TCP Authentication Option (TCP-AO) Test Vectors
draft-ietf-tcpm-ao-test-vectors-09
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2024-01-26
|
09 | Gunter Van de Velde | Request closed, assignment withdrawn: Tina Tsou Last Call OPSDIR review |
2024-01-26
|
09 | Gunter Van de Velde | Closed request for Last Call review by OPSDIR with state 'Overtaken by Events': Cleaning up stale OPSDIR queue |
2022-05-05
|
09 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2022-04-25
|
09 | (System) | RFC Editor state changed to AUTH48 |
2022-04-06
|
09 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2022-03-18
|
09 | (System) | IANA Action state changed to No IANA Actions from In Progress |
2022-03-15
|
09 | (System) | RFC Editor state changed to EDIT |
2022-03-15
|
09 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2022-03-15
|
09 | (System) | Announcement was received by RFC Editor |
2022-03-15
|
09 | (System) | IANA Action state changed to In Progress |
2022-03-15
|
09 | Cindy Morgan | IESG state changed to Approved-announcement sent from Approved-announcement to be sent |
2022-03-15
|
09 | Cindy Morgan | IESG has approved the document |
2022-03-15
|
09 | Cindy Morgan | Closed "Approve" ballot |
2022-03-15
|
09 | Cindy Morgan | Ballot approval text was generated |
2022-03-15
|
09 | Martin Duke | IESG state changed to Approved-announcement to be sent from Approved-announcement to be sent::AD Followup |
2022-03-03
|
09 | (System) | Removed all action holders (IESG state changed) |
2022-03-03
|
09 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2022-03-03
|
09 | Joseph Touch | New version available: draft-ietf-tcpm-ao-test-vectors-09.txt |
2022-03-03
|
09 | (System) | New version approved |
2022-03-03
|
09 | (System) | Request for posting confirmation emailed to previous authors: Joseph Touch , Juhamatti Kuusisaari |
2022-03-03
|
09 | Joseph Touch | Uploaded new revision |
2022-03-03
|
08 | (System) | Changed action holders to Joseph Touch, Juhamatti Kuusisaari (IESG state changed) |
2022-03-03
|
08 | Cindy Morgan | IESG state changed to Approved-announcement to be sent::Revised I-D Needed from IESG Evaluation |
2022-03-03
|
08 | Cindy Morgan | Changed consensus to Yes from Unknown |
2022-03-03
|
08 | Martin Vigoureux | [Ballot Position Update] New position, No Objection, has been recorded for Martin Vigoureux |
2022-03-02
|
08 | Warren Kumari | [Ballot comment] Like many others, I have not actually validated all of the examples; this does, however, seem useful and I thank the authors and … [Ballot comment] Like many others, I have not actually validated all of the examples; this does, however, seem useful and I thank the authors and WG for their work on the document. |
2022-03-02
|
08 | Warren Kumari | [Ballot Position Update] New position, No Objection, has been recorded for Warren Kumari |
2022-03-02
|
08 | Erik Kline | [Ballot comment] [S3.1, etc.; nit] * I'm somewhat surprised that IETF standard documentation prefixes aren't being used (192.0.2.0/24, 2001:db8::/32). I do not feel … [Ballot comment] [S3.1, etc.; nit] * I'm somewhat surprised that IETF standard documentation prefixes aren't being used (192.0.2.0/24, 2001:db8::/32). I do not feel strongly enough, however, to suggest that the examples need to be rewritten and the values recomputed. [S3.1.4; nit] * If these examples are typical of BGP sessions and GSTM (RFC 5082) is a typical BGP deployment practice I would have expected to see the IPv6 hop limit in use also be 255, rather than 64. Again: no need to redo all the examples. |
2022-03-02
|
08 | Erik Kline | [Ballot Position Update] New position, No Objection, has been recorded for Erik Kline |
2022-03-02
|
08 | Amanda Baber | IANA Review state changed to IANA OK - No Actions Needed from Version Changed - Review Needed |
2022-03-02
|
08 | Roman Danyliw | [Ballot comment] Thank you for making this document to help validate implementations. Thank you to Christian Huitema for the SECDIR review. I didn’t not validate … [Ballot comment] Thank you for making this document to help validate implementations. Thank you to Christian Huitema for the SECDIR review. I didn’t not validate all of the examples. ** Section 3.1.5. Since ISNs are part of the context needed to make the traffic key (per Section 5.2 of RFC5925), should some statement be made about their values in these example packets? ** Given the observed implementation errors noted in Section 8, consider including a single detailed example per algorithm of how the appropriate traffic key and MAC would be computed in an appendix. For example, considering Section 4.1.1, such a detailed example showing how to compute the traffic key could be: (fixed format font required to read it) ==[ snip ]== Master_key: "testvector" (74 65 73 74 76 65 63 74 6F 72) KDF_Alg: KDF_HMAC_SHA1 IPv4/TCP Packet: 45 e0 00 4c dd 0f 40 00 ff 06 bf 6b 0a 0b 0c 0d ac 1b 1c 1d e9 d7 00 b3 fb fb ab 5a 00 00 00 00 e0 02 ff ff ca c4 00 00 02 04 05 b4 01 03 03 08 04 02 08 0a 00 15 5a b7 00 00 00 00 1d 10 3d 54 2e e4 37 c6 f8 ed e6 d7 c4 d6 02 e7 Source IP (sip): 10.11.12.13 (0A 0B 0C 0D) Destination IP (dip): 172.27.28.29 (AC 1B 1C 1D) Source Port (sport): 59863 (E9 D7) Destination Port (dport): 179 (00 B3) Source ISN (sisn): FB FB AB 5A Destination ISN (disn): 00 00 00 00 Send_SYN_traffic_key = KDF_alg(master_key, input) = HMAC-SHA1(master_key, i || Label || Context || Output_Length) i = 1 (01) Label= TCP-AO (54 43 50 2D 41 4F) Context = sip || dip || sport || dport || sisn || disn = 0A 0B 0C 0D AC 1B 1C 1D E9 D7 00 B3 FB FB AB 5A 00 00 00 00 Output_Length = 160 bits (00 A0) Send_SYN_traffic_key = HMAC-SHA1 ( 74 65 73 74 76 65 63 74 6F 72, 01 54 43 50 2D 41 4F 0A 0B 0C 0D AC 1B 1C 1D E9 D7 00 B3 FB FB AB 5A 00 00 00 00 00 A0 ) = 6d 63 ef 1b 02 fe 15 09 d4 b1 40 27 07 fd 7b 04 16 ab b7 4f ==[ snip ]== |
2022-03-02
|
08 | Roman Danyliw | [Ballot Position Update] New position, No Objection, has been recorded for Roman Danyliw |
2022-03-02
|
08 | Robert Wilton | [Ballot Position Update] New position, No Objection, has been recorded for Robert Wilton |
2022-03-02
|
08 | Zaheduzzaman Sarker | [Ballot comment] Thanks for the efforts here. Should this specification still be referring (normative) to RFC793 while 793-bis is almost complete? |
2022-03-02
|
08 | Zaheduzzaman Sarker | [Ballot Position Update] New position, No Objection, has been recorded for Zaheduzzaman Sarker |
2022-03-01
|
08 | Murray Kucherawy | [Ballot Position Update] New position, No Objection, has been recorded for Murray Kucherawy |
2022-03-01
|
08 | Joseph Touch | New version available: draft-ietf-tcpm-ao-test-vectors-08.txt |
2022-03-01
|
08 | (System) | New version approved |
2022-03-01
|
08 | (System) | Request for posting confirmation emailed to previous authors: Joseph Touch , Juhamatti Kuusisaari |
2022-03-01
|
08 | Joseph Touch | Uploaded new revision |
2022-03-01
|
07 | John Scudder | [Ballot Position Update] New position, No Objection, has been recorded for John Scudder |
2022-03-01
|
07 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2022-03-01
|
07 | Joseph Touch | New version available: draft-ietf-tcpm-ao-test-vectors-07.txt |
2022-03-01
|
07 | (System) | New version approved |
2022-03-01
|
07 | (System) | Request for posting confirmation emailed to previous authors: Joseph Touch , Juhamatti Kuusisaari |
2022-03-01
|
07 | Joseph Touch | Uploaded new revision |
2022-03-01
|
06 | Lars Eggert | [Ballot comment] The datatracker state does not indicate whether to include the consensus boilerplate for this document. Found terminology that should be reviewed for inclusivity; … [Ballot comment] The datatracker state does not indicate whether to include the consensus boilerplate for this document. Found terminology that should be reviewed for inclusivity; see https://www.rfc-editor.org/part2/#inclusive_language for background and more guidance: * Terms "master" and "master_key"; alternatives might be "active", "central", "initiator", "leader", "main", "orchestrator", "parent", "primary", "server". Thanks to Peter E. Yee for their General Area Review Team (Gen-ART) review (https://mailarchive.ietf.org/arch/msg/gen-art/CHS1WZam2FsNmxLR2z9sutDZzj0). ------------------------------------------------------------------------------- All comments below are about very minor potential issues that you may choose to address in some way - or ignore - as you see fit. Some were flagged by automated tools (via https://github.com/larseggert/ietf-reviewtool), so there will likely be some false positives. There is no need to let me know what you did with these suggestions. Document still refers to the "Simplified BSD License", which was corrected in the TLP on September 21, 2021. It should instead refer to the "Revised BSD License". The document boilerplate overall seems to be 10+ years out of date. |
2022-03-01
|
06 | Lars Eggert | Ballot comment text updated for Lars Eggert |
2022-03-01
|
06 | Lars Eggert | [Ballot comment] The datatracker state does not indicate consensus for this document. Found terminology that should be reviewed for inclusivity; see https://www.rfc-editor.org/part2/#inclusive_language for background and … [Ballot comment] The datatracker state does not indicate consensus for this document. Found terminology that should be reviewed for inclusivity; see https://www.rfc-editor.org/part2/#inclusive_language for background and more guidance: * Terms "master" and "master_key"; alternatives might be "active", "central", "initiator", "leader", "main", "orchestrator", "parent", "primary", "server". Thanks to Peter E. Yee for their General Area Review Team (Gen-ART) review (https://mailarchive.ietf.org/arch/msg/gen-art/CHS1WZam2FsNmxLR2z9sutDZzj0). ------------------------------------------------------------------------------- All comments below are about very minor potential issues that you may choose to address in some way - or ignore - as you see fit. Some were flagged by automated tools (via https://github.com/larseggert/ietf-reviewtool), so there will likely be some false positives. There is no need to let me know what you did with these suggestions. Document still refers to the "Simplified BSD License", which was corrected in the TLP on September 21, 2021. It should instead refer to the "Revised BSD License". The document boilerplate overall seems to be 10+ years out of date. |
2022-03-01
|
06 | Lars Eggert | [Ballot Position Update] New position, No Objection, has been recorded for Lars Eggert |
2022-02-03
|
06 | Amanda Baber | IANA Review state changed to IANA OK - No Actions Needed from Version Changed - Review Needed |
2022-02-01
|
06 | Cindy Morgan | Placed on agenda for telechat - 2022-03-03 |
2022-02-01
|
06 | Martin Duke | Ballot has been issued |
2022-02-01
|
06 | Martin Duke | [Ballot Position Update] New position, Yes, has been recorded for Martin Duke |
2022-02-01
|
06 | Martin Duke | Created "Approve" ballot |
2022-02-01
|
06 | Martin Duke | IESG state changed to IESG Evaluation from Waiting for Writeup |
2022-02-01
|
06 | Martin Duke | Ballot writeup was changed |
2022-02-01
|
06 | Martin Duke | Ballot approval text was generated |
2022-02-01
|
06 | (System) | IESG state changed to Waiting for Writeup from In Last Call |
2022-01-30
|
06 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2022-01-30
|
06 | Joseph Touch | New version available: draft-ietf-tcpm-ao-test-vectors-06.txt |
2022-01-30
|
06 | (System) | New version approved |
2022-01-30
|
06 | (System) | Request for posting confirmation emailed to previous authors: Joseph Touch , Juhamatti Kuusisaari |
2022-01-30
|
06 | Joseph Touch | Uploaded new revision |
2022-01-30
|
05 | Peter Yee | Request for Last Call review by GENART Completed: Ready with Nits. Reviewer: Peter Yee. Sent review to list. |
2022-01-28
|
05 | (System) | IANA Review state changed to IANA OK - No Actions Needed from IANA - Review Needed |
2022-01-28
|
05 | Sabrina Tanamal | (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Functions Operator has reviewed draft-ietf-tcpm-ao-test-vectors-05, which is currently in Last Call, and has the following comments: We … (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Functions Operator has reviewed draft-ietf-tcpm-ao-test-vectors-05, which is currently in Last Call, and has the following comments: We understand that this document doesn't require any registry actions. While it's often helpful for a document's IANA Considerations section to remain in place upon publication even if there are no actions, if the authors strongly prefer to remove it, we do not object. If this assessment is not accurate, please respond as soon as possible. Thank you, Sabrina Tanamal Lead IANA Services Specialist |
2022-01-28
|
05 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Tina Tsou |
2022-01-28
|
05 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Tina Tsou |
2022-01-23
|
05 | Christian Huitema | Request for Last Call review by SECDIR Completed: Ready. Reviewer: Christian Huitema. Sent review to list. |
2022-01-21
|
05 | Joseph Touch | New version available: draft-ietf-tcpm-ao-test-vectors-05.txt |
2022-01-21
|
05 | (System) | New version approved |
2022-01-21
|
05 | (System) | Request for posting confirmation emailed to previous authors: Joseph Touch , Juhamatti Kuusisaari |
2022-01-21
|
05 | Joseph Touch | Uploaded new revision |
2022-01-21
|
04 | Jean Mahoney | Request for Last Call review by GENART is assigned to Peter Yee |
2022-01-21
|
04 | Jean Mahoney | Request for Last Call review by GENART is assigned to Peter Yee |
2022-01-20
|
04 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Christian Huitema |
2022-01-20
|
04 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Christian Huitema |
2022-01-18
|
04 | Cindy Morgan | IANA Review state changed to IANA - Review Needed |
