Lightweight Authenticated Key Exchange

Document Charter Lightweight Authenticated Key Exchange WG (lake)
Title Lightweight Authenticated Key Exchange
Last updated 2019-10-18
State Approved
WG State Active
IESG Responsible AD Benjamin Kaduk
Charter Edit AD Benjamin Kaduk
Send notices to (None)



Constrained environments using OSCORE in network environments such as
NB-IoT, 6TiSCH, and LoRaWAN need a ‘lightweight’ authenticated key
exchange (LAKE) that enables forward security.  'Lightweight' refers to:

  * resource consumption, measured by number of round-trips to complete,
    bytes on the wire, wall-clock time to complete, or power consumption
  * the amount of new code required on end systems which already have an
    OSCORE stack

but the LAKE must still provide the security properties expected of IETF
protocols, e.g., providing confidentiality protection, integrity protection,
and authentication with strong work factor.


This working group is intended to be a narrowly focused activity
intended to produce at most one LAKE for OSCORE usage and close.

The working group will collaborate and coordinate with other IETF WGs
such as ACE, CORE, 6TISCH, LPWAN, and LWIG to understand and validate the
requirements and solution.  draft-selander-ace-cose-ecdhe is a candidate
starting point for the LAKE produced by the WG.  Any work available from
TLS or other WGs that satisfies the determined requirements will also be
evaluated for suitability, but does not preclude the WG from freely
selecting its preferred LAKE for OSCORE.

Program of Work

The deliverables of this WG are:

1. Design requirements of the lightweight authenticated key exchange
protocol for OSCORE (this draft will not be published as an RFC but will be
used to drive WG consensus on the deliverable (2))

2. Specify a lightweight authenticated key exchange protocol suitable for
use in constrained environments using OSCORE