Cryptographic Algorithms for the TCP Authentication Option (TCP-AO)
RFC 5926
Document | Type | RFC - Proposed Standard (June 2010; Errata) | |
---|---|---|---|
Authors | Eric Rescorla , Gregory Lebovitz | ||
Last updated | 2021-01-29 | ||
Replaces | draft-lebovitz-ietf-tcpm-tcp-ao-crypto | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 5926 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Lars Eggert | ||
Send notices to | (None) |
Internet Engineering Task Force (IETF) G. Lebovitz Request for Comments: 5926 Juniper Category: Standards Track E. Rescorla ISSN: 2070-1721 RTFM June 2010 Cryptographic Algorithms for the TCP Authentication Option (TCP-AO) Abstract The TCP Authentication Option (TCP-AO) relies on security algorithms to provide authentication between two end-points. There are many such algorithms available, and two TCP-AO systems cannot interoperate unless they are using the same algorithms. This document specifies the algorithms and attributes that can be used in TCP-AO's current manual keying mechanism and provides the interface for future message authentication codes (MACs). Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc5926. Copyright Notice Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Lebovitz & Rescorla Standards Track [Page 1] RFC 5926 Crypto for TCP-AO June 2010 Table of Contents 1. Introduction ....................................................2 2. Requirements ....................................................3 2.1. Requirements Language ......................................3 2.2. Algorithm Requirements .....................................3 2.3. Requirements for Future MAC Algorithms .....................3 3. Algorithms Specified ............................................4 3.1. Key Derivation Functions (KDFs) ............................4 3.1.1. Concrete KDFs .......................................5 3.1.1.1. KDF_HMAC_SHA1 ..............................6 3.1.1.2. KDF_AES_128_CMAC ...........................7 3.1.1.3. Tips for User Interfaces Regarding KDFs ....9 3.2. MAC Algorithms .............................................9 3.2.1. The Use of HMAC-SHA-1-96 ...........................10 3.2.2. The Use of AES-128-CMAC-96 .........................11 4. Security Considerations ........................................11 5. IANA Considerations ............................................13 6. Acknowledgements ...............................................13 7. References .....................................................14 7.1. Normative References ......................................14 7.2. Informative References ....................................14 1. Introduction This document is a companion to [RFC5925]. Like most modern security protocols, TCP-AO allows users to choose which cryptographic algorithm(s) they want to use to meet their security needs. TCP-AO provides cryptographic authentication and message integrity verification between two end-points. In order to accomplish this function, message authentication codes (MACs) are used, which then rely on shared keys. There are various ways to create MACs. The use of hash-based MACs (HMACs) is defined in [RFC2104]. The use of cipher-based MACs (CMACs) is defined in [NIST-SP800-38B]. This RFC defines the general requirements for MACs used in TCP-AO, both for currently specified MACs and for any future specified MACs. It specifies two MAC algorithms required in all TCP-AO implementations. It also specifies two key derivation functions (KDFs) used to create the traffic keys used by the MACs. These KDFs are also required by all TCP-AO implementations. Lebovitz & Rescorla Standards Track [Page 2] RFC 5926 Crypto for TCP-AO June 2010Show full document text