| Internet-Draft | HMTFTP | March 2026 |
| Maurette | Expires 3 September 2026 | [Page] |
HMTFTP is a lightweight UDP file transfer protocol derived from TFTP that adds TLV-based negotiation and an optional AEAD protection mode for DATA payloads. This document requests IANA actions: assignment of a service name and UDP port, and creation of registries for TLV Types, OpCodes, and Ciphersuites.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 3 September 2026.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.¶
HMTFTP extends TFTP ([RFC1350]) with TLV-based negotiation and optional AEAD protection.¶
HMTFTP reuses TFTP message types and semantics ([RFC1350]) and OACK ([RFC2347]).¶
HMTFTP runs over UDP. The port number is assigned by IANA. Implementations MUST allow configuration.¶
Servers MAY respond from a different UDP port for the transfer.¶
TLVs MAY appear only in RRQ, WRQ, and OACK. TLVs MUST NOT appear in DATA, ACK, or ERROR.¶
TLVs MUST be processed in the order received. Duplicate TLVs MUST cause rejection unless explicitly allowed.¶
Unknown TLVs with Critical=1 MUST cause rejection. Unknown TLVs with Critical=0 MUST be ignored.¶
TLVs MUST NOT influence cryptographic processing unless explicitly defined as such.¶
The AEAD algorithm used by this specification is AES-256-GCM, as defined in [RFC5116].¶
IKM = PSK. salt = CNONCE || SNONCE. info = "hmtftp keys v1". OKM length = 44 octets.¶
nonce = iv_base[0..7] || uint32(n).¶
The 64-bit prefix is derived via HKDF and unique per session. The 32-bit counter guarantees uniqueness within session, provided wrap is prevented.¶
This construction ensures nonce uniqueness across sessions and within a session.¶
Retransmissions MUST reuse identical nonce and ciphertext.¶
In AEAD mode, total UDP payload = 4-byte header + BLKSIZE + 16-byte tag.¶
Implementations MUST ensure the datagram does not exceed path MTU. When unknown, total payload SHOULD NOT exceed 1200 bytes.¶
Block number wrap MUST NOT occur. Transfers MUST terminate before 65535 blocks.¶
IANA is requested to assign:¶
IANA is requested to create registries for TLV Types, OpCodes, and Ciphersuites (Expert Review, [RFC8126]).¶
Without security mode, HMTFTP is vulnerable to spoofing and modification.¶
Implementations SHOULD follow UDP usage guidance ([RFC8085]).¶
Downgrade attacks are possible if ENC_REQ is not marked Critical. Clients requiring AEAD MUST set Critical=1.¶
Reflection and amplification attacks are possible. Implementations SHOULD limit response size prior to completing negotiation and SHOULD apply rate limiting.¶
Nonce reuse in AES-GCM is catastrophic. Implementations MUST enforce uniqueness and block limits.¶
No interoperable public implementations are known.¶