The quantum threat is not a future concern—it’s a pressing risk today. Cybercriminals and nation-state actors are already hoarding encrypted data, ready to decrypt it once cryptographically relevant quantum computers (CRQCs) become operational. For decision-makers focused on cost, efficiency, and measurable returns, the stakes are high: unprotected data—whether customer records, intellectual property, or trade secrets—could lead to financial losses and reputational harm that far exceed the cost of implementing safeguards now. Delaying action increases vulnerability, threatening business continuity and long-term security. Investing proactively can prevent millions in potential damages, making a strong case for immediate action. The window to act is closing fast, before the fallout becomes irreparable.
RFC 9370 Overview
This situation highlights the importance of RFC 9370, a proposed standard that allows multiple key exchanges to happen during Security Association (SA) setup in IKEv2 protocols. This is essential for generating hybrid cryptographic keys that combine classical encryption with Post-Quantum Cryptography (PQC). The standard works in conjunction with RFC 9242, which allows IKEv2 to manage the larger data transfers required for multiple PQC exchanges.
While RFC 9370 represents an important piece of the quantum-resistant ecosystem it is important to understand it’s not a complete solution. This is an interoperability standard and doesn’t ensure security on its own. As such there are a few concerns organizations should carefully consider before adopting this as their primary PQC strategy.
Operational Interruption
Algorithm transitions present an unavoidable challenge that RFC 9370 does not address. Changing an algorithm requires comprehensive network downtime to update devices and for reboots and this will continue to be the case with RFC 9370. NIST’s guidance stresses the importance of agile key management as PQCs will require more frequent algorithm transitions. This is due to the vulnerabilities that may be eventually discovered, implementation errors, or addressing regional compliance requirements. For example, in the US an organization may be required to use ML-KEM but in the UK the use of Frodo KEM is required. Change should not result in disruption.
Performance Impact
With RFC 9370 multiple key exchanges are supported to provide a defense-in-depth approach. However, there is a performance cost that comes along with it. Every additional key exchange results in more computational overhead, higher resource utilization, and increased latency during tunnel establishment. IETF benchmarks show that hybrid key exchanges can extend setup times up to 30% under heavy load. This translates to slower connections which in high-traffic environments, will cause delays that can cascade into serious performance issues that will impact users and system reliability.
Fragmentation Concerns With RFC 9370
The maximum key exchange payload natively supported by RFC 9370 is 64KB. Currently, Classic McEliece exceeds it and future algorithms are expected to exceed this limitation as well. These larger payloads cause packets to fragment. Network equipment, especially when dealing with IPv6 fragments, often blocks fragmented packets for various reasons. One of those reasons is that attackers can exploit fragmentation to bypass security controls. There are workarounds but they require additional computational resources and additional configuration complexity which opens the door to increased latency and other performance issues.
Regulatory Pressure and Compliance Risks
Currently, there is no FIPS validation for RFC 9370 solutions which is a requirement for government agencies. For other regulated industries such as finance and healthcare FIPS is a recognized standard to satisfy PCI-DSS and HIPAA requirements. The regulated industries are the most attacked and have urgency to transition now leveraging FIPS validated solutions.
Technology Gap
As of this writing, RFC 9370 does not have an integration path with Quantum Key Distribution (QKD), which has significant adoption internationally and is gaining traction in the US. For organizations with global operations or partners using QKD, RFC 9370 requires managing multiple, quantum-resistant solutions.
Security Urgency
While the industry is waiting for RFC 9370 to become an official standard over the next couple of years, cybercriminals and nation-state actors are busy executing attacks and refining their attack campaigns. Criminal actors are harvesting encrypted data now for future decryption once a cryptographically relevant quantum computer (CRQC) becomes available.
Protect Now and Evolve as Standards Mature
The quantum threat is real, it’s immediate, and it’s not waiting for perfect standards to emerge. Organizations should be exploring quantum-resistant measures that provide immediate protection along with crypto-agility to prepare for the future. As emerging standards like RFC 9370 mature organizations should revisit their PQC strategy to include it as part of a comprehensive approach to becoming quantum resilient.