2022-01-18
|
04 | Cindy Morgan | The following Last Call announcement was sent out (ends 2022-02-01): From: The IESG To: IETF-Announce CC: draft-ietf-tcpm-ao-test-vectors@ietf.org, martin.h.duke@gmail.com, michael.scharf@hs-esslingen.de, tcpm-chairs@ietf.org, tcpm@ietf.org … The following Last Call announcement was sent out (ends 2022-02-01): From: The IESG To: IETF-Announce CC: draft-ietf-tcpm-ao-test-vectors@ietf.org, martin.h.duke@gmail.com, michael.scharf@hs-esslingen.de, tcpm-chairs@ietf.org, tcpm@ietf.org Reply-To: last-call@ietf.org Sender: Subject: Last Call: (TCP-AO Test Vectors) to Informational RFC The IESG has received a request from the TCP Maintenance and Minor Extensions WG (tcpm) to consider the following document: - 'TCP-AO Test Vectors' as Informational RFC The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the last-call@ietf.org mailing lists by 2022-02-01. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document provides test vectors to validate implementations of the two mandatory authentication algorithms specified for the TCP Authentication Option over both IPv4 and IPv6. This includes validation of the key derivation function (KDF) based on a set of test connection parameters as well as validation of the message authentication code (MAC). Vectors are provided for both currently required pairs of KDF and MAC algorithms: one based on SHA-1 and the other on AES-128. The vectors also validate both whole TCP segments as well as segments whose options are excluded for middlebox traversal. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-tcpm-ao-test-vectors/ No IPR declarations have been submitted directly on this I-D. |
2022-01-18
|
04 | Cindy Morgan | IESG state changed to In Last Call from Last Call Requested |
2022-01-18
|
04 | Martin Duke | Last call was requested |
2022-01-18
|
04 | Martin Duke | Last call announcement was generated |
2022-01-18
|
04 | Martin Duke | Ballot approval text was generated |
2022-01-18
|
04 | Martin Duke | Ballot writeup was generated |
2022-01-18
|
04 | Martin Duke | IESG state changed to Last Call Requested from AD Evaluation |
2021-12-20
|
04 | (System) | Changed action holders to Martin Duke (IESG state changed) |
2021-12-20
|
04 | Martin Duke | IESG state changed to AD Evaluation from Publication Requested |
2021-12-20
|
04 | Michael Scharf | 1. Summary The document shepherd is Michael Scharf . The responsible Area Director is Martin Duke . This document provides test vectors to validate implementations … 1. Summary The document shepherd is Michael Scharf . The responsible Area Director is Martin Duke . This document provides test vectors to validate implementations of the TCP Authentication Option (TCP-AO) over both IPv4 and IPv6. With the test vectors multiple TCP-AO implementations can be validated against each other to ensure interoperability. The TCPM working group requests publication as Informational RFC, as indicated on the title page. 2. Review and Consensus This document has been reviewed by several contributors in the TCPM working group and is considered ready for publication. The WGLC has passed successfully without any comments. As TCP-AO is in particular relevant for routers, the document is only of interest to a small subset of the TCPM working group. As a result, there has been less working group discussion than for other documents. Nonetheless, there has always been strong consensus in TCPM that documenting test vectors is useful for those implementers that need TCP-AO. And there has never been any controversy regarding the content of this informational document. Tests with several different closed source TCP-AO implementations have been reported by the authors. This should ensure that the test vectors are indeed correct. There have also been recent announcements of further planned TCP-AO implementations, including open source code. As a result, the publication of test vectors is very timely work. 3. Intellectual Property Each author has stated that their direct, personal knowledge of any IPR related to this document has already been disclosed, in conformance with BCPs 78 and 79. There are no IPR disclosures. 4. Other Points Idnits reports that private range IPv4 addresses are used instead of documentation addresses according to RFC 6890. Yet, this seems appropriate as actual TCP-AO validation tests would typically indeed use private addresses. |
2021-12-20
|
04 | Michael Scharf | Responsible AD changed to Martin Duke |
2021-12-20
|
04 | Michael Scharf | IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up |
2021-12-20
|
04 | Michael Scharf | IESG state changed to Publication Requested from I-D Exists |
2021-12-20
|
04 | Michael Scharf | IESG process started in state Publication Requested |
2021-12-20
|
04 | Michael Scharf | Intended Status changed to Informational from None |
2021-12-20
|
04 | Michael Scharf | 1. Summary The document shepherd is Michael Scharf . The responsible Area Director is Martin Duke . This document provides test vectors to validate implementations … 1. Summary The document shepherd is Michael Scharf . The responsible Area Director is Martin Duke . This document provides test vectors to validate implementations of the TCP Authentication Option (TCP-AO) over both IPv4 and IPv6. With the test vectors multiple TCP-AO implementations can be validated against each other to ensure interoperability. The TCPM working group requests publication as Informational RFC, as indicated on the title page. 2. Review and Consensus This document has been reviewed by several contributors in the TCPM working group and is considered ready for publication. The WGLC has passed successfully without any comments. As TCP-AO is in particular relevant for routers, the document is only of interest to a small subset of the TCPM working group. As a result, there has been less working group discussion than for other documents. Nonetheless, there has always been strong consensus in TCPM that documenting test vectors is useful for those implementers that need TCP-AO. And there has never been any controversy regarding the content of this informational document. Tests with several different closed source TCP-AO implementations have been reported by the authors. This should ensure that the test vectors are indeed correct. There have also been recent announcements of further planned TCP-AO implementations, including open source code. As a result, the publication of test vectors is very timely work. 3. Intellectual Property Each author has stated that their direct, personal knowledge of any IPR related to this document has already been disclosed, in conformance with BCPs 78 and 79. There are no IPR disclosures. 4. Other Points Idnits reports that private range IPv4 addresses are used instead of documentation addresses according to RFC 6890. Yet, this seems appropriate as actual TCP-AO validation tests would typically indeed use private addresses. |
2021-12-19
|
04 | Joseph Touch | New version available: draft-ietf-tcpm-ao-test-vectors-04.txt |
2021-12-19
|
04 | (System) | New version accepted (logged-in submitter: Joseph Touch) |
2021-12-19
|
04 | Joseph Touch | Uploaded new revision |
2021-12-17
|
03 | Michael Scharf | IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call |
2021-12-16
|
03 | Joseph Touch | New version available: draft-ietf-tcpm-ao-test-vectors-03.txt |
2021-12-16
|
03 | (System) | New version approved |
2021-12-16
|
03 | (System) | Request for posting confirmation emailed to previous authors: Joseph Touch , Juhamatti Kuusisaari |
2021-12-16
|
03 | Joseph Touch | Uploaded new revision |
2021-12-09
|
02 | Michael Scharf | IETF WG state changed to In WG Last Call from WG Document |
2021-11-10
|
02 | Michael Scharf | Notification list changed to michael.scharf@hs-esslingen.de because the document shepherd was set |
2021-11-10
|
02 | Michael Scharf | Document shepherd changed to Michael Scharf |
2021-11-02
|
02 | Michael Tüxen | Added to session: IETF-112: tcpm Thu-1200 |
2021-10-12
|
02 | Joseph Touch | New version available: draft-ietf-tcpm-ao-test-vectors-02.txt |
2021-10-12
|
02 | (System) | New version approved |
2021-10-12
|
02 | (System) | Request for posting confirmation emailed to previous authors: Joseph Touch , Juhamatti Kuusisaari |
2021-10-12
|
02 | Joseph Touch | Uploaded new revision |
2021-10-06
|
01 | Joseph Touch | New version available: draft-ietf-tcpm-ao-test-vectors-01.txt |
2021-10-06
|
01 | (System) | New version approved |
2021-10-06
|
01 | (System) | Request for posting confirmation emailed to previous authors: Joseph Touch , Juhamatti Kuusisaari |
2021-10-06
|
01 | Joseph Touch | Uploaded new revision |
2021-04-07
|
00 | Michael Scharf | This document now replaces draft-touch-tcpm-ao-test-vectors instead of None |
2021-04-07
|
00 | Joseph Touch | New version available: draft-ietf-tcpm-ao-test-vectors-00.txt |
2021-04-07
|
00 | (System) | WG -00 approved |
2021-04-07
|
00 | Joseph Touch | Set submitter to "Joe Touch ", replaces to draft-touch-tcpm-ao-test-vectors and sent approval email to group chairs: tcpm-chairs@ietf.org |
2021-04-07
|
00 | Joseph Touch | Uploaded new revision |