[tcpm] Re: draft-ietf-tcpm-tcp-ao-algs
Eric Biggers <ebiggers@google.com> Tue, 05 May 2026 20:16 UTC
Return-Path: <ebiggers@google.com>
X-Original-To: tcpm@mail2.ietf.org
Delivered-To: tcpm@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id E8CD9E97BDA1 for <tcpm@mail2.ietf.org>; Tue, 5 May 2026 13:16:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1778012179; bh=l57APM6J1CmgFSEV9ch2YkYHMZv5Ghn7jOXhKGAO510=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=L3cZB1x2A63XkYhu0YAhPp4LnuBRVc6t8CTouZyTcxAfmJKtT4d7L83jNtZSUhAfe HE9ZEMYXfOzLQxgcTlpiYkw8c1E1dG1dvLYfCY50f/7qLFQWTa4HMBuwmG+Vf6LS5R mVtKwVzGDKfj01+N4iQnfJYWqZs7CMY5m4oxlcrs=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -17.601
X-Spam-Level:
X-Spam-Status: No, score=-17.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j8t9qHse9QrF for <tcpm@mail2.ietf.org>; Tue, 5 May 2026 13:16:19 -0700 (PDT)
Received: from mail-pf1-x42f.google.com (mail-pf1-x42f.google.com [IPv6:2607:f8b0:4864:20::42f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id D3B48E97BD19 for <tcpm@ietf.org>; Tue, 5 May 2026 13:16:09 -0700 (PDT)
Received: by mail-pf1-x42f.google.com with SMTP id d2e1a72fcca58-837b39eb078so1815340b3a.2 for <tcpm@ietf.org>; Tue, 05 May 2026 13:16:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1778012163; x=1778616963; darn=ietf.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=N/tqZJZZMFn8BEvC+HSSRJv3nc0lKz+XBtZJGC7lS7w=; b=ciUPSdwA+dkskqFtKGlkOpLBDnWHeF07tcFDxGXNhTVbv1mGKZ1GMVd90E6oPdY0oH GNp9Gxcz74UG9BnWr8rzv7bXAkABEjnSg88J9hczMyJuSQ6HrAPJ0UtFqwW6GMTS/5Hh 5CrXQVef4HhfYw1vhjeoC4Da4fk3E2lU18qAa4yTDFl6oAV5VC8vD0LZNmVEYHyKf3MR 9f7B4ijlid1OwW5JgoVMEvlhLxqd3TrzC0buYLzuiYZwABL8loxReVVqQowC+gd7N/71 8ES1akhmN/LkGAaKX3XL49UsxSWymWdOYNWQdTB0teXHu+R2YiQ6QstUNp6a1j0u0nJO nWQA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778012163; x=1778616963; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=N/tqZJZZMFn8BEvC+HSSRJv3nc0lKz+XBtZJGC7lS7w=; b=BIg1LdBhidZFLvQ5SBGh14E/32gAQLgqmgcJMX+mcdzvXtiDASWYG6NO1HGlXKRVY5 uPCDIF3TGEIbE0iaK9KHMmwK81mzOxqEWfdk0Ci+330C8C2T1zD+oNR0CvCpwHok8gVY f/QyO/m9ZiwEefxBngmT7o6m50hWrgz2d8i619/C9PZ9GqY2zrT59PyiVOOkNKBjokgU Gphkdm0D42W4X9uNGQFE2+SJBx7gY0/BIXiHxzGSFrDa4aARiQLCic0wCGJ9LMjK1CMf tW6caEv6MHq5PgskjsNiqpUWUaEG/NG+/rIwZHF35gV1zLtSIvuO6wptuFvzvY3sdDM3 MnfA==
X-Forwarded-Encrypted: i=1; AFNElJ+A7l6g5ssXu9ZTfJN+VwUEjSSTJKUJHTbSMoMEVfzr8nDLKllehjlEVXg6dRPMc9ba8Emw@ietf.org
X-Gm-Message-State: AOJu0Yxb3AnmwDtBFyGertUKTy5tRj0jDEmOkbJ0FgK5xSW66Wq321q6 SUnwmHNdMuaP0ty8F7izDh3SHv7QVIbdea3gqIaf1Jv5/W7MCZ7N6Vl2+bAoT97RKQ==
X-Gm-Gg: AeBDievqegLk0GEzRox+185/Suj9PpHj8H2kOMers9VYCzC7M6oXeQo35Na1gHCcrNM dv+S9BqNP7exZwNnKzlWOo3rshizbmN8fyaf0yVWB75z6S659JXAH7NfgKv69BtG3YWIRIaH3Hj tMLW3w02lqK07eQ59xQ/sgM36mAFVJaRDyzPJjtMQnI+ydWM2VDOnfDtKwLbE5nwy2OoKKrd1bX 5ZR1cogw5hBX2EBPs489KXeYg6TEc2/F8v/avXGsFmSW9xN7oy0/VxvCfnWzSIpr3B4h9ypR3Nc 7d7XGCK/wmM71F1KaqEaOHfgnpoL1rywbsYwgLavg1wDdGzope4ZpWCdp37heePBt2GT6fPnQlo pOt6UmoZOAmUVfqHHZjcrQd4So3nC7oE6ZBzFyiNhf/7dptd1KVkBwxMO2VE8qgsBslRQlj5Rz/ OFs67iES/ArTo3zxRQSTJDw6wDNGxxITOnCQXxS0oN1Nmjb2OxYGAbHIIJZT/H1hX8Qon6sGWrV GC2v85lR3w=
X-Received: by 2002:aa7:9308:0:b0:835:a682:a6d9 with SMTP id d2e1a72fcca58-83a5df48751mr288943b3a.26.1778012162349; Tue, 05 May 2026 13:16:02 -0700 (PDT)
