Hi, We have posted a new draft https://datatracker.ietf.org/doc/draft-reddy-ipsecme-ikev2-hybrid-reliable/, which specifies PQ/T hybrid composite key exchange for IKEv2 and the use of reliable transport to support PQC-only key exchange without fallback to traditional-only key exchange due to MTU constraints. The draft defines fixed PQ/T hybrid composite key exchange combinations and aims to enable IKEv2 deployments in environments where reliance on traditional-only key exchange is no longer acceptable.
We would appreciate WG review and feedback on the approach. Thanks, -Tiru and Valery ---------- Forwarded message --------- From: <[email protected]> Date: Sat, 3 Jan 2026 at 13:31 Subject: New Version Notification for draft-reddy-ipsecme-ikev2-hybrid-reliable-00.txt To: Tirumaleswar Reddy.K <[email protected]>, Valery Smyslov <[email protected]> A new version of Internet-Draft draft-reddy-ipsecme-ikev2-hybrid-reliable-00.txt has been successfully submitted by Tirumaleswar Reddy and posted to the IETF repository. Name: draft-reddy-ipsecme-ikev2-hybrid-reliable Revision: 00 Title: PQ/T Hybrid Composite Key Exchange and Reliable Transport for IKEv2 Date: 2026-01-03 Group: Individual Submission Pages: 12 URL: https://www.ietf.org/archive/id/draft-reddy-ipsecme-ikev2-hybrid-reliable-00.txt Status: https://datatracker.ietf.org/doc/draft-reddy-ipsecme-ikev2-hybrid-reliable/ HTML: https://www.ietf.org/archive/id/draft-reddy-ipsecme-ikev2-hybrid-reliable-00.html HTMLized: https://datatracker.ietf.org/doc/html/draft-reddy-ipsecme-ikev2-hybrid-reliable Abstract: The eventual transition to post-quantum key exchange will require elimination of traditional key exchange for reduced protocol complexity and efficiency. IKEv2 therefore requires a mechanism that can operate in a PQC-only environment, without depending on traditional key exchange algorithms (e.g., MODP DH or ECDH). As IKEv2 permits arbitrary combinations of algorithms, unnecessary complexity and insecure hybrid constructions are easily implemented. This document defines PQ/T hybrid composite key exchange algorithms for IKEv2 and a single combined KE payload that carries both the traditional and post-quantum components. It also leverages the existing IKEv2 reliable transport mechanism so that large PQC key exchange messages can be reliably exchanged over TCP. Together, these mechanisms enable secure and efficient PQ/T hybrid deployments today and provide a clear path for IKEv2 to operate in environments where traditional algorithms have been replaced by PQC algorithms. The IETF Secretariat
_______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
