I-D Action:draft-duan-tcpm-tcp-ao-rekeying-00.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

A New Internet-Draft is available from the on-line Internet-Drafts directories.

	Title           : Key Coordination enhancement for TCP-AO
	Author(s)       : S. Duan, et al.
	Filename        : draft-duan-tcpm-tcp-ao-rekeying-00.txt
	Pages           : 11
	Date            : 2010-03-01

TCP-AO technology was proposed to obsolete the TCP-MD5 option which
was developed to protect the BGP sessions between routers.  Besides
of allowing users to choose which cryptographic algorithm(s) they
want to use to meet their security needs, TCP-AO provides key
coordination mechanism giving the ability to move from one key to
another within the same connection with zero segment loss by using
two ID fields i.e.  KeyID and RNextKeyID.  The sender uses the
RNextKeyID to indicate the receiver using the preferred MKT which
will authenticate the next incoming segments.  However, if the sender
finds its MKT which is used to authenticate the outgoing segments has
been attacked and should be changed into a new one, it can do nothing
but wait for receiver to send a segment which carries a different
RNextKeyID.

In this case, the communication becomes dangerous probably because
the sender always authenticates outgoing segments by an attacked key
before the receiver wants to change the incoming key.  This document
provides a method giving the sender ability to inform the other part
change the RNextKeyID when the sender finds the key used in outgoing
segment is not safe any longer.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-duan-tcpm-tcp-ao-rekeying-00.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
<ftp://ftp.ietf.org/internet-drafts/draft-duan-tcpm-tcp-ao-rekeying-00.txt>
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux