TCP Authentication Option "TCP-AO" Support Nears For The Linux Kernel
One of the new Linux networking features we've been looking forward to seeing in the kernel is TCP Authentication Option (TCP-AO / RFC5925) as a means of improving TCP security and authenticity. The eleventh iteration of the TCP-AO patches were posted today for the Linux kernel with it looking like work on this network addition potentially wrapping up soon.
TCP-AO is an upgrade over the existing TCP-MD5 spec for allowing stronger authentication algorithms, improved key management, design considerations for long-lived TCP connections, and related enhancements.
There's been a number of Linux networking subsystem developers working on the TCP-AO support, which is some five thousand lines of new core networking code in the kernel. The v11 patches posted overnight address the last three items brought up during the prior round of code review from mid-August.