Automatic IETF Minutes

Markdown Version | Session Recording

Session Date/Time: 19 Mar 2025 02:30

# skex

## Summary

This was a BoF session to discuss symmetric key exchange (SKEX). The session included presentations on the problem statement, use cases, and two specific protocol proposals. A poll was conducted to gauge support for the problem statement. The session concluded without forming a working group.

## Key Discussion Points

*   **Quantum Computing Vulnerability:** Discussion on the vulnerability of asymmetric cryptography to quantum computers and the limitations of post-quantum cryptography (PQC).
*   **PKI Limitations:** The computational overhead and complexity associated with PKI, particularly for IoT devices, were discussed.
*   **Kerberos vs. SKEX:** Debate on the suitability of Kerberos for key exchange, specifically in distributed environments, and whether modifications or a new protocol were needed.
*   **Trust Model:** Discussion about central trust in Kerberos versus distributed trust in proposed SKEX solutions (e.g., Distributed Symmetric Key Establishment - DSKE). Concerns raised about whether distributed trust was simply centralization in disguise.
*   **Information Theoretic Security:** Whether the information-theoretic security provided at the key exchange level was relevant given the common use of AES afterwards.
*   **Pre-shared Keys (PSKs):** Pragmatic challenges around manually configuring and managing PSKs, and if the alternative SKEX solutions introduce complexity of their own.
*   **IOT Use Cases:** Discussion regarding the need for cross-domain key exchange in IoT deployments.
*   **MaxSec Use Cases:** The simplicity and widespread adoption of MaxSec was discussed with the main driver being MPLS encryption.
*   **PKI vs Symmetric Key Exchange:** Discussion if the SKEX group will challenge the use of PKI or just propose alternative approaches where PKI is overkill.
*   **MPLS Encryption:**  New emerging use cases of using MPLS encryption and a need for new key distribution methods to manage this.
*   **Re-Keying in Symmetric Key Environments**: A lack of best practices in symmetric key exchanges and a need to secure the process.
*   **Unmediated Symmetric Key Establishment:** Presentation of a basic outline for point-to-point key establishment starting from pre-shared credentials.
*   **Distributed Symmetric Key Establishment (DSKE):** Presentation of a protocol aiming for mathematical simplicity, security proofs, and minimal security assumptions and provides security, scalability, and distributes trust.

## Decisions and Action Items

*   **No Working Group Formation:** Given the poll results, a working group was not formed at this session.
*   **Clarify Problem Statement:** Proponents to further clarify the problem statement and use cases on the SKEX mailing list.

## Next Steps

*   Proponents to work on clarifying the split use cases of the different use cases and how they converge into the solutions space and post to the Skax mailing list.