[tcpm] I-D Action:draft-ietf-tcpm-tcp-auth-opt-01.txt

Internet-Drafts@ietf.org Mon, 14 July 2008 23:45 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [] (localhost []) by core3.amsl.com (Postfix) with ESMTP id 7CD4328C2C4; Mon, 14 Jul 2008 16:45:31 -0700 (PDT)
X-Original-To: tcpm@ietf.org
Delivered-To: tcpm@core3.amsl.com
Received: by core3.amsl.com (Postfix, from userid 0) id AC4793A69F4; Mon, 14 Jul 2008 16:45:02 -0700 (PDT)
From: Internet-Drafts@ietf.org
To: i-d-announce@ietf.org
Content-Type: Multipart/Mixed; Boundary="NextPart"
Mime-Version: 1.0
Message-Id: <20080714234502.AC4793A69F4@core3.amsl.com>
Date: Mon, 14 Jul 2008 16:45:02 -0700
Cc: tcpm@ietf.org
Subject: [tcpm] I-D Action:draft-ietf-tcpm-tcp-auth-opt-01.txt
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the TCP Maintenance and Minor Extensions Working Group of the IETF.

	Title           : The TCP Authentication Option
	Author(s)       : J. Touch, et al.
	Filename        : draft-ietf-tcpm-tcp-auth-opt-01.txt
	Pages           : 30
	Date            : 2008-07-14

This document specifies a TCP Authentication Option (TCP-AO) which is 
intended to replace the TCP MD5 Signature option of RFC-2385 (TCP 
MD5). TCP-AO specifies the use of stronger Message Authentication 
Codes (MACs) and provides more details on the association of security 
associations with TCP connections. TCP-AO assumes an external, out-
of-band mechanism (manual or via a separate protocol) for session key 
establishment, parameter negotiation, and rekeying, replicating the 
 separation of key management and key use as in the IPsec suite. The 
result is intended to be a simple modification to support current 
infrastructure uses of TCP MD5, such as to protect BGP and LDP, and 
to support a larger set of MACs with minimal other system and 
operational changes. TCP-AO uses a new option identifier, even though 
it is intended to be mutually exclusive with TCP MD5 on a given TCP 
connection. It supports IPv6, and is fully compatible with 
requirements under development for an update to TCP MD5.

A URL for this Internet-Draft is:

Internet-Drafts are also available by anonymous FTP at:

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
tcpm mailing list