From: Simo Sorce <simo@redhat.com>
To: Eric Biggers <ebiggers@kernel.org>,
Dmitry Safonov <0x7f454c46@gmail.com>
Cc: netdev@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org, Eric Dumazet <edumazet@google.com>,
Neal Cardwell <ncardwell@google.com>,
Kuniyuki Iwashima <kuniyu@google.com>,
"David S . Miller" <davem@davemloft.net>,
David Ahern <dsahern@kernel.org>,
Jakub Kicinski <kuba@kernel.org>,
Paolo Abeni <pabeni@redhat.com>, Simon Horman <horms@kernel.org>,
Ard Biesheuvel <ardb@kernel.org>,
"Jason A . Donenfeld" <Jason@zx2c4.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
Dmitry Safonov <dima@arista.com>
Subject: Re: [PATCH net-next v2 0/5] Reimplement TCP-AO using crypto library
Date: Tue, 28 Apr 2026 12:26:44 -0400 [thread overview]
Message-ID: <33613b11328d830f8683fc6ec6900da2b479ae27.camel@redhat.com> (raw)
In-Reply-To: <20260427232054.GA2700@sol>
On Mon, 2026-04-27 at 16:20 -0700, Eric Biggers wrote:
> On Mon, Apr 27, 2026 at 08:01:16PM +0000, Eric Biggers wrote:
> > > - Ronald P. Bonica (the original RFC5925 author), together with Tony
> > > Li do have an active RFC draft to support the additional algorithms
> [...]
> > > [1] https://www.ietf.org/archive/id/draft-bonica-tcpm-tcp-ao-algs-00.html
>
> For what it's worth, that draft makes very little sense. For example,
> it proposes three variants of HMAC-SHA3, instead of just making the
> modern choice of KMAC256. And it proposes both HMAC-SHA384 and
> HMAC-SHA512, despite them being redundant with each other after the
> specified truncation to 128 bits.
Which is bogus in itself without proper security considerations, the
only considerations cited is an RFC from 1997 ... clearly the pinnacle
of cryptography advice ...
If they need a shorter hash they should make themselves a favor and use
SHAKE and then define the desired output length and desired key size.
That draft is just a disaster as written.
Specifically they should use KMAC128 as defined in NIST SP 800-185
(which uses cSHAKE128 underneath).
Simo.
--
Simo Sorce
Distinguished Engineer
RHEL Crypto Team
Red Hat, Inc
next prev parent reply other threads:[~2026-04-28 16:26 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-27 17:27 [PATCH net-next v2 0/5] Reimplement TCP-AO using crypto library Eric Biggers
2026-04-27 17:27 ` [PATCH net-next v2 1/5] net/tcp-ao: Drop support for most non-RFC-specified algorithms Eric Biggers
2026-04-27 17:27 ` [PATCH net-next v2 2/5] net/tcp-ao: Use crypto library API instead of crypto_ahash Eric Biggers
2026-04-28 1:24 ` David Laight
2026-04-28 1:35 ` Eric Biggers
2026-04-28 6:34 ` Ard Biesheuvel
2026-04-28 10:10 ` David Laight
2026-04-28 16:38 ` Ard Biesheuvel
2026-04-27 17:27 ` [PATCH net-next v2 3/5] net/tcp-ao: Use stack-allocated MAC and traffic_key buffers Eric Biggers
2026-04-27 17:27 ` [PATCH net-next v2 4/5] net/tcp-ao: Return void from functions that can no longer fail Eric Biggers
2026-04-27 17:27 ` [PATCH net-next v2 5/5] net/tcp: Remove tcp_sigpool Eric Biggers
2026-04-27 19:09 ` [PATCH net-next v2 0/5] Reimplement TCP-AO using crypto library Dmitry Safonov
2026-04-27 20:01 ` Eric Biggers
2026-04-27 23:20 ` Eric Biggers
2026-04-28 16:26 ` Simo Sorce [this message]
2026-04-28 17:30 ` Eric Biggers
2026-04-27 22:55 ` Jakub Kicinski
2026-04-28 0:00 ` Dmitry Safonov
2026-04-28 5:41 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=33613b11328d830f8683fc6ec6900da2b479ae27.camel@redhat.com \
--to=simo@redhat.com \
--cc=0x7f454c46@gmail.com \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=davem@davemloft.net \
--cc=dima@arista.com \
--cc=dsahern@kernel.org \
--cc=ebiggers@kernel.org \
--cc=edumazet@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=kuniyu@google.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ncardwell@google.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox