TCP Message Authentication Code Option

Document Type Expired Internet-Draft (individual in tsv area)
Author Brian Weis 
Last updated 2015-10-14 (latest revision 2005-12-07)
Stream IETF
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state Expired (IESG: Dead)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Lars Eggert
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This memo describes a TCP [RFC0793] extension to enhance security for BGP [I-D.ietf-idr-bgp4] and other TCP-based protocols requiring message authentication. It provides message authentication using a Message Authentication Code (MAC), which is a superior authentication method to the keyed MD5 method previously used. The option also includes provision for automatic generation and distribution of MAC keys. A set of MAC algorithms are specified, as well as guidance when to use each one.


Brian Weis (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)