Skip to main content

TCP Authentication Option (TCP-AO) Test Vectors

Approval announcement
Draft of message to be sent after approval:


From: The IESG <>
To: IETF-Announce <>
Cc: The IESG <>,,,,,,
Subject: Document Action: 'TCP-AO Test Vectors' to Informational RFC (draft-ietf-tcpm-ao-test-vectors-09.txt)

The IESG has approved the following document:
- 'TCP-AO Test Vectors'
  (draft-ietf-tcpm-ao-test-vectors-09.txt) as Informational RFC

This document is the product of the TCP Maintenance and Minor Extensions
Working Group.

The IESG contact persons are Zaheduzzaman Sarker and Martin Duke.

A URL of this Internet Draft is:

Ballot Text

Technical Summary

   This document provides test vectors to validate implementations of
   the two mandatory authentication algorithms specified for the TCP
   Authentication Option over both IPv4 and IPv6. This includes
   validation of the key derivation function (KDF) based on a set of
   test connection parameters as well as validation of the message
   authentication code (MAC). Vectors are provided for both currently
   required pairs of KDF and MAC algorithms: KDF_HMAC_SHA1 and HMAC-
   SHA-1-96, and KDF_AES_128_CMAC and AES-128-CMAC-96. The vectors also
   validate both whole TCP segments as well as segments whose options
   are excluded for middlebox traversal.

Working Group Summary

   This is a niche interest, so there was less TCPM review than usual, but there was also no controversy.

Document Quality

   The test vectors here have been verified by multiple sources. TCP-AO is often used in routers.


   The Shepherd is Michael Scharf. The responsible AD is Martin Duke.

RFC Editor Note