The IESG has received a request from the TCP Increased Security WG (tcpinc) to consider the following document: - 'Cryptographic protection of TCP Streams (tcpcrypt)' <draft-ietf-tcpinc-tcpcrypt-07.txt> as Experimental RFC The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2017-10-19. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document specifies tcpcrypt, a TCP encryption protocol designed for use in conjunction with the TCP Encryption Negotiation Option (TCP-ENO). Tcpcrypt coexists with middleboxes by tolerating resegmentation, NATs, and other manipulations of the TCP header. The protocol is self-contained and specifically tailored to TCP implementations, which often reside in kernels or other environments in which large external software dependencies can be undesirable. Because the size of TCP options is limited, the protocol requires one additional one-way message latency to perform key exchange before application data may be transmitted. However, this cost can be avoided between two hosts that have recently established a previous tcpcrypt connection. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-tcpinc-tcpcrypt/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-tcpinc-tcpcrypt/ballot/ No IPR declarations have been submitted directly on this I-D.
