Skip to main content

TCP-AO Test Vectors

Document Type Replaced Internet-Draft (individual)
Expired & archived
Authors Dr. Joseph D. Touch , Juhamatti Kuusisaari
Last updated 2020-12-23
Replaced by draft-ietf-tcpm-ao-test-vectors
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-tcpm-ao-test-vectors
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document provides test vectors to validate implementations of the two mandatory authentication algorithms specified for the TCP Authentication Option over both IPv4 and IPv6. This includes validation of the key derivation function (KDF) based on a set of test connection parameters as well as validation of the message authentication code (MAC). Vectors are provided for both currently required pairs of KDF and MAC algorithms: one based on SHA-1 and the other on AES-128. The vectors also validate both whole TCP segments as well as segments whose options are excluded for NAT traversal.


Dr. Joseph D. Touch
Juhamatti Kuusisaari

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)