The TCP Simple Authentication Option
draft-touch-tcpm-tcp-simple-auth-03
| Document | Type | Replaced Internet-Draft (individual in tsv area) | |
|---|---|---|---|
| Authors | Dr. Joseph D. Touch , Allison J. Mankin | ||
| Last updated | 2015-10-14 (Latest revision 2007-07-09) | ||
| Replaced by | RFC 5925 | ||
| Stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | (None) | ||
| Formats |
Expired & archived
plain text
htmlized
pdfized
bibtex
|
||
| Stream | WG state | (None) | |
| Document shepherd | (None) | ||
| IESG | IESG state | Replaced by draft-ietf-tcpm-tcp-auth-opt | |
| Action Holders |
(None)
|
||
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | Lars Eggert | ||
| Send notices to | (None) |
https://www.ietf.org/archive/id/draft-touch-tcpm-tcp-simple-auth-03.txt
Abstract
This document specifies a TCP Simple Authentication Option (TCP-SA) which is intended to replace the TCP MD5 Signature option of RFC-2385 (TCP/MD5). TCP-SA specifies the use of stronger HMAC-based hashes and provides more details on the association of security associations with TCP connections. TCP-SA assumes an external, out-of-band mechanism (manual or via a separate protocol) for session key establishment, parameter negotiation, and rekeying, replicating the separation of key management and key use as in the IPsec suite. The result is intended to be a simple modification to support current infrastructure uses of TCP/MD5, such as to protect BGP and LDP, to support a larger set of hashes with minimal other system and operational changes. TCP-SA requires no new option identifier, though it is intended to be mutually exclusive with TCP/MD5 on a given TCP connection. It can be used in the presence of NATs/NAPTs, and supports IPv6, and is fully compatible with requirements under development for an update to TCP/MD5.
Authors
Dr. Joseph D. Touch
Allison J. Mankin
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)