Name: Symmetric Key Exchange (SKEX)

Description

The proponents of the BOF believe there is need to establish a framework, and potentially also protocols, describing methods used to securely exchange symmetric keys between parties, as well as rationalizing the formats and interfaces for integration of such key exchange systems into applications.

Asymmetric-key cryptography is a powerful tool for securing communication but it does have some shortcomings and limitations, including that they are generally computationally intensive, and their security relies on the difficulty of solving certain mathematical problems, which can be solved over time with improvements in computational capacity or mathematical advances. The arrival of the quantum era is now additionally jeopardizing the security of key exchanges based on asymmetric cryptography. This drives the requirement for the establishment of keys protected by symmetric cryptography, without dependence on asymmetric algorithms.

Symmetric key exchange systems can be used to dynamically provide keys for existing protocols that accept such keys, for example IPsec and MACsec. Scalable symmetric key exchange systems require one or more intermediaries to facilitate the process of secure key exchange or creation.

Existing work specifying the formats and interfaces for the consumption of such symmetric keys by networking equipment, often referred to as pre-shared keys, include ETSI GS QKD 014, RFC 6030, RFC 6031 and RFC 7517. Existing work for the incorporation of dynamic symmetric keys in various protocols include RFC 8784 and RFC 9258. However, a common framework for the creation of such symmetric keys, as well as concrete examples of such protocols, is currently missing.

The proponent have the goal is to create a framework for secure exchange of symmetric keys and streamline their integration into applications. The second objective is to propose one or multiple protocols for Symmetric Key Exchange.

Fill in the details below. Keep items in the order they appear here.

Required Details

• Status: not WG Forming
• Responsible AD: Roman Danyliw
• BOF proponents: Melchior Aelmans <maelmans@juniper.net>, Mattia Montagna <mattia.montagna@quantumbridge.io>, Daniel Shiu <daniel.shiu@arqit.uk>
• BOF chairs: TBD
• Number of people expected to attend: 100
• Length of session (1 or 2 hours): 2 hours
• Conflicts (whole Areas and/or WGs)
• Chair Conflicts: SEC AREA
• Technology Overlap: TBD
• Key Participant Conflict: TBD

Information for IAB/IESG

To allow evaluation of your proposal, please include the following items:

• Any protocols or practices that already exist in this space: None
• Which (if any) modifications to existing protocols or practices are required: Methods to consume symmetric keys. An example is RFC8784.
• Which (if any) entirely new protocols or practices are required: One or more protocols to security exchange, or generate in one or multiple places, symmetric keys
• Open source projects (if any) implementing this work:

Agenda

• Framework describing methods used to securely exchange symmetric keys between parties
• Protocols to securely exchange symmetric keys between parties
• Address requirements for the source of random numbers used in the symmetric key management system
• specification of an API for symmetric key delivery
• key labelling, including synchronisation
• protection against protocol ossification
• requirements around equipment that symmetric key management systems may use, for example so that firewalls, NAT, and other middleboxes will accommodate all traffic uniformly;
• Addressing requirements for authentication between parties and parties, and parties and intermediaries for key exchange, both of identities and of messages.