Re: [tcpm] I-D Action:draft-ietf-tcpm-tcp-auth-opt-04.txt
Joe Touch <touch@ISI.EDU> Mon, 09 March 2009 19:19 UTC
Return-Path: <touch@ISI.EDU>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7DBF33A69B0 for <tcpm@core3.amsl.com>; Mon, 9 Mar 2009 12:19:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.143
X-Spam-Level:
X-Spam-Status: No, score=-1.143 tagged_above=-999 required=5 tests=[AWL=1.457, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SR4mf0BZEW-m for <tcpm@core3.amsl.com>; Mon, 9 Mar 2009 12:19:38 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by core3.amsl.com (Postfix) with ESMTP id 6D2EE3A6919 for <tcpm@ietf.org>; Mon, 9 Mar 2009 12:19:38 -0700 (PDT)
Received: from [128.9.176.50] (c1-vpn11.isi.edu [128.9.176.50]) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id n29JJvmm012878; Mon, 9 Mar 2009 12:19:59 -0700 (PDT)
Message-ID: <49B56BDC.2020205@isi.edu>
Date: Mon, 09 Mar 2009 12:19:56 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.19 (Windows/20081209)
MIME-Version: 1.0
To: tcpm@ietf.org
References: <20090309190001.9B1F93A69DE@core3.amsl.com>
In-Reply-To: <20090309190001.9B1F93A69DE@core3.amsl.com>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Subject: Re: [tcpm] I-D Action:draft-ietf-tcpm-tcp-auth-opt-04.txt
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Mar 2009 19:19:39 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, all, The changes to this document are summarized in the document; they include a major restructuring for readability, the addition of a key change coordination mechanism, and a clearer description of the purpose of the TSAD (now called the TAPD). Comments welcome, of course. Please do read this through, though - most if the doc has changed (hopefully for the better). The primary current open issue for SFO regards whether the key coordination mechanism requires support to prevent "backup" (changing back to a key previously used). FYI. Joe Internet-Drafts@ietf.org wrote: > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the TCP Maintenance and Minor Extensions Working Group of the IETF. > > > Title : The TCP Authentication Option > Author(s) : J. Touch, et al. > Filename : draft-ietf-tcpm-tcp-auth-opt-04.txt > Pages : 48 > Date : 2009-03-09 > > This document specifies the TCP Authentication Option (TCP-AO), which > obsoletes the TCP MD5 Signature option of RFC-2385 (TCP MD5). TCP-AO > specifies the use of stronger Message Authentication Codes (MACs), > protects against replays even for long-lived TCP connections, and > provides more details on the association of security with TCP > connections than TCP MD5. TCP-AO is compatible with either static > master key configuration or an external, out-of-band master key > management mechanism; in either case, TCP-AO also protects > connections when using the same master key across repeated instances > of a connection, using traffic keys derived from the master key, and > coordinates key changes between endpoints. The result is intended to > support current infrastructure uses of TCP MD5, such as to protect > long-lived connections (as used, e.g., in BGP and LDP), and to > support a larger set of MACs with minimal other system and > operational changes. TCP-AO uses its own option identifier, even > though used mutually exclusive of TCP MD5 on a given TCP connection. > TCP-AO supports IPv6, and is fully compatible with the requirements > for the replacement of TCP MD5. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcp-auth-opt-04.txt > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > Below is the data which will enable a MIME compliant mail reader > implementation to automatically retrieve the ASCII version of the > Internet-Draft. > > > ------------------------------------------------------------------------ > > _______________________________________________ > tcpm mailing list > tcpm@ietf.org > https://www.ietf.org/mailman/listinfo/tcpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkm1a9wACgkQE5f5cImnZrtLSACgg0pamhFBN48BfHAQiVJlfc20 DPoAoIWbj0jCdkvrXfVyG+jATgvaBC27 =2EjV -----END PGP SIGNATURE-----
- [tcpm] I-D Action:draft-ietf-tcpm-tcp-auth-opt-04… Internet-Drafts
- Re: [tcpm] I-D Action:draft-ietf-tcpm-tcp-auth-op… Joe Touch
- Re: [tcpm] I-D Action:draft-ietf-tcpm-tcp-auth-op… Eddy, Wesley M. (GRC-RCN0)[Verizon]