Skip to main content

TCP Opportunistic Security (OPSEC) Option

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors Michael Paddon , Greg Rose
Last updated 2009-04-27
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


The TCP Opportunistic Security (OPSEC) option enables cooperating peers to opportunistically negotiate the use of an end to end security protocol on a per connection basis. The negotiated protocol is used to transparently secure application data for the life of the connection, providing protection against all passive and some active attacks. Security protocols may operate anonymously or make opportunistic use of available key material. Backwards compatibility with non-OPSEC-aware hosts is maintained, thereby permitting incremental deployment of this mechanism.Comments and Discussion Please send feedback on this draft to


Michael Paddon
Greg Rose

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)