SKEX Agenda
IETF 122 [hybrid] Bangkok

Wednesday 19 March 2025
02:30 (UTC)/09:30 (Bangkok), 2 hours

Meetecho:
https://meetings.conf.meetecho.com/ietf122/?group=skex&short=&item=1

Notes: https://notes.ietf.org/notes-ietf-122-skex

Chairs: Yaron Sheffer and Alexey Melnikov

Opening - Chairs (5 min)

1. Chairs reviewed Note Well and Note Really Well (Be nice)
2. Agenda Bash
   1. Charter discussion dependant on how the session goes.

Slides:
https://datatracker.ietf.org/meeting/122/materials/slides-122-skex-presentation-slides-v03-00

Problem statement (why do we need this) (10 min)

• See slides

• Issues enumerated with Kerberos.

  • Eric - disagrees with assessment
  • Hannes - agrees with Eric - some "flaws" are features
  • Tirumalseswar - what is the cross domain use cases
    • Michael - example - each Cloud Service Provider is its own
      domain.

• No scalable symmetric key establishment without a central "all
  knowing" authority

• Need a quantum safe, efficient scalable solutions that PKC and PQC
  fail to address.

  • Eric - this is not an accurate representation of Kerberos.
    Disagree on multiple points
  • Gullin Wang - How do you provide these long term keys without
    trust relationships
  • Wei Pan - If you don't trust one key distribution system, you
    just need to use multiple systems at the same time. DSKE is one
    part of the broader set of systems.

  • Stephen Farrell - Not best approach to say Kerberos is wrong. Is
    this motivated by QKD.

    • Not motivated by QKD
    • Motivation is a key management system that rmeoves a single
      point of trust.
    • Stephen - this is less compelling

  • Unidentified speaker

    • There is appetite for other key distributions systems.
    • simpler way to distribute keys to service provider/data
      centers (e.g see MACsec?)

  • Hannes Tschoffeninig

    • IoT has many years of key distribution standardisation. Has
      this been considered/reviewed.
    • Use cases may be too broad.

  • Thom Wiggers

    • Slide is dismissive of PQC
    • There are other properties that are important.
    • Need to be clear about what we are getting and not getting.

  • Daniel Shiu

    • DSKE is one option
    • Perhaps Kerberos can be re-engineered
    • Should not throw out this working group just because people
      don't like DSKE

Use cases (10 min)

• See slides

• Eric

  • Symmetric keys are attractive because they are simple and
    efficient. Kerberso solves it
    • Disagreement on solution, not problem

• Tirumalseswar

  • If MACsec works, why is this needed, what challenges are solved
    here
    • MACsec is easy - why not bring it to the IETF

• Hooman: We are not here to challenge PKI

  • Some vendors (mobile backhaul) must be encrypted. Now need
    encryption.
  • Mobile operators lack knowledge of certificates, certificate
    management
  • 4-5 years of work
  • alternative is to go cleartext, governments may mandate
    soemthing else
  • They need a very simple protocol for key management
  • MACsec is becoming very popular - it is very simple and easy to
    do. No cert managmenet, simple to provision
  • Radius over TLS too complex (certificates), now they can use
    MACsec.
  • Not agains symmetric key distribution (kerberos) or PKI. Want to
    make it simple. Can somethng likeMKA be brought in.
  • MPLS is very popular in federal goverment.
  • Certs is complex, need simpler alternative.

  • MACsec + MKA Key Distribution for critical infrastructure.

    • Request "loosening up" of PKI restraints.
    • Enterprise cert managment is "simple" by comparison to core
      infrastructure.
    • Use pre-shared key - distributed through other mechanisms.

  • Eric

    • Clarifyoing question about slides.
      • There is an entity that configures the preshared key
        (PSK)
      • Can be a human entering it.

  • Viktor

    • Not traditioanlly had good key distribution and management
    • Kerberos had this built in
    • What is the shape of the communication flow - peer-to-peer
      etc.
      • PKI is there and won't change
      • Symmetric key crypto won't change the internet
      • Will simplify bulk encryption at transport layer (mobile
        backhau;l - 10k-50k sites that are connected)
      • This is mostly for bulk encryption

  • Hannes

    • Is use cases agreed?

    • Why can't the existing approaches be used? Impression is
      other options have not been considered.

      • IoT use case is for the transport layer

    • Use case was not clearly represented.

      • Device that uses PKI won't change.

    • IoT is not really a use case

      • MACsec is getting popular - most of the networks is MPLS
        • nothing in IETF that can encrypt MPLS
      • MACsec encrypts traffic between two routers

  • Wei Pan

    • What is the problem

      • Want a very simple solution without PKI or PQC to
        encrypt end-to-end communications.

    • There is a long history of problems with pre-shared key
      distribution - this is why Kerberos exist.

    • Have you tried Kerberos in your system

      • Yes - some people want a different flavour.

    • Kerberos is fine, you just want something else?

    • What are you solving

      • example MPLS encryption

    • Want to standardise MKAoIP?

      • One example

    • Key problem is not key distribution (Kerberos)

      • Keys derived from pre shared keys are not standardised

    • What is the Problem

      • MPLS encryption (IEEE 802.11)

  • Tirumalseswar

    • Not trying to replace what is already in place

  • Bob Moskowitz

    • Highlights cost and challenges of PKI

      • Spends lots of time relaxing PKI requirements

    • Bob - needs a new cert every flight. This is a process
      problem.

      • Educating customers - cost is too high.
      • PKI User experience competes with typing in a 256
        character code.
      • This is a business problem
      • If answer is PKI, it is a closed minded approach.

  • Christopher Wood

    • Shares confusion - why can existing things not be used.

    • What happens if first pre shared key is compromised?

      • reconfigure the key

    • Pre-shared keys are looking back, there are better solutions

      • You're saying MacSEC is broken
      • IEEE 802.11 is broken?

    • Not broken - irrelevant - this is not how we reason over
      security

      • Why is every router provider making money from MACsec?

Interactions and interfaces with IPsec, TLS, MACsec, etc. (5 min) - was not discussed

SKEX protocols

Unmediated Symmetric Key Establishment - Daniel (10 min)

• See slides
• No discussion

Distributed Symmetric Key Establishment - Mattia (10 min)

• See slides
• No discussion

Draft charter discussion - Chairs (55 min)

The charter was not read out or discussed.

BoF questions (15 minutes)

Only one question was asked:

Is the Problem clear, well scoped and useful to solve
1. Yes 24
2. No 44
3. No Opinion 5

The chairs did not determine consensus, either way.

No further questions.

Paul (AD)

• Discuss further on mailing list
• Need more clarity before we have next steps