TCP-AO extensions for KARP-KMP

Document Type Expired Internet-Draft (individual)
Last updated 2012-04-26 (latest revision 2011-10-24)
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document discusses the possible extensions for TCP Authentication Option (TCP-AO) to better integrate and maximize the benefits, when deployed with Key Management Protocols (KMPs). TCP-AO as defined in RFC5925 can obtain master key from KMP and uses a Key Derivation Function (KDF) to generate traffic keys to protect the TCP sessions. In this mode, not all the benefits from the KMP can be realized. This document introduces an alternative approach for TCP-AO that allows TCP-AO to realize all the operational and security benefits from the deployed KMP.


Uma Chunduri (
Albert Tian (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)