Skip to main content

Multiple Key Exchanges in the Internet Key Exchange Protocol Version 2 (IKEv2)

Approval announcement
Draft of message to be sent after approval:


From: The IESG <>
To: IETF-Announce <>
Cc: The IESG <>,,,,,,
Subject: Protocol Action: 'Multiple Key Exchanges in IKEv2' to Proposed Standard (draft-ietf-ipsecme-ikev2-multiple-ke-12.txt)

The IESG has approved the following document:
- 'Multiple Key Exchanges in IKEv2'
  (draft-ietf-ipsecme-ikev2-multiple-ke-12.txt) as Proposed Standard

This document is the product of the IP Security Maintenance and Extensions
Working Group.

The IESG contact persons are Paul Wouters and Roman Danyliw.

A URL of this Internet Draft is:

Ballot Text

Technical Summary

   This document describes how to extend the Internet Key Exchange
   Protocol Version 2 (IKEv2) to allow multiple key exchanges to take
   place while computing a shared secret during a Security Association
   (SA) setup.  The primary application of this feature in IKEv2 is the
   ability to perform one or more post-quantum key exchanges in
   conjunction with the classical (Elliptic Curve) Diffie-Hellman key
   exchange, so that the resulting shared key is resistant against
   quantum computer attacks.  Another possible application is the
   ability to combine several key exchanges in situations when no single
   key exchange algorithm is trusted by both initiator and responder.

   This document updates RFC7296 by renaming a transform type 4 from
   "Diffie-Hellman Group (D-H)" to "Key Exchange Method (KE)" and
   renaming a field in the Key Exchange Payload from "Diffie-Hellman
   Group Num" to "Key Exchange Method".  It also renames an IANA
   registry for this transform type from "Transform Type 4 - Diffie-
   Hellman Group Transform IDs" to "Transform Type 4 - Key Exchange
   Method Transform IDs".  These changes generalize key exchange
   algorithms that can be used in IKEv2.

Working Group Summary

The document has WG consensus.

The number of authors reflects the expertise needed to draft this document -- both IPsec and PQC cryptography.

Document Quality

As this document was changing the a cryptographic mechanism in IPsec, it was was subject to a peer-reviewed, formal verification:
*  DOI:
*  Pre-print:

Several implementors have been integral in developing this document. There is already at least two interoperable implementations of this specification:

* strongSwan,


Document Shepherd: Tero Kivinen
Responsible AD: Roman Danyliw

RFC Editor Note