IETF Logo Mail Archive

[tcpm] Re: draft-ietf-tcpm-tcp-ao-algs

"Bonica, Ron" <ronald.bonica@hpe.com> Tue, 05 May 2026 13:42 UTC

Return-Path: <ronald.bonica@hpe.com>
X-Original-To: tcpm@mail2.ietf.org
Delivered-To: tcpm@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id E50A1E945E38 for <tcpm@mail2.ietf.org>; Tue, 5 May 2026 06:42:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1777988562; bh=7G5sW5AsmGJSvAo0Dj9D75/E1+ETxOAHVg+ygjcCu3U=; h=From:To:CC:Subject:Date:References:In-Reply-To; b=mxzGyzYjszvffDwOUAIVQGn1+s8Lz0fvAYFMfol4/9Jz1putgsZmIaopR1lW+xN4D INMx0qXhmq8vAxqimUu+mKwESkthzSx403AlBJMNx9kw52rnEri5zrVCsD5wH9VU9A FZY10mxKiYtQw+QpUWksTD3WSQ/sJOFnCTSFIQrI=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.694
X-Spam-Level:
X-Spam-Status: No, score=-2.694 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=hpe.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vp53VH8lPe_R for <tcpm@mail2.ietf.org>; Tue, 5 May 2026 06:42:38 -0700 (PDT)
Received: from mx0a-002e3701.pphosted.com (mx0a-002e3701.pphosted.com [148.163.147.86]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 31EF0E945E29 for <tcpm@ietf.org>; Tue, 5 May 2026 06:42:34 -0700 (PDT)
Received: from pps.filterd (m0134422.ppops.net [127.0.0.1]) by mx0b-002e3701.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 645C37G61494161; Tue, 5 May 2026 13:42:29 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hpe.com; h=cc :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=pps0720; bh=PtjK6ULPLWVtSO470slD6K2Jrk ffhEGpjo1eZaRNI4M=; b=PKbnOcH0fmPBhWCILD4MwaiCxZKgW6CvCXlNMABL/p wVml6eLYMZA8NNhSMUnEsctPf6Hh9S1JE+VZAoxHVxns+nrXij+LKfdaSBRB+Idr axRfBPa6Xtk8PDQtJS42l5YqZ2K4v7qYVG71uZOa917UOZWZyWZh3C3hw5+AKuIi 4fGzKunByihQxxMHOFowL1bEB9Z8VFuVZaFMfpTSPRbKoTs1TSNymT56Fz03uB93 QNYZPkFQi/Mfsrxw+hqc2q6m3NH11sS3qDHNDVyX/7SM724t5ZvipuVTG/5nANmo ppiccjNtOwDqsNCsWLO6ccfjoSE/SL+b+EUb55smzpgw==
Received: from p1lg14878.it.hpe.com (p1lg14878.it.hpe.com [16.230.97.204]) by mx0b-002e3701.pphosted.com (PPS) with ESMTPS id 4dy4sq0yv8-1 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Tue, 05 May 2026 13:42:28 +0000 (GMT)
Received: from p1wg14923.americas.hpqcorp.net (unknown [10.119.18.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by p1lg14878.it.hpe.com (Postfix) with ESMTPS id DECA82D84A; Tue, 5 May 2026 13:42:27 +0000 (UTC)
Received: from p1wg14924.americas.hpqcorp.net (10.119.18.113) by p1wg14923.americas.hpqcorp.net (10.119.18.111) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Tue, 5 May 2026 01:42:25 -1200
Received: from p1wg14920.americas.hpqcorp.net (16.230.19.123) by p1wg14924.americas.hpqcorp.net (10.119.18.113) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17 via Frontend Transport; Tue, 5 May 2026 01:42:25 -1200
Received: from CO1PR08CU001.outbound.protection.outlook.com (192.58.206.38) by edge.it.hpe.com (16.230.19.123) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Tue, 5 May 2026 01:42:15 -1200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=tA3w46bn8YCWLsG8gKqRgoczrrYjfA2Xw9rqQrx2ub6UHk5inOoGASWIaFwbuBnmXJagMK32ejUixdTF4/4sQJ7ROWLMilLJX7Uxt5Ar8wjSTzPPESA/fdwFGFFV+Jg0rzgkYolqOngG0d4dTlMgZ7iEsPhgJdoNF9Z/LupdYYca+qAcsssRDm6M+HSxJB3gLLMrxSKoKW+RJMOIiNeuejKtCXIN00Nxd7hQxIebqmW8m56c+07Gl0/75rAqxuBn4LtsbD+PUWRwWve4Gm/PhYnIVKqOlGlkKzw/Z1oqqFdq84opcAeiljUWULqIy6LKZd50CgzINOfbX9nWFuQL6g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PtjK6ULPLWVtSO470slD6K2JrkffhEGpjo1eZaRNI4M=; b=RZn6zdy9F6TkcHcEPbWHISMTuFh62AVPxb0aHRstSR/45TT8lbVE+81zw+emxeUgombK9TMbrHTcWBReoAnqQXB/pjUzGBWA1lZ22IHsLjbkYAotRubupm6MoIYPV8bhBWJtQWNfv2T6rjdrJUbY6T30KkPnStG7W6cKr+pfb/tz9EyvlZ3+6XcNi6uIOQ9x1i4ZJ3KlbeFZQ/9iRORx505gvlNCiRIzEsT0rs1mdLXQ9xkl4pEL1Y5dnUirE0trKer4n9Ny2LbRLQH4VtB332FoVC8p5gwQXsblm/gqkM6RGBdjIqAkcTfkh/+PoS11pi4cbv3biwKM7LO6sX/hDw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=hpe.com; dmarc=pass action=none header.from=hpe.com; dkim=pass header.d=hpe.com; arc=none
Received: from DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM (2603:10b6:8:51::18) by PH7PR84MB1725.NAMPRD84.PROD.OUTLOOK.COM (2603:10b6:510:150::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9870.25; Tue, 5 May 2026 13:42:13 +0000
Received: from DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM ([fe80::f9b2:4189:25fa:bd66]) by DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM ([fe80::f9b2:4189:25fa:bd66%3]) with mapi id 15.20.9891.008; Tue, 5 May 2026 13:42:13 +0000
From: "Bonica, Ron" <ronald.bonica@hpe.com>
To: John Mattsson <john.mattsson@ericsson.com>, "tcpm@ietf.org Extensions" <tcpm@ietf.org>
Thread-Topic: [tcpm] draft-ietf-tcpm-tcp-ao-algs
Thread-Index: AQHc3G0rtjMdL7EBokG0o1wc5DgnVbX/b8/T
Date: Tue, 05 May 2026 13:42:12 +0000
Message-ID: <DM4PR84MB2310DFFACC462AA3CA9FFA1CF43E2@DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM>
References: <AS4PR07MB8825928FAA03F4BB3B7A40A4893E2@AS4PR07MB8825.eurprd07.prod.outlook.com>
In-Reply-To: <AS4PR07MB8825928FAA03F4BB3B7A40A4893E2@AS4PR07MB8825.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM4PR84MB2310:EE_|PH7PR84MB1725:EE_
x-ms-office365-filtering-correlation-id: 9ad0c2f6-5f16-4e4f-bec3-08deaaac1cf3
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|1800799024|376014|38070700021|13003099007|22082099003|8096899003|56012099003|18002099003;
x-microsoft-antispam-message-info: jOZmMrmUm1XJphJdcPRl5NrusI1EZit3UlxvKQ2zRRil3Si+YD1ArNDTMElM6ZINypFCfDYKxryrQI/bt02ITxU3+brN/IFJca+tMgnL3z159Vfcv+DnApwreuAE/97MkkWbotiCavKweA2dVFgav+ClkQZJTgU29H1pjwAdG19FM4Mq01h2/6YTDeSFvOHlYn+uV4rGKsFFvLxHFZz8EeMhuCM34r8bus4fW2a/Y4TmeJsmv7YGKeIqvSYpNm4S+8TYynqqbHkF3R4y4s/tbHVC23qCj4rhDn2LeibkKdOA+m5PGCFzUNH2skT/Uzo22LBtf5qe+Pl5hrrqP6OawpUXs6AtlnOiTxQ9it1Aj9r54Lz96oxylnbyKsdrm9ZJHJuRmBzIaEXsRZxBvhoobX69eC5QX4W/O5wwqJO7RAvcMNxcHVl3wua8E0XAdopvt7qUqit3e54WsgTFD8EAzM6CklWV5J/8tUu+s7qINpni8yCakIpo4nH1VA18edJ6+8ASZN+KrbRc1gjJkrvkj+f9DjXQER2be0kl5h4SdJLbXtNOPSccaJ9Six0YU3UvtNR23tzGzWl4nJFWfBWmRelrvf8loUqvxhuh7dTu1rMCbowCJC918WYxekbVtLGD//Dyy5x+m6+IDbgRi0FGTwgq5cUqiukREwiBau/o6M0Si/3GZHA7seaf/pxcv3mSB9MIlUzjp76FaFQYd+t3SQ==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(38070700021)(13003099007)(22082099003)(8096899003)(56012099003)(18002099003);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: NXMQUrb9/mk4oQC1oG3ccZDez4mlyT2EFvCTI+MhXKSLoJNf3EkbUjpy0pJ0RT27flMmrZ+1K2AWky6wvRiIeNJAY+JvOX/F3/Upf/arIEe112m2Zt5rlH3/01yOXhNg6Vw0HD5f3MfQbzbvoECRSUCJKeeRBkWRt0McCnIMQ0TZnafoBFfEPEpoW5T/HPlxQTiBM45t8T2mZ0mCyjAiNJ74M77ojIGhekkZZHHVyJFw12v85AEfVnEGNCpUPiKfGGOb4s7kq1r2klMwXcw+7bQTjLuRroJg9QFgj+M/JmvELsyMCsCZxHdcfrYBPeiUmU0PN4G88b/IAN+h4Y8FP18Hb3iL+JxwvEhdjKBqvYh6jI1vT4eOT0jSfzALiD8SqjfbR0yAldNjT3F9G8jwIZEX6wQBV1lkagGspL2JuJV82/58Ygpv2qBm5G+5anJpbhuNKvpWQUhZaMG9QgfDbBXMUKX0jMXOdPPAE1DBaf/i4Deh0iSWIcEZbBnCTHCx+aqk7L3g6fdphqOxjqq4YnKnKr3MfLyrf3U+UOaiY0EYhcwVlq8LzbtOWbIuJwWOsSr0N7CGAnuE658oaqAVGfYTy23rzvGTtJu0ThwlqhY9FD3NcuXxa0zDBSczMDhiQtzSOQUuHBNh4lo6BB/3+mqECXooBT6bddz5BG1kak5WholXr+f9jwvNyZhc/UHS2184u2Bn0O7mATmr5aTIJbGAqDnommlQE6VRWtJvKYNQbu7stpOlMH9TnD9g/mOpcAc+wsnupbtquTqUP6tBt5nHYfhgJF+SlEHm082IG4+hHZN4DmvhdksNdTHsZSP8mK4xHcVtwN/ZrTRnJY53GPzCXrOgDPb1oj15xB+SOPTmohqCUIduZdWxF1seszbdxY/fgUWcG6wMKQL5ZKE/Z8CiV2QFGn2GceA7jZz+zKudN97PPw8inEdIL26CLFv6Ip+P3LsUUIAPxMM2hrkQWxrtoLtqqaiw6vNp/+OykAbAcQq9g778z/8n1wSwpoIWsT3KNv6oD2601T9+29swndtyT207af9fmeMi8mN4K+XiwR27659o5bXUci8E2v0soXRf2R1gLlqpSCpdJuQkKLCaiJEqBcjKkudr7BimD5f8HL1aCVAasyBJSu94XRfqiC/C75uw4sup7uF+WRjiIqad78/lcHumK7NwMLZF+olkh/SjN9E7eaB7SKpd/rBLMvWBxhlEl95fW32ZHjkus4LJZIvkZiuXlO6P/apVZ83+eC5CqPo0s+0k6lCjhqC+95cZu0uJj+Ht+L9xJdavCEvZUZFNg0GSvo0GM9ZadkIOqjLhSiQOtXZGr6nUSSQNkVWQ3z4Ud9yZGAbj2CZNspsTbmFjuzIn1SmCC2ksUQXNxoJsx2jruU7Mvg8FiDET46Pg04dpUyweB8bu8EdIH+5VwUUYlqZrP3ntjzkYtL2f8XO6+I2T/RoX/KIPDiIwZaGdZ5YsQLIisy1lz6glQxzSD4bM1OxngcPfwldU+3jA0QXCaCAHvf7rOD+bOrOw8WjNEPl47Z0CtAfWNh8cOUMaWtyFVR71xmnATiWqGalc7gA39VvBOyhrRhkf90IMUjuw/ofjBJZ9Mc0hauW2JUnYsiJVCAg3HTGnd/J0EXLPaZE49cigVvdsn/hCi6Ov3+nVvrAPZ0KQOyDimB0Yfg+LH1k+/Cs6WPJuLDKPKf76V+QLXO3RhKjC/HB4gcFrWnmo3JQwnS1j9LGwIVdXmg==
Content-Type: multipart/alternative; boundary="_000_DM4PR84MB2310DFFACC462AA3CA9FFA1CF43E2DM4PR84MB2310NAMP_"
MIME-Version: 1.0
X-Exchange-RoutingPolicyChecked: MQecDiblD72TCSC0/Itu23VbhtoCN0VC5hj5m0M+WTzpIbB+jzM4CM77RdXYI7/oABqV94Y1S8J61CkXTcqAEoT/OIHYnw8Db6ZhDckIZnBpeteijzvG3qytRAuMvZOtU0GOswZwpL4LXchJl7jfttPIRY+Avir/JvsH8q3Yii6O83c3WKfxxoul/Bvo/YaMiSNfbzN7D+cv9rJUpmMzPw5MqqZI4wubxACljzhq0UlxYP3C/ipNaOl0YXmo9OvRN7IhkauKqEkPuxe+KdlPM6BYOCNrEp2p77gg07WeBO1xtYpTODt5oS5p54xH6yg9+r4UBIGWM6xsDhSEP7dm4Q==
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 9ad0c2f6-5f16-4e4f-bec3-08deaaac1cf3
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 May 2026 13:42:12.9536 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 105b2061-b669-4b31-92ac-24d304d195dc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1g5/mLFHcN9kYXBkrczAvvqLh2/EcjTjAe/HC7n7SblHHmtBEYufz7491kx4Y//q+52mO4QmFjo/qEdavc95UQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR84MB1725
X-OriginatorOrg: hpe.com
X-Authority-Analysis: v=2.4 cv=EPc2FVZC c=1 sm=1 tr=0 ts=69f9f3c4 cx=c_pps a=UObrlqRbTUrrdMEdGJ+KZA==:117 a=UObrlqRbTUrrdMEdGJ+KZA==:17 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=gQcMVamqm3wCPoSYhaRC:22 a=ModqzXLkJJ0tFyq98apW:22 a=c0HWxGohAAAA:8 a=0FD05c-RAAAA:8 a=MvuuwTCpAAAA:8 a=48vgC7mUAAAA:8 a=1XWaLZrsAAAA:8 a=YFojWcC99ErxAKHNCh8A:9 a=qcg49hLlgF0N60+LroqrWnV/Vu4=:19 a=wPNLvfGTeEIA:10 a=UOQ_CQEhGB7GY6qZ:21 a=frz4AuCg-hUA:10 a=_W_S_7VecoQA:10 a=g0wtslMxwywd9We63spt:22 a=l1rpMCqCXRGZwUSuRcM3:22
X-Proofpoint-GUID: m3L5iTr36Ok6Wr9umYP-UJgRLt81ISf9
X-Proofpoint-ORIG-GUID: m3L5iTr36Ok6Wr9umYP-UJgRLt81ISf9
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTA1MDEzMCBTYWx0ZWRfX99x2dYlOl0xG 2KNYjmJLynrx7TurP0pRvrhcnE3fyQEmQnA7l9bJCAEpM93LenGTKR65Qf9lNphKyNOpFwcrE6h /yq1mVHWCVUbI8OV53BeRtci+2JUuqoX1Fbi4Eu9CrGcWqZFCkrVyGz5ggCY5Q6jkMYxwEsdBu0 bRTs5fK0j0RB+0xW+Dnz93mMiymC02mZckfbpOeVnzk5lam9CrzIv/vp4bn1i1W+NBqOgrm7FT1 8a6QtZkFAZAuMGY/WzRenYO4mUR5BBFtB994P+UgM623HoeJOiTHnzt2TZQu0rDguRVxAul8aFT ciI5IhhsQWlUDnjoA++/Lqr5v1tqLIEVhwMbCucK3MwKNtk2DGbgtdvGmpVm9u3P34+zp00rMsD gS88PTgw2T5dTFTLtR+38FgARTmyJifHEw8+oMdrGlWjRBj99wSAj3dWAkJTAbqD6QZo2Mw7Gfl hVnCZ5Lu3t5TfbVhVTQ==
X-HPE-SCL: -1
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-05-05_02,2026-04-30_02,2025-10-01_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 suspectscore=0 impostorscore=0 spamscore=0 lowpriorityscore=0 priorityscore=1501 bulkscore=0 malwarescore=0 clxscore=1015 adultscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2604200000 definitions=main-2605050130
Message-ID-Hash: YP6HFFWPIHMVA4I4G3EELFBIPTXAJD4S
X-Message-ID-Hash: YP6HFFWPIHMVA4I4G3EELFBIPTXAJD4S
X-MailFrom: ronald.bonica@hpe.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tcpm.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "ebiggers@google.com" <ebiggers@google.com>, "Li, Tony" <anthony.li@hpe.com>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [tcpm] Re: draft-ietf-tcpm-tcp-ao-algs
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/I-035orsjQt4g3KgGm_BTn_9QiY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Owner: <mailto:tcpm-owner@ietf.org>
List-Post: <mailto:tcpm@ietf.org>
List-Subscribe: <mailto:tcpm-join@ietf.org>
List-Unsubscribe: <mailto:tcpm-leave@ietf.org>

