PS - update just posted.
Further comments should reference v. 05 if possible.
Joe
— Joe Touch, temporal epistemologist
Hi, Russ,
Point taken; we were a bit to colloquial in referring to SHA1 and AES rather than the specific versions form the origin RFCs. That will be updated after I see what other LC comments roll in.
Joe
— Joe Touch, temporal epistemologist
The introduction of the document begins: This document provides test vectors to validate the correct implementation of the TCP Authentication Option (TCP-AO) [RFC5925] and its mandatory cryptographic algorithms defined in [RFC5926]. I expected to see discussion of the algorithms that are in the table of contents in RFC 5926. However, these algorithm names are not used. Using different algorithm name add confusion. For the Key Derivation Functions (KDFs), please use the names in RFC 5926: KDF_HMAC_SHA1and KDF_AES_128_CMAC. For the MAC Algorithms, please use the names in RFC 5926: HMAC-SHA-1-96 and AES-128-CMAC-96. Thank for you consideration, Russ On Jan 18, 2022, at 3:09 PM, The IESG <iesg-secretary@xxxxxxxx> wrote:
The IESG has received a request from the TCP Maintenance and Minor Extensions WG (tcpm) to consider the following document: - 'TCP-AO Test Vectors' <draft-ietf-tcpm-ao-test-vectors-04.txt> as Informational RFC
The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the last-call@xxxxxxxx mailing lists by 2022-02-01. Exceptionally, comments may be sent to iesg@xxxxxxxx instead. In either case, please retain the beginning of the Subject line to allow automated sorting.
Abstract
This document provides test vectors to validate implementations of the two mandatory authentication algorithms specified for the TCP Authentication Option over both IPv4 and IPv6. This includes validation of the key derivation function (KDF) based on a set of test connection parameters as well as validation of the message authentication code (MAC). Vectors are provided for both currently required pairs of KDF and MAC algorithms: one based on SHA-1 and the other on AES-128. The vectors also validate both whole TCP segments as well as segments whose options are excluded for middlebox traversal.
-- last-call mailing list last-call@xxxxxxxxhttps://www.ietf.org/mailman/listinfo/last-call
|
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call