[tcpm] RFC 5925 on The TCP Authentication Option

rfc-editor@rfc-editor.org Mon, 21 June 2010 22:58 UTC

Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 119EA28C15E; Mon, 21 Jun 2010 15:58:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.79
X-Spam-Status: No, score=-1.79 tagged_above=-999 required=5 tests=[AWL=0.210, BAYES_00=-2.599, J_CHICKENPOX_93=0.6, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id NoaAI1vC4Qf9; Mon, 21 Jun 2010 15:58:12 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [IPv6:2001:1890:1112:1::2f]) by core3.amsl.com (Postfix) with ESMTP id 3F64228C157; Mon, 21 Jun 2010 15:58:12 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id BBD38E06C9; Mon, 21 Jun 2010 15:58:19 -0700 (PDT)
To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org
From: rfc-editor@rfc-editor.org
Message-Id: <20100621225819.BBD38E06C9@rfc-editor.org>
Date: Mon, 21 Jun 2010 15:58:19 -0700
Cc: tcpm@ietf.org, rfc-editor@rfc-editor.org
Subject: [tcpm] RFC 5925 on The TCP Authentication Option
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jun 2010 22:58:13 -0000

A new Request for Comments is now available in online RFC libraries.

        RFC 5925

        Title:      The TCP Authentication Option 
        Author:     J. Touch, A. Mankin,
                    R. Bonica
        Status:     Standards Track
        Stream:     IETF
        Date:       June 2010
        Mailbox:    touch@isi.edu, 
        Pages:      48
        Characters: 106174
        Obsoletes:  RFC2385

        I-D Tag:    draft-ietf-tcpm-tcp-auth-opt-11.txt

        URL:        http://www.rfc-editor.org/rfc/rfc5925.txt

This document specifies the TCP Authentication Option (TCP-AO), which
obsoletes the TCP MD5 Signature option of RFC 2385 (TCP MD5).  TCP-AO
specifies the use of stronger Message Authentication Codes (MACs),
protects against replays even for long-lived TCP connections, and
provides more details on the association of security with TCP
connections than TCP MD5.  TCP-AO is compatible with either a static
Master Key Tuple (MKT) configuration or an external, out-of-band MKT
management mechanism; in either case, TCP-AO also protects
connections when using the same MKT across repeated instances of a
connection, using traffic keys derived from the MKT, and coordinates
MKT changes between endpoints.  The result is intended to support
current infrastructure uses of TCP MD5, such as to protect long-lived
connections (as used, e.g., in BGP and LDP), and to support a larger
set of MACs with minimal other system and operational changes.  TCP-AO
uses a different option identifier than TCP MD5, even though TCP-AO
and TCP MD5 are never permitted to be used simultaneously.  TCP-AO
supports IPv6, and is fully compatible with the proposed requirements
for the replacement of TCP MD5.  [STANDARDS TRACK]

This document is a product of the TCP Maintenance and Minor Extensions Working Group of the IETF.

This is now a Proposed Standard Protocol.

STANDARDS TRACK: This document specifies an Internet standards track
protocol for the Internet community,and requests discussion and suggestions
for improvements.  Please refer to the current edition of the Internet
Official Protocol Standards (STD 1) for the standardization state and
status of this protocol.  Distribution of this memo is unlimited.

This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see

For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html.
For downloading RFCs, see http://www.rfc-editor.org/rfc.html.

Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor@rfc-editor.org.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.

The RFC Editor Team
Association Management Solutions, LLC