ah@xxxxxxxxx wrote: > Hello, > draft-ietf-tcpm-tcp-ao-crypto-02 intends to make > mandatory-to-implement for TCP-AO two MAC algorithms, > HMAC-SHA-1-96 and AES-128-CMAC-96, as well as two related KDFs. > > IIRC, other WG(s) have been advised last year by important stakeholders > (in particular NIST) to not standardize new use cases (e.g. in IPsec) > of the CMAC / CCM Modes of Operation for a block cipher primitive, > in favor of the GMAC / GCM Modes of Operation, because of the > significant performance benefits of the latter modes. Could you provide some pointers to this advise? As the responsible Area Director for IPSECME WG (and a contributor to several IPsec documents), I do not recall seeing any advice that would match your description. (But it wouldn't be unheard of that I've missed some emails..) Best regards, Pasi _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf