The European Telecommunications Standards Institute (ETSI) Technical Committee Cyber Security (TC CYBER) published Technical Report TR 103 617 on Quantum-Safe Virtual Private Networks in September 2018. The report, developed by the TC CYBER Quantum-Safe Cryptography (QSC) working group, explored protocol requirements for adding quantum resistance to VPN technologies, including client, server, and architectural considerations.
According to the ETSI press release, the report examined underlying security protocols including Internet Protocol Security (IPsec) and Internet Key Exchange (IKE), Transport Layer Security (TLS), Media Access Control Security (MACsec), and Secure Shell (SSH). For each protocol, it discussed background, hybrid requirements and solutions, and direct drop-in requirements.
The report concluded that VPN data transmitted today with longer-term confidentiality requirements is at risk from harvesting and future decryption by quantum computers. It recommended a hybrid approach combining quantum-safe and classical key establishment techniques and urged organizations to begin migration planning early to minimize costs and disruption.