Name: Symmetric Key Establishment and Exchange (SKEX)

Description

Symmetric key establishment systems can be used to semi-statically and dynamically provide or supplement keys for existing protocols that accept pre-shared or pre-positioned keys independent of a public key and so might create hybrid keys. For example TLS 1.3 (RFC 8446 and RFC 8773), IPsec (RFC 8784) and MACsec (draft-hb-intarea-eap-mka-00). There are multiple use cases where pre-shared keys using ad hoc key exchange mechanisms are in widespread use despite lacking a general framework. Any scalable key establishment system must address challenges of enrolment, security properties, usability, and cost.

Asymmetric-key cryptography, while powerful and often convenient, has limitations, including being computationally intensive and potentially vulnerable to quantum computing or mathematical attacks, thus not fully addressing all security needs. This emphasises the need for symmetric-cryptography-based key establishment mechanisms that don't rely on asymmetric algorithms. Such systems can provide keys for secure internet communications.

Proposed solutions must address not only the secure transport of symmetric keys but also the mechanisms needed to ensure that only authenticated and authorised peers can securely access these keys. Identifying the peers is part of the enrolment process.

A community of implementers of symmetric key establishment and exchange solutions, network equipment vendors and consumers propose a framework, one or multiple protocols to securely establish symmetric keys between parties, as well as rationalising the formats and interfaces for integration of such key establishment systems into security applications.

Modification of existing protocols, including IPsec, MACsec, TLS, etc., is expected to be out of scope for this WG.

The proponents' goal is to create a framework for secure establishment of symmetric keys to match security requirements, and to streamline their integration into applications. The second objective is to propose one or multiple protocols for symmetric key establishment.

Required Details

• Status: WG Forming
• Responsible AD: Paul Wouters
• BOF Chairs: Yaron Sheffer, Alexey Melnikov
• BOF proponents: Melchior Aelmans <melchior.aelmans@quantumbridge.io>, Gert Grammel <ggrammel@juniper.net>, Daniel Shiu <daniel.shiu@arqit.uk>, Hooman Bidgoli <hooman.bidgoli@nokia.com>, Ken Rich <ken.rich@hpe.com>, Peter Bordow <Peter.Bordow@wellsfargo.com>, Marc Hulzebos <marc.hulzebos@eurofiber.com>, Diego R. Lopez <diego.r.lopez@telefonica.com>
• Number of people expected to attend: 100
• Length of session (1 or 2 hours): 2 hours
• Conflicts (whole Areas and/or WGs): SEC Area, CFRG, PQUIP, QIRG
• Chair Conflicts: Yaron Sheffer, Alexey Melnikov
• Technology Overlap: TLS, IPsecME
• Key Participant Conflict: Paul Wouters

Information for IAB/IESG

• The proponents believe that a new working group is required as the work does not fit into any existing WG.
• Existing work specifying the formats and interfaces for the consumption of symmetric keys, often referred to as pre-shared keys, include ETSI GS QKD 014, RFC 6030, RFC 6031 and RFC 7517.
• Existing work for the incorporation of symmetric keys in various protocols includes RFC 8784 and RFC 9258.
• A common framework and protocols for the exchange and/or establishment of such symmetric keys using only symmetric cryptography techniques, as well as concrete examples of such protocols, are currently missing or of restricted applicability.
• Protocol spec that would fit into the SKEX charter: https://datatracker.ietf.org/doc/draft-mwag-dske/
• RIPE NCC has granted funding of an open source implementation for a potential Symmetric Key Establishment protocol: https://www.ripe.net/community/community-initiatives/cpf/previous-funding-recipients/funding-recipients-2024/

Agenda

• Agenda Bashing

  • Timing: 5 min

• Symmetric Key Establishment solutions: an outline of the need (why are we here?)

  • Timing: 10 min

• Asymmetric key exchange mechanisms: the problems that they do not address

  • Timing: 10 min

• Framework for Symmetric Key Establishment solution: requirements and security

  • Timing: 10 min

• Protocols for Symmetric Key Establishment

  • Timing: 15 min

• Interactions and interfaces with IPsec, TLS, MACsec, etc.

  • Timing: 15 min

• Discussion of the proposed Charter

  • Timing: 20 min

• Discussion

  • Timing: 20 min

Links to the mailing list, draft charter if any, relevant Internet-Drafts, etc.

• Mailing list: https://mailman3.ietf.org/mailman3/lists/skex@ietf.org/
• Draft charter: https://github.com/Symmetric-Key-Exchange/skex-charter/
• Relevant Internet-Drafts: https://datatracker.ietf.org/doc/draft-mwag-dske/