Network Working Group A. Maurette Internet-Draft IUT R&T Béthune Intended status: Experimental 2 March 2026 Expires: 3 September 2026 HMTFTP: HKDF-Derived TFTP with Optional AEAD Protection draft-maurette-hmtftp-05 Abstract HMTFTP is a lightweight UDP file transfer protocol derived from TFTP that adds TLV-based negotiation and an optional AEAD protection mode for DATA payloads. This document requests IANA actions: assignment of a service name and UDP port, and creation of registries for TLV Types, OpCodes, and Ciphersuites. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 3 September 2026. Copyright Notice Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Maurette Expires 3 September 2026 [Page 1] Internet-Draft HMTFTP March 2026 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Relationship to TFTP . . . . . . . . . . . . . . . . . . . . 2 3. Transport . . . . . . . . . . . . . . . . . . . . . . . . . . 2 4. TLV Processing Rules . . . . . . . . . . . . . . . . . . . . 3 5. Optional AEAD Security Mode . . . . . . . . . . . . . . . . . 3 5.1. Key Derivation . . . . . . . . . . . . . . . . . . . . . 3 5.2. Nonce Construction . . . . . . . . . . . . . . . . . . . 3 5.3. BLKSIZE Constraints . . . . . . . . . . . . . . . . . . . 3 5.4. Limits . . . . . . . . . . . . . . . . . . . . . . . . . 4 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 6.1. Service Name and UDP Port . . . . . . . . . . . . . . . . 4 6.2. Registries . . . . . . . . . . . . . . . . . . . . . . . 4 7. Security Considerations . . . . . . . . . . . . . . . . . . . 4 8. Implementation Status . . . . . . . . . . . . . . . . . . . . 4 9. Normative References . . . . . . . . . . . . . . . . . . . . 4 10. Informative References . . . . . . . . . . . . . . . . . . . 5 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 5 1. Introduction HMTFTP extends TFTP ([RFC1350]) with TLV-based negotiation and optional AEAD protection. Cryptographic keys are derived using HKDF ([RFC5869]). 2. Relationship to TFTP HMTFTP reuses TFTP message types and semantics ([RFC1350]) and OACK ([RFC2347]). * Dedicated UDP port assigned by IANA * TLV negotiation in RRQ/WRQ/OACK * Optional AEAD protection 3. Transport HMTFTP runs over UDP. The port number is assigned by IANA. Implementations MUST allow configuration. Servers MAY respond from a different UDP port for the transfer. Maurette Expires 3 September 2026 [Page 2] Internet-Draft HMTFTP March 2026 4. TLV Processing Rules TLVs MAY appear only in RRQ, WRQ, and OACK. TLVs MUST NOT appear in DATA, ACK, or ERROR. TLVs MUST be processed in the order received. Duplicate TLVs MUST cause rejection unless explicitly allowed. Unknown TLVs with Critical=1 MUST cause rejection. Unknown TLVs with Critical=0 MUST be ignored. TLVs MUST NOT influence cryptographic processing unless explicitly defined as such. 5. Optional AEAD Security Mode 5.1. Key Derivation The AEAD algorithm used by this specification is AES-256-GCM, as defined in [RFC5116]. IKM = PSK. salt = CNONCE || SNONCE. info = "hmtftp keys v1". OKM length = 44 octets. 5.2. Nonce Construction nonce = iv_base[0..7] || uint32(n). The 64-bit prefix is derived via HKDF and unique per session. The 32-bit counter guarantees uniqueness within session, provided wrap is prevented. This construction ensures nonce uniqueness across sessions and within a session. Retransmissions MUST reuse identical nonce and ciphertext. 5.3. BLKSIZE Constraints In AEAD mode, total UDP payload = 4-byte header + BLKSIZE + 16-byte tag. Implementations MUST ensure the datagram does not exceed path MTU. When unknown, total payload SHOULD NOT exceed 1200 bytes. Maurette Expires 3 September 2026 [Page 3] Internet-Draft HMTFTP March 2026 5.4. Limits Block number wrap MUST NOT occur. Transfers MUST terminate before 65535 blocks. 6. IANA Considerations 6.1. Service Name and UDP Port IANA is requested to assign: This request follows the procedures in [RFC6335]. * Service Name: hmtftp * Transport: udp * Port: TBD 6.2. Registries IANA is requested to create registries for TLV Types, OpCodes, and Ciphersuites (Expert Review, [RFC8126]). 7. Security Considerations Without security mode, HMTFTP is vulnerable to spoofing and modification. Implementations SHOULD follow UDP usage guidance ([RFC8085]). Downgrade attacks are possible if ENC_REQ is not marked Critical. Clients requiring AEAD MUST set Critical=1. Reflection and amplification attacks are possible. Implementations SHOULD limit response size prior to completing negotiation and SHOULD apply rate limiting. Nonce reuse in AES-GCM is catastrophic. Implementations MUST enforce uniqueness and block limits. 8. Implementation Status No interoperable public implementations are known. Provided in accordance with [RFC7942]. 9. Normative References Maurette Expires 3 September 2026 [Page 4] Internet-Draft HMTFTP March 2026 [RFC1350] Sollins, K., "The TFTP Protocol (Revision 2)", STD 33, RFC 1350, DOI 10.17487/RFC1350, July 1992, . [RFC2347] Malkin, G. and A. Harkin, "TFTP Option Extension", RFC 2347, DOI 10.17487/RFC2347, May 1998, . [RFC5116] McGrew, D., "An Interface and Algorithms for Authenticated Encryption", RFC 5116, DOI 10.17487/RFC5116, January 2008, . [RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand Key Derivation Function (HKDF)", RFC 5869, DOI 10.17487/RFC5869, May 2010, . [RFC6335] Cotton, M., Eggert, L., Touch, J., Westerlund, M., and S. Cheshire, "Internet Assigned Numbers Authority (IANA) Procedures for the Management of the Service Name and Transport Protocol Port Number Registry", BCP 165, RFC 6335, DOI 10.17487/RFC6335, August 2011, . [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 8126, DOI 10.17487/RFC8126, June 2017, . [RFC8085] Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085, March 2017, . 10. Informative References [RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running Code: The Implementation Status Section", BCP 205, RFC 7942, DOI 10.17487/RFC7942, July 2016, . Author's Address A. Maurette IUT R&T Béthune France Email: contact@c4tz.fr Maurette Expires 3 September 2026 [Page 5]