TCP-ENO: Encryption Negotiation Option
RFC 8547, “TCP-ENO: Encryption Negotiation Option”, is an Experimental document published in May 2019 by A. Bittau, D. Giffin, M. Handley, D. Mazieres, E. Smith. The canonical text is published by the RFC Editor.
Abstract
Despite growing adoption of TLS, a significant fraction of TCP traffic on the Internet remains unencrypted. The persistence of unencrypted traffic can be attributed to at least two factors. First, some legacy protocols lack a signaling mechanism (such as a STARTTLS command) by which to convey support for encryption, thus making incremental deployment impossible. Second, legacy applications themselves cannot always be upgraded and therefore require a way to implement encryption transparently entirely within the transport layer. The TCP Encryption Negotiation Option (TCP-ENO) addresses both of these problems through a new TCP option kind providing out-of-band, fully backward-compatible negotiation of encryption.
What “Experimental” means
Describes a specification that is part of a research or development effort, published so the community can gain experience with it.
The canonical text of RFC 8547 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 8546 The Wire Image of a Network Protocol
- RFC 8548 Cryptographic Protection of TCP Streams
- RFC 8545 Well-Known Port Assignments for the One-Way Active Measurement Protocol and the Two-Way Active Measurement Protocol
- RFC 8549 Export of BGP Community Information in IP Flow Information Export
- RFC 8544 Organization Extension for the Extensible Provisioning Protocol
- RFC 8550 Secure/Multipurpose Internet Mail Extensions Version 4.0 Certificate Handling
- RFC 8543 Extensible Provisioning Protocol Organization Mapping
- RFC 8551 Secure/Multipurpose Internet Mail Extensions Version 4.0 Message Specification