RFC 8548

Cryptographic Protection of TCP Streams (tcpcrypt), May 2019

Canonical URL:
https://www.rfc-editor.org/rfc/rfc8548.txt
File formats:
icon for text file icon for PDF icon for HTML
Status:
EXPERIMENTAL
Authors:
A. Bittau
D. Giffin
M. Handley
D. Mazieres
Q. Slack
E. Smith
Stream:
IETF
Source:
tcpinc (tsv)

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC8548

Discuss this RFC: Send questions or comments to tcpinc@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

This document specifies "tcpcrypt", a TCP encryption protocol designed for use in conjunction with the TCP Encryption Negotiation Option (TCP-ENO). Tcpcrypt coexists with middleboxes by tolerating resegmentation, NATs, and other manipulations of the TCP header. The protocol is self-contained and specifically tailored to TCP implementations, which often reside in kernels or other environments in which large external software dependencies can be undesirable. Because the size of TCP options is limited, the protocol requires one additional one-way message latency to perform key exchange before application data can be transmitted. However, the extra latency can be avoided between two hosts that have recently established a previous tcpcrypt connection.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader