Hello, draft-ietf-tcpm-tcp-ao-crypto-02 intends to make mandatory-to-implement for TCP-AO two MAC algorithms, HMAC-SHA-1-96 and AES-128-CMAC-96, as well as two related KDFs. IIRC, other WG(s) have been advised last year by important stakeholders (in particular NIST) to not standardize new use cases (e.g. in IPsec) of the CMAC / CCM Modes of Operation for a block cipher primitive, in favor of the GMAC / GCM Modes of Operation, because of the significant performance benefits of the latter modes. While the draft discusses arguments and properties of the two algorithms selected, it remains silent wrt the non-selection of suitable GMAC modes. TCP-AO seems to be intended for specific use cases with high performance / low cost ratio requirements, and hence particularly suitable for application of the performance argument. Could you please provide arguments to the IETF at large that support the recommendation of the draft in favor of CMAC vs. GMAC ? Or could it be that this decision needs to be revisited? Kind regards, Alfred Hönes. -- +------------------------+--------------------------------------------+ | TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. | | Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 | | D-71254 Ditzingen | E-Mail: ah@xxxxxxxxx | +------------------------+--------------------------------------------+ _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf