<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.2.3) -->
<?rfc strict="yes"?>
<?rfc comments="yes"?>
<?rfc docmapping="yes"?>
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-reddy-ipsecme-ikev2-hybrid-reliable-01" category="std" consensus="true" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="PQ/T hybrid composite KE for IKEv2">PQ/T Hybrid Composite Key Exchange and Reliable Transport for IKEv2</title>
    <seriesInfo name="Internet-Draft" value="draft-reddy-ipsecme-ikev2-hybrid-reliable-01"/>
    <author fullname="Tirumaleswar Reddy">
      <organization>Nokia</organization>
      <address>
        <postal>
          <city>Bangalore</city>
          <region>Karnataka</region>
          <country>India</country>
        </postal>
        <email>kondtir@gmail.com</email>
      </address>
    </author>
    <author fullname="Valery Smyslov">
      <organization>ELVIS-PLUS</organization>
      <address>
        <postal>
          <country>Russian Federation</country>
        </postal>
        <email>svan@elvis.ru</email>
      </address>
    </author>
    <date year="2026" month="July" day="03"/>
    <area>Security</area>
    <workgroup>ipsecme</workgroup>
    <keyword>PQC</keyword>
    <keyword>IKEv2</keyword>
    <abstract>
      <?line 51?>

<t>The eventual transition to post-quantum key exchange will require elimination of traditional key exchange for
reduced protocol complexity and efficiency.  IKEv2 therefore requires a mechanism that can operate in a PQC-only environment, without depending on traditional key exchange algorithms (e.g., MODP DH or ECDH). As IKEv2 permits arbitrary combinations of algorithms, unnecessary complexity and insecure hybrid constructions are easily implemented.</t>
      <t>This document defines PQ/T hybrid composite key exchange algorithms for IKEv2 and a single combined KE payload that carries both the traditional and post-quantum components. It also leverages the existing IKEv2 reliable
transport mechanism so that large PQC key exchange messages can be reliably exchanged over TCP. Together, these mechanisms enable secure and efficient PQ/T hybrid deployments today and provide a clear path for IKEv2 to operate in environments where traditional algorithms have been replaced by PQC algorithms.</t>
    </abstract>
    <note removeInRFC="true">
      <name>About This Document</name>
      <t>
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-reddy-ipsecme-ikev2-hybrid-reliable/"/>.
      </t>
      <t>
        Discussion of this document takes place on the
        ipsecme Working Group mailing list (<eref target="mailto:ipsecme@ietf.org"/>),
        which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/ipsec/"/>.
        Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/ipsecme/"/>.
      </t>
    </note>
  </front>
  <middle>
    <?line 59?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>The Internet Key Exchange version 2 (<xref target="IKEv2"/>) is a key agreement and security negotiation protocol used for IPsec key establishment. The emergence of Cryptographically Relevant Quantum Computers (CRQCs) will render traditional key exchange algorithms obsolete. In a post-quantum future, many systems will be unable to rely on or even ship traditional key exchange algorithms. For IKEv2 to remain deployable in such an environment, it must support PQC-only key exchange without depending on traditional key exchange algorithms.</t>
      <t>However, because IKEv2 requires that its first key exchange occur in the IKE_SA_INIT exchange, any PQC KEM public key or ciphertext that does not fit within a single IKE_SA_INIT message often cannot be reliably sent directly in that exchange (as fragmented IP packets are often not forwarded by NATs or firewalls). In some settings (e.g., when TCP is used as IKEv2 transport or if it is known that IP fragmentation is not an issue) this may not be a problem, but otherwise when a PQC KEM does not fit in IKE_SA_INIT, the initial exchange must fall back to a traditional key exchange before any PQC public key or ciphertext can be sent. This creates an important limitation: even in a future where CRQCs exist and PQC algorithms are mandatory, IKEv2 peers are forced to use a traditional key exchange in IKE_SA_INIT whenever the PQC KEM exceeds the path MTU. In deployments that do not implement traditional key exchange algorithms, such fallback is unacceptable, prolonging reliance on traditional key exchange algorithms far beyond their acceptable security horizon. While functional, these mechanisms increase round-trip latency and add protocol complexity.</t>
      <t>Recent guidance, including that discussed in <xref section="13.3.2" sectionFormat="of" target="I-D.ietf-pquip-pqc-engineers"/>, notes that protocol designs benefit from allowing a small number of known good configurations that make sense, instead of allowing arbitrary combinations of individual configuration choices that may interact in dangerous ways. Allowing arbitrary combinations of traditional and PQC algorithms can lead to interactions that have not been thoroughly evaluated.  However, IKEv2 does not currently follow this guidance as <xref target="I-D.ietf-ipsecme-ikev2-mlkem"/> allows arbitrary combinations of DH groups and ML-KEM parameters through separate traditional and PQC negotiation paths, which may lead to untested or undesirable hybrid constructions and makes it difficult to enforce secure algorithm pairing.</t>
      <t>To address these issues, this document introduces:</t>
      <ul spacing="normal">
        <li>
          <t>PQ/T hybrid composite key exchange algorithms for IKEv2, representing single, fixed, known good combinations of traditional and PQC KEM algorithms.</t>
        </li>
        <li>
          <t>A combined KE payload format that carries both traditional and PQC components within a single payload.</t>
        </li>
        <li>
          <t>Leverages the IKEv2 reliable transport mechanism defined in <xref target="I-D.ietf-ipsecme-ikev2-reliable-transport"/> so that IKEv2 peers can use TCP for large PQC key exchange messages.</t>
        </li>
      </ul>
      <t>These updates remove the dependency on multi-round negotiation exchanges, eliminate the requirement to use traditional algorithms solely due to MTU limitations, reduce the risks associated with IP fragmentation of large PQC payloads, and provide a clear path for IKEv2 to operate securely and efficiently in a future where only PQC algorithms remain usable.</t>
    </section>
    <section anchor="conventions-and-definitions">
      <name>Conventions and Definitions</name>
      <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
      <?line -18?>

<t>This document uses terms defined in <xref target="RFC9794"/>. For the purposes of this document, it is helpful to be able to divide cryptographic algorithms into three classes:</t>
      <t>"Traditional asymmetric cryptographic algorithm": An asymmetric cryptographic algorithm based on integer
factorisation, finite field discrete logarithms, elliptic curve discrete logarithms, or related mathematical problems.</t>
      <t>"Post-quantum asymmetric cryptographic algorithm": An asymmetric cryptographic algorithm that is intended to be
secure against attacks using quantum computers as well as classical computers.</t>
      <t>"Post-Quantum Cryptography (PQC)": Cryptography based on post-quantum asymmetric cryptographic algorithms.</t>
      <t>"Post-Quantum Traditional (PQ/T) hybrid scheme": A multi-algorithm scheme where at least one component algorithm is a post-quantum algorithm and at least one is a traditional algorithm.</t>
    </section>
    <section anchor="reliable-transport-requirements">
      <name>Reliable Transport Requirements</name>
      <t>PQC-only deployments (i.e., deployments that do not implement any traditional key exchange algorithms) cannot rely on UDP for IKE_SA_INIT when the PQC key exchange payload exceeds the path MTU. In these deployments, fallback to UDP would prevent the use of a PQC-only key exchange. Therefore, when a PQC-only key exchange method is offered or negotiated and the PQC key exchange payload exceeds the path MTU, the initiator <bcp14>MUST</bcp14> start IKE_SA_INIT over TCP, and peers <bcp14>MUST NOT</bcp14> fall back to UDP for IKE_SA_INIT. This requirement follows from the reliable transport mechanism defined in <xref target="I-D.ietf-ipsecme-ikev2-reliable-transport"/>.</t>
      <t>PQ/T hybrid composite key exchange produces a combined KE payload that may or may not exceed the path MTU, depending on the specific algorithm combination. When the combined KE payload exceeds the path MTU, the PQ/T hybrid composite key exchange <bcp14>MUST NOT</bcp14> be sent over UDP. If TCP is supported, the initiator <bcp14>MAY</bcp14> migrate to TCP and use the PQ/T hybrid composite key exchange; otherwise, the initiator <bcp14>MUST</bcp14> use the multiple key exchange mechanism defined in <xref target="RFC9370"/>.</t>
    </section>
    <section anchor="pqt-hybrid-composite-key-exchange-algorithms">
      <name>PQ/T hybrid composite Key Exchange Algorithms</name>
      <t>This document defines PQ/T hybrid composite key-exchange methods that <bcp14>MUST</bcp14> be treated as a single, atomic key-exchange identifier. Because IKEv2 treats key-exchange methods (Transform Type 4) as opaque and does not define their internal processing (see <xref section="2.14" sectionFormat="of" target="IKEv2"/>), this document specifies how the traditional and PQC shared secrets are combined for all hybrid methods defined here.</t>
      <t>Each PQ/T hybrid composite key exchange algorithm implies:</t>
      <ul spacing="normal">
        <li>
          <t>One traditional key exchange component</t>
        </li>
        <li>
          <t>One PQC KEM component</t>
        </li>
        <li>
          <t>One combined KE payload format</t>
        </li>
        <li>
          <t>Use of the common combiner construction defined in <xref target="combiner"/></t>
        </li>
      </ul>
      <t>This document defines the following PQ/T hybrid composite key exchange algorithms:</t>
      <ul spacing="normal">
        <li>
          <t>ecp256-mlkem768</t>
        </li>
        <li>
          <t>ecp384-mlkem1024</t>
        </li>
        <li>
          <t>curve25519-mlkem768</t>
        </li>
      </ul>
      <t>Each PQ/T hybrid composite key exchange algorithm is represented as a single Transform ID of type 4 (Key Exchange Method) and is negotiated as a whole.</t>
    </section>
    <section anchor="combined-key-exchange-payload">
      <name>Combined Key Exchange Payload</name>
      <t>The KE payload carries both components of the
PQ/T hybrid composite key exchange algorithm. Specifically, the initiator includes its
traditional key exchange public key together with its PQC KEM public key:</t>
      <artwork><![CDATA[
  KEi = Traditional-Key-Exchange-Public-Key || PQC-KEM-Public-Key
]]></artwork>
      <t>The responder returns its traditional key exchange public key along with the
PQC ciphertext:</t>
      <artwork><![CDATA[
  KEr = Traditional-Key-Exchange-Public-Key || PQC-Ciphertext
]]></artwork>
      <t>Because both the traditional and post-quantum key exchange values are conveyed
within a single exchange, no ADDKE transforms (<xref target="RFC9370"/>) are negotiated. Thus, the IKE_INTERMEDIATE (<xref target="RFC9242"/>) and IKE_FOLLOWUP_KE (<xref target="RFC9370"/>) exchanges are not needed for the purpose of key exchange, but peers can negotiate
and use IKE_INTERMEDIATE for other purposes.</t>
      <t>The lengths of the traditional and PQC components are fixed and defined by the selected PQ/T hybrid composite Transform ID. No additional length fields are included in the KE payload.</t>
    </section>
    <section anchor="reliable-transport-negotiation">
      <name>Reliable Transport Negotiation</name>
      <t>PQ/T hybrid composite key exchange requires a reliable transport to avoid IP-layer fragmentation of large PQC key exchange values. Transport selection follows <xref target="I-D.ietf-ipsecme-ikev2-reliable-transport"/>. The initiator <bcp14>MUST</bcp14> follow the rules in the scenarios below.</t>
      <section anchor="separatetransports-negotiated">
        <name>SEPARATE_TRANSPORTS Negotiated</name>
        <t>If the initiator starts the IKE_SA_INIT exchange over TCP and includes a SEPARATE_TRANSPORTS Notify, and the responder also includes a SEPARATE_TRANSPORTS Notify, then the IKE SA is established using separate transports. In this configuration, all IKE messages are sent over TCP. ESP is sent over UDP (or directly over IP) if possible; if both UDP and IP are blocked, ESP is sent over TCP as described in <xref target="RFC9329"/>.</t>
      </section>
      <section anchor="no-separatetransports">
        <name>No SEPARATE_TRANSPORTS</name>
        <t>If the initiator starts the IKE_SA_INIT exchange over TCP and the responder accepts the TCP transport but does not include a SEPARATE_TRANSPORTS Notify, then the IKE SA operates in the mode defined by <xref target="RFC9329"/>. In this configuration, both IKE messages and ESP traffic are carried over the same TCP connection. PQ/T hybrid key exchange payloads can be sent in this configuration since the IKE messages are transported reliably.</t>
      </section>
    </section>
    <section anchor="combiner">
      <name>Hybrid Derivation</name>
      <t>Each PQ/T hybrid key exchange method defined in this document produces two independent shared secrets: one from the traditional component (K_T) and one from the PQC component (K_PQ). Because IKEv2 treats key exchange methods as opaque, the function that combines these secrets is defined per hybrid KE method. The PQ/T hybrid key exchange methods in this document use the Universal Combiner defined in <xref target="I-D.irtf-cfrg-hybrid-kems"/>. Note that in all PQ/T hybrid composite KE algorithms defined in this document, the PQC component is listed second in the algorithm name but is passed first to the Universal Combiner.</t>
      <t>Let:</t>
      <ul spacing="normal">
        <li>
          <t>K_T = traditional ECDH shared secret</t>
        </li>
        <li>
          <t>K_PQ = post-quantum shared secret</t>
        </li>
      </ul>
      <t>The combined secret is computed as:</t>
      <artwork><![CDATA[
  label      = "IKEv2-HYBRID-KE-v1"
  K_combined = UniversalCombiner(K_PQ, K_T, CT_PQ, CT_T, PK_PQ,
               PK_T, label)
]]></artwork>
      <t>Where:</t>
      <ul spacing="normal">
        <li>
          <t>K_PQ : PQC shared secret</t>
        </li>
        <li>
          <t>K_T : traditional shared secret</t>
        </li>
        <li>
          <t>CT_PQ : PQC ciphertext</t>
        </li>
        <li>
          <t>CT_T : traditional ciphertext (not applicable; set to the empty string, since the traditional component does not produce a ciphertext)</t>
        </li>
        <li>
          <t>PK_PQ : PQC public key</t>
        </li>
        <li>
          <t>PK_T : traditional public key</t>
        </li>
        <li>
          <t>label : protocol-specific domain separation string</t>
        </li>
      </ul>
      <t>The SKEYSEED value is computed as:</t>
      <sourcecode type="abnf"><![CDATA[
  SKEYSEED = prf(Ni | Nr, K_combined)
]]></sourcecode>
      <t>This replaces the g^ir shared secret defined in <xref target="IKEv2"/>; all other aspects of SKEYSEED computation remain unchanged.</t>
      <t>Once SKEYSEED is derived, the remainder of the IKEv2 key hierarchy is computed exactly as specified in <xref target="IKEv2"/>.</t>
      <t>This construction aligns with the hybrid key exchange approach used in TLS <xref target="I-D.ietf-tls-hybrid-design"/>,
where traditional and post-quantum secrets are concatenated before key derivation to ensure security
against both traditional and quantum adversaries.</t>
    </section>
    <section anchor="example-message-flow">
      <name>Example Message Flow</name>
      <t>This section illustrates an IKEv2 exchange using a PQ/T hybrid composite key
exchange algorithm. The initiator sends a combined KE payload containing
both the traditional DH public key and the PQC public key. The responder
returns its DH public key together with the PQC ciphertext.</t>
      <t>The exchange is shown using TCP, negotiated using the IKEv2 reliable transport mechanism.
Both peers include the SEPARATE_TRANSPORTS Notify to indicate support for
separate IKE and ESP transports.</t>
      <artset>
        <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="384" width="576" viewBox="0 0 576 384" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
            <path d="M 8,48 L 552,48" fill="none" stroke="black"/>
            <path d="M 328,144 L 352,144" fill="none" stroke="black"/>
            <path d="M 320,176 L 344,176" fill="none" stroke="black"/>
            <path d="M 328,272 L 352,272" fill="none" stroke="black"/>
            <path d="M 320,304 L 344,304" fill="none" stroke="black"/>
            <path d="M 8,368 L 552,368" fill="none" stroke="black"/>
            <polygon class="arrowhead" points="360,272 348,266.4 348,277.6" fill="black" transform="rotate(0,352,272)"/>
            <polygon class="arrowhead" points="360,144 348,138.4 348,149.6" fill="black" transform="rotate(0,352,144)"/>
            <polygon class="arrowhead" points="328,304 316,298.4 316,309.6" fill="black" transform="rotate(180,320,304)"/>
            <polygon class="arrowhead" points="328,176 316,170.4 316,181.6" fill="black" transform="rotate(180,320,176)"/>
            <g class="text">
              <text x="40" y="36">Initiator</text>
              <text x="520" y="36">Responder</text>
              <text x="64" y="84">IKE_SA_INIT</text>
              <text x="136" y="84">(over</text>
              <text x="180" y="84">TCP)</text>
              <text x="36" y="100">HDR,</text>
              <text x="80" y="100">SAi1,</text>
              <text x="112" y="116">N(SEPARATE_TRANSPORTS),</text>
              <text x="36" y="132">KEi(</text>
              <text x="92" y="132">DH_pub_i</text>
              <text x="140" y="132">||</text>
              <text x="192" y="132">PQC_pub_i</text>
              <text x="244" y="132">),</text>
              <text x="28" y="148">Ni</text>
              <text x="380" y="180">HDR,</text>
              <text x="424" y="180">SAr1,</text>
              <text x="456" y="196">N(SEPARATE_TRANSPORTS),</text>
              <text x="380" y="212">KEr(</text>
              <text x="436" y="212">DH_pub_r</text>
              <text x="484" y="212">||</text>
              <text x="524" y="212">PQC_ct</text>
              <text x="564" y="212">),</text>
              <text x="372" y="228">Nr</text>
              <text x="52" y="260">IKE_AUTH</text>
              <text x="36" y="276">HDR,</text>
              <text x="68" y="276">SK</text>
              <text x="88" y="276">{</text>
              <text x="116" y="276">IDi,</text>
              <text x="160" y="276">AUTH,</text>
              <text x="208" y="276">SAi2,</text>
              <text x="252" y="276">TSi,</text>
              <text x="288" y="276">TSr</text>
              <text x="312" y="276">}</text>
              <text x="380" y="308">HDR,</text>
              <text x="412" y="308">SK</text>
              <text x="432" y="308">{</text>
              <text x="460" y="308">IDr,</text>
              <text x="504" y="308">AUTH,</text>
              <text x="552" y="308">SAr2,</text>
              <text x="380" y="324">TSi,</text>
              <text x="416" y="324">TSr</text>
              <text x="440" y="324">}</text>
              <text x="24" y="356">Child</text>
              <text x="60" y="356">SA</text>
              <text x="124" y="356">established;</text>
              <text x="192" y="356">ESP</text>
              <text x="240" y="356">traffic</text>
              <text x="292" y="356">uses</text>
              <text x="332" y="356">UDP.</text>
            </g>
          </svg>
        </artwork>
        <artwork type="ascii-art"><![CDATA[
Initiator                                                   Responder
---------------------------------------------------------------------

  IKE_SA_INIT (over TCP)
  HDR, SAi1,
  N(SEPARATE_TRANSPORTS),
  KEi( DH_pub_i || PQC_pub_i ),
  Ni                                    --->

                                       <---  HDR, SAr1,
                                             N(SEPARATE_TRANSPORTS),
                                             KEr( DH_pub_r || PQC_ct ),
                                             Nr

  IKE_AUTH
  HDR, SK { IDi, AUTH, SAi2, TSi, TSr } --->

                                       <---  HDR, SK { IDr, AUTH, SAr2,
                                             TSi, TSr }

Child SA established; ESP traffic uses UDP.
---------------------------------------------------------------------
]]></artwork>
      </artset>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>PQ/T hybrid composite key exchange algorithms reduce the risk of insecure or unintended algorithm combinations by ensuring that only well-defined, vetted pairs of traditional and PQC algorithms are used. This prevents deployments from constructing ad-hoc hybrids that may provide weaker security than either component alone.</t>
      <t>As in standard IKEv2, the KE payload (including both the traditional and PQC components) is integrity-protected and authenticated during the IKE_AUTH exchange. This protection prevents modification of either component by an active attacker.</t>
      <t>This document leverages the IKEv2 reliable transport mechanism to avoid IP-layer fragmentation of large PQC payloads. Finally, by enabling a PQC-only key exchange within IKE_SA_INIT and by avoiding fallback to traditional key exchange due solely to MTU constraints, the mechanisms in this document ensure that IKEv2 remains secure and deployable even in environments where traditional algorithms have been deprecated or removed due to their vulnerability to quantum-capable adversaries.</t>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>IANA is requested to assign three new values for the PQ/T hybrid composite key exchange
algorithm names "ecp256-mlkem768", "ecp384-mlkem1024", and
"curve25519-mlkem768" in the IKEv2 "Transform Type 4 Key Exchange Method
Transform IDs" registry and list this document as the reference.</t>
      <artwork><![CDATA[
   +========+======================+===========+
   | Number | Name                 | Reference |
   +========+======================+===========+
   |  TBD1  | ecp256-mlkem768      |[this RFC] |
   +--------+----------------------+-----------+
   |  TBD2  | ecp384-mlkem1024     |[this RFC] |
   +--------+----------------------+-----------+
   |  TBD3  | curve25519-mlkem768  |[this RFC] |
   +--------+----------------------+-----------+
]]></artwork>
      <artwork><![CDATA[
   Table 1: Updates to the IANA "Transform Type 4 - Key Exchange Method Transform IDs" registry
]]></artwork>
    </section>
    <section numbered="false" anchor="acknowledgments">
      <name>Acknowledgments</name>
      <t>The authors thank Dan Wing for his contributions to this specification.</t>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC9329">
          <front>
            <title>TCP Encapsulation of Internet Key Exchange Protocol (IKE) and IPsec Packets</title>
            <author fullname="T. Pauly" initials="T." surname="Pauly"/>
            <author fullname="V. Smyslov" initials="V." surname="Smyslov"/>
            <date month="November" year="2022"/>
            <abstract>
              <t>This document describes a method to transport Internet Key Exchange Protocol (IKE) and IPsec packets over a TCP connection for traversing network middleboxes that may block IKE negotiation over UDP. This method, referred to as "TCP encapsulation", involves sending both IKE packets for Security Association (SA) establishment and Encapsulating Security Payload (ESP) packets over a TCP connection. This method is intended to be used as a fallback option when IKE cannot be negotiated over UDP.</t>
              <t>TCP encapsulation for IKE and IPsec was defined in RFC 8229. This document clarifies the specification for TCP encapsulation by including additional clarifications obtained during implementation and deployment of this method. This documents obsoletes RFC 8229.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9329"/>
          <seriesInfo name="DOI" value="10.17487/RFC9329"/>
        </reference>
        <reference anchor="IKEv2">
          <front>
            <title>Internet Key Exchange Protocol Version 2 (IKEv2)</title>
            <author fullname="C. Kaufman" initials="C." surname="Kaufman"/>
            <author fullname="P. Hoffman" initials="P." surname="Hoffman"/>
            <author fullname="Y. Nir" initials="Y." surname="Nir"/>
            <author fullname="P. Eronen" initials="P." surname="Eronen"/>
            <author fullname="T. Kivinen" initials="T." surname="Kivinen"/>
            <date month="October" year="2014"/>
            <abstract>
              <t>This document describes version 2 of the Internet Key Exchange (IKE) protocol. IKE is a component of IPsec used for performing mutual authentication and establishing and maintaining Security Associations (SAs). This document obsoletes RFC 5996, and includes all of the errata for it. It advances IKEv2 to be an Internet Standard.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="79"/>
          <seriesInfo name="RFC" value="7296"/>
          <seriesInfo name="DOI" value="10.17487/RFC7296"/>
        </reference>
        <reference anchor="I-D.ietf-ipsecme-ikev2-mlkem">
          <front>
            <title>Post-quantum Key Exchange with ML-KEM in the Internet Key Exchange Protocol Version 2 (IKEv2)</title>
            <author fullname="Panos Kampanakis" initials="P." surname="Kampanakis">
              <organization>Amazon Web Services</organization>
            </author>
            <date day="27" month="June" year="2026"/>
            <abstract>
              <t>   US NIST standardized ML-KEM, a new key encapsulation mechanism, which
   can be used for quantum-resistant key establishment.  This document
   specifies how to use ML-KEM by itself or as an additional key
   exchange in IKEv2 along with a traditional key exchange.  These
   options allow for negotiating IKE and Child SA keys which are safe
   against cryptographically relevant quantum computers.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-ipsecme-ikev2-mlkem-08"/>
        </reference>
        <reference anchor="I-D.ietf-ipsecme-ikev2-reliable-transport">
          <front>
            <title>Separate Transports for IKE and ESP</title>
            <author fullname="Valery Smyslov" initials="V." surname="Smyslov">
              <organization>ELVIS-PLUS</organization>
            </author>
            <author fullname="Tirumaleswar Reddy.K" initials="T." surname="Reddy.K">
              <organization>Nokia</organization>
            </author>
            <date day="24" month="June" year="2026"/>
            <abstract>
              <t>   The Internet Key Exchange protocol version 2 (IKEv2) can operate
   either over unreliable (UDP) transport or over reliable (TCP)
   transport.  If TCP is used, then IPsec tunnels created by IKEv2 also
   use TCP.  This document specifies how to decouple IKEv2 and IPsec
   transports so that IKEv2 can operate over TCP, while IPsec tunnels
   use unreliable transport.  This feature allows IKEv2 to effectively
   exchange large blobs of data (e.g., when post-quantum algorithms are
   employed) while avoiding performance problems that arise when IPsec
   uses TCP.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-ipsecme-ikev2-reliable-transport-06"/>
        </reference>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
        <reference anchor="RFC9370">
          <front>
            <title>Multiple Key Exchanges in the Internet Key Exchange Protocol Version 2 (IKEv2)</title>
            <author fullname="CJ. Tjhai" initials="CJ." surname="Tjhai"/>
            <author fullname="M. Tomlinson" initials="M." surname="Tomlinson"/>
            <author fullname="G. Bartlett" initials="G." surname="Bartlett"/>
            <author fullname="S. Fluhrer" initials="S." surname="Fluhrer"/>
            <author fullname="D. Van Geest" initials="D." surname="Van Geest"/>
            <author fullname="O. Garcia-Morchon" initials="O." surname="Garcia-Morchon"/>
            <author fullname="V. Smyslov" initials="V." surname="Smyslov"/>
            <date month="May" year="2023"/>
            <abstract>
              <t>This document describes how to extend the Internet Key Exchange Protocol Version 2 (IKEv2) to allow multiple key exchanges to take place while computing a shared secret during a Security Association (SA) setup.</t>
              <t>This document utilizes the IKE_INTERMEDIATE exchange, where multiple key exchanges are performed when an IKE SA is being established. It also introduces a new IKEv2 exchange, IKE_FOLLOWUP_KE, which is used for the same purpose when the IKE SA is being rekeyed or is creating additional Child SAs.</t>
              <t>This document updates RFC 7296 by renaming a Transform Type 4 from "Diffie-Hellman Group (D-H)" to "Key Exchange Method (KE)" and renaming a field in the Key Exchange Payload from "Diffie-Hellman Group Num" to "Key Exchange Method". It also renames an IANA registry for this Transform Type from "Transform Type 4 - Diffie- Hellman Group Transform IDs" to "Transform Type 4 - Key Exchange Method Transform IDs". These changes generalize key exchange algorithms that can be used in IKEv2.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9370"/>
          <seriesInfo name="DOI" value="10.17487/RFC9370"/>
        </reference>
        <reference anchor="I-D.irtf-cfrg-hybrid-kems">
          <front>
            <title>Hybrid PQ/T Key Encapsulation Mechanisms</title>
            <author fullname="Deirdre Connolly" initials="D." surname="Connolly">
              <organization>SandboxAQ</organization>
            </author>
            <author fullname="Richard Barnes" initials="R." surname="Barnes">
              <organization>Cisco</organization>
            </author>
            <author fullname="Paul Grubbs" initials="P." surname="Grubbs">
              <organization>University of Michigan</organization>
            </author>
            <date day="7" month="May" year="2026"/>
            <abstract>
              <t>   This document defines generic constructions for hybrid Key
   Encapsulation Mechanisms (KEMs) based on combining a post-quantum
   (PQ) KEM with a traditional cryptographic component.  Hybrid KEMs
   built using these constructions provide strong security properties as
   long as either of the underlying algorithms are secure.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-irtf-cfrg-hybrid-kems-11"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="I-D.ietf-pquip-pqc-engineers">
          <front>
            <title>Post-Quantum Cryptography for Engineers</title>
            <author fullname="Aritra Banerjee" initials="A." surname="Banerjee">
              <organization>Nokia</organization>
            </author>
            <author fullname="Tirumaleswar Reddy.K" initials="T." surname="Reddy.K">
              <organization>Nokia</organization>
            </author>
            <author fullname="Dimitrios Schoinianakis" initials="D." surname="Schoinianakis">
              <organization>Nokia</organization>
            </author>
            <author fullname="Tim Hollebeek" initials="T." surname="Hollebeek">
              <organization>DigiCert</organization>
            </author>
            <author fullname="Mike Ounsworth" initials="M." surname="Ounsworth">
              <organization>Entrust Limited</organization>
            </author>
            <date day="25" month="August" year="2025"/>
            <abstract>
              <t>   The advent of a cryptographically relevant quantum computer (CRQC)
   would render state-of-the-art, traditional public key algorithms
   deployed today obsolete, as the mathematical assumptions underpinning
   their security would no longer hold.  To address this, protocols and
   infrastructure must transition to post-quantum algorithms, which are
   designed to resist both traditional and quantum attacks.  This
   document explains why engineers need to be aware of and understand
   post-quantum cryptography (PQC), detailing the impact of CRQCs on
   existing systems and the challenges involved in transitioning to
   post-quantum algorithms.  Unlike previous cryptographic updates, this
   shift may require significant protocol redesign due to the unique
   properties of post-quantum algorithms.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-pquip-pqc-engineers-14"/>
        </reference>
        <reference anchor="RFC9794">
          <front>
            <title>Terminology for Post-Quantum Traditional Hybrid Schemes</title>
            <author fullname="F. Driscoll" initials="F." surname="Driscoll"/>
            <author fullname="M. Parsons" initials="M." surname="Parsons"/>
            <author fullname="B. Hale" initials="B." surname="Hale"/>
            <date month="June" year="2025"/>
            <abstract>
              <t>One aspect of the transition to post-quantum algorithms in cryptographic protocols is the development of hybrid schemes that incorporate both post-quantum and traditional asymmetric algorithms. This document defines terminology for such schemes. It is intended to be used as a reference and, hopefully, to ensure consistency and clarity across different protocols, standards, and organisations.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9794"/>
          <seriesInfo name="DOI" value="10.17487/RFC9794"/>
        </reference>
        <reference anchor="RFC9242">
          <front>
            <title>Intermediate Exchange in the Internet Key Exchange Protocol Version 2 (IKEv2)</title>
            <author fullname="V. Smyslov" initials="V." surname="Smyslov"/>
            <date month="May" year="2022"/>
            <abstract>
              <t>This document defines a new exchange, called "Intermediate Exchange", for the Internet Key Exchange Protocol Version 2 (IKEv2). This exchange can be used for transferring large amounts of data in the process of IKEv2 Security Association (SA) establishment. An example of the need to do this is using key exchange methods resistant to Quantum Computers (QCs) for IKE SA establishment. The Intermediate Exchange makes it possible to use the existing IKE fragmentation mechanism (which cannot be used in the initial IKEv2 exchange), helping to avoid IP fragmentation of large IKE messages if they need to be sent before IKEv2 SA is established.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9242"/>
          <seriesInfo name="DOI" value="10.17487/RFC9242"/>
        </reference>
        <reference anchor="I-D.ietf-tls-hybrid-design">
          <front>
            <title>Hybrid key exchange in TLS 1.3</title>
            <author fullname="Douglas Stebila" initials="D." surname="Stebila">
              <organization>University of Waterloo</organization>
            </author>
            <author fullname="Scott Fluhrer" initials="S." surname="Fluhrer">
              <organization>Cisco Systems</organization>
            </author>
            <author fullname="Shay Gueron" initials="S." surname="Gueron">
              <organization>University of Haifa and Meta</organization>
            </author>
            <date day="7" month="September" year="2025"/>
            <abstract>
              <t>   Hybrid key exchange refers to using multiple key exchange algorithms
   simultaneously and combining the result with the goal of providing
   security even if a way is found to defeat the encryption for all but
   one of the component algorithms.  It is motivated by transition to
   post-quantum cryptography.  This document provides a construction for
   hybrid key exchange in the Transport Layer Security (TLS) protocol
   version 1.3.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-tls-hybrid-design-16"/>
        </reference>
      </references>
    </references>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA7Vb63LbxpL+j6eYpf+ICUkfyc7FSpyEluhjlXWhJeqkUqms
CwSG5JRAgMEAlHkc5Vn2WfbJ9uueCwAKjCWfLH/Y1GAw09PXr3ua/X4/KFSR
yEPRGb97OhFvNtNcxeIoW64yrQop3sqNGH2IFmE6lyJMY3EpExVOEykmeZjq
VZYXYpbl4uTtaH3QCcLpNJdrt9rCrBZVq43qk6OwkPMs3xwKXcRBEGdRGi5B
SpyHs6Kfyzje9NVKy2gp++pGrg/6ZkE8MjT0E6ygi0CX06XSWmVpsVlhgZPR
5HWQlsupzA+DGHMOgyhLtUx1qQ9FkZcyAI3PgjCXIWi9klGZq2LTCW6z/Gae
Z+UKo3bnTnAjNxiPDwPRF+N3R/QfHyAI1jItsbYQ994RwlDS+RkrqnQu/kkz
aHwZqqSa+ZOSxWyQ5XN6FObRAo8WRbHSh0+f0kwaUms5cNOe0sDTaZ7davmU
13jaCYJAFxDN+zDJUuy5kTpYqUPxa5FFPaEhoVzONL5tlvZLkauo6JFcljIt
MALWL8PVCoT+FgRhWSyynI4LmoSYlUli5DJRebkME6lvwxx6APHwBJAVpurf
YQH+H4rz7EaFPB6BpYfiFTQHhOWSx3I551lvwzwNi/DGzszKtCA9OElj+7K0
fLrJ0rhQ+U9z+nsAinHce4T9C0TlG3G13OgkW7cQNTr918lVf3x6fdXc77KE
1oSpeC1jmfPcxuZ6HaY/yWSt9CAvsXGa5UvMWrPMxeXroxfPDl4cgv8qnVWP
gj6siv4R4RSsDqMiCCYLKSTUpSjDBAoIy1G0mygyAdMo+r+XIZ4tBXRNSGdu
typJwLHfS5Xj7UQtVco0imxGa8S8BNZrvARCAphOGclYrPIMOpAlbIGJ/ACB
sA3L2UxFSqbRZiCMLotiIaEcEJPbUItQLCUtqvQSj8NCROBUtiJGSaFSPIc1
9LM0we7pWuVZStrUA9nQn7IQsVxJyBPKTwfdRW+YwAXgjaUWe3IwH/TE2cXx
WBy/gQjF6Oj4TXcghtpSic2XqgBp+VRhRcgcJ5tatmjiS7VcT5RpKiOptZ1X
54CCN4DRy8pFpRBVGZl1QuJ3qBVOpug1OpeMByRGpclYShrBAWcqBaPafd2u
U3oHyISEQoNDcKfmIBAafOQq3CRZGDuu57nCLtOsWJCYGqykJRoKxPunZNUD
cVJgX52JBJqXh3OsQa+DCbogqRginC8NCu/PK7HjZaYBfgiHgLibp1oSc2ld
0oypdGtVM2KRYWsxORoPxCSbS9KyHlGhZbWLhvpwRLEiqWto0WAuNCrJNuyz
YDlxaGQJLV+rGO+JKJHwTKsQjKq4DBOrKW1NU7W4JaVv8rOS0yJcSxxKpjjW
KgnJnqYb5kE1aWDsfKniGBwMnsCBFXkWGz0yVo8RmaeyaEZScIXClTgQex8/
/hcT+hL+5JuDF1/f3XWFIusjVofzXLL68Um1DVQiRdwslHEG3shLDRL53GNM
NJJCYJgmSi9oCYiAxL+UkGUaSbKWo3yzKrJ5Hq4WKgoTSA7hXcLrFeKdVSiC
AiWOAPM8unx3pLvOLaVwmQ8y62yqs0QWEgpJTqOhrrOygMh7iIrpBgFKFxIv
8AZQp9KoBQQIxdqQF8HhyIsKvVCrh+w9EK/repCTY0+tGvHa+EuX0QLcbfow
BSsodYGHKzYJ7+m2HPTneTqozZvslqyyh3NGISTnrdE6XzY7cnUzlYOOxkJZ
BDUg0smc8d77q+H7k/OTiZ/RE8ROUtW3ozOxKqECRh/AjEitoPWF/FCYPeIM
u6UZUBzOTAdiz26dUn1xa+xQmwISgMXTS3Wj1+wTQX1UkONMzfqe6r0Qh4Eb
Ms4USgpDjW5kYdytWZXpyHLgi9iY2/lwoolqcEHeQkF1l7VIZ0tyFwX5MR83
YM0puRqyHraF0IWNyrVhKTUj6WLOTZrdWiJBjCPNGJUyPAnpmy5lF9MwtITH
sacOye6gQUtIEBqQkWe7VZAjUxF65jfYC57UOMqOEGNQFqhK5VRJ72YhmQD4
Q2ob7tapqYnZTtw7RW0dtLZuAGeJgH0LivIpxTjwhoyeMEZhMRMbGiuDMVLr
LdkJmCDCPqnpEFmWMGaAbgD7ng/b5D/oEaglR4pDkc7/xcGarGKukr0wyxxv
MVnK2EQ1dvpnk2tWj0acMErOMvDB/CFG2jOegSTBgiCtSsMokivyqbAxKAAA
95zMnm2AferDkM4MYWoqN8C2RLzKRbVu5eQBwtW/s3Qgfl4ojM/KNDLLtkRQ
lZI8MYY0I437APgrQckRIJ6BGXErGoQjugREAkPmpYrpBD1aKinZmRnWKR0B
JUvCTOLjR+RKbCD7zwbPBgcUQ3486R9zftJfwXet8G/Ul8QWEvrdXY847xya
JyGWWs2BtKYQK1nGLM+WYFCS3dLG8D9LMgCTwtEmxlbnWcZQbabmZW4xH6+7
DG9YuTXTjygC8MRg0C24Ey8q+G2gB4LljYVFtMhUJP365NAQBQHmiQ8xCRSs
RqwKN4gyw09vtI3atuyGDDQhsmEabqfqfIxFjOeR5LIy7D1fENBah0kZEjgV
wocUY3Te80CdEK3JJ88yotP4Midw8pIEQZwQmwn3MrmRy7s7w8m/wt3A65wE
az7c2WmfI0+YIz9j8FAsmGQIiQaL+yiW+NGANTBoTU5dwQiJ/447SN0Aawha
5vhOipSz3bQjeaxMyqHJ58eKUGWZFLSMTNkXedDpRIGNVQ5REtrPyG4QjbU1
OI4FumcY6NMAZTGf1Mj9vvjcbKBHMBN7YUVSJBOAewgbH2Tca+r/pxWLmF+H
G1+IYWuCYbLWtjyjZdEqtbiHE+x6tNFpI9lo5hiiLccwWZR1L7v00Fd8/ApQ
Sped1IMM2RGFFsIBxNtPZC6c05Foy1XM4RAQESkL025QHbtQ6OMSeqP67F4b
euqWhFq4FN28bqGcCTcm3u3INAgewzrjkrEuglgtDmvSC1Ius6bSN1BqrbNI
kdWzIO6jF2hFdW4rG917ZLJkDCNpVgwsstvCBIyMtxyaxdqlJrENKDc6ylKq
gHi7PCbBMzu0SZVIQlRp06Jzdn016fTM/+L8gr9fjt5dn1yOjun71Zvh6an/
EtgZV28urk+Pq2/Vm0cXZ2ej82PzMkZFYyjonA1/6RgGdS7Gk5OL8+Fpx0DY
uqUTggGHptK4aJhrwTAzgBeKcjU1WvzqaPy//7P/nLQZKd3B/v4L6Kr549v9
b57jD0IzZjfmnPkT8t0E4WpFUiEWI/5F4QpqkJDooCULcgHEb3Dzi1+JM78d
iu+n0Wr/+Q92gA7cGHQ8awwyz+6P3HvZMLFlqGUbz83G+Banm/QOf2n87fhe
G/z+xwSuQfT3v/3xh2C7+gKDgo+ROXSt4UJ+pLrcNy/AZ5P9MTosc/hhafxl
fZWezQUWMlnNysRK16WdDA0koHItS67rOLSAXBBSdFgTrJIjQGdSt3K9WSIC
5nhvxyqdQzFMHzAP2QCBMMpNoHtAH8EMEAHPNNs8RYqUAs1MySRm1EbaKZJs
Hjo8K5NErQraoszh41rngGEwevYtiAwLSUXNCAex2Q45zM64nsH/jSc0OS+z
lRxvbKQRuAg9DwnaibAoAMcpxaM4Wa97mTIFTOUWJ6X/WShMvn/s6ff1jYqY
jdiDE+uC3sagZ/zqcee+v1ddM/YIJ3QdUNARWC2JUzbQVFwxj6ynpVoccD4S
zlRWAbnGQ64cNQn1zzgRqC/Ak1uDEkiHx26567msohq8ti+L1DOuPTWQSMc/
nYRR1vqAbKnrig2uCnR9PHYhq5Eg+uSwsZDDOjuzRYPtauT2qqQPGki73WZl
QrGTS/i8AoVzyjDaK0NcajP19F6tItBSQoIKLQDqFLmmGV5hWOvwBQUXkyI+
7lj1ygJchODQoIswLxo8c7VZiwwYP7ko0qxAtHDclhHqKMekF9okcwYC/X/g
vgHp3Scx9spickI6u0rrlFbgVK6sY1i5xclmbQ+P9EpGatZwXDVITtm61cS2
bXdL6wFH8rKxlRwjQMgGajxzlS9bsaSkYUsJhr+IpZqb5Cvj6SR2xqUP2v+7
qsrVqmBuJXZgsPFtRW8XPN+iffMPFuuTHVQ0SudD7xgefR/T3zI765iY+ilp
qTQ2p31mA9MosqUpqVVvAxQAxyLS5gPxqlG/5SV0+1577EUp5RKTzUqK513a
KVuFv5fm0sNn7OYgtjTEUDM1IZhus0gV9zQgR1WMORgAbsIbMQ13d93tDNWq
LFZfcPrfnn3rRUj+B+aXu6qsV2EyfnIIlqvuSE6UFpWOQuTqj8l/ORgomzhf
pHJ3OPCxzk50We72+O4sFxOujdO2xrmkKo+ZnjfKBk0NdVPu7nbpG61nfB/J
5lH5P90WCxmtDr762tRavvn6WzPy7NvnZmT/HwfPMcSY7eCrr/ZfVBM/h+G6
qjM0VV1U6nlyzGxiJRV7Des7Y8l3zSWqbkQqWup2kflszwmi/vrYiMTkezUR
NYoPtUKDkdZD/H0FXcSV9dB0obXtqUx1k+tBOtipbbU6emGvLU2qTTcy9+9V
IMU///wzEBhW4mUd5vVx+r47fX/Mb9CY+OMPBgRYpzbKqzBrICCwgG7YYItl
njK9u62jRi81gcwNsYZzR7V7gBqh+eMIPfJr8ArO6z3sUrpBK1UspXMv6Vpu
ZBxs15Oqi6w0E8PjY2hK4bRT05Xpjz5sdHmlSg8Jl5S65+/GTs4no8uz0fHJ
cDLybx48P+A3QSjNeX1xenrx8/X4/dvR9uK+vGO2gXNOEcCtR6ylllykrh3T
XAtVNSlPYOCC7j3iaEWOsD5dNdUpAPZ0XiycMXyqNsfXLFQ1NDHFurLpxoAX
mSBmyHiH06i7gIE45/qn28pQYfJLs4u1pdhdRVb2PNiRPZxXhbMHgbhaL0oL
lqSrsXWm6C6xn4QbMO4vymAtOjioUWYYQ285FPtIUMqX61uIyNfbcZIyIadj
IWQkU2TcGd1/YAJx64m4Go2Hl9CD95PL4fnV+OJycuX5BRMJTmZbrowBvS+z
3rsE9vDeNrxYvxe2b4RtZpueTzcq/8MdJA98u3DQF/SIqyEFCN+BIGObsddv
AAz3tE3D6FayfgfTY8hBa/lGE1K7CvpyX8noyuDeOiAWe+CPv4rm0ZNxl65+
oWVaQXbf0R/svWg6O4Ixrz5NsuiG0PO9dZmVhHlqtb6PH20XmMGvT8hmWjj0
n0pvSyR8WWjepRmVRZDP8SjSCu2RMrPlX6+ryyyWdS9SP/EusTFfm3LDIYih
IHXGuRN5f475tkWIzSJcmgNhudRY46DhqNoSYF2/2/Yl2+ZdHvTOFtDvKZPn
HQhxnQzsvWwn7LHM1dqs8vGJh4ItyKstq6/hyCYg98lpcUvG5W4aii0MfshV
Gp9O1x1/VfvZe/t+0rXF5NrkRlSgSeN33d3ZyjbpukpNTCh1t8/2rsgwwt2L
uZRBVRkBtMhxhllOixof+Qmm6fvcconldaqobwqnP3KwvaWIkMNfR7N87pqF
gZU16SoUXtoSo6mu72xRrlV4d0mw18JjPIajK4z4stSHxQp8U7cq2yimrkK+
VDftPVxGbjsgVPFUFpweQcyAbHUdoO7IpsbwtPE7zGvgr+YcxhQ+TzKDgm2G
a6SE5D1OTEJEKMGfl6LDWtN/88ury5NjQNf+ep/alt++94u9rI7gTsCa1yPq
e+Jowt/xH/4Y84NAND9jnsjbdg0c/pmSS8sBHO3wfq5qmXPYYM72DN7bvl0B
YvNg+91a48wetwGtkKVGIYcNLb245HJVbLibOp33ak6m3U69X7bGT4Upv0+X
Lo5r56sAvXmwTWHjuRHSoe+u6PsSVZzxJZwNuewKmVqjA1dvR79cjUbHBg61
qkA4TWcQkZ8Jxcpne+dK/CHO815N9F2Xu5gEk/olTYCa/7fKm8JoGq2tWXzH
Jmngb0j0m+TPb2woM2dwV4upbTKFkVwQ7/1k9kPw264IZl6ITStJdS1N3meh
EO7yaLFpHF9+CBk50LWbrZ00yXW9wI2yQZhwT4vLvVqdHFQpzyh2lLalZnJ6
RZdWHmoWiXaeyzTJ3N31gpZG1e0cq1m2Sem3FSnn5bZFjKiIq2DGHRC6zKt+
o8BdsLQ2APjbhJjNm5J1uiNAoBx9CKmiL85sf+BrIFrLHW0htUqSkjrhbb+Z
4b5niYGF4e46RtCW5DfhNoJ/vKvUC24UOBmpfWu6Cidaz59rBfdq2OznIVhQ
z8qb7zfrBT5KeEu3OV1VS3Q3u4YNXI6vVVXM6MNaKQbBKzqfSTod+qNXd+M/
024Uq4hv/G2zK/2EwKN0Qkw19OYQu/EOoV7PgxMvhcd/Lj1H+3/HJwhEA03v
ORTdxYM3x5c9IFy1T0HnfK+FKd2eqeHsQabvIdP3ypY/7B/8HM7vAR8Q80Ow
Hdx2fb6nJnJHX75/Lyj+9Wf3UR7xeTvK/alzd+qoEI9d5zx3MhheT954rr8V
H8XJseoJGmUpHPTE5ErRP7m4+3x2mYXzauH84JEUV1QEwdFCJTFlQbW09btG
4sJdB3Tl8jcpLEdNJP+u6fMIAUW5HyPpBxVJGk03jVYh0+Bo78+5Xc5frbde
XmlK8Dgs+PZP06Aik6Rvo3ZPrGVBnon65B7S2UgBiYKdvTC0l6i6cT/MWUsV
SykcxP1FFtmT17owXf/SrQxvZF41y2JCKqRiz1u/F8f/8FVDzir4V3JhHruG
u2bNSuxVna87y5rNWlvXdSvMiYY+4S9TXeOb9pJS64JdK1JBx1PpjaNxW8yc
4dfNbzosk5B9cyXb1bPunXBKEUtQs+ha2tYIzhqaNxXJY5vyHlVac5n4QLyG
InHRnfWILMhG9l2/nthq8ya+0Yloa3q1fg+/s/hNfXO2hc62zxlNQswvbCG4
0Sm9lV1aGFTrJDRwUdd/j1T7yYjri/+cXxLFdPViFIIbbajXMHaNf+a6b10m
yJrCqUpYrTOHvPpRuOL9mwjsiTgZng/vuQ0etNfzpluWJKoJT9qGpVTeulK8
K2V/2tcEzVxWi87W3RW1121fXpnGuqDTcoPVqf2KBYzvbN+QNi+PzN1TUC9S
6w7/pBTSNsiNEvDtpj1tcwBqr0CaMHC5rfjypf34L81PffhLegFJj+lIxxdK
5bc/fwDP2F3EH5+5g5i8Ot6nL1uctTv8yoe7fH30m93BRZIv2wNMfbi2w4Hd
oSGov3WHZ/SlReT/8Q4cMV3sZovYPxTXtn3XZuas/ve1qd+mT2KHPpFtDSNq
vE5kPDcNTx8PzU8SZPyyA9+kZefOwHnzm2mOU+mNOIZL/pn9FyzLponIu6el
benPjIq6NN00jgT/B/s2pyWNPwAA

-->

</rfc>
