Cryptographic Algorithms for the TCP Authentication Option (TCP-AO)
RFC 5926
Document Type RFC - Proposed Standard (June 2010; Errata)
Last updated 2018-02-28
Replaces draft-lebovitz-ietf-tcpm-tcp-ao-crypto
Stream IETF
Formats plain text html pdf htmlized bibtex
Reviews
SECDIR Last Call Review
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 5926 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Lars Eggert
Send notices to (None)
Email authors Email WG IPR References Referenced by Nits 
Internet Engineering Task Force (IETF)                       G. Lebovitz
Request for Comments: 5926                                       Juniper
Category: Standards Track                                    E. Rescorla
ISSN: 2070-1721                                                     RTFM
                                                               June 2010

  Cryptographic Algorithms for the TCP Authentication Option (TCP-AO)

Abstract

   The TCP Authentication Option (TCP-AO) relies on security algorithms
   to provide authentication between two end-points.  There are many
   such algorithms available, and two TCP-AO systems cannot interoperate
   unless they are using the same algorithms.  This document specifies
   the algorithms and attributes that can be used in TCP-AO's current
   manual keying mechanism and provides the interface for future message
   authentication codes (MACs).

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   Internet Standards is available in Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc5926.

Copyright Notice

   Copyright (c) 2010 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Lebovitz & Rescorla          Standards Track                    [Page 1]
RFC 5926                    Crypto for TCP-AO                  June 2010

Table of Contents

   1. Introduction ....................................................2
   2. Requirements ....................................................3
      2.1. Requirements Language ......................................3
      2.2. Algorithm Requirements .....................................3
      2.3. Requirements for Future MAC Algorithms .....................3
   3. Algorithms Specified ............................................4
      3.1. Key Derivation Functions (KDFs) ............................4
           3.1.1. Concrete KDFs .......................................5
                  3.1.1.1. KDF_HMAC_SHA1 ..............................6
                  3.1.1.2. KDF_AES_128_CMAC ...........................7
                  3.1.1.3. Tips for User Interfaces Regarding KDFs ....9
      3.2. MAC Algorithms .............................................9
           3.2.1. The Use of HMAC-SHA-1-96 ...........................10
           3.2.2. The Use of AES-128-CMAC-96 .........................11
   4. Security Considerations ........................................11
   5. IANA Considerations ............................................13
   6. Acknowledgements ...............................................13
   7. References .....................................................14
      7.1. Normative References ......................................14
      7.2. Informative References ....................................14

1.  Introduction

   This document is a companion to [RFC5925].  Like most modern security
   protocols, TCP-AO allows users to choose which cryptographic
   algorithm(s) they want to use to meet their security needs.

   TCP-AO provides cryptographic authentication and message integrity
   verification between two end-points.  In order to accomplish this
   function, message authentication codes (MACs) are used, which then
   rely on shared keys.  There are various ways to create MACs.  The use
   of hash-based MACs (HMACs) is defined in [RFC2104].  The use of
   cipher-based MACs (CMACs) is defined in [NIST-SP800-38B].

   This RFC defines the general requirements for MACs used in TCP-AO,
   both for currently specified MACs and for any future specified MACs.
   It specifies two MAC algorithms required in all TCP-AO
   implementations.  It also specifies two key derivation functions
   (KDFs) used to create the traffic keys used by the MACs.  These KDFs
   are also required by all TCP-AO implementations.

Lebovitz & Rescorla          Standards Track                    [Page 2]
RFC 5926                    Crypto for TCP-AO                  June 2010
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools