Skip to main content

TCP Message Authentication Code Option

Document Type Expired Internet-Draft (individual in tsv area)
Expired & archived
Author Brian Weis
Last updated 2015-10-14 (Latest revision 2005-12-07)
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Stream WG state (None)
Document shepherd (None)
IESG IESG state Expired (IESG: Dead)
Action Holders
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD Lars Eggert
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This memo describes a TCP [RFC0793] extension to enhance security for BGP [I-D.ietf-idr-bgp4] and other TCP-based protocols requiring message authentication. It provides message authentication using a Message Authentication Code (MAC), which is a superior authentication method to the keyed MD5 method previously used. The option also includes provision for automatic generation and distribution of MAC keys. A set of MAC algorithms are specified, as well as guidance when to use each one.


Brian Weis

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)