Technical Summary
This document provides test vectors to validate implementations of
the two mandatory authentication algorithms specified for the TCP
Authentication Option over both IPv4 and IPv6. This includes
validation of the key derivation function (KDF) based on a set of
test connection parameters as well as validation of the message
authentication code (MAC). Vectors are provided for both currently
required pairs of KDF and MAC algorithms: KDF_HMAC_SHA1 and HMAC-
SHA-1-96, and KDF_AES_128_CMAC and AES-128-CMAC-96. The vectors also
validate both whole TCP segments as well as segments whose options
are excluded for middlebox traversal.
Working Group Summary
This is a niche interest, so there was less TCPM review than usual, but there was also no controversy.
Document Quality
The test vectors here have been verified by multiple sources. TCP-AO is often used in routers.
Personnel
The Shepherd is Michael Scharf. The responsible AD is Martin Duke.