<?xml version="1.0" encoding="US-ASCII"?>
<rfc category="info" consensus="false"
     docName="draft-chen-qirg-srv6-qkd-relay-framework-00" ipr="trust200902"
     sortRefs="true" submissionType="IETF" symRefs="true" tocDepth="3"
     tocInclude="true" version="3" xml:lang="en">
  <front>
    <title abbrev="SRv6 QKD Relay Framework">A Framework for SRv6-Based
    Trusted Key Relay in Quantum Key Distribution Networks</title>

    <seriesInfo name="Internet-Draft"
                value="draft-chen-qirg-srv6-qkd-relay-framework-00"/>

    <author fullname="Xinyu Chen" initials="X." surname="Chen">
      <organization>China Mobile</organization>

      <address>
        <email>chenxinyuyjy@chinamobile.com</email>
      </address>
    </author>

    <author fullname="Liuyan Han" initials="L." surname="Han">
      <organization>China Mobile</organization>

      <address>
        <email>hanliuyan@chinamobile.com</email>
      </address>
    </author>

    <author fullname="Longfei Dai" initials="L." surname="Dai">
      <organization>Huawei Technologies</organization>

      <address>
        <email>larry.dai@huawei.com</email>
      </address>
    </author>

    <date day="6" month="July" year="2026"/>

    <workgroup>QIRG</workgroup>

    <keyword>QKD</keyword>

    <keyword>Quantum Key Distribution</keyword>

    <keyword>trusted relay</keyword>

    <keyword>SRv6</keyword>

    <keyword>UDP</keyword>

    <abstract>
      <t>Quantum Key Distribution (QKD) links generate symmetric key material
      between directly connected QKD nodes. Trusted relay is commonly used to
      extend key delivery beyond the reach of a single QKD link. A complete
      trusted-relay service requires the network to collect QKD link capacity
      and node trust information, compute a relay path according to service
      requirements, translate the result into an SRv6 path, and carry the
      relayed key information in an IPv6/UDP packet steered by that SRv6
      path.</t>

      <t>This document describes an architectural framework for such a
      service. Each QKD link provides its available quantum key rate capacity,
      and each relay node provides a trust level. A controller uses these
      inputs together with application requirements to calculate a relay path.
      The path-computation algorithm is not standardized and may be selected
      or defined by the user, operator, or implementation. The calculated
      relay sequence is represented as an SRv6 path, and UDP packets following
      that path carry the key-relay information.</t>

      <t>This document identifies the protocol extension points needed to
      support the framework. The detailed encodings, message formats, SRv6
      behaviors, TLVs, and signaling procedures are left for future work and
      are marked as TBD.</t>
    </abstract>
  </front>

  <middle>
    <section anchor="intro">
      <name>Introduction</name>

      <t>Quantum Key Distribution provides a method for generating shared
      symmetric keys between two QKD systems. The physical distance of a
      single QKD link is limited by optical attenuation, noise, equipment
      capability, and deployment conditions. Large-scale QKD networks
      therefore commonly use trusted relay nodes to deliver key material
      across multiple QKD links.</t>

      <t>Trusted relay is not only a key-management function. It also requires
      a network path that selects the correct relay nodes in the correct
      order. The path should take into account at least two QKD-specific
      properties:</t>

      <ul>
        <li>the quantum key rate capacity available on each QKD link; and</li>

        <li>the trust level of each node that may process the relayed
        key.</li>
      </ul>

      <t>After the path is calculated, the network must enforce the selected
      relay sequence and carry the key-relay information between the nodes.
      This document uses SRv6 as the path-steering mechanism and UDP as the
      transport for the key-relay information.</t>

      <t>The framework is intended to connect four previously separated
      functions:</t>

      <ul>
        <li>QKD resource and trust information collection;</li>

        <li>service-driven path computation;</li>

        <li>SRv6 path generation and installation; and</li>

        <li>hop-by-hop trusted key relay using SRv6-steered UDP packets.</li>
      </ul>

      <t>This document focuses on the architecture and protocol requirements.
      It does not define detailed wire formats or a mandatory path-computation
      algorithm.</t>

      <section anchor="requirements-language">
        <name>Requirements Language</name>

        <t>The key words <bcp14>MUST</bcp14>, <bcp14>MUST NOT</bcp14>,
        <bcp14>REQUIRED</bcp14>, <bcp14>SHALL</bcp14>, <bcp14>SHALL
        NOT</bcp14>, <bcp14>SHOULD</bcp14>, <bcp14>SHOULD NOT</bcp14>,
        <bcp14>RECOMMENDED</bcp14>, <bcp14>NOT RECOMMENDED</bcp14>,
        <bcp14>MAY</bcp14>, and <bcp14>OPTIONAL</bcp14> in this document are
        to be interpreted as described in BCP 14 <xref target="RFC2119"/>
        <xref target="RFC8174"/> when, and only when, they appear in all
        capitals, as shown here.</t>
      </section>

      <section anchor="scope">
        <name>Scope</name>

        <t>This document specifies an architectural framework in which:</t>

        <ul>
          <li>each QKD link provides quantum key rate capacity
          information;</li>

          <li>each QKD node provides node trust information;</li>

          <li>a controller computes a relay path according to service
          requirements;</li>

          <li>the path-computation algorithm may be defined by the operator,
          user, or implementation;</li>

          <li>the controller translates the selected relay sequence into an
          SRv6 path;</li>

          <li>SRv6 steers UDP packets through the selected trusted relay
          nodes; and</li>

          <li>the UDP payload carries the key-relay information required by
          the trusted relay process.</li>
        </ul>

        <t>The following items are outside the scope of this document:</t>

        <ul>
          <li>the detailed algorithm used for path computation;</li>

          <li>the detailed protocol encoding used to advertise QKD link
          capacity;</li>

          <li>the detailed protocol encoding used to advertise node trust
          levels;</li>

          <li>the detailed SRv6 endpoint behavior or SRH extension;</li>

          <li>the detailed UDP message format;</li>

          <li>the cryptographic protection format for the UDP payload;</li>

          <li>the local interface between the relay function and the QKD key
          management system; and</li>

          <li>multi-path key splitting and reconstruction.</li>
        </ul>

        <t>All such protocol details are left as TBD.</t>
      </section>
    </section>

    <section anchor="terminology">
      <name>Terminology</name>

      <dl newline="true">
        <dt>QKD Link</dt>

        <dd>A communication relationship between two directly connected QKD
        nodes that can generate shared key material.</dd>

        <dt>QKD Node</dt>

        <dd>A network node containing, or connected to, QKD key-generation and
        key-management functions.</dd>

        <dt>Trusted Relay Node</dt>

        <dd>A QKD node authorized to receive, process, and forward relayed key
        information.</dd>

        <dt>Quantum Key Rate Capacity</dt>

        <dd>A metric describing the amount or rate of QKD-generated key
        material that a QKD link can provide for a key-relay service.</dd>

        <dt>Node Trust Level</dt>

        <dd>A metric describing the trustworthiness of a QKD node according to
        the operator's security policy.</dd>

        <dt>Service Requirement</dt>

        <dd>A set of constraints associated with a key-relay request, such as
        requested key rate, minimum node trust level, maximum number of
        relays, latency, administrative policy, and protection
        requirements.</dd>

        <dt>QKD Controller</dt>

        <dd>A control function that collects QKD topology information,
        receives service requirements, computes a trusted relay path, and
        installs the corresponding SRv6 path.</dd>

        <dt>SRv6 Path</dt>

        <dd>An ordered SRv6 segment list used to steer a key-relay packet
        through the selected trusted relay nodes.</dd>

        <dt>Key-Relay Packet</dt>

        <dd>An IPv6 packet containing an SRv6 path and a UDP payload carrying
        key-relay information.</dd>
      </dl>
    </section>

    <section anchor="problem-statement">
      <name>Problem Statement</name>

      <t>A conventional IP path is selected mainly according to reachability
      and network metrics. Such a path may not be suitable for QKD key relay
      because it does not necessarily consider QKD key availability or node
      trustworthiness.</t>

      <t>For example, the shortest IP path may traverse:</t>

      <ul>
        <li>a QKD link that currently provides insufficient key rate;</li>

        <li>a relay node whose trust level is below the requirement of the
        application;</li>

        <li>a node that has no QKD relay capability; or</li>

        <li>a relay sequence different from the sequence selected by the QKD
        controller.</li>
      </ul>

      <t>A QKD relay service therefore needs a mechanism that connects path
      computation with packet forwarding. The controller first selects a relay
      path based on QKD-specific inputs and service requirements. It then
      expresses that path as an SRv6 segment list so that key-relay packets
      visit the selected relay nodes in the selected order.</t>

      <t>The key-relay information is carried in the UDP payload. Each trusted
      relay node processes the received information and forwards a new or
      updated UDP packet toward the next relay according to the SRv6 path.</t>
    </section>

    <section anchor="framework-overview">
      <name>Framework Overview</name>

      <section anchor="functional-components">
        <name>Functional Components</name>

        <t>The framework contains the following logical components:</t>

        <figure anchor="framework-components">
          <name>SRv6-Based QKD Trusted Relay Framework</name>

          <artwork type="ascii-art"><![CDATA[
+--------------------+       resource and trust       +-------------+
| QKD Links and      | ---------------------------->  |             |
| QKD Relay Nodes    |                                |             |
+--------------------+                                |             |
                                                      |    QKD      |
+--------------------+       service request          | Controller  |
| Application or KME | ---------------------------->  |             |
+--------------------+                                |             |
                                                      +------+------+
                     path install                            |
        +----------------------------------------------------+
        |                                                    
        v                                                    
   +---------+      +-----------+      +-----------+      +---------+
   | Source  |----->| Relay R1  |----->| Relay R2  |----->| Dest.   |
   | QKD/KME |      | SRv6/QKD  |      | SRv6/QKD  |      | QKD/KME |
   +---------+      +-----------+      +-----------+      +---------+
          SRv6-steered IPv6/UDP key-relay packets
]]></artwork>
        </figure>

        <t>The components may be implemented in separate physical devices or
        combined in one device. For example, an SRv6 router and a QKD key
        management entity may be integrated or connected through a protected
        local interface.</t>
      </section>

      <section anchor="information-flow">
        <name>Information Flow</name>

        <t>The general information flow is:</t>

        <ol>
          <li>QKD links provide their quantum key rate capacity to the control
          system.</li>

          <li>QKD relay nodes provide their node trust levels and relay
          capabilities to the control system.</li>

          <li>An application or key-management entity sends a key-relay
          service request to the QKD controller.</li>

          <li>The controller combines the QKD topology information with the
          service requirements.</li>

          <li>The controller runs a path-computation algorithm selected by the
          user, operator, or implementation.</li>

          <li>The controller generates an ordered relay-node sequence.</li>

          <li>The controller translates the relay-node sequence into an SRv6
          path.</li>

          <li>The controller installs the SRv6 path and any required relay
          state.</li>

          <li>The source sends a UDP key-relay packet along the SRv6
          path.</li>

          <li>Each trusted relay node processes the key-relay information and
          forwards the packet toward the next relay.</li>

          <li>The destination accepts the delivered key information and may
          return an acknowledgment.</li>
        </ol>
      </section>
    </section>

    <section anchor="path-computation-inputs">
      <name>Path-Computation Inputs</name>

      <section anchor="qkrc">
        <name>Quantum Key Rate Capacity</name>

        <t>Quantum Key Rate Capacity, referred to as QKRC in this document, is
        a metric describing the QKD key-generation resource associated with a
        QKD link.</t>

        <t>The value <bcp14>SHOULD</bcp14> represent the amount of key
        material that can be made available to new key-relay services.
        Depending on the implementation, it may represent:</t>

        <ul>
          <li>a nominal key-generation rate;</li>

          <li>a currently available key-generation rate;</li>

          <li>an available amount of key material in a key pool;</li>

          <li>a combination of current rate and stored key amount; or</li>

          <li>another operator-defined capacity metric.</li>
        </ul>

        <t>The exact capacity model is deployment specific. A controller
        <bcp14>MUST</bcp14> understand the semantics of the value before using
        it for path computation.</t>

        <t>A QKD link with no usable key-generation capability <bcp14>MUST
        NOT</bcp14> be selected for a new key-relay path.</t>

        <t>The protocol used to advertise QKRC and its detailed encoding are
        TBD.</t>
      </section>

      <section anchor="ntl">
        <name>Node Trust Level</name>

        <t>Node Trust Level, referred to as NTL in this document, is a
        policy-defined metric representing the degree of trust assigned to a
        QKD relay node.</t>

        <t>An implementation may use a five-level model such as:</t>

        <dl newline="true">
          <dt>Level 1</dt>

          <dd>Minimal trust.</dd>

          <dt>Level 2</dt>

          <dd>Basic operational trust.</dd>

          <dt>Level 3</dt>

          <dd>Moderate trust with controlled physical and management
          access.</dd>

          <dt>Level 4</dt>

          <dd>High trust with enhanced hardware and operational
          protection.</dd>

          <dt>Level 5</dt>

          <dd>Maximum trust under the operator's assurance policy.</dd>
        </dl>

        <t>The specific criteria associated with each level are defined by the
        operator, user, or applicable assurance framework. Trust levels from
        different administrative or assurance domains may not be directly
        comparable.</t>

        <t>A service may require that every selected trusted relay node meet a
        minimum NTL.</t>

        <t>The protocol used to advertise NTL and its detailed encoding are
        TBD.</t>
      </section>

      <section anchor="service-requirements">
        <name>Service Requirements</name>

        <t>A key-relay request may contain one or more of the following
        requirements:</t>

        <ul>
          <li>source QKD node or source KME;</li>

          <li>destination QKD node or destination KME;</li>

          <li>requested key rate;</li>

          <li>requested key amount;</li>

          <li>minimum node trust level;</li>

          <li>maximum number of trusted relay nodes;</li>

          <li>maximum latency;</li>

          <li>administrative inclusion or exclusion policy;</li>

          <li>path diversity or protection requirement;</li>

          <li>service priority; and</li>

          <li>service lifetime.</li>
        </ul>

        <t>The exact service-request interface and message format are TBD.</t>
      </section>
    </section>

    <section anchor="path-computation">
      <name>Path Computation</name>

      <section anchor="general-requirements">
        <name>General Requirements</name>

        <t>The controller uses the QKD topology information and service
        requirements to select a trusted relay path.</t>

        <t>A valid path <bcp14>SHOULD</bcp14> satisfy all mandatory service
        constraints. At a minimum, the controller <bcp14>SHOULD</bcp14> verify
        that:</t>

        <ul>
          <li>consecutive relay nodes are connected by usable QKD links;</li>

          <li>selected QKD links provide sufficient quantum key rate
          capacity;</li>

          <li>selected relay nodes satisfy the required node trust level;</li>

          <li>selected relay nodes support the required trusted relay
          function; and</li>

          <li>the selected relay sequence can be represented and installed as
          an SRv6 path.</li>
        </ul>

        <t>The controller <bcp14>MAY</bcp14> consider additional information,
        including IP transport cost, link latency, key-pool status, network
        congestion, failure risk, administrative boundaries, or protection
        policy.</t>
      </section>

      <section anchor="user-defined-algorithms">
        <name>User-Defined Algorithms</name>

        <t>This document does not define or require a specific
        path-computation algorithm.</t>

        <t>The algorithm <bcp14>MAY</bcp14> be:</t>

        <ul>
          <li>selected by the operator;</li>

          <li>configured by the user;</li>

          <li>implemented as a shortest-path or constrained shortest-path
          algorithm;</li>

          <li>implemented as a multi-objective optimization algorithm;</li>

          <li>based on policy rules;</li>

          <li>based on real-time measurements; or</li>

          <li>implemented using another vendor-specific or
          application-specific method.</li>
        </ul>

        <t>Different algorithms may produce different valid paths for the same
        input. Such differences do not affect protocol interoperability,
        provided that the resulting relay path can be represented as an SRv6
        path and installed consistently at the participating nodes.</t>
      </section>

      <section anchor="path-output">
        <name>Path Output</name>

        <t>The output of path computation is an ordered sequence of trusted
        relay nodes from the source to the destination.</t>

        <t>The controller maps each relay node to an SRv6 segment or SRv6
        service instruction. The resulting SRv6 path <bcp14>MUST</bcp14>
        preserve the relay order selected by the path-computation
        function.</t>

        <t>The detailed mapping between a trusted relay node and an SRv6 SID
        is TBD.</t>

        <t>The controller <bcp14>MAY</bcp14> also insert transport-related
        segments when needed to constrain the classical IP path between two
        trusted relay nodes. The detailed rules are TBD.</t>
      </section>
    </section>

    <section anchor="srv6-based-key-relay">
      <name>SRv6-Based Key Relay</name>

      <section anchor="srv6-path-representation">
        <name>SRv6 Path Representation</name>

        <t>SRv6 provides an ordered list of network instructions that can be
        carried in an IPv6 packet. In this framework, the SRv6 path represents
        the ordered trusted relay sequence selected by the controller.</t>

        <t>Each trusted relay node <bcp14>SHOULD</bcp14> be explicitly
        represented in the SRv6 path. This ensures that the key-relay packet
        is processed by all selected relay nodes in the required order.</t>

        <t>The framework may require one or more SRv6 extensions to identify a
        QKD trusted relay function or to associate an SRv6 SID with a local
        key-relay service.</t>

        <t>The specific SRv6 endpoint behavior, SID format, signaling method,
        and processing rules are TBD.</t>
      </section>

      <section anchor="udp-based-key-relay">
        <name>UDP-Based Key Relay</name>

        <t>The SRv6 packet carries a UDP datagram. The UDP payload carries the
        information required by the trusted key-relay process.</t>

        <t>The UDP payload may need to contain information such as:</t>

        <ul>
          <li>key-relay service identifier;</li>

          <li>relay session identifier;</li>

          <li>source and destination KME identifiers;</li>

          <li>key identifier;</li>

          <li>protected key material;</li>

          <li>sequence information;</li>

          <li>relay-hop information;</li>

          <li>lifetime information;</li>

          <li>acknowledgment indication; and</li>

          <li>error information.</li>
        </ul>

        <t>This list identifies functional requirements only. It does not
        define a wire format.</t>

        <t>The UDP port, message types, field encoding, cryptographic
        container, and message-protection mechanism are TBD.</t>
      </section>

      <section anchor="processing-at-trusted-relay-nodes">
        <name>Processing at Trusted Relay Nodes</name>

        <t>When a key-relay packet reaches a trusted relay node, the node
        performs the trusted relay function associated with that SRv6
        processing point.</t>

        <t>The logical processing includes:</t>

        <ol>
          <li>Verify that the packet belongs to an authorized key-relay
          service.</li>

          <li>Verify that the packet follows an installed and valid relay
          path.</li>

          <li>Deliver the UDP key-relay information to the local QKD relay or
          KME function.</li>

          <li>Process the received key information according to the trusted
          relay policy.</li>

          <li>Obtain any key material required to protect the next relay
          hop.</li>

          <li>Generate or update the UDP key-relay information for the next
          node.</li>

          <li>Continue forwarding according to the SRv6 path.</li>
        </ol>

        <t>At the destination, the key information is delivered to the
        destination KME or application.</t>

        <t>The exact packet-processing behavior and the division of functions
        between the SRv6 node and the KME are TBD.</t>
      </section>
    </section>

    <section anchor="protocol-extension-requirements">
      <name>Protocol Extension Requirements</name>

      <t>This section identifies the protocol areas that require extension.
      Only the extension objectives are defined. All detailed formats and
      procedures are TBD.</t>

      <section anchor="qkd-link-capacity-advertisement">
        <name>QKD Link Capacity Advertisement</name>

        <t>A protocol extension is required to advertise the quantum key rate
        capacity of each QKD link to the controller.</t>

        <t>The extension <bcp14>SHOULD</bcp14> support:</t>

        <ul>
          <li>identification of the associated QKD link;</li>

          <li>representation of QKRC;</li>

          <li>indication of link availability;</li>

          <li>dynamic update of the value;</li>

          <li>withdrawal or expiration of stale information; and</li>

          <li>integrity protection of the advertised information.</li>
        </ul>

        <t>The protocol selected for carrying this information and the
        detailed extension format are TBD.</t>

        <t>Possible protocol families may include a link-state routing
        protocol, BGP-LS, a management protocol, or a controller-specific
        interface. No specific choice is made in this document.</t>
      </section>

      <section anchor="node-trust-advertisement">
        <name>Node Trust Advertisement</name>

        <t>A protocol extension is required to advertise the trust level and
        QKD relay capability of each node.</t>

        <t>The extension <bcp14>SHOULD</bcp14> support:</t>

        <ul>
          <li>node identification;</li>

          <li>node trust level;</li>

          <li>trust or assurance domain;</li>

          <li>indication of trusted relay capability;</li>

          <li>validity or freshness information; and</li>

          <li>withdrawal or downgrade after a security event.</li>
        </ul>

        <t>The protocol selected for carrying this information and the
        detailed extension format are TBD.</t>
      </section>

      <section anchor="srv6-path-installation">
        <name>SRv6 Path Installation</name>

        <t>A mechanism is required for the controller to install the
        calculated SRv6 path at the source and, when necessary, at the trusted
        relay nodes.</t>

        <t>The mechanism <bcp14>SHOULD</bcp14> support:</t>

        <ul>
          <li>installation of an ordered segment list;</li>

          <li>association of the segment list with a QKD relay service;</li>

          <li>activation and deactivation of a path;</li>

          <li>replacement of an old path by a new path;</li>

          <li>installation of a reverse or protection path when required;
          and</li>

          <li>consistent lifecycle management of path and relay state.</li>
        </ul>

        <t>The use of an existing SR Policy mechanism or another
        controller-to-device protocol is possible. The selected mechanism and
        any required extension are TBD.</t>
      </section>

      <section anchor="srv6-service-identification">
        <name>SRv6 Service Identification</name>

        <t>An SRv6 extension may be required to identify that a segment
        invokes a QKD trusted relay function.</t>

        <t>The extension may be realized by a dedicated SRv6 endpoint
        behavior, a service SID, an argument carried in a SID, a policy
        association, or another SRv6 mechanism.</t>

        <t>The selected mechanism, code point, SID structure, and processing
        behavior are TBD.</t>
      </section>

      <section anchor="key-relay-context-in-srv6-packets">
        <name>Key-Relay Context in SRv6 Packets</name>

        <t>The key-relay packet may require non-secret context that is visible
        to the SRv6 and relay-processing functions.</t>

        <t>Such context may include:</t>

        <ul>
          <li>service identifier;</li>

          <li>session identifier;</li>

          <li>path identifier;</li>

          <li>relay count;</li>

          <li>minimum required trust level; and</li>

          <li>processing flags.</li>
        </ul>

        <t>The context may be carried in an SRH TLV, another IPv6 extension,
        the UDP payload, or local policy state.</t>

        <t>The selected location, encoding, mutability rules, and protection
        method are TBD.</t>

        <t>Key material itself <bcp14>SHOULD NOT</bcp14> be carried in an
        unprotected SRv6 or IPv6 header field.</t>
      </section>

      <section anchor="udp-key-relay-message">
        <name>UDP Key-Relay Message</name>

        <t>A UDP-based protocol extension or new protocol is required to carry
        the key-relay information.</t>

        <t>The protocol <bcp14>SHOULD</bcp14> support:</t>

        <ul>
          <li>transfer of protected key material;</li>

          <li>service and session identification;</li>

          <li>source and destination identification;</li>

          <li>sequencing and duplicate detection;</li>

          <li>relay-hop processing;</li>

          <li>lifetime control;</li>

          <li>acknowledgment;</li>

          <li>error reporting; and</li>

          <li>cryptographic protection.</li>
        </ul>

        <t>The UDP port, versioning model, common header, payload encoding,
        key-protection method, and algorithm negotiation are TBD.</t>
      </section>

      <section anchor="acknowledgment-and-error-handling">
        <name>Acknowledgment and Error Handling</name>

        <t>A key-relay service may require confirmation that the destination
        has accepted the relayed key.</t>

        <t>The framework therefore requires a mechanism for:</t>

        <ul>
          <li>successful delivery acknowledgment;</li>

          <li>relay-processing failure notification;</li>

          <li>path or session mismatch notification;</li>

          <li>insufficient QKD resource notification;</li>

          <li>retransmission or status query; and</li>

          <li>duplicate-safe delivery.</li>
        </ul>

        <t>The message types, timers, retry rules, state machine, and error
        codes are TBD.</t>
      </section>
    </section>

