Cryptographic Algorithms for the TCP Authentication Option (TCP-AO)
RFC 5926
Internet Engineering Task Force (IETF) G. Lebovitz
Request for Comments: 5926 Juniper
Category: Standards Track E. Rescorla
ISSN: 2070-1721 RTFM
June 2010
Cryptographic Algorithms for the TCP Authentication Option (TCP-AO)
Abstract
The TCP Authentication Option (TCP-AO) relies on security algorithms
to provide authentication between two end-points. There are many
such algorithms available, and two TCP-AO systems cannot interoperate
unless they are using the same algorithms. This document specifies
the algorithms and attributes that can be used in TCP-AO's current
manual keying mechanism and provides the interface for future message
authentication codes (MACs).
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc5926.
Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Lebovitz & Rescorla Standards Track [Page 1]
RFC 5926 Crypto for TCP-AO June 2010
Table of Contents
1. Introduction ....................................................2
2. Requirements ....................................................3
2.1. Requirements Language ......................................3
2.2. Algorithm Requirements .....................................3
2.3. Requirements for Future MAC Algorithms .....................3
3. Algorithms Specified ............................................4
3.1. Key Derivation Functions (KDFs) ............................4
3.1.1. Concrete KDFs .......................................5
3.1.1.1. KDF_HMAC_SHA1 ..............................6
3.1.1.2. KDF_AES_128_CMAC ...........................7
3.1.1.3. Tips for User Interfaces Regarding KDFs ....9
3.2. MAC Algorithms .............................................9
3.2.1. The Use of HMAC-SHA-1-96 ...........................10
3.2.2. The Use of AES-128-CMAC-96 .........................11
4. Security Considerations ........................................11
5. IANA Considerations ............................................13
6. Acknowledgements ...............................................13
7. References .....................................................14
7.1. Normative References ......................................14
7.2. Informative References ....................................14
1. Introduction
This document is a companion to [RFC5925]. Like most modern security
protocols, TCP-AO allows users to choose which cryptographic
algorithm(s) they want to use to meet their security needs.
TCP-AO provides cryptographic authentication and message integrity
verification between two end-points. In order to accomplish this
function, message authentication codes (MACs) are used, which then
rely on shared keys. There are various ways to create MACs. The use
of hash-based MACs (HMACs) is defined in [RFC2104]. The use of
cipher-based MACs (CMACs) is defined in [NIST-SP800-38B].
This RFC defines the general requirements for MACs used in TCP-AO,
both for currently specified MACs and for any future specified MACs.
It specifies two MAC algorithms required in all TCP-AO
implementations. It also specifies two key derivation functions
(KDFs) used to create the traffic keys used by the MACs. These KDFs
are also required by all TCP-AO implementations.
Lebovitz & Rescorla Standards Track [Page 2]
RFC 5926 Crypto for TCP-AO June 2010
Show full document text