Group Key Management Using the Internet Key Exchange Protocol Version 2
RFC 9838, “Group Key Management Using the Internet Key Exchange Protocol Version 2”, is a Proposed Standard document published in November 2025 by V. Smyslov, B. Weis. It obsoletes RFC 6407. The canonical text is published by the RFC Editor.
Abstract
This document presents an extension to the Internet Key Exchange Protocol Version 2 (IKEv2) for the purpose of group key management. The protocol is in conformance with the Multicast Security (MSEC) Group Key Management architecture, which contains two components: member registration and group rekeying. Both components are required for a Group Controller/Key Server (GCKS) to provide authorized Group Members (GMs) with IPsec Group Security Associations (GSAs). The GMs then exchange IP multicast or other group traffic as IPsec packets.
This document obsoletes RFC 6407.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 9838 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9837 The IPv6 VPN Service Destination Option
- RFC 9839 Unicode Character Repertoire Subsets
- RFC 9836 A YANG Data Model for Augmenting VPN Service and Network Models with Attachment Circuits
- RFC 9840 rLEDBAT: Receiver-Driven Low Extra Delay Background Transport for TCP
- RFC 9835 A Network YANG Data Model for Attachment Circuits
- RFC 9841 Shared Brotli Compressed Data Format
- RFC 9834 YANG Data Models for Bearers and Attachment Circuits as a Service
- RFC 9842 Compression Dictionary Transport