Cryptographic Protection of TCP Streams (tcpcrypt)
RFC 8548
Internet Engineering Task Force (IETF) A. Bittau
Request for Comments: 8548 Google
Category: Experimental D. Giffin
ISSN: 2070-1721 Stanford University
M. Handley
University College London
D. Mazieres
Stanford University
Q. Slack
Sourcegraph
E. Smith
Kestrel Institute
May 2019
Cryptographic Protection of TCP Streams (tcpcrypt)
Abstract
This document specifies "tcpcrypt", a TCP encryption protocol
designed for use in conjunction with the TCP Encryption Negotiation
Option (TCP-ENO). Tcpcrypt coexists with middleboxes by tolerating
resegmentation, NATs, and other manipulations of the TCP header. The
protocol is self-contained and specifically tailored to TCP
implementations, which often reside in kernels or other environments
in which large external software dependencies can be undesirable.
Because the size of TCP options is limited, the protocol requires one
additional one-way message latency to perform key exchange before
application data can be transmitted. However, the extra latency can
be avoided between two hosts that have recently established a
previous tcpcrypt connection.
Bittau, et al. Experimental [Page 1]
RFC 8548 tcpcrypt: TCP Encryption Protocol May 2019
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for examination, experimental implementation, and
evaluation.
This document defines an Experimental Protocol for the Internet
community. This document is a product of the Internet Engineering
Task Force (IETF). It represents the consensus of the IETF
community. It has received public review and has been approved for
publication by the Internet Engineering Steering Group (IESG). Not
all documents approved by the IESG are candidates for any level of
Internet Standard; see Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc8548.
Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Bittau, et al. Experimental [Page 2]
RFC 8548 tcpcrypt: TCP Encryption Protocol May 2019
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Requirements Language . . . . . . . . . . . . . . . . . . . . 4
3. Encryption Protocol . . . . . . . . . . . . . . . . . . . . . 4
3.1. Cryptographic Algorithms . . . . . . . . . . . . . . . . 4
3.2. Protocol Negotiation . . . . . . . . . . . . . . . . . . 6
3.3. Key Exchange . . . . . . . . . . . . . . . . . . . . . . 7
3.4. Session ID . . . . . . . . . . . . . . . . . . . . . . . 10
3.5. Session Resumption . . . . . . . . . . . . . . . . . . . 10
3.6. Data Encryption and Authentication . . . . . . . . . . . 14
3.7. TCP Header Protection . . . . . . . . . . . . . . . . . . 16
3.8. Rekeying . . . . . . . . . . . . . . . . . . . . . . . . 16
3.9. Keep-Alive . . . . . . . . . . . . . . . . . . . . . . . 17
4. Encodings . . . . . . . . . . . . . . . . . . . . . . . . . . 18
4.1. Key-Exchange Messages . . . . . . . . . . . . . . . . . . 18
4.2. Encryption Frames . . . . . . . . . . . . . . . . . . . . 20
4.2.1. Plaintext . . . . . . . . . . . . . . . . . . . . . . 20
4.2.2. Associated Data . . . . . . . . . . . . . . . . . . . 21
4.2.3. Frame ID . . . . . . . . . . . . . . . . . . . . . . 21
4.3. Constant Values . . . . . . . . . . . . . . . . . . . . . 22
Show full document text