{"draft":"draft-ietf-tcpinc-tcpeno-19","doc_id":"RFC8547","title":"TCP-ENO: Encryption Negotiation Option","authors":["A. Bittau","D. Giffin","M. Handley","D. Mazieres","E. Smith"],"format":["ASCII","HTML"],"page_count":"31","pub_status":"EXPERIMENTAL","status":"EXPERIMENTAL","source":"TCP Increased Security","abstract":"Despite growing adoption of TLS, a significant fraction of TCP\r\ntraffic on the Internet remains unencrypted.  The persistence of\r\nunencrypted traffic can be attributed to at least two factors.\r\nFirst, some legacy protocols lack a signaling mechanism (such as a\r\nSTARTTLS command) by which to convey support for encryption, thus\r\nmaking incremental deployment impossible.  Second, legacy\r\napplications themselves cannot always be upgraded and therefore\r\nrequire a way to implement encryption transparently entirely within\r\nthe transport layer.  The TCP Encryption Negotiation Option (TCP-ENO)\r\naddresses both of these problems through a new TCP option kind\r\nproviding out-of-band, fully backward-compatible negotiation of\r\nencryption.","pub_date":"May 2019","keywords":["tcp","encryption"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC8547","errata_url":null}