There is a fair amount of academic study around SipHash, and while everyone can make mistakes, its creators have a pretty good reputation. I don't think we can say SipHash is unknown in the industry. The TLSWG made it a practice to ask CFRG to "approve" all crypto it used (except perhapd HKDF, but that's a side note). The DNSOP has no such practice. If SECDIR or the Ads thinks SipHash isn't good, it would be great to hear reasons. I haven't heard any yet. -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