Received: from google.com (252.169.16.34.bc.googleusercontent.com. [34.16.169.252]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-83965646254sm3299522b3a.10.2026.05.05.13.16.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 13:16:01 -0700 (PDT)
Date: Tue, 05 May 2026 20:15:58 +0000
From: Eric Biggers <ebiggers@google.com>
To: "Bonica, Ron" <ronald.bonica@hpe.com>
Message-ID: <20260505201558.GA2923302@google.com>
References: <AS4PR07MB8825928FAA03F4BB3B7A40A4893E2@AS4PR07MB8825.eurprd07.prod.outlook.com> <DM4PR84MB2310DFFACC462AA3CA9FFA1CF43E2@DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <DM4PR84MB2310DFFACC462AA3CA9FFA1CF43E2@DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM>
Message-ID-Hash: T3EAGKLT5AMSMNHECXB54LUCJY4LE6KC
X-Message-ID-Hash: T3EAGKLT5AMSMNHECXB54LUCJY4LE6KC
X-MailFrom: ebiggers@google.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tcpm.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: John Mattsson <john.mattsson@ericsson.com>, "tcpm@ietf.org Extensions" <tcpm@ietf.org>, "Li, Tony" <anthony.li@hpe.com>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [tcpm] Re: draft-ietf-tcpm-tcp-ao-algs
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/Sg8A-o9G7jPU52xq3c5RYqR2uZA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Owner: <mailto:tcpm-owner@ietf.org>
List-Post: <mailto:tcpm@ietf.org>
List-Subscribe: <mailto:tcpm-join@ietf.org>
List-Unsubscribe: <mailto:tcpm-leave@ietf.org>
On Tue, May 05, 2026 at 01:42:12PM +0000, Bonica, Ron wrote: > John, > > My apologies for the typo. It was hasty cutting and pasting. > > At this point, I am looking for consensus. Is the WG OK with the following algorithms: > > KDF_KMAC256 > MAC-KMAC256-128 > > KDF-HMAC-SHA256 > MAC-HMAC-SHA256-128 > > If not, could we reach a compromise by adding a third option: > > KDF_KMAC256 > MAC-KMAC256-128 > > KDF-HMAC-SHA256 > MAC-HMAC-SHA256-128 > > KDF_AES_256_CMAC > MAC-AES-256-CMAC-128 The fewer algorithms, the better. The more there are, the more costly it will be for TCP-AO implementers, and the more interoperability failures there will be. AES-256-CMAC would have implementation advantages in the near term: it would be similar to the existing AES-128-CMAC, and AES hardware acceleration is already widespread. However, I'd also be quite happy with KMAC256 as a more forward-looking option which avoids the 128-bit block size limit and is faster when implemented in hardware. In the long term, it should work better. Keccak hardware acceleration is becoming more widespread, in part due to its use in the "post-quantum" algorithms ML-DSA and ML-KEM. So yes, I'm on board with KMAC256. If there's also demand for a more incremental upgrade to one of the existing algorithms, let's choose either HMAC-SHA256 *or* AES-256-CMAC as a second new algorithm, not both. Probably HMAC-SHA256. (And yes, in both cases, the MAC would have to be truncated to 128 bits to fit in the TCP options space.) - Eric
- [tcpm] draft-ietf-tcpm-tcp-ao-algs Bonica, Ron
- [tcpm] Re: draft-ietf-tcpm-tcp-ao-algs John Mattsson
- [tcpm] Re: draft-ietf-tcpm-tcp-ao-algs Bonica, Ron
- [tcpm] Re: draft-ietf-tcpm-tcp-ao-algs Eric Biggers