Authentication for TCP-based Routing and Management Protocols

Document Type Expired Internet-Draft (individual in tsv area)
Last updated 2015-10-14 (latest revision 2007-02-14)
Stream IETF
Intended RFC status (None)
Expired & archived
plain text pdf html bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state Expired (IESG: Dead)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Lars Eggert
IESG note Resurrected by request from the TCPM chairs.
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This memo describes a TCP extension that enhances security for BGP, LDP and other TCP-based protocols. It is intended for applications where secure administrative access to both the end-points of the TCP connection is normally available. TCP peers can use this extension to authenticate messages passed between one another. The strategy described herein improves upon current practice, which is described in RFC 2385. Using this new strategy, TCP peers can update authentication keys during the lifetime of a TCP connection. TCP peers can also use stronger authentication algorithms to authenticate routing messages.


Ron Bonica (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)