[Lake] EDHOC-PSK is ready for formal analysis
Mališa Vučinić <malisa.vucinic@inria.fr> Tue, 28 October 2025 15:20 UTC
Return-Path: <malisa.vucinic@inria.fr>
X-Original-To: lake@mail2.ietf.org
Delivered-To: lake@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 10F8F7D7EF2E for <lake@mail2.ietf.org>; Tue, 28 Oct 2025 08:20:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=inria.fr
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5PwhQ27jnZp0 for <lake@mail2.ietf.org>; Tue, 28 Oct 2025 08:20:14 -0700 (PDT)
Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 23EBA7D7EF24 for <lake@ietf.org>; Tue, 28 Oct 2025 08:20:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inria.fr; s=dc; h=from:mime-version:subject:message-id:date:to; bh=ZhT/oUalH9u7/yvdDnQfHbgr5wspu4G/R8gOvrhajKo=; b=QsYP3RzmwJO/yWGr9lgliTEzkc8EDFjat3cUgeQ0HADhCqDRN+THFtsg F660+IC1VMPpTsI6aBUur8UGdkUvTdgZ3XWYYbJ3ygg8dQT9yvHJ8jYDG b594KPyjy6G/KIiuSFBooRkiFm28Oe9b3msSMcJFmi5cj4Mw0tpIhRlN2 c=;
X-CSE-ConnectionGUID: wy88zN/uTwixhIQjAxL2VQ==
X-CSE-MsgGUID: X00JdjSCRoOpxe+kNPLvbw==
Authentication-Results: mail2-relais-roc.national.inria.fr; dkim=none (message not signed) header.i=none; spf=SoftFail smtp.mailfrom=malisa.vucinic@inria.fr; dmarc=fail (p=none dis=none) d=inria.fr
X-IronPort-AV: E=Sophos;i="6.19,261,1754949600"; d="scan'208,217";a="246542096"
Received: from mac-02009675.paris.inria.fr (HELO smtpclient.apple) ([128.93.67.119]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Oct 2025 16:20:07 +0100
From: Mališa Vučinić <malisa.vucinic@inria.fr>
Content-Type: multipart/alternative; boundary="Apple-Mail=_5B35152A-C00D-44AD-B862-11CC8AF3E59E"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.700.81\))
Message-Id: <A6A1E758-AB48-4173-979C-DA75E5CA4D37@inria.fr>
Date: Tue, 28 Oct 2025 16:19:56 +0100
To: lake@ietf.org
X-Mailer: Apple Mail (2.3826.700.81)
Message-ID-Hash: TCTJW557JXR7X7JNLARJDKNOBBFS3OOB
X-Message-ID-Hash: TCTJW557JXR7X7JNLARJDKNOBBFS3OOB
X-MailFrom: malisa.vucinic@inria.fr
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Lake] EDHOC-PSK is ready for formal analysis
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/A4YOMyFDQunzYDVSlsjt_C6yaRE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Owner: <mailto:lake-owner@ietf.org>
List-Post: <mailto:lake@ietf.org>
List-Subscribe: <mailto:lake-join@ietf.org>
List-Unsubscribe: <mailto:lake-leave@ietf.org>
Dear all, As you know, Ephemeral Diffie-Hellman over COSE (EDHOC, RFC 9528) specifies a lightweight authenticated key exchange protocol between two peers. EDHOC is especially suited for constrained environments such as NB-IoT, 6TiSCH, LoRaWAN and BLE. The authentication in RFC 9528 is limited to asymmetric credentials, signature or static Diffie-Hellman (DH) keys. The working group’s next milestone is to produce an EDHOC method that provides authentication based on pre-shared symmetric keys. In January 2025, we adopted draft-ietf-lake-edhoc-psk [1] as a solution document specifying a protocol that can be used both during a key update and a first-time key exchange. This email triggers the call for analysis of draft-ietf-lake-edhoc-psk in its -06 version. In its Security Considerations section (Section 9), the draft summarizes the claimed security properties. We are calling for analysis whether the claimed security properties hold in the symbolic and computational security models. In order to allow enough time for the analyses to happen, we are freezing the draft from any changes until 15 February 2026. The tentative timeline is as follows: - October 2025: start of the analysis phase - November 2025 - February 2026: interested teams work on different analyses - by 15 February 2026: interested teams notify the working group and the document author team of vulnerabilities found - by 2 March 2026 (IIETF 125 I-D cutoff): document authors submit a new version of the draft integrating the (proposed) mitigations - 16-20 March 2026 (LAKE @ IETF 125 meeting): formal analysis teams present their findings to the working group; in parallel; document authors present mitigations to the different vulnerabilities found. If you are interested in contributing to the analysis of the next EDHOC method, do reach out to lake-chairs@ietf.org <mailto:lake-chairs@ietf.org>. Best, Mališa and Renzo, your LAKE chairs [1] https://datatracker.ietf.org/doc/draft-ietf-lake-edhoc-psk
- [Lake] EDHOC-PSK is ready for formal analysis Mališa Vučinić