Cryptographic protection of TCP Streams (tcpcrypt)
draft-bittau-tcpinc-tcpcrypt-04

Document Type Replaced Internet-Draft (individual in tsv area)
Last updated 2015-10-17
Replaced by draft-ietf-tcpinc-tcpcrypt
Stream IETF
Intended RFC status Proposed Standard
Formats
Expired & archived
plain text pdf html bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state Replaced by draft-ietf-tcpinc-tcpcrypt
Consensus Boilerplate Unknown
Telechat date
Responsible AD Martin Stiemerling
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-bittau-tcpinc-tcpcrypt-04.txt

Abstract

This document specifies tcpcrypt, a cryptographic protocol that protects TCP payload data and is negotiated by means of the TCP Encryption Negotiation Option (TCP-ENO) [I-D.ietf-tcpinc-tcpeno]. Tcpcrypt coexists with middleboxes by tolerating resegmentation, NATs, and other manipulations of the TCP header. The protocol is self-contained and specifically tailored to TCP implementations, which often reside in kernels or other environments in which large external software dependencies can be undesirable. Because of option size restrictions, the protocol requires one additional one-way message latency to perform key exchange. However, this cost is avoided between two hosts that have recently established a previous tcpcrypt connection.

Authors

Andrea Bittau (bittau@cs.stanford.edu)
Dan Boneh (dabo@cs.stanford.edu)
Daniel Giffin (dbg@scs.stanford.edu)
Mike Hamburg (mike@shiftleft.org)
Mark Handley (m.handley@cs.ucl.ac.uk)
David Mazieres (dm@uun.org)
Quinn Slack (sqs@cs.stanford.edu)
Eric Smith (eric.smith@kestrel.edu)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)