diff --git a/sys/conf/NOTES b/sys/conf/NOTES
index bb1828b96cb4..4dbe4a709b6e 100644
--- a/sys/conf/NOTES
+++ b/sys/conf/NOTES
@@ -618,6 +618,12 @@ options 	ACCEPT_FILTER_HTTP
 #
 options 	TCP_DROP_SYNFIN		#drop TCP packets with SYN+FIN
 
+# TCP_SIGNATURE adds support for RFC 2385 (TCP-MD5) digests. These are
+# carried in TCP option 19. This option is commonly used to protect
+# TCP sessions (e.g. BGP) where IPSEC is not available nor desirable.
+# This is enabled on a per-socket basis using the TCP_MD5SIG socket option.
+#options 	TCP_SIGNATURE		#include support for RFC 2385
+
 # DUMMYNET enables the "dummynet" bandwidth limiter. You need
 # IPFIREWALL as well. See the dummynet(4) and ipfw(8) manpages for more info.
 # When you run DUMMYNET it is advisable to also have "options HZ=1000"