From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: lake@ietf.org
Reply-To: iesg@ietf.org
Subject: WG Review: Lightweight Authenticated Key Exchange (lake)
The Lightweight Authenticated Key Exchange (lake) WG in the Security Area of
the IETF is undergoing rechartering. The IESG has not made any determination
yet. The following draft charter was submitted, and is provided for
informational purposes only. Please send your comments to the IESG mailing
list (iesg@ietf.org) by 2023-06-30.
Lightweight Authenticated Key Exchange (lake)
-----------------------------------------------------------------------
Current status: Active WG
Chairs:
Mališa Vučinić <malisa.vucinic@inria.fr>
Stephen Farrell <stephen.farrell@cs.tcd.ie>
Assigned Area Director:
Paul Wouters <paul.wouters@aiven.io>
Security Area Directors:
Roman Danyliw <rdd@cert.org>
Paul Wouters <paul.wouters@aiven.io>
Mailing list:
Address: lake@ietf.org
To subscribe: https://www.ietf.org/mailman/listinfo/Lake
Archive: https://mailarchive.ietf.org/arch/browse/lake/
Group page: https://datatracker.ietf.org/group/lake/
Charter: https://datatracker.ietf.org/doc/charter-ietf-lake/
EDHOC (draft-ietf-lake-edhoc), an output of the LAKE working group, defines a
lightweight authenticated key exchange protocol between two peers. EDHOC is
intended to be used in constrained network environments such as NB-IoT, 6TiSCH
and LoRaWAN.
By publishing EDHOC, the base protocol specification, and the lake-traces
document, the LAKE working group has completed its initial goals. The working
group will continue to work on maintaining and extending the base protocol
specification as appropriate.
The initial design scope of EDHOC ruled out authentication based on pre-shared
symmetric keys and focused on asymmetric authentication credentials (e.g., raw
public keys and public key certificates) in order to streamline the working
group activities. Similarly, the base protocol specification does not define a
protocol for rekeying but rather a rekeying function to use as an inner
building block for key update.
The working group now will define an EDHOC rekeying protocol reusing the
protocol elements from the base specification that uses symmetric keys for
authentication, to make those usable both during a key update and a first-time
key exchange.
Within each protocol message, EDHOC provides External Authorization Data (EAD)
fields. These fields may be used by external security applications to reduce
the number of messages and round trips, or to simplify processing. The working
group will specify the following uses of EAD fields to augment the EDHOC key
exchange:
- 3rd party-assisted authorization of EDHOC peers.
Draft-selander-lake-authz
is a candidate starting point for this work.
- Remote attestation of EDHOC peers, reusing as much as possible available
work from the RATS and TLS working groups.
- Status verification of EDHOC peer authentication credentials transported
during an EDHOC key exchange (e.g. OCSP stapling).
The working group will also work on a means for coordinating the use and
discovery of EDHOC application profiles, the definition of a well-known
application profile and processing extensions through EDHOC’s defined
extension points, such as registering new schemes and new EAD registrations.
In addition, the working group will work on a document gathering
implementation considerations and guidance for the base protocol
specification.
Milestones:
Jun 2024 - Implementation considerations and guidance submitted to IESG as
Informational RFC
Jun 2024 - 3rd party-assisted authorization of EDHOC submitted to IESG as
Proposed Standard
Nov 2024 - EDHOC rekeying protocol submitted to IESG as Proposed Standard
Nov 2024 - Remote attestation of EDHOC peers submitted to IESG as Proposed
Standard
Mar 2025 - Verification of EDHOC authentication credentials submitted to
IESG as Proposed Standard
WG action announcement
WG Action Announcement
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>,
lake-chairs@ietf.org,
lake@ietf.org
Subject: WG Action: Rechartered Lightweight Authenticated Key Exchange (lake)
The Lightweight Authenticated Key Exchange (lake) WG in the Security Area of
the IETF has been rechartered. For additional information, please contact the
Area Directors or the WG Chairs.
Lightweight Authenticated Key Exchange (lake)
-----------------------------------------------------------------------
Current status: Active WG
Chairs:
Mališa Vučinić <malisa.vucinic@inria.fr>
Stephen Farrell <stephen.farrell@cs.tcd.ie>
Assigned Area Director:
Paul Wouters <paul.wouters@aiven.io>
Security Area Directors:
Roman Danyliw <rdd@cert.org>
Paul Wouters <paul.wouters@aiven.io>
Mailing list:
Address: lake@ietf.org
To subscribe: https://www.ietf.org/mailman/listinfo/Lake
Archive: https://mailarchive.ietf.org/arch/browse/lake/
Group page: https://datatracker.ietf.org/group/lake/
Charter: https://datatracker.ietf.org/doc/charter-ietf-lake/
EDHOC (draft-ietf-lake-edhoc), an output of the LAKE working group, defines a
lightweight authenticated key exchange protocol between two peers. EDHOC is
intended to be used in constrained network environments such as NB-IoT, 6TiSCH
and LoRaWAN.
By publishing EDHOC, the base protocol specification, and the lake-traces
document, the LAKE working group has completed its initial goals. The working
group will continue to work on maintaining and extending the base protocol
specification as appropriate.
The initial design scope of EDHOC ruled out authentication based on pre-shared
symmetric keys and focused on asymmetric authentication credentials (e.g., raw
public keys and public key certificates) in order to streamline the working
group activities. Similarly, the base protocol specification does not define a
protocol for rekeying but rather a rekeying function to use as an inner
building block for key update.
The working group now will define a Standards Track EDHOC rekeying protocol
reusing the protocol elements from the base specification that uses symmetric
keys for authentication, to make those usable both during a key update and a
first-time key exchange.
Within each protocol message, EDHOC provides External Authorization Data (EAD)
fields. These fields may be used by external security applications to reduce
the number of messages and round trips, or to simplify processing. The working
group will specify Standards Track documents with the following uses of EAD
fields to augment the EDHOC key exchange:
- 3rd party-assisted authorization of EDHOC peers.
Draft-selander-lake-authz
is a candidate starting point for this work.
- Remote attestation of EDHOC peers, reusing as much as possible available
work from the RATS and TLS working groups.
- Status verification of EDHOC peer authentication credentials transported
during an EDHOC key exchange (e.g. OCSP stapling).
The working group will also work on a Standard Track means for coordinating
the use and discovery of EDHOC application profiles, the definition of a
well-known application profile and processing extensions through EDHOC’s
defined extension points, such as registering new schemes and new EAD
registrations.
In addition, the working group will work on an Informational document
gathering implementation considerations and guidance for the base protocol
specification.
Milestones:
Jun 2024 - Implementation considerations and guidance submitted to IESG as
Informational RFC
Jun 2024 - 3rd party-assisted authorization of EDHOC submitted to IESG as
Proposed Standard
Nov 2024 - EDHOC rekeying protocol submitted to IESG as Proposed Standard
Nov 2024 - Remote attestation of EDHOC peers submitted to IESG as Proposed
Standard
Mar 2025 - Verification of EDHOC authentication credentials submitted to
IESG as Proposed Standard