    <section anchor="operational-considerations">
      <name>Operational Considerations</name>

      <t>QKD link capacity and node trust information may change over time. A
      controller <bcp14>SHOULD</bcp14> use sufficiently fresh information when
      admitting a new key-relay service.</t>

      <t>A controller <bcp14>SHOULD</bcp14> coordinate the following
      operations:</t>

      <ul>
        <li>collection of QKD resource and trust information;</li>

        <li>path computation;</li>

        <li>QKD resource reservation, when supported;</li>

        <li>SRv6 path installation;</li>

        <li>relay-state installation;</li>

        <li>source activation;</li>

        <li>path update or protection switching; and</li>

        <li>resource and state release.</li>
      </ul>

      <t>When the relay path changes, the controller <bcp14>SHOULD</bcp14>
      ensure that packets associated with the old path are not incorrectly
      processed on the new path.</t>

      <t>The specific reservation, transaction, and make-before-break
      procedures are TBD.</t>
    </section>

    <section anchor="security-considerations">
      <name>Security Considerations</name>

      <dl newline="true">
        <dt>Trusted Relay Model</dt>

        <dd>Every trusted relay node may obtain access to the relayed key
        information. The security of the end-to-end service therefore depends
        on every selected relay node. A node trust level is a policy input and
        does not eliminate the inherent trusted-relay risk.</dd>

        <dt>Integrity of Path-Computation Inputs</dt>

        <dd>An attacker that changes QKRC or NTL information may cause the
        controller to select an exhausted, unavailable, or insufficiently
        trusted path. The mechanisms used to distribute these values
        <bcp14>MUST</bcp14> provide authentication and integrity protection.
        The detailed mechanism is TBD.</dd>

        <dt>Authorization of SRv6 Paths</dt>

        <dd>An attacker <bcp14>MUST NOT</bcp14> be able to create an
        unauthorized SRv6 path that invokes the trusted relay function. SRv6
        ingress filtering, policy authorization, and path validation
        <bcp14>SHOULD</bcp14> be used. Any additional mechanism is TBD.</dd>

        <dt>Protection of Key Material</dt>

        <dd>Key material carried in the UDP payload <bcp14>MUST</bcp14> be
        protected against disclosure and modification. The detailed
        encryption, authentication, key-identification, and nonce-handling
        mechanisms are TBD.</dd>

        <dt>Binding to the Selected Path</dt>

        <dd>A key-relay message <bcp14>SHOULD</bcp14> be bound to the intended
        service, session, and relay path so that it cannot be moved to a
        different path or replayed in a different context. The detailed
        binding mechanism is TBD.</dd>

        <dt>Replay and Duplicate Delivery</dt>

        <dd>The key-relay protocol <bcp14>MUST</bcp14> provide replay
        protection and duplicate-safe processing. The detailed sequence-number
        and state-management procedures are TBD.</dd>

        <dt>Relay Node Protection</dt>

        <dd>A relay node <bcp14>SHOULD</bcp14> process plaintext key
        information only inside a protected execution and storage environment.
        The implementation <bcp14>SHOULD</bcp14> minimize the lifetime of
        plaintext key material.</dd>

        <dt>Denial of Service</dt>

        <dd>SRv6 and UDP processing may expose relay nodes and KMEs to
        resource-exhaustion attacks. Implementations <bcp14>SHOULD</bcp14> use
        filtering, rate limiting, bounded state, and authorization
        checks.</dd>

        <dt>Metadata Exposure</dt>

        <dd>An SRv6 path may reveal the trusted relay sequence, and visible
        context may reveal that a QKD key-relay service is active. Operators
        <bcp14>SHOULD</bcp14> evaluate whether additional tunnel or
        metadata-protection mechanisms are required.</dd>
      </dl>
    </section>

    <section anchor="manageability-considerations">
      <name>Manageability Considerations</name>

      <t>An implementation <bcp14>SHOULD</bcp14> provide management and
      telemetry for:</t>

      <ul>
        <li>QKD link capacity and availability;</li>

        <li>node trust level and its validity;</li>

        <li>active key-relay service requests;</li>

        <li>calculated relay paths;</li>

        <li>installed SRv6 policies;</li>

        <li>active relay sessions;</li>

        <li>key-relay packet counts;</li>

        <li>successful and failed key deliveries;</li>

        <li>path changes and protection events; and</li>

        <li>security and policy failures.</li>
      </ul>

      <t>Management systems <bcp14>MUST NOT</bcp14> expose plaintext key
      material or QKD link keys in logs, telemetry, alarms, or diagnostic
      output.</t>

      <t>The detailed YANG models, telemetry models, and management interfaces
      are TBD.</t>
    </section>

    <section anchor="iana-considerations">
      <name>IANA Considerations</name>

      <t>This document makes no IANA requests.</t>

      <t>Future documents that define the protocol extensions identified in
      <xref target="protocol-extension-requirements"/> may request allocations
      for SRv6 endpoint behaviors, SRH TLVs, routing-protocol TLVs, UDP
      service names or port numbers, message types, error codes, or other
      protocol parameters.</t>
    </section>
  </middle>

  <back>
    <references>
      <name>Normative References</name>

      <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"
                  xmlns:xi="http://www.w3.org/2001/XInclude"/>

      <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"
                  xmlns:xi="http://www.w3.org/2001/XInclude"/>

      <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8200.xml"
                  xmlns:xi="http://www.w3.org/2001/XInclude"/>

      <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8754.xml"
                  xmlns:xi="http://www.w3.org/2001/XInclude"/>

      <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8986.xml"
                  xmlns:xi="http://www.w3.org/2001/XInclude"/>
    </references>

    <references>
      <name>Informative References</name>

      <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8402.xml"
                  xmlns:xi="http://www.w3.org/2001/XInclude"/>

      <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9256.xml"
                  xmlns:xi="http://www.w3.org/2001/XInclude"/>

      <reference anchor="ITU-Y3800">
        <front>
          <title>Overview on networks supporting quantum key
          distribution</title>

          <author>
            <organization>ITU-T</organization>
          </author>

          <date month="October" year="2019"/>
        </front>

        <seriesInfo name="Recommendation" value="Y.3800"/>
      </reference>

      <reference anchor="ETSI-QKD014">
        <front>
          <title>Quantum Key Distribution (QKD); Protocol and data format of
          REST-based key delivery API</title>

          <author>
            <organization>ETSI</organization>
          </author>
        </front>

        <seriesInfo name="ETSI GS" value="QKD 014"/>
      </reference>
    </references>

    <section anchor="example-service-procedure">
      <name>Example Service Procedure</name>

      <t>This appendix provides a non-normative example.</t>

      <t>Assume the following relay topology:</t>

      <figure anchor="example-topology">
        <name>Example Relay Topology</name>

        <artwork type="ascii-art"><![CDATA[
   Source S ---- Relay R1 ---- Relay R2 ---- Destination D
]]></artwork>
      </figure>

      <t>Each QKD link reports its available quantum key rate capacity. R1 and
      R2 report their node trust levels.</t>

      <t>An application requests a key-relay service from S to D with:</t>

      <ul>
        <li>a required key rate;</li>

        <li>a minimum node trust level; and</li>

        <li>a maximum number of relay nodes.</li>
      </ul>

      <t>The controller performs the following actions:</t>

      <ol>
        <li>Collect the current QKD link capacity and node trust
        information.</li>

        <li>Invoke a path-computation algorithm selected by the user or
        operator.</li>

        <li>Select the ordered relay sequence S-R1-R2-D.</li>

        <li>Translate R1, R2, and D into an SRv6 segment list.</li>

        <li>Install the SRv6 path and any required relay state.</li>

        <li>Instruct S to send a UDP key-relay packet.</li>

        <li>R1 processes the key-relay information and forwards it toward
        R2.</li>

        <li>R2 processes the key-relay information and forwards it toward
        D.</li>

        <li>D accepts the delivered key information.</li>

        <li>D may send an acknowledgment to S.</li>
      </ol>

      <t>The detailed routing-protocol extensions, SRv6 behavior, packet
      formats, state machine, and cryptographic processing are all TBD.</t>
    </section>
  </back>
</rfc>
