{"draft":"draft-ietf-ipsecme-ikev2-multiple-ke-12","doc_id":"RFC9370","title":"Multiple Key Exchanges in the Internet Key Exchange Protocol Version 2 (IKEv2)","authors":["CJ. Tjhai","M. Tomlinson","G. Bartlett","S. Fluhrer","D. Van Geest","O. Garcia-Morchon","V. Smyslov"],"format":["HTML","TEXT","PDF","XML"],"page_count":"29","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"IP Security Maintenance and Extensions","abstract":"This document describes how to extend the Internet Key Exchange\r\nProtocol Version 2 (IKEv2) to allow multiple key exchanges to take\r\nplace while computing a shared secret during a Security Association\r\n(SA) setup.\r\n\r\nThis document utilizes the IKE_INTERMEDIATE exchange, where multiple\r\nkey exchanges are performed when an IKE SA is being established.  It\r\nalso introduces a new IKEv2 exchange, IKE_FOLLOWUP_KE, which is used\r\nfor the same purpose when the IKE SA is being rekeyed or is creating\r\nadditional Child SAs.\r\n\r\nThis document updates RFC 7296 by renaming a Transform Type 4 from\r\n\"Diffie-Hellman Group (D-H)\" to \"Key Exchange Method (KE)\" and\r\nrenaming a field in the Key Exchange Payload from \"Diffie-Hellman\r\nGroup Num\" to \"Key Exchange Method\".  It also renames an IANA\r\nregistry for this Transform Type from \"Transform Type 4 - Diffie-\r\nHellman Group Transform IDs\" to \"Transform Type 4 - Key Exchange\r\nMethod Transform IDs\".  These changes generalize key exchange\r\nalgorithms that can be used in IKEv2.","pub_date":"May 2023","keywords":["post-quantum","PQC","hybrid","hybridization","hybrid key exchange","key encapsulation","quantum","quantum-safe","KEM","PQ"],"obsoletes":[],"obsoleted_by":[],"updates":["RFC7296"],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9370","errata_url":null}