The IETF published RFC 9370 in May 2023 as a Standards Track document, extending the Internet Key Exchange Protocol Version 2 (IKEv2) to support multiple key exchanges during Security Association setup. The specification enables the combination of classical Diffie-Hellman key exchanges with one or more post-quantum cryptography (PQC) algorithms, allowing deployment of hybrid key establishment in IPsec VPN connections.
RFC 9370 utilizes the IKE_INTERMEDIATE exchange mechanism defined in RFC 9242 to perform additional key exchanges after the initial IKE_SA_INIT handshake. It also introduces a new IKEv2 exchange called IKE_FOLLOWUP_KE for performing additional key exchanges during IKE SA rekeying or Child SA creation. Up to seven additional key exchange rounds are permitted, each contributing to the derivation of new key material. The document updates RFC 7296, renaming Transform Type 4 from “Diffie-Hellman Group” to “Key Exchange Method.”
Authored by CJ Tjhai and Martin Tomlinson of Post-Quantum, Graham Bartlett of Quantum Secret, Scott Fluhrer of Cisco Systems, Daniel Van Geest of ISARA Corporation, Oscar Garcia-Morchon of Philips, and Valery Smyslov of ELVIS-PLUS, the specification was developed in the IPSECME Working Group. By supporting multiple PQC algorithms in a single session, RFC 9370 allows implementers to hedge against the possibility that any single post-quantum algorithm may be compromised in the future.