TCP-AO Goals IETF standard authentication mechanism Algorithm agility Re-key during connection Cover TCP options (optionally) Miserly use of option bytes No parameter representation in-stream Compatible with TCP operation Order independent; no TCP state machine changes Use is independent between inbound/outbound (Initial) coexistence with TCP-MD5 But no upgrade to TCP-AO within connection |