IETF Logo Mail Archive

[tcpm] Re: RFC 5925 Section 6.2 Issue

"Bonica, Ron" <ronald.bonica@hpe.com> Thu, 16 April 2026 16:14 UTC

Return-Path: <ronald.bonica@hpe.com>
X-Original-To: tcpm@mail2.ietf.org
Delivered-To: tcpm@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 29941DDAF58F for <tcpm@mail2.ietf.org>; Thu, 16 Apr 2026 09:14:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1776356054; bh=317TBVeUdVl8o3DBQuNFqSriFJSzuT+NRFUnUm0YXbI=; h=From:To:CC:Subject:Date:References:In-Reply-To; b=KuKAcR7QXlweghkbvqKkrCDxliw5pMnZZICYZDOpxO3VdEEhQHFkEfGUaqYP6zGdw 8iAja4gGA+YiPpeC7gMtWVyMGm1Ck+HQnXWJmcMYK/gPgFLC0Iry2PV7HW56yafAwG kViG3rcAK/sJohEghreRaTVHw0HZ9BHERw/b53fU=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.794
X-Spam-Level:
X-Spam-Status: No, score=-2.794 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=hpe.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EiM0LJtKxYr9 for <tcpm@mail2.ietf.org>; Thu, 16 Apr 2026 09:14:10 -0700 (PDT)
Received: from mx0a-002e3701.pphosted.com (mx0a-002e3701.pphosted.com [148.163.147.86]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id D999CDDAF57E for <tcpm@ietf.org>; Thu, 16 Apr 2026 09:14:07 -0700 (PDT)
Received: from pps.filterd (m0134420.ppops.net [127.0.0.1]) by mx0b-002e3701.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 63GC6au31218265; Thu, 16 Apr 2026 16:14:06 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hpe.com; h=cc :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=pps0720; bh=317TBVeUdVl8o3DBQuNFqSriFJ SzuT+NRFUnUm0YXbI=; b=esm52jWehJvK3J77oFReRM+t9ci0Ll3PxfZ4BOv+n6 +dS6IhrmRMGRU/aepfXN5pAjR4repJbGRe/LXk7hxXblq7suqEXqrcfbVCVzEGlS fX7ppUbVj3NeEUKE55lSZX4HDub+Ij91aZI/0H7hwM2R/sx0xNneocpXhQkg3gDy ZgiICoxYd1ivdGw5Jnjy+OK6f/dbQzM1pF9AB6GjgT6kNO73vEjMv6OU/MV6CuGZ t0xOU6zZN0qod/vTsSGUNHXLmUmTlTvfW6zCHCM2RRkx0tR8V21CaEPeOPB8zkjq 9Saua7VhuzSQ/Xr1N6JTZMlaiGB2i/C/7LB97Carm4Vg==
Received: from p1lg14879.it.hpe.com (p1lg14879.it.hpe.com [16.230.97.200]) by mx0b-002e3701.pphosted.com (PPS) with ESMTPS id 4djyfv3axg-1 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Thu, 16 Apr 2026 16:14:05 +0000 (GMT)
Received: from p1wg14925.americas.hpqcorp.net (unknown [10.119.18.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by p1lg14879.it.hpe.com (Postfix) with ESMTPS id 1E98226E; Thu, 16 Apr 2026 16:14:05 +0000 (UTC)
Received: from p1wg14924.americas.hpqcorp.net (10.119.18.113) by p1wg14925.americas.hpqcorp.net (10.119.18.114) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Thu, 16 Apr 2026 04:13:59 -1200
Received: from p1wg14920.americas.hpqcorp.net (16.230.19.123) by p1wg14924.americas.hpqcorp.net (10.119.18.113) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17 via Frontend Transport; Thu, 16 Apr 2026 04:13:59 -1200
Received: from DM2PR0701CU001.outbound.protection.outlook.com (192.58.206.35) by edge.it.hpe.com (16.230.19.123) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Thu, 16 Apr 2026 04:13:56 -1200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=urWRqimuBA4OUyu8OIyHiijhDD2rnrTaKm7yd4h59DEaL+NVH816Q0iNE9aUoR9zcTVdM43UorD6p82io9s4F8XMkbY3WP3V1mdjBAd/EiAyP95EU+IitqLN6rKYRZTq99JbG43YBoPmDVlvn1GTIH1/2Jezw12BTEy777Gpj0Iwxafnt1G3tGT5bVX4xfbXjkA/W3S26oGCykJCh1f2Rql5pLpqWKgjZdIQ/tBVpknGfxay5udPSbvTCh8GoT+nnxhkzqmIRStI2e5JBSy8xz+jnXVNqc21vvrZNaPchHqHNwjWr/bee6z/SNARPpk13uCWIAF9PnLvqC8BKgxvyQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=317TBVeUdVl8o3DBQuNFqSriFJSzuT+NRFUnUm0YXbI=; b=c+e3imgXGKaHlx/ukypn1X+bFBJ1FUpcArdAKk62Nr+nV3YtDllEpDAjsXSaohjtpr0gKkrNhJ+QFK0sPNRMWocmvV70zAZzEBH2tGZ3zbyeETy5/fV/Ma1jglM4dvwmjSWm1Ww9ZN/ITBaUyMQ2hYfJh3wO4OQHQDHRjEpNqIBc/I9mL4uCeWpCfZ2XYx4KYNXTPVJf8lAk25UjLB1rC/de4BdMEkfvioH00RctXnb5gIse8hsLDlNWRITF7VtNL3HThBnbvvepz5kX0DchhN2VW/0CChjb+f7IyHnPzaz4z9Hrhq1clfxdl+aM4nWqdSL+dMLHCdwqiKDWEFxl4g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=hpe.com; dmarc=pass action=none header.from=hpe.com; dkim=pass header.d=hpe.com; arc=none
Received: from DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM (2603:10b6:8:51::18) by CH3PR84MB3876.NAMPRD84.PROD.OUTLOOK.COM (2603:10b6:610:1d6::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9818.25; Thu, 16 Apr 2026 16:13:52 +0000
Received: from DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM ([fe80::f9b2:4189:25fa:bd66]) by DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM ([fe80::f9b2:4189:25fa:bd66%3]) with mapi id 15.20.9818.023; Thu, 16 Apr 2026 16:13:51 +0000
From: "Bonica, Ron" <ronald.bonica@hpe.com>
To: Joe Touch <touch@strayalpha.com>
Thread-Topic: [tcpm] RFC 5925 Section 6.2 Issue
Thread-Index: AQHczSS864SzlnMErESsGIu8KKkAdbXhHSwAgACnBIQ=
Date: Thu, 16 Apr 2026 16:13:51 +0000
Message-ID: <DM4PR84MB23106124CB4CBF4A5F4EDFD1F4232@DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM>
References: <DM4PR84MB23101CB9D908995A65184C17F4222@DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM> <49EDDD40-4E15-4365-B010-16FBE27C6DCF@strayalpha.com>
In-Reply-To: <49EDDD40-4E15-4365-B010-16FBE27C6DCF@strayalpha.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM4PR84MB2310:EE_|CH3PR84MB3876:EE_
x-ms-office365-filtering-correlation-id: be57fdf8-c4aa-43d5-786c-08de9bd32676
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|4022899009|366016|8096899003|38070700021|22082099003|56012099003|18002099003;
x-microsoft-antispam-message-info: zN6wOYswnOF9Nh7OyY/xsT1DPJYsl6wbGLOrEPzxHjF6Y3uwMJw1XLentJZIl+mfbU0Kpaj7G304nVhI5ug01vLnU1+BqRtdV3nMsVb1ZXJS1BI/gzzkfPovy+3SVrFUqcWOUbhOUyHsP1Qeq4JMzwH0R8YgvlwNn9j+8lkArMuEdo39G0FOKeot7QjGaPFSObAsV/ZccafTbq46bIzqDTF6vSowYxx96Q9mbZt887VDx9pxXAP+/8zgaHJJCiPm+5mtSrygXN3p0JpD8qtdc0srMA+eBk074MjZypUTS39AYBs2dwbglMJHzKN0TtflUFVsv4UGGBgTcGcCIyhH0QlDmDYSHbbsaAvazI0z8lo0UaJ53Zjem4UBpBK5tCctKB5ij+diufrJgMf+LFML1ULmGLPQL0ILRgbnhSlDOTau/aMkDH4Uz4OvObeOBc2kMOvBDp8UU8CPSpyJqSpsaNEtzqgiFF8vd0gsOXfPrvgAqGDOZDlRpxliBKeLM0em0M4hRMpkPUXBBcYjw8LdQ2TZt/IREDicn0vzK+NxJka+vRchQHwnUAmyEojjY/4NCryyo5D336rlHM8eXgdDEmCTNHtD+BXjmUDmBQU+0NnWuZpYXlnkiUsDYtltE/cQQvMcpHAhZ8f9cwY8rrSX/fpslE23z3J/6RF5qhuNYdbgJPfcJk6LdX7HXGPUTwo6yHWfDavUnfFcG9YdEqHArQKjg8uE44D94FBSot+anbAJ+5+fwzQ7PWocvR6C0HXhmgkTfuGcaPfytPxgvvNnk09XorIethQXNftRs+ji+ok=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(4022899009)(366016)(8096899003)(38070700021)(22082099003)(56012099003)(18002099003);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: D2g9L3EPftmP5xvDzpVbGYx71JwJ2deRGETPlj/Xy9RZnwLtNt528DgxKIMUdcU7PfLKwsTAZXzSzt6+Li9riYMOSkKJT8Xfr/vABPLu8vZqEIa2qS/K7SMl9Jm8vTBUPoORtD8h+mDh0RlW+FJfU0moH9eyExYe6vm4M5YwnmSakW0ECK6MfCedQLUzjUjGXYOtqFDzg5p0H8s+AvFfPjqH1qHEhMQOzTZ20+a5mS3mxXWVz+WRMggqy+SkSbCPi3tgTPZQp/75/NNuw8H9+KayvzTsMUh2T51HKkJ066BsVzEyyMJmsj/Qe4f+Unpp9YqTImUkzq9LvmEyvKGPe5qfxGamPFqNcu/rrdzCXLRIHUwNCbCD0YfHD48DbsgPOlkqPYDjN9U2dXpGyM/RBX+xKO7QyNAIrIHNxYNV69utlccaYGBHLfHz4r8jIsJUsSZZEeSe6D1tOOSgSGFtgxSY7MIK4HrfqgrSy8vGP6HMb1jKc2kfbNJ33XcjAGkDbUcMJX2Jyv7nOIl+icZsv+8SdLbaR9ateoDnc47/ORZ7I6Nck1hKXdflqRCijm3AFKtoR3+tWsjGfAKPjqnu8zeBENeiDZ64hwhtpAbIWB/VqU3WyOUSKDJNSRpBwIpx+E2khquBs8DrznNYZ6hmjFhWPA7Nn7yDQmTJqeQ8MJ0uWDvZcQvI3DrbRRj0ZyL15yzoUgRaqj+pb7giqR7p0nG563mu4XC6uLSnK2je5tsaOuWfdYfwpOwx3NusRXNfD0BDNJGfcY0FZrt614LS41gtolzzd60a4dzyWkAw4uC6MzauzzFOYyWQRfZBsrl43a9DMHQl2vIzAWbu6yYONU3J9BsPAS5Se06yVLpai2EGVct0tcRVyKWKp9x7ATQMkWTdjbh6h8t0yl333JRUu6bNX2g8SV9nFdaGEVeNjnObob0WlGN+66n46LavEQIcbFtZJwkEo7N+I1rhpoUVAT/QR0KHLTrrI5BPlonZON7ik3H9dqmOV5bAv3FNs3kyLD5hFjHmz6d7Kr5KVMzQmBvei3EaN+kR4bv48wKhxLXddnhZZYfqHP+nQLZBLUZirITz7F9ZvheqpfNO3TvXK6kH3qhshvNCc/4+RAgfxCZHFYGYD6IpwWsryFNZT5yypVVRasPxaojvwgvkhzUjWpR56W7xnzfAmZuU9/blECpeUTWLNNaA7HS8qad3EClL+yEWEsB+t2L6xM04NXXOrvKVg2FfPx7RJNX5jDzyaYeZFfOaiufm0f/s9jp/zRfYbCXnLnlyMDCJNRD2/edgkpYGgA6VYoOi9tRnXle8fuEIkTaLiNkBNmMGdmzQzFVTJjYiiXCBHdywXKy9OSDu8YS5Wo9F+ZeqbRZF8ppSNIjZ/Jxrd1Qv9BWqFgrKo7QcmMuUaWTr9gcc/OOAxh5ILMQ2Dsy7xKdGIyd+tO/mFf21UraYBJ1KpA0DDe7HP4YKnPGVA4S/+/zPb3xG0AJIOBcJFqZ+WmLLYJviJ6e90CGzHy5dZdyNhyyKp2LCS9De7IJX7oEPwzkF1joCWWQp1rH4GSiZw3+VXc0CuQ8rL4mkLKtrt6XV/k8Gv4Q6qXKhzcqhntKfEAvfCavFW4ifktB7PunA1plA92MFG1qVbVbFqikSoWKh5K9F8NouR2A12GmV2zj+v5kH3LiRim0/Xhlp5bvZQZdvHYOg/xhHgXz4Mg26OepQ7M3JGhypqOoO
Content-Type: multipart/alternative; boundary="_000_DM4PR84MB23106124CB4CBF4A5F4EDFD1F4232DM4PR84MB2310NAMP_"
MIME-Version: 1.0
X-Exchange-RoutingPolicyChecked: DBui7mVTmIt/aeBXGRbudJL8JVeDx2X/ST9SYeKwfZxHa/ANR6udtB2NYMx5HzLAqswQx2vaFBlO+wvT9Wp1LMays4irD9K1ZYMHNQPa++02Sbgf8i4qd45VMJY/BMWSfhwopq+ROoxtPounasJBeriU1rXeME0fjt5de8O3riZNb9VloBhSz5+s1+HIGFgKST5HzIspSQeTFZ+vUg+MttaEOiN1if0M1+kcihvex4TkeLkKcWIMwJ8N13fyzyvkhhR1Gzp12BFxIY9iTN9l8Js+G9VWXVEsXG3qndYnNQXJ0rFSRiEsGMDEuyXUGZiAD/Gdb+S5JEpw01+iL+DwiA==
