[rfc-dist] RFC 5925 on The TCP Authentication Option

rfc-editor at rfc-editor.org rfc-editor at rfc-editor.org
Mon Jun 21 15:58:19 PDT 2010

A new Request for Comments is now available in online RFC libraries.

        RFC 5925

        Title:      The TCP Authentication Option 
        Author:     J. Touch, A. Mankin,
                    R. Bonica
        Status:     Standards Track
        Stream:     IETF
        Date:       June 2010
        Mailbox:    touch at isi.edu, 
                    mankin at psg.com, 
                    rbonica at juniper.net
        Pages:      48
        Characters: 106174
        Obsoletes:  RFC2385

        I-D Tag:    draft-ietf-tcpm-tcp-auth-opt-11.txt

        URL:        http://www.rfc-editor.org/rfc/rfc5925.txt

This document specifies the TCP Authentication Option (TCP-AO), which
obsoletes the TCP MD5 Signature option of RFC 2385 (TCP MD5).  TCP-AO
specifies the use of stronger Message Authentication Codes (MACs),
protects against replays even for long-lived TCP connections, and
provides more details on the association of security with TCP
connections than TCP MD5.  TCP-AO is compatible with either a static
Master Key Tuple (MKT) configuration or an external, out-of-band MKT
management mechanism; in either case, TCP-AO also protects
connections when using the same MKT across repeated instances of a
connection, using traffic keys derived from the MKT, and coordinates
MKT changes between endpoints.  The result is intended to support
current infrastructure uses of TCP MD5, such as to protect long-lived
connections (as used, e.g., in BGP and LDP), and to support a larger
set of MACs with minimal other system and operational changes.  TCP-AO
uses a different option identifier than TCP MD5, even though TCP-AO
and TCP MD5 are never permitted to be used simultaneously.  TCP-AO
supports IPv6, and is fully compatible with the proposed requirements
for the replacement of TCP MD5.  [STANDARDS TRACK]

This document is a product of the TCP Maintenance and Minor Extensions Working Group of the IETF.

This is now a Proposed Standard Protocol.

STANDARDS TRACK: This document specifies an Internet standards track
protocol for the Internet community,and requests discussion and suggestions
for improvements.  Please refer to the current edition of the Internet
Official Protocol Standards (STD 1) for the standardization state and
status of this protocol.  Distribution of this memo is unlimited.

This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see

For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html.
For downloading RFCs, see http://www.rfc-editor.org/rfc.html.

Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor at rfc-editor.org.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.

The RFC Editor Team
Association Management Solutions, LLC

More information about the rfc-dist mailing list