IETF Post-Quantum Cryptography Protocol Standards
- Issuer
- Internet Engineering Task Force(IETF)
- Effective date
- May 1, 2018
- Published date
- May 1, 2018
- Full text
- View full text →
Summary
The IETF has standardized how post-quantum cryptographic algorithms are deployed in internet protocols including TLS 1.3, X.509 certificates, CMS, and SSH. Published RFCs include RFC 8391 (XMSS), RFC 8554 (LMS/HSS), and RFC 9370 (ML-KEM in TLS 1.3). Active work in the LAMPS working group has produced X.509 certificate profile RFCs for ML-DSA and SLH-DSA. These protocol-level standards are essential for real-world PQC deployment across internet infrastructure.
PKI impact
IETF standards define the exact wire format and X.509 certificate structure required for PQC interoperability across the internet. RFC 9370 (TLS/SSL), and LAMPS WG X.509 profile RFCs for ML-DSA and SLH-DSA are the normative references every PKI operator must implement to issue and validate PQC certificates in standard protocols.
Migration hints
- Enable RFC 9370 ML-KEM key exchange in TLS 1.3 by updating TLS library dependencies — most production stacks (OpenSSL 3.5+, BoringSSL) now support it — before issuing PQC authentication certificates to ensure key exchange compatibility.
- Issue ML-DSA and SLH-DSA certificates using the OIDs and X.509 extensions defined in IETF LAMPS WG RFCs; non-standard OIDs will cause validation failures in compliant relying parties.
- For S/MIME and CMS, track IETF LAMPS WG progress on ML-DSA and ML-KEM CMS profiles to ensure certificate issuance aligns with finalized RFC formats before deployment.
- Validate RFC 8391 (XMSS) and RFC 8554 (LMS) implementation compliance in your firmware signing pipeline against the published test vectors before production use.
Trust chain considerations
- Root CAs must use IETF LAMPS WG-defined X.509 profiles for ML-DSA to issue interoperable PQC trust anchors; deviating from these profiles will cause chain validation failures in compliant relying parties.
- X.509 profile RFCs for ML-DSA and SLH-DSA were published in 2025 — verify your CA software supports the finalized OIDs and extension profiles before mass certificate issuance.
Milestones (2)
| Deadline | Label | Type | Hard | Notes |
|---|---|---|---|---|
| Jun 1, 2025 | ML-KEM in TLS 1.3 RFC published | Full Compliance | RFC 9370 published June 2025, standardizing ML-KEM key exchange in TLS 1.3. | |
| Sep 1, 2025 | ML-DSA and SLH-DSA X.509 certificate RFCs published | Full Compliance | IETF LAMPS WG published X.509 certificate profile RFCs for ML-DSA and SLH-DSA in 2025. |
Algorithm references (5)
- XMSSSP 800-208Recommended
Replaces: RSA, ECDSA
Standardized in RFC 8391 (2018). Recommended for stateful hash-based signature use cases requiring long-term security guarantees.
- LMS / HSSSP 800-208Recommended
Replaces: RSA, ECDSA
Standardized in RFC 8554 (2019). Recommended for stateful hash-based signatures, particularly firmware and software signing.
- ML-KEMFIPS 203Recommended
Replaces: RSA, ECDH
Standardized for use in TLS 1.3 via RFC 9370 (2025). Defines ML-KEM key exchange for TLS connections.
- ML-DSAFIPS 204Recommended
Replaces: RSA, ECDSA
X.509 certificate profiles for ML-DSA standardized by IETF LAMPS WG in 2025.
- SLH-DSAFIPS 205Recommended
Replaces: RSA, ECDSA
X.509 certificate profiles for SLH-DSA standardized by IETF LAMPS WG in 2025.
Changelog (4)
| Date | Type | Description |
|---|---|---|
| Jun 1, 2025 | Status | RFC 9370 published, standardizing ML-KEM for TLS 1.3 key exchange. IETF LAMPS WG simultaneously published X.509 certificate profile RFCs for ML-DSA and SLH-DSA, completing core protocol-layer PQC standardization. |
| Jul 1, 2024 | Amendment | IETF LAMPS and TLS working groups published updated drafts for ML-KEM in TLS 1.3 and ML-DSA/SLH-DSA in X.509 certificates following NIST FIPS 203/204/205 finalization. |
| Feb 1, 2019 | New | RFC 8554 published, standardizing LMS/HSS stateful hash-based signature scheme for internet use. |
| May 1, 2018 | New | RFC 8391 published, standardizing XMSS stateful hash-based signature scheme for internet use. |
Issuer
Internet Engineering Task ForceIETF
Type: STANDARDS BODY
Region: Global