%% You should probably cite draft-ietf-tcpm-tcp-auth-opt instead of this I-D. @techreport{touch-tcpm-tcp-simple-auth-03, number = {draft-touch-tcpm-tcp-simple-auth-03}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-touch-tcpm-tcp-simple-auth/03/}, author = {Dr. Joseph D. Touch and Allison J. Mankin}, title = {{The TCP Simple Authentication Option}}, pagetotal = 29, year = 2007, month = jul, day = 9, abstract = {This document specifies a TCP Simple Authentication Option (TCP-SA) which is intended to replace the TCP MD5 Signature option of RFC-2385 (TCP/MD5). TCP-SA specifies the use of stronger HMAC-based hashes and provides more details on the association of security associations with TCP connections. TCP-SA assumes an external, out-of-band mechanism (manual or via a separate protocol) for session key establishment, parameter negotiation, and rekeying, replicating the separation of key management and key use as in the IPsec suite. The result is intended to be a simple modification to support current infrastructure uses of TCP/MD5, such as to protect BGP and LDP, to support a larger set of hashes with minimal other system and operational changes. TCP-SA requires no new option identifier, though it is intended to be mutually exclusive with TCP/MD5 on a given TCP connection. It can be used in the presence of NATs/NAPTs, and supports IPv6, and is fully compatible with requirements under development for an update to TCP/MD5.}, }