Exchanging Post-quantum pre-shared keys out-of-band makes IKEv2 VPNs resistant to
attacks by quantum computers.
Quantum-resistant IKEv2 VPNs based on
RFC 8784 and/or
RFC 9242 and
RFC 9370 prevent attackers who are attempting to execute Harvest Now,
Decrypt Later attacks from stealing the cryptographic key material used to encrypt data
in the VPN. Without the cryptographic keys, attackers can't decrypt harvested data later
with a cryptographically relevant quantum computer. Even if attackers successfully steal
the encrypted data, without a cryptographically relevant quantum computer to decrypt the
key material, they can't compromise the harvested data because they can't decrypt it
without the key.
RFC 8784 provides a quantum-resistant transition from today's classical cryptography to
post-quantum cryptography that you can implement today. RFC 8784 doesn’t require
cryptography upgrades so its implementation is straightforward and fast as long as both
VPN devices on each side of the tunnel can support it.
RFC 9242 and RFC 9370 are more resource intensive than RFC 8784 but provide a dynamic key
generation capability based on the new PQC mathematical algorithms that are not
vulnerable to Shor’s algorithm. Because RFC 9242 and RFC 9370 require cryptography
upgrades, it can take longer to deploy the hybrid key technology so you need to take
cryptographic agility into account.
This chapter shows you how to configure post-quantum IKEv2 VPNs, including how to
configure post-quantum IKEv2 VPNs in scenarios where you know the IKEv2 peer and its
capabilities and scenarios where don't control the IKEv2 peer and don't know its
capabilities.