On Mar 6, 2025, at 1:19 PM, Michael Richardson <mcr+i...@sandelman.ca> wrote: > Assuming that this one implementation fix is easy to do and to deploy[%] > ubiquitously, then I suggest that RFC7170 document *the above* and the above > *only* for TEAPv1. You say as much below.
I think that's the best approach. That could also make the document a lot clearer. i.e. just remove all of the text about the EMSK Compound MAC, and say "not implemented". >> Nothing else works across all implementations. > > Then that's what the document should say. OK. I will issue an update after IETF 122. > This is a client/desktop/laptop implementation then? > How far back does it go? Win10? Win7? WinXP? I'd have to look. Windows 11 at least. Perhaps Windows 10. Not earlier. >> The simplest way forward that I can think of is the following: > >> 1) declare the MSFT behaviour TEAPv0. Crypto-Binding contains only the >> MSK Compound MAC, the EMSK Compound MAC is always zero > > Is version 0 even valid? > What do these old versions declare as their version? Sorry, TEAPv1. So TEAPv1 is "MSK Compound MAC only". TEAPv2 is whatever we decide to do after issuing 7170bis. Alan DeKok. _______________________________________________ Emu mailing list -- emu@ietf.org To unsubscribe send an email to emu-le...@ietf.org