John,

My apologies for the typo. It was hasty cutting and pasting.

At this point, I am looking for consensus. Is the WG OK with the following algorithms:

KDF_KMAC256
MAC-KMAC256-128

KDF-HMAC-SHA256
MAC-HMAC-SHA256-128

If not, could we reach a compromise by adding a third option:

KDF_KMAC256
MAC-KMAC256-128

KDF-HMAC-SHA256
MAC-HMAC-SHA256-128

KDF_AES_256_CMAC
MAC-AES-256-CMAC-128

                                                             Ron


________________________________
From: John Mattsson <john.mattsson@ericsson.com>
Sent: Tuesday, May 5, 2026 5:10 AM
To: Bonica, Ron <ronald.bonica@hpe.com>; tcpm@ietf.org Extensions <tcpm@ietf.org>
Cc: ebiggers@google.com <ebiggers@google.com>; Li, Tony <anthony.li@hpe.com>
Subject: Re: [tcpm] draft-ietf-tcpm-tcp-ao-algs

The MACs names should not include "KDF"

I do not think TCPM should standardize

KDF_AES_256_CMAC
MAC-AES-256-CMAC-128

Due to the narrow block length of AES-256, AES-256-CMAC does not have good properties, it integrity advantage is quadratic in the number of queries and the expected numer of forgeries is cubic in the number of queries. CMAC also have quite bad properties as a KDF. See e.g.,
https://emanjon.github.io/NIST-comments/2024%20-%20SP%20800-38B%20and%20800-38C.pdf<https://urldefense.com/v3/__https://emanjon.github.io/NIST-comments/2024*20-*20SP*20800-38B*20and*20800-38C.pdf__;JSUlJSU!!NpxR!lpVguKhKtiiQrZkWu3hgVDXyZ-Ri6YLx64-5ts9nh3Bf6hqXrRHhRba9GUown4x8caaR6nBnJ86At17dJpyjCqFtng$>

AES-CMAC only make sense for IoT devices that need to use a single primitive for all crypto.

If, TCPM standardize a single set of algorithms, it should be

KDF_KMAC256
MAC-KMAC256-128

If you add a single new algorithm is should be SHA-3. If you add two set of algorithms it should be SHA-3 and SHA-2

KDF_KMAC256
MAC-KMAC256-128

KDF-HMAC-SHA256
MAC-HMAC-SHA256-128

Cheers,
John Preuß Mattsson

From: Bonica, Ron <ronald.bonica@hpe.com>
Date: Monday, 4 May 2026 at 16:13
To: tcpm@ietf.org Extensions <tcpm@ietf.org>
Cc: ebiggers@google.com <ebiggers@google.com>; Li, Tony <anthony.li@hpe.com>
Subject: [tcpm] draft-ietf-tcpm-tcp-ao-algs

Folks,

In a series of off-line discussions, Eric Biggers and I have agreed that the draft should include only the following KDFs:


  *

KDF_HMAC_SHA256

  *
KDF_AES_256_CMAC

And the following MACs:


  *

KDF-HMAC-SHA256-128

  *
KDF-AES-256-CMAC-128


Does everybody agree? If so, I will update the draft accordingly.

                                                                                             Ron

v2.41.0 | Report a Bug | By Email | System Status