Problem Statement and Requirements for a TCP Authentication Option
draft-bellovin-tcpsec-01
| Document | Type | Expired Internet-Draft (individual in tsv area) | |
|---|---|---|---|
| Author | Steven Bellovin | ||
| Last updated | 2015-10-14 (latest revision 2007-07-12) | ||
| Stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | (None) | ||
| Formats |
Expired & archived
pdf
htmlized (tools)
htmlized
bibtex
|
||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | Expired (IESG: Dead) | |
| Action Holders |
(None)
|
||
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | Lars Eggert | ||
| Send notices to | (None) | ||
https://www.ietf.org/archive/id/draft-bellovin-tcpsec-01.txt
Abstract
The TCP-MD5 option is commonly used to secure BGP sessions between routers, although it is known to have many serious deficiencies. This memo presents requirements for a TCP segment authentication mechanism that is intended to replace TCP-MD5. While TCP-MD5 was designed to protect TCP sessions whose payload is BGP, the applicability of the mechanism described herein is broader. This mechanism can be applied to any TCP connection, regardless of payload.
Authors
Steven Bellovin (smb@cs.columbia.edu)
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)