A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Cryptographic protection of TCP Streams (tcpcrypt)
Author(s) : Andrea Bittau
Dan Boneh
Mike Hamburg
Mark Handley
David Mazieres
Quinn Slack
Filename : draft-bittau-tcp-crypt-01.txt
Pages : 42
Date : 2011-08-29
This document presents tcpcrypt, a TCP extension for
cryptographically protecting TCP segments. Tcpcrypt maintains the
confidentiality of data transmitted in TCP segments against a passive
eavesdropper. It can be used to protect already established TCP
connections against denial-of-service attacks involving injection of
forged RST segments or desynchronizing of sequence numbers. Finally,
applications that perform authentication can obtain end-to-end
confidentiality and integrity guarantees by tying authentication to
tcpcrypt Session ID values.
The extension defines two new TCP options, CRYPT and MAC, which are
designed to provide compatible interworking with TCPs that do not
implement tcpcrypt. The CRYPT option allows hosts to negotiate the
use of tcpcrypt and establish shared secret encryption keys. The MAC
option carries a message authentication code with which hosts can
verify the integrity of transmitted TCP segments. Tcpcrypt is
designed to require relatively low overhead, particularly at servers,
so as to be useful even in the case of servers accepting many TCP
connections per second.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-bittau-tcp-crypt-01.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-bittau-tcp-crypt-01.txt
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
