXjDid4fYYM8GWXRTIAAaaow18+wSxcls4oC9inK8H8MnOyCp2Q5Bat7wi0SEsiCeIRJEfQy7CRZXrJvd0ATEmmaMo+BF7brGpuuuqmuH+YE1BC7jE41ojCXpaAJ1yLampt2wa0Z0XyBjZ08jrejmyrLcvWRDCqt9kr4UQD72DiHnmyvHI9ehCqK6qPXWXTLCREFR1F2QLzIJUvJYiycMAeeUalre+2dK8YyxHJCbg+jAYVaCHh36UuMDWQUvSpeLgHGwq0ivUGW5Dy+uzHqzS/SbQUNr/3RgVROPecjFw7WrIaN4xE4YD4WdLMajDSy3sZ3c03+338kOwEjESMfMQrMGyvTsg4ECdWsRcdRz2ScS4zYddfm2S61gG1m4a2mliQyKH0oCBrnoRKc/56CxsJH0xGGfsDO6SIWVjNLKpu1gQjWR6BySnon6lPTJhcfHkXudMfWcUh2UPFRpNxjCaEKAnkLXFGSnbjvUdzJU0Dv45c+xXB4qr65RbwiRWd6ipoHlpnrSi+LHiT5Bw4nUr4vOynPNJPUiFZfBU1QbAckNES+ak38C+NblUUk8A+VKmdciO2IK4VshrGAu7pt80C30ASDyzzjrBN2NRiDoHJRL8LiKu4LrF4S7Xo4ZW0YgzqodL7cEoRoAUl9sP8j9G0gcudMeMbdFDYMiFkubQBxAH+wRroiRVGsh2n39clSDr7xfdbcFK3jle6sWB4+WtlN8m7q0EDHrczZAxTuJWOB3y40aFKM73IopIjQGI6D5nJCkKEfNeI5lbaTOZL3Awi9IE1BSWFfAIqV5G5tSDbB/ckaPDpBBaK4mzfNCK1BiELIIZcP3kIboXLBbeJxJBNXGYLZg9GK+VWytbZf9rO3L+5h65EA9kh9iNnzdjQlpYIhFwsKYNCjXc8hNSwAGFZvzDHzS1ZksHgjVQOza8lZxT2WeKbgizroXvf5muZdjRw59JoMQ3trbbzrAxvrA2xULEg1lSpGL/smRf+aa6u88pc9EK2eFuBispI6GCj37hZqroge7GvHHmj8lEna5fMd3iEMvEWA/GUn/eEJ+cjcYN5RB0qWJdaBP7aVuJzc2bZiOMl2qKhNXSo/B7SxeYl1scRwaCvdQsEkrDH5ran0wrdEpKtOJN794N5z/7SoX3DUmpgJQ58USR431O1HLSSH8odfC1boLw8ZOVbyWo09C7o4XAw5KfQjORv0JzVghBIMXDr17lga9HeYKHzzVwZjYPEbLgkkdsjAQs9rQspWjVWIIfxn1shYxugyRAUfe6RLa8MHBlq8rNFF8Wyz+WxFxTXTBlhmHEClFYHwfKEPhpQiAG+YbsCGt6coewFIREEG83lG0z3MV+rLD40xuv5V/ygeJ1qr6Q+osghuLhnAaKHpJfyowpa1NXP9iBWbbrTCUvHA2F1SlU+PnqlmGrkAMKYbzPOhNFUGe0UC8vxqbxZPz1arQY1MCXoU3uFlfHCgijNi/Pzd3PDp60DcIT3uVObkZrQPecvfLzyIi8ngN4y7HX90gNt8D4MegMufpq/TbAT+psg+Fl0j1NE2EImagEqP5e7X5V5wpauoJPCwkrmJkFnrCM1SDKfwDS2cRg8jRooLD+UKYDMr1GwCLjYeOcdajn1Xv9gclJb3wI1AkiJToQNgfV8B
Content-Type: multipart/alternative; boundary="_000_DM4PR84MB231066C41AAFD689B58D21FFF4372DM4PR84MB2310NAMP_"
MIME-Version: 1.0
X-Exchange-RoutingPolicyChecked: TyJcnT5u0LO7KO94XiqFx32YEoeahr+VuJQmWIx7cQZCPizbg8HlXpnQzf+NhVnvbS3uz/T/LNHgmvey5exZbBXB1GWFrIGLnHMwj23nznIr4N3ERqGNuRfSbQB4nTwwf5HTuHQ06o8hdaXv82HSnaplGXcfuL1VtCDkBhJANHoDfZEdfFmxlGUHa4NqQhzKa0OeS4+F7pF0Wbv6F+E0cUVOuBo9GUNR+L6eyvx7MvbiGodMv9nbvRXha3iaTybmqINwBObWJxeC5mqYMoo8gU5oMeWc/ndYPw8OxtW5SaOiBiJV2EnPLqh6Rd/IL8EC8zPT68dU1WEMEA8i5Gc7ew==
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 26886478-61b1-467f-28ae-08dea53a2bf7
