RFC 8784

Mixing Preshared Keys in the Internet Key Exchange Protocol Version 2 (IKEv2) for Post-quantum Security, June 2020

File formats:

icon for HTML icon for text file icon for v3pdf icon for XML
Status:
PROPOSED STANDARD
Authors:
S. Fluhrer
P. Kampanakis
D. McGrew
V. Smyslov
Stream:
IETF
Source:
ipsecme (sec)

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC8784

Discuss this RFC: Send questions or comments to ipsec@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

The possibility of quantum computers poses a serious challenge to cryptographic algorithms deployed widely today. The Internet Key Exchange Protocol Version 2 (IKEv2) is one example of a cryptosystem that could be broken; someone storing VPN communications today could decrypt them at a later time when a quantum computer is available. It is anticipated that IKEv2 will be extended to support quantum-secure key exchange algorithms; however, that is not likely to happen in the near term. To address this problem before then, this document describes an extension of IKEv2 to allow it to be resistant to a quantum computer by using preshared keys.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader