A new Request for Comments is now available in online RFC libraries.
RFC 5925
Title: The TCP Authentication Option
Author: J. Touch, A. Mankin,
R. Bonica
Status: Standards Track
Stream: IETF
Date: June 2010
Mailbox: touch@isi.edu,
mankin@psg.com,
rbonica@juniper.net
Pages: 48
Characters: 106174
Obsoletes: RFC2385
I-D Tag: draft-ietf-tcpm-tcp-auth-opt-11.txt
URL: http://www.rfc-editor.org/rfc/rfc5925.txt
This document specifies the TCP Authentication Option (TCP-AO), which
obsoletes the TCP MD5 Signature option of RFC 2385 (TCP MD5). TCP-AO
specifies the use of stronger Message Authentication Codes (MACs),
protects against replays even for long-lived TCP connections, and
provides more details on the association of security with TCP
connections than TCP MD5. TCP-AO is compatible with either a static
Master Key Tuple (MKT) configuration or an external, out-of-band MKT
management mechanism; in either case, TCP-AO also protects
connections when using the same MKT across repeated instances of a
connection, using traffic keys derived from the MKT, and coordinates
MKT changes between endpoints. The result is intended to support
current infrastructure uses of TCP MD5, such as to protect long-lived
connections (as used, e.g., in BGP and LDP), and to support a larger
set of MACs with minimal other system and operational changes. TCP-AO
uses a different option identifier than TCP MD5, even though TCP-AO
and TCP MD5 are never permitted to be used simultaneously. TCP-AO
supports IPv6, and is fully compatible with the proposed requirements
for the replacement of TCP MD5. [STANDARDS TRACK]
This document is a product of the TCP Maintenance and Minor Extensions Working Group of the IETF.
This is now a Proposed Standard Protocol.
STANDARDS TRACK: This document specifies an Internet standards track
protocol for the Internet community,and requests discussion and suggestions
for improvements. Please refer to the current edition of the Internet
Official Protocol Standards (STD 1) for the standardization state and
status of this protocol. Distribution of this memo is unlimited.
This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
http://www.ietf.org/mailman/listinfo/ietf-announce
http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist
For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html.
For downloading RFCs, see http://www.rfc-editor.org/rfc.html.
Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.
The RFC Editor Team
Association Management Solutions, LLC
_______________________________________________
IETF-Announce mailing list
IETF-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-announce
