Cloudflare Powers Up IPsec with Post-Quantum Encryption

Securing the Enterprise WAN

Cloudflare's announcement marks a pivotal moment in the adoption of post-quantum cryptography for enterprise networking, specifically for IPsec. The general availability of hybrid ML-KEM in their IPsec offering is a significant achievement, addressing the critical 'harvest-now-decrypt-later' threat. The emphasis on interoperability, demonstrated by successful testing with Fortinet and Cisco, is particularly noteworthy. This move is crucial because IPsec, unlike TLS which saw faster adoption of PQC, has faced a longer path to standardization due to its complex requirements for Internet-scale deployment and historical focus on specialized hardware. Cloudflare's proactive approach, pushing for a standardized solution like draft-ietf-ipsecme-ikev2-mlkem, directly tackles the 'ciphersuite bloat' and interoperability issues that have plagued earlier RFC 9370 implementations, such as the one with Palo Alto Networks. The hybrid approach, combining classical Diffie-Hellman with ML-KEM, offers a pragmatic path to quantum resistance without requiring immediate hardware overhauls for most organizations.

However, the article rightly points out that the journey is not over. The current implementation focuses on post-quantum encryption, but the need for post-quantum authentication in IPsec remains a critical gap. This means that while data in transit can be protected from future quantum decryption, active adversaries with quantum capabilities could still potentially tamper with or impersonate network endpoints. Cloudflare's commitment to a 2029 full post-quantum security target highlights the scale of this ongoing challenge. The comparison with Quantum Key Distribution (QKD) is also insightful, reinforcing why PQC implemented in software on existing hardware is the only viable path for Internet-scale security. The industry's consolidation around draft-ietf-ipsecme-ikev2-mlkem is a positive sign, but continued collaboration and standardization efforts are essential to ensure comprehensive post-quantum security across all layers of network communication.

Key Points

• Cloudflare has made post-quantum encryption for its IPsec offering generally available, addressing the 'harvest-now-decrypt-later' threat for enterprise WANs.
• The implementation uses the hybrid ML-KEM (FIPS 203) standard via draft-ietf-ipsecme-ikev2-mlkem, combining classical Diffie-Hellman with post-quantum ML-KEM for enhanced security.
• This move is crucial for IPsec, which has lagged behind TLS in PQC adoption due to interoperability and deployment challenges at Internet scale.
• Interoperability has been confirmed with major vendors like Cisco and Fortinet, overcoming previous fragmentation issues seen with RFC 9370 implementations.
• The industry is consolidating around draft-ietf-ipsecme-ikev2-mlkem, which offers a standardized and scalable approach to PQC for IPsec.
• A key limitation remains the lack of post-quantum authentication in IPsec standards, which is necessary to protect against active quantum adversaries.

---

📖 Source: Post-quantum encryption for Cloudflare IPsec is generally available