IETF Logo Mail Archive

[tcpm] I-D Action:draft-ietf-tcpm-tcp-auth-opt-05.txt

Internet-Drafts@ietf.org Fri, 03 July 2009 19:15 UTC

Return-Path: <root@core3.amsl.com>
X-Original-To: tcpm@ietf.org
Delivered-To: tcpm@core3.amsl.com
Received: by core3.amsl.com (Postfix, from userid 0) id 57F2F28C2EC; Fri, 3 Jul 2009 12:15:00 -0700 (PDT)
From: Internet-Drafts@ietf.org
To: i-d-announce@ietf.org
Content-Type: Multipart/Mixed; Boundary="NextPart"
Mime-Version: 1.0
Message-Id: <20090703191501.57F2F28C2EC@core3.amsl.com>
Date: Fri, 03 Jul 2009 12:15:01 -0700
Cc: tcpm@ietf.org
Subject: [tcpm] I-D Action:draft-ietf-tcpm-tcp-auth-opt-05.txt
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jul 2009 19:15:01 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the TCP Maintenance and Minor Extensions Working Group of the IETF.


	Title           : The TCP Authentication Option
	Author(s)       : J. Touch, et al.
	Filename        : draft-ietf-tcpm-tcp-auth-opt-05.txt
	Pages           : 46
	Date            : 2009-07-03

This document specifies the TCP Authentication Option (TCP-AO), which
obsoletes the TCP MD5 Signature option of RFC-2385 (TCP MD5). TCP-AO
specifies the use of stronger Message Authentication Codes (MACs),
protects against replays even for long-lived TCP connections, and
provides more details on the association of security with TCP
connections than TCP MD5. TCP-AO is compatible with either static
master key tuple (MKT) configuration or an external, out-of-band MKT
management mechanism; in either case, TCP-AO also protects
connections when using the same MKT across repeated instances of a
connection, using traffic keys derived from the MKT, and coordinates
MKT changes between endpoints. The result is intended to support
current infrastructure uses of TCP MD5, such as to protect long-lived
connections (as used, e.g., in BGP and LDP), and to support a larger
set of MACs with minimal other system and operational changes. TCP-AO
uses its own option identifier, even though used mutually exclusive
of TCP MD5 on a given TCP connection. TCP-AO supports IPv6, and is
fully compatible with the requirements for the replacement of TCP
MD5.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcp-auth-opt-05.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
ftp://ftp.ietf.org/internet-drafts/draft-ietf-tcpm-tcp-auth-opt-05.txt"><ftp://ftp.ietf.org/internet-drafts/draft-ietf-tcpm-tcp-auth-opt-05.txt>

v2.23.0 | Report a Bug | By Email