%% You should probably cite rfc8547 instead of this I-D. @techreport{ietf-tcpinc-tcpeno-06, number = {draft-ietf-tcpinc-tcpeno-06}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-tcpinc-tcpeno/06/}, author = {Andrea Bittau and Dan Boneh and Daniel B. Giffin and Mark J. Handley and David Mazieres and Eric W. Smith}, title = {{TCP-ENO: Encryption Negotiation Option}}, pagetotal = 27, year = 2016, month = oct, day = 31, abstract = {Despite growing adoption of TLS {[}RFC5246{]}, a significant fraction of TCP traffic on the Internet remains unencrypted. The persistence of unencrypted traffic can be attributed to at least two factors. First, some legacy protocols lack a signaling mechanism (such as a "STARTTLS" command) by which to convey support for encryption, making incremental deployment impossible. Second, legacy applications themselves cannot always be upgraded, requiring a way to implement encryption transparently entirely within the transport layer. The TCP Encryption Negotiation Option (TCP-ENO) addresses both of these problems through a new TCP option kind providing out-of-band, fully backward-compatible negotiation of encryption.}, }