Skip to main content

Authentication for TCP-based Routing and Management Protocols

Document Type Expired Internet-Draft (individual in tsv area)
Expired & archived
Author Ron Bonica
Last updated 2015-10-14 (Latest revision 2007-02-14)
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Stream WG state (None)
Document shepherd (None)
IESG IESG state Expired (IESG: Dead)
Action Holders
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD Lars Eggert
IESG note Resurrected by request from the TCPM chairs.
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This memo describes a TCP extension that enhances security for BGP, LDP and other TCP-based protocols. It is intended for applications where secure administrative access to both the end-points of the TCP connection is normally available. TCP peers can use this extension to authenticate messages passed between one another. The strategy described herein improves upon current practice, which is described in RFC 2385. Using this new strategy, TCP peers can update authentication keys during the lifetime of a TCP connection. TCP peers can also use stronger authentication algorithms to authenticate routing messages.


Ron Bonica

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)