TLS Authentication for MPTCP

Document Type Expired Internet-Draft (individual)
Authors Christoph Paasch  , Alan Ford 
Last updated 2016-11-28 (latest revision 2016-05-27)
Stream (None)
Intended RFC status (None)
Expired & archived
plain text xml pdf ps htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


Multipath TCP (MPTCP), described in [4], is an extension to TCP to provide the ability to simultaneously use multiple paths between peers. draft-paasch-mptcp-application-authentication specifies "application layer authentication" for Multipath TCP, an alternatively negotiated keying mechanism for MPTCP. This allows keying material to be sourced from an application layer protocol in order to secure MP_JOIN handshakes. This document explains how to use the proposed application-layer authentication extension with TLS [6], in order to leverage securely exchanged keys for MPTCP security, whilst simultaneously freeing the MPTCP token to be used as a channel for additional information.


Christoph Paasch (
Alan Ford (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)