Re: [Last-Call] Last Call: <draft-ietf-tcpm-ao-test-vectors-04.txt> (TCP-AO Test Vectors) to Informational RFC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

PS - update just posted.

Further comments should reference v. 05 if possible.

Joe
Joe Touch, temporal epistemologist

On Jan 19, 2022, at 8:30 AM, touch@xxxxxxxxxxxxxx wrote:

Hi, Russ,

Point taken; we were a bit to colloquial in referring to SHA1 and AES rather than the specific versions form the origin RFCs. That will be updated after I see what other LC comments roll in.

Joe

Joe Touch, temporal epistemologist

On Jan 18, 2022, at 1:16 PM, Russ Housley <housley@xxxxxxxxxxxx> wrote:


The introduction of the document begins:

  This document provides test vectors to validate the correct
  implementation of the TCP Authentication Option (TCP-AO) [RFC5925]
  and its mandatory cryptographic algorithms defined in [RFC5926].

I expected to see discussion of the algorithms that are in the table of contents in RFC 5926.  However, these algorithm names are not used.  Using different algorithm name add confusion.

For the Key Derivation Functions (KDFs), please use the names in RFC 5926: KDF_HMAC_SHA1and KDF_AES_128_CMAC.

For the MAC Algorithms, please use the names in RFC 5926: HMAC-SHA-1-96 and AES-128-CMAC-96.

Thank for you consideration,
 Russ


On Jan 18, 2022, at 3:09 PM, The IESG <iesg-secretary@xxxxxxxx> wrote:


The IESG has received a request from the TCP Maintenance and Minor Extensions
WG (tcpm) to consider the following document: - 'TCP-AO Test Vectors'
<draft-ietf-tcpm-ao-test-vectors-04.txt> as Informational RFC

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@xxxxxxxx mailing lists by 2022-02-01. Exceptionally, comments may
be sent to iesg@xxxxxxxx instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


 This document provides test vectors to validate implementations of
 the two mandatory authentication algorithms specified for the TCP
 Authentication Option over both IPv4 and IPv6. This includes
 validation of the key derivation function (KDF) based on a set of
 test connection parameters as well as validation of the message
 authentication code (MAC). Vectors are provided for both currently
 required pairs of KDF and MAC algorithms: one based on SHA-1 and the
 other on AES-128. The vectors also validate both whole TCP segments
 as well as segments whose options are excluded for middlebox
 traversal.

--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call


-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux