Key Management in TCP-AO Key management is a separate protocol; not in-band because: Option space has little room for negotiation Removes need to deal with TCP retransmission, etc. Key used determines algorithm and any needed parameters Implies that parameter change induces key change No KeyID required, but KeyID allowed in order to permit key overlap in re-key during connection |