{"draft":"draft-ietf-tcpinc-tcpcrypt-15","doc_id":"RFC8548","title":"Cryptographic Protection of TCP Streams (tcpcrypt)","authors":["A. Bittau","D. Giffin","M. Handley","D. Mazieres","Q. Slack","E. Smith"],"format":["ASCII","HTML"],"page_count":"32","pub_status":"EXPERIMENTAL","status":"EXPERIMENTAL","source":"TCP Increased Security","abstract":"This document specifies \"tcpcrypt\", a TCP encryption protocol\r\ndesigned for use in conjunction with the TCP Encryption Negotiation\r\nOption (TCP-ENO).  Tcpcrypt coexists with middleboxes by tolerating\r\nresegmentation, NATs, and other manipulations of the TCP header.  The\r\nprotocol is self-contained and specifically tailored to TCP\r\nimplementations, which often reside in kernels or other environments\r\nin which large external software dependencies can be undesirable.\r\nBecause the size of TCP options is limited, the protocol requires one\r\nadditional one-way message latency to perform key exchange before\r\napplication data can be transmitted.  However, the extra latency can\r\nbe avoided between two hosts that have recently established a\r\nprevious tcpcrypt connection.","pub_date":"May 2019","keywords":["tcp","encryption"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC8548","errata_url":null}