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: be57fdf8-c4aa-43d5-786c-08de9bd32676
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Apr 2026 16:13:51.8633 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 105b2061-b669-4b31-92ac-24d304d195dc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: PwokCU2+te2A8INECsCHv4MOPZMyQvEHqIR27SATFGlPZ7+18HfMKVazJ0+Kqit7IY+BcXrvChfTKfYvjo3pww==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR84MB3876
X-OriginatorOrg: hpe.com
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNDE2MDE1NCBTYWx0ZWRfX6hHute1p7QcC rGtV7UzJ+cI5QVFKiuQ08vFc7H3uCn3hskKpWgpygSSTsnnWhHfYhpku0w0uy8oSOvqCwAu4PgD u9jG1WG+PmT/cHj9MnN5uSSt64xuoLM/YBo7vUXRWvTPHI7oTlfKkM7iKE4cRVazxeALRj+R8c8 ir7hz8PhpnZ6NgRoH52ODuUJFTe0/z5Q9qeRcwGNrmyxUwplAfZBRIUdmB7MkRfl+uSs3IbMQft YeXP3zCgZP9eRey9D5rQ7tezm1BxPMMIiEw+sSEstaPqPp1ddReh2NoEH84SDCyHD/xsj1kcjCZ 0bzrnh3uVhVp8l5uyUJYU0ad0XbHIRApPG1ZIxTQFCmkGpR/GgiPzm7d5QOoJvtLuFGUU+Cr5SC CP/WEgTh62+IErzdUhiIrhy5nADetPOSgSVTJ5sNpx+/dtxSanIC6XSs+QaVh6ccn6iR+bL12WQ yKDrbnNGortFRh1tLbw==
X-Proofpoint-ORIG-GUID: -Svo4SL-Tt23rCRmVhZURsy4_rdZ2zzz
X-Proofpoint-GUID: -Svo4SL-Tt23rCRmVhZURsy4_rdZ2zzz
X-Authority-Analysis: v=2.4 cv=bvZ8wkai c=1 sm=1 tr=0 ts=69e10acd cx=c_pps a=5jkVtQsCUlC8zk5UhkBgHg==:117 a=5jkVtQsCUlC8zk5UhkBgHg==:17 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=A5OVakUREuEA:10 a=VkNPw1HP01LnGYTKEx00:22 a=gQcMVamqm3wCPoSYhaRC:22 a=RtSn8ETxjE2H05FtM2s8:22 a=5PjRKeHDAAAA:8 a=MvuuwTCpAAAA:8 a=48vgC7mUAAAA:8 a=e0n9WBMQv6G8qZdYDlYA:9 a=QEXdDO2ut3YA:10 a=tX2cYg5MEk-FcpcXMY0A:9 a=vC9lnnCmvtwoMc9K:21 a=frz4AuCg-hUA:10 a=_W_S_7VecoQA:10 a=JUmZIVAtDGArBY8dChIh:22
X-HPE-SCL: -1
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-04-16_03,2026-04-16_03,2025-10-01_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 impostorscore=0 bulkscore=0 priorityscore=1501 lowpriorityscore=0 adultscore=0 clxscore=1015 spamscore=0 malwarescore=0 suspectscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2604070000 definitions=main-2604160154
Message-ID-Hash: TBKGFI2RAVUV7UZKFQFRHFMVT3ZWIGGD
X-Message-ID-Hash: TBKGFI2RAVUV7UZKFQFRHFMVT3ZWIGGD
X-MailFrom: ronald.bonica@hpe.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tcpm.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "tcpm@ietf.org Extensions" <tcpm@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [tcpm] Re: RFC 5925 Section 6.2 Issue
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/Qo4tbZIRRWOY79QFDJrhdyiAs8I>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Owner: <mailto:tcpm-owner@ietf.org>
List-Post: <mailto:tcpm@ietf.org>
List-Subscribe: <mailto:tcpm-join@ietf.org>
List-Unsubscribe: <mailto:tcpm-leave@ietf.org>

Joe,

Thanks for writing RFC 9187. I didn't know that it existed.

But I think that we need to give the errata some consideration. Errata scope and backwards compatibility are issues.

The errata will say either:


  *
TCP-AO MUST use the algorithm specified in RFC 9187
  *
TCP-AO MUST use an algorithm that, given the validation data provided in Section 6 of RFC 9187, generates the same results as the algorithm provided in RFC 9187

Can we add a MUST in an errata? We can tiptoe around the word "MUST", but we cannot tiptoe around the errata intent.

Moreover, it the errata has any impact, it will cause people to change implementations. If they change implementations, there will be a backwards compatibility issue. Granted, the backwards compatibility issue will only be evident in a few corner cases, but there will be a backwards compatibility issue.

                                                        Ron



________________________________
From: Joe Touch <touch@strayalpha.com>
Sent: Thursday, April 16, 2026 12:44 AM
To: Bonica, Ron <ronald.bonica@hpe.com>
Cc: tcpm@ietf.org Extensions <tcpm@ietf.org>
Subject: Re: [tcpm] RFC 5925 Section 6.2 Issue

Errata that points to RFC 9187.

On Apr 15, 2026, at 3:56 PM, Bonica, Ron <ronald.bonica=40hpe.com@dmarc.ietf.org> wrote:


Folks,

There is a problem in RFC 5925. I am looking for the WG's advice regarding whether we should:


  *
Ignore it
  *
Fix it with an Errata
  *
Fix it with a bis document

According to the RFC:

"TCP uses a 32-bit sequence number, which may, for long-lived connections, roll over and repeat.  This could result in TCP segments being intentionally and legitimately replayed within a connection. TCP-AO prevents replay attacks, and thus requires a way to differentiate these legitimate replays from each other, and so it adds a 32-bit Sequence Number Extension (SNE) for transmitted and received segments."

The RFC continues:

"For transmitted segments, SND.SNE can be implemented by extending TCP's sequence number to 64 bits; SND.SNE would be the top (high-order) 32 bits of that number.  For received segments, TCP-AO needs to emulate the use of a 64-bit number space and correctly infer the appropriate high-order 32-bits of that number as RCV.SNE from the received 32-bit sequence number and the current connection context.

The implementation of SNEs is not specified in this document, but one possible way is described here that can be used for either RCV.SNE, SND.SNE, or both."

Regardless of how SNEs are implemented, SND.SNE and RCV.SNE must be equal. Otherwise, a legitimate segment fails to authenticate and the TCP session hangs.

We test a scenario where:


  *
RCV.SNE is implemented by the pseudocode provided in Section 6.2
  *
The following TCP Sequence numbers were processed:
     *
0xF7358299   >>>>>RCV.SNE = 0
     *
0xF735A57B  >>>>>RCV.SNE = 0
     *
0xC                   >>>>>RCV.SNE = 1
     *
0xF7358299 >>>>>RCV.SNE = 0
     *
0xC                  >>>>>RCV.SNE = 2

The final RCV.SNE is 2. It should be 1.

If SND.SNE were implemented by extending TCP's sequence number to 64 bits,  authentication would fail and the TCP session would hang.

How do we address this problem without creating larger backwards compatibility problems?

                                                                                               Ron

P.S. Thanks to Ping Chen for finding this problem







_______________________________________________
tcpm mailing list -- tcpm@ietf.org
To unsubscribe send an email to tcpm-leave@ietf.org

v2.43.4 | Report a Bug | By Email | System Status