[tcpm] I-D Action:draft-ietf-tcpm-tcp-auth-opt-02.txt

Internet-Drafts@ietf.org Mon, 03 November 2008 22:00 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [] (localhost []) by core3.amsl.com (Postfix) with ESMTP id 603D128C2B7; Mon, 3 Nov 2008 14:00:05 -0800 (PST)
X-Original-To: tcpm@ietf.org
Delivered-To: tcpm@core3.amsl.com
Received: by core3.amsl.com (Postfix, from userid 0) id 4125E28C144; Mon, 3 Nov 2008 14:00:01 -0800 (PST)
From: Internet-Drafts@ietf.org
To: i-d-announce@ietf.org
Content-Type: Multipart/Mixed; Boundary="NextPart"
Mime-Version: 1.0
Message-Id: <20081103220001.4125E28C144@core3.amsl.com>
Date: Mon, 03 Nov 2008 14:00:01 -0800
Cc: tcpm@ietf.org
Subject: [tcpm] I-D Action:draft-ietf-tcpm-tcp-auth-opt-02.txt
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the TCP Maintenance and Minor Extensions Working Group of the IETF.

	Title           : The TCP Authentication Option
	Author(s)       : J. Touch, et al.
	Filename        : draft-ietf-tcpm-tcp-auth-opt-02.txt
	Pages           : 36
	Date            : 2008-11-03

This document specifies the TCP Authentication Option (TCP-AO), which 
obsoletes the TCP MD5 Signature option of RFC-2385 (TCP MD5). TCP-AO 
specifies the use of stronger Message Authentication Codes (MACs), 
protects against replays even for long-lived TCP connections, and 
provides more details on the association of security with TCP 
connections than TCP MD5. TCP-AO is compatible with either static 
 keying or an external, out-of-band key management mechanism; in 
either case, TCP-AO also protects connections when using the same key 
across repeated instances of a connection. The result is intended to 
support current infrastructure uses of TCP MD5, such as to protect 
long-lived connections (as used, e.g., in BGP and LDP), and to 
support a larger set of MACs with minimal other system and 
operational changes. TCP-AO uses its own option identifier, even 
though used mutually exclusive of TCP MD5 on a given TCP connection. 
TCP-AO supports IPv6, and is fully compatible with the requirements 
for the replacement of TCP MD5.

A URL for this Internet-Draft is:

Internet-Drafts are also available by anonymous FTP at:

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
tcpm mailing list