ah(_at_)TR-Sys(_dot_)de wrote:
Hello,
draft-ietf-tcpm-tcp-ao-crypto-02 intends to make
mandatory-to-implement for TCP-AO two MAC algorithms,
HMAC-SHA-1-96 and AES-128-CMAC-96, as well as two related KDFs.
IIRC, other WG(s) have been advised last year by important stakeholders
(in particular NIST) to not standardize new use cases (e.g. in IPsec)
of the CMAC / CCM Modes of Operation for a block cipher primitive,
in favor of the GMAC / GCM Modes of Operation, because of the
significant performance benefits of the latter modes.
Could you provide some pointers to this advise? As the responsible
Area Director for IPSECME WG (and a contributor to several IPsec
documents), I do not recall seeing any advice that would match
your description.
(But it wouldn't be unheard of that I've missed some emails..)
Best regards,
Pasi
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf