Symmetric Key Establishment and Exchange
bofreq-von-willich-symmetric-key-establishment-and-exchange-00
| Document | Type | Declined BOF request | |
|---|---|---|---|
| Title | Symmetric Key Establishment and Exchange | ||
| Last updated | 2024-06-20 | ||
| State | Declined | ||
| Editors | Gert Grammel , Manfred von Willich , Mattia Montagna , Melchior Aelmans | ||
| Responsible leadership | |||
| Send notices to | (None) |
Name: Symmetric Key Establishment and Exchange (SKEX)
Description
The proponents of the BOF believe there is need to establish a framework, and potentially also protocols, describing methods used to securely establish symmetric keys between parties, as well as rationalizing the formats and interfaces for integration of such key establishment systems into applications.
Asymmetric-key cryptography is a powerful tool for securing communication but has some shortcomings and limitations, including that they are generally computationally intensive, and their security relies on the difficulty of solving certain mathematical problems, which may be solved over time with improvements in computational capacity or mathematical advances. The arrival of the quantum era is now additionally jeopardizing the security of key exchanges that are based on asymmetric cryptography. This drives the requirement for the establishment of keys protected by symmetric cryptography, without dependence on asymmetric algorithms.
Symmetric key establishment systems can be used to semi-statically and dynamically provide keys for existing protocols that accept such keys, for example TLS 1.3 (https://datatracker.ietf.org/doc/rfc8446/), IPsec and MACsec. Scalable symmetric key establishment systems require one or more intermediaries to facilitate the process of secure key establishment or creation.
Existing work specifying the formats and interfaces for the consumption of such symmetric keys by networking equipment, often referred to as pre-shared keys, include https://www.etsi.org/deliver/etsi_gs/QKD/001_099/014/01.01.01_60/gs_qkd014v010101p.pdf, https://datatracker.ietf.org/doc/rfc6030/, https://datatracker.ietf.org/doc/rfc6031/ and https://datatracker.ietf.org/doc/rfc7517/. Existing work for the incorporation of dynamic symmetric keys in various protocols include https://datatracker.ietf.org/doc/rfc8784/ and https://datatracker.ietf.org/doc/rfc9258/. However, a common framework for the creation of such symmetric keys, as well as concrete examples of such protocols, is currently missing.
The proponent have the goal is to create a framework for secure establishment of symmetric keys and streamline their integration into applications. The second objective is to propose one or multiple protocols for symmetric key establishment.
Fill in the details below. Keep items in the order they appear here.
Required Details
- Status: WG Forming
- Responsible AD: Paul Wouters
- BOF proponents: Melchior Aelmans <maelmans@juniper.net>, Mattia Montagna <mattia.montagna@quantumbridge.io>, Daniel Shiu <daniel.shiu@arqit.uk>
- Number of people expected to attend: 50
- Length of session (1 or 2 hours): 2 hours
- Conflicts (whole Areas and/or WGs)
- Chair Conflicts: TBD
- Technology Overlap: TBD
- Key Participant Conflict: TBD
Information for IAB/IESG
To allow evaluation of your proposal, please include the following items:
- Any protocols or practices that already exist in this space: TBD
- Which (if any) modifications to existing protocols or practices are required: None expected
- Which (if any) entirely new protocols or practices are required: Any new symmetric key establishment protocols
- Open source projects (if any) implementing this work: None
Agenda
- Framework describing methods used to securely establish symmetric keys between parties
- Protocols to securely establish symmetric keys between parties
- Address requirements for the source of random numbers used in the symmetric key management system
- Specification of an API for symmetric key delivery
- Key labelling, including synchronisation
- Protection against protocol ossification
- Requirements around equipment that symmetric key management systems may use, for example so that firewalls, NAT, and other middleboxes will accommodate all traffic uniformly
- Addressing requirements for authentication between parties and parties, and parties and intermediaries for key establishment, both of identities and of messages
Links to the mailing list, draft charter if any, relevant Internet-Drafts, etc.
- Mailing List: https://mailman3.ietf.org/mailman3/lists/skex@ietf.org/
- Draft charter: proposal at https://mailarchive.ietf.org/arch/msg/skex/ibWdL2FO250SYHwAorBc-KOXOlI/
- Relevant Internet-Drafts: