%% You should probably cite draft-ietf-tcpinc-tcpcrypt instead of this I-D.
@techreport{bittau-tcpinc-tcpcrypt-02,
    number =    {draft-bittau-tcpinc-tcpcrypt-02},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-bittau-tcpinc-tcpcrypt/02/},
    author =    {Andrea Bittau and Dan Boneh and Daniel B. Giffin and Mike Hamburg and Mark J. Handley and David Mazieres and Quinn Slack},
    title =     {{Cryptographic protection of TCP Streams (tcpcrypt)}},
    pagetotal = 49,
    year =      2015,
    month =     apr,
    day =       23,
    abstract =  {This document presents tcpcrypt, a TCP extension for cryptographically protecting TCP connections. Tcpcrypt maintains the confidentiality of data transmitted in TCP connections against a passive eavesdropper. Additionally, applications that perform authentication can obtain end-to-end confidentiality and integrity guarantees by tying authentication to tcpcrypt Session ID values. The extension defines a new TCP option, CRYPT, which is designed to provide compatible interworking with TCPs that do not implement tcpcrypt. The CRYPT option allows hosts to negotiate the use of tcpcrypt and establish shared, secret encryption keys. These keys are then used with an authenticated-encryption mode to protect both the confidentiality and the integrity of transmitted application data. Tcpcrypt is designed to require relatively low overhead, particularly at servers, so as to be useful even in the case of servers accepting many TCP connections per second.},
}