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Apr 2026 15:23:59.7421 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 105b2061-b669-4b31-92ac-24d304d195dc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: wUR2w6x0d7dRAZaWo3f4r/epuigVg1OJVqLcn1bm051z8mV7WMi81F+gCrJFqe9FrKPVxrA6NHsd9feNARo1iA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR84MB3648
X-OriginatorOrg: hpe.com
X-Proofpoint-GUID: hadEcDcZxwNVQ2EeWBqWwHMxni_SZIB_
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNDI4MDE0NiBTYWx0ZWRfXwrDcOIOCDY2E HvJwnHvIcx/MOVBuEFpadIt7QMFyQFo7U3JhmTYgKAGAPr+514jL6f2ORxJiW5YRK2YIPEfe8K3 TnKanWbvaIwpD1thUnsR4LBLc+/VnGpx7eogL8yNEs8EeKw5Po7UZo1n6ioyCWp2b0mIvP/08TL iYYOBhvOAAwrGEnU5r+OPgGJezPcEVXx+1luD44Qm1BW82ULBkvEDEicXVpR9ghvltxEAPmzTUv XAhRq1PP1hYLNjMbgdiSk5leaQ5ifIzD/fQJ26LsblDPdWv/RWhKlJLIR/87GHku/vtgZTwV205 DjHW7SgmprVrEcq6rGMphlr3M6nV9G0teudb7pNbgvVKzSBVh1a+K9xA/V1E4P0aKYBcn2XyAhy w0e1Rtb48gBefhmU7ZweKWP86Wg+mLQtzgtsW9toBW9t5wn5WyFc0hckqGLzBrksi++Mk00+4HD 0gOX7NKWOvoihAMDaZw==
X-Proofpoint-ORIG-GUID: hadEcDcZxwNVQ2EeWBqWwHMxni_SZIB_
X-Authority-Analysis: v=2.4 cv=A61c+aWG c=1 sm=1 tr=0 ts=69f0d11a cx=c_pps a=FAnPgvRYq/vnBSvlTDCQOQ==:117 a=FAnPgvRYq/vnBSvlTDCQOQ==:17 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=A5OVakUREuEA:10 a=VkNPw1HP01LnGYTKEx00:22 a=gQcMVamqm3wCPoSYhaRC:22 a=6XKncaru_qjgLvANlS_8:22 a=48vgC7mUAAAA:8 a=b7VWthL0XxUMePueaO8A:9 a=CjuIK1q_8ugA:10 a=D89GmNXoPd9VcNf0:21 a=frz4AuCg-hUA:10 a=_W_S_7VecoQA:10
X-HPE-SCL: -1
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-04-28_04,2026-04-28_01,2025-10-01_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 lowpriorityscore=0 bulkscore=0 impostorscore=0 phishscore=0 suspectscore=0 clxscore=1011 adultscore=0 spamscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2604200000 definitions=main-2604280146
Message-ID-Hash: KBWOEFZ6JRMGW4LWIKMEVGNN423BHY6C
X-Message-ID-Hash: KBWOEFZ6JRMGW4LWIKMEVGNN423BHY6C
X-MailFrom: ronald.bonica@hpe.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tcpm.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [tcpm] Re: Feedback on draft-ietf-tcpm-tcp-ao-algs-00
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/FuWv2ap197iFjYQ9ZVC6w_qzOcE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Owner: <mailto:tcpm-owner@ietf.org>
List-Post: <mailto:tcpm@ietf.org>
List-Subscribe: <mailto:tcpm-join@ietf.org>
List-Unsubscribe: <mailto:tcpm-leave@ietf.org>

Eric,

Thanks for the review. I suspect that we will trim the list of proposed algorithms. Version-00 of the draft was just a starting point.

You say:

"I suggest simplifying the proposal to just HMAC-SHA256 for now.  That's the only one that seems like an obvious choice.  Indeed, SHA-256 is the usual replacement for the outdated SHA-1."

Do you mean HMAC-SHA256-128? Or do you really mean HMAC-SHA256?

I propose HMAC-SHA256 in draft-bonica-tcpm-tcp-ao-long-algs<https://datatracker.ietf.org/doc/draft-bonica-tcpm-tcp-ao-long-algs/>. But if we go there, we need to solve the problem identified in TCP Extended Options<https://datatracker.ietf.org/doc/draft-bonica-tcpm-extended-options/>.

                                                                                                  Ron



________________________________
From: Eric Biggers <ebiggers=40google.com@dmarc.ietf.org>
Sent: Tuesday, April 28, 2026 2:58 AM
To: tcpm@ietf.org <tcpm@ietf.org>
Subject: [tcpm] Feedback on draft-ietf-tcpm-tcp-ao-algs-00

I don't support draft-ietf-tcpm-tcp-ao-algs-00 in its current form.
While adding a new algorithm to TCP-AO would be appropriate, the draft
actually proposes adding six new algorithms.  This will create
fragmentation and difficulty for implementers.

Specific comments on the proposed algorithms:

HMAC-SHA3-256, HMAC-SHA3-384, and HMAC-SHA3-512 are unnecessary.  SHA-3
doesn't require the HMAC construction.  If a SHA-3 based MAC is really
desired, a better choice would be KMAC256.  That would be one algorithm,
not three.  However, this still might not be particularly useful: SHA-3
is very slow on most CPUs, and SHA-2 is still considered secure.

Regarding the SHA-2 offerings: HMAC-SHA256-128, HMAC-SHA384-128, and
HMAC-SHA512-128 are mostly redundant with each other.  They're all part
of the SHA-2 family, and the MAC is being truncated to 128 bits anyway.

SHA-384 and SHA-512 do have higher internal cryptographic strength,
which could provide a small motivation for them.  However, the value of
that seems fairly marginal here, given the MAC truncation.  And either
way, we certainly don't need *both* SHA-384 and SHA-512.

I suggest simplifying the proposal to just HMAC-SHA256 for now.  That's
the only one that seems like an obvious choice.  Indeed, SHA-256 is the
usual replacement for the outdated SHA-1.

It may be reasonable to leave the door open to add HMAC-SHA512 and/or
KMAC256, if they could be strongly motivated.  But please do keep in
mind the costs of fragmentation, interoperability failures, and of
implementers having to implement all these algorithms.

I also suggest bringing this topic to the cfrg
(https://urldefense.com/v3/__https://datatracker.ietf.org/rg/cfrg/about/__;!!NpxR!mLXvbt9EFDrV13n2IrY0E7dVrzxZwExIfG4JTjFx0pWTTrVKpVEgFVodlRpJj7ST0f9PLqv7oEQvizyS3VCawdIRAPqqjw2B$ ) for advice.  There are
many people there who could help choose an appropriate algorithm(s).
They could also help ensure it is used in an appropriate way, including
following current best practices for key derivation which the current
draft appears to overlook.

- Eric

_______________________________________________
tcpm mailing list -- tcpm@ietf.org
To unsubscribe send an email to tcpm-leave@ietf.org

[tcpm] Feedback on draft-ietf-tcpm-tcp-ao-algs-00 Eric Biggers
[tcpm] Re: Feedback on draft-ietf-tcpm-tcp-ao-alg… Bonica, Ron
[tcpm] Re: Feedback on draft-ietf-tcpm-tcp-ao-alg… Eric Biggers
[tcpm] Re: Feedback on draft-ietf-tcpm-tcp-ao-alg… Bonica, Ron
[tcpm] Re: Feedback on draft-ietf-tcpm-tcp-ao-alg… Tony Li
[tcpm] Re: Feedback on draft-ietf-tcpm-tcp-ao-alg… Eric Biggers
[tcpm] Re: Feedback on draft-ietf-tcpm-tcp-ao-alg… Eric Biggers
[tcpm] Re: Feedback on draft-ietf-tcpm-tcp-ao-alg… Bonica, Ron