I-D Action:draft-ietf-tcpm-tcp-auth-opt-09.txt

Internet-Drafts@ietf.org Sun, 31 January 2010 23:30 UTC

Return-Path: <root@core3.amsl.com>
X-Original-To: i-d-announce@ietf.org
Delivered-To: i-d-announce@core3.amsl.com
Received: by core3.amsl.com (Postfix, from userid 0) id 018453A690B; Sun, 31 Jan 2010 15:30:02 -0800 (PST)
From: Internet-Drafts@ietf.org
To: i-d-announce@ietf.org
Subject: I-D Action:draft-ietf-tcpm-tcp-auth-opt-09.txt
Content-Type: Multipart/Mixed; Boundary="NextPart"
Mime-Version: 1.0
Message-Id: <20100131233003.018453A690B@core3.amsl.com>
Date: Sun, 31 Jan 2010 15:30:02 -0800
Cc: tcpm@ietf.org
X-BeenThere: i-d-announce@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: internet-drafts@ietf.org
List-Id: Internet Draft Announcements only <i-d-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/i-d-announce>
List-Post: <mailto:i-d-announce@ietf.org>
List-Help: <mailto:i-d-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Jan 2010 23:30:03 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the TCP Maintenance and Minor Extensions Working Group of the IETF.

	Title           : The TCP Authentication Option
	Author(s)       : J. Touch, et al.
	Filename        : draft-ietf-tcpm-tcp-auth-opt-09.txt
	Pages           : 47
	Date            : 2010-01-31

This document specifies the TCP Authentication Option (TCP-AO), which
obsoletes the TCP MD5 Signature option of RFC-2385 (TCP MD5). TCP-AO
specifies the use of stronger Message Authentication Codes (MACs),
protects against replays even for long-lived TCP connections, and
provides more details on the association of security with TCP
connections than TCP MD5. TCP-AO is compatible with either static
master key tuple (MKT) configuration or an external, out-of-band MKT
management mechanism; in either case, TCP-AO also protects
connections when using the same MKT across repeated instances of a
connection, using traffic keys derived from the MKT, and coordinates
MKT changes between endpoints. The result is intended to support
current infrastructure uses of TCP MD5, such as to protect long-lived
connections (as used, e.g., in BGP and LDP), and to support a larger
set of MACs with minimal other system and operational changes. TCP-AO
uses a different option identifier than TCP MD5, even though TCP-AO
and TCP MD5 are never permitted to be used simultaneously. TCP-AO
supports IPv6, and is fully compatible with the proposed requirements
for the replacement of TCP MD5.

A URL for this Internet-Draft is:

Internet-Drafts are also available by anonymous FTP at:

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the