@misc{rfc5925,
    series =    {Request for Comments},
    number =    5925,
    howpublished =  {RFC 5925},
    publisher = {RFC Editor},
    doi =       {10.17487/RFC5925},
    url =       {https://www.rfc-editor.org/info/rfc5925},
    author =    {Dr. Joseph D. Touch and Ron Bonica and Allison J. Mankin},
    title =     {{The TCP Authentication Option}},
    pagetotal = 48,
    year =      2010,
    month =     jun,
    abstract =  {This document specifies the TCP Authentication Option (TCP-AO), which obsoletes the TCP MD5 Signature option of RFC 2385 (TCP MD5). TCP-AO specifies the use of stronger Message Authentication Codes (MACs), protects against replays even for long-lived TCP connections, and provides more details on the association of security with TCP connections than TCP MD5. TCP-AO is compatible with either a static Master Key Tuple (MKT) configuration or an external, out-of-band MKT management mechanism; in either case, TCP-AO also protects connections when using the same MKT across repeated instances of a connection, using traffic keys derived from the MKT, and coordinates MKT changes between endpoints. The result is intended to support current infrastructure uses of TCP MD5, such as to protect long-lived connections (as used, e.g., in BGP and LDP), and to support a larger set of MACs with minimal other system and operational changes. TCP-AO uses a different option identifier than TCP MD5, even though TCP-AO and TCP MD5 are never permitted to be used simultaneously. TCP-AO supports IPv6, and is fully compatible with the proposed requirements for the replacement of TCP MD5. {[}STANDARDS-TRACK{]}},
}