A few days ago we submitted new drafts of TCP-ENO and tcpcrypt: https://datatracker.ietf.org/wg/tcpinc/documents/ The changes to TCP-ENO were trivial (adjust capitalization of section titles and alphabetize acknowledgments). The tcpcrypt document had quite a number of changes (although most were cosmetic), addressing concerns from these recent reviews: - SECDIR review (Stephen Kent) - GENART review (Dale Worley) - OPSDIR review (Zitao Wang) The new draft also changes the mandatory-to-implement key-agreement schemes from ECDHE with P-256 or P-521 to *only* ECDHE with Curve25519. It explains the rationale in a new sub-section of "Security considerations". But please note that a final decision on what schemes to MTI has not yet been made, so this may change. WG members: Please see the recent request for comments on the tcpinc list if you would like to comment on this issue! Apart from that, there were quite a lot of wording changes and a few semantic tweaks. Here's the diff: https://tools.ietf.org/rfcdiff?url1=draft-ietf-tcpinc-tcpcrypt-07&url2=draft-ietf-tcpinc-tcpcrypt-08 And lastly, here is a summary of the significant changes. - Capitalize major words in section titles - Always include an index with keys: mk[j], k_ab[j], k_ba[j] - Cite the draft-ietf-tcpinc-api in Introduction and also where we require an interface to control session caching - Cite RFC2104 for HMAC - Note limit on output length of HKDF-Expand - Try to make clearer that ENO negotiation chooses the TEP, and the TEP then determines the key-agreement scheme, KDF and associated parameters -- so all of these last could be varied by newly-specified TEPs - At definition of k_ab, k_ba, insert explanation of which encryption key to use in a resumed session daniel