IETF Logo Mail Archive

Re: [skex] Naming: SKEX and DSKE

Manfred von Willich <manfred.vonwillich@quantumbridge.io> Thu, 28 March 2024 14:54 UTC

Return-Path: <manfred.vonwillich@quantumbridgetech.com>
X-Original-To: skex@ietfa.amsl.com
Delivered-To: skex@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D052FC14CE42 for <skex@ietfa.amsl.com>; Thu, 28 Mar 2024 07:54:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.647
X-Spam-Level:
X-Spam-Status: No, score=-1.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=quantumbridgetech-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NctP0o4rt_fz for <skex@ietfa.amsl.com>; Thu, 28 Mar 2024 07:54:13 -0700 (PDT)
Received: from mail-ua1-x936.google.com (mail-ua1-x936.google.com [IPv6:2607:f8b0:4864:20::936]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36BA4C14F690 for <skex@ietf.org>; Thu, 28 Mar 2024 07:54:13 -0700 (PDT)
Received: by mail-ua1-x936.google.com with SMTP id a1e0cc1a2514c-7db1a2c1f96so404378241.0 for <skex@ietf.org>; Thu, 28 Mar 2024 07:54:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quantumbridgetech-com.20230601.gappssmtp.com; s=20230601; t=1711637652; x=1712242452; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=j7h/SP9fME0tVwHCbqeufO/maxlQCvMJHZYLIQJXf+8=; b=TNWHZUm+G+LkUPT7umyB13T2JmmxJMPlxW3yQUlHgymykbDzNvpmZ7PsrcHje+rKWz AKm5CKWx26EYTf0nCTyKenfEYwUgINt/LidWRhKRs1qDBpc6fTdgx5E+7zgk3f0/yPIw mhYUczILCH7DKWTnwbVjZD/JAuPN4fNoFc6tA97+BzPYTBQMI34U6iTokIEoyNaOXIXG MiS0zT2Qmiti3w/M5gm71zKFGnGuUw3YWNQuVudlVXftmb5cde3aAUBdkNNflHtQHinC olW7SqcbPPLTyRWz2sQRgK0pTyRyLU67Z2qcJIEnXNCAEwELPUdjr1DhaJyVK6dtYTa/ ZM7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711637652; x=1712242452; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=j7h/SP9fME0tVwHCbqeufO/maxlQCvMJHZYLIQJXf+8=; b=X7/oy6NkCb9kpQ03yipiGl5gBjCndad3+S5K5WgDLYIoMikwHjmfnF+oP5I75SNdek TlIXWPmWLYz8jQPQrw7hHqC/IajeEqjexXTGdeUG6f/91MhCpfyW6dfnYGE5DVP+h8gW K81R9GNU8u+do/3P0oApucMA1NcKo6Xtl6a63p4c6X+S+iDuwqN6BvbwNFG0gh/RsEMF JxsPvnuPPXeEwGjWocnqs/cytkMZwK4mluiWXKmrRiu0fONpWdt6zkfOV1xAK3VBrJPM E+if8PU1ibZ47NshPP5UUp2fSxXqEelFMESfwnQNgGzmDkr8fg1l+POG61qjWXbd2aTK z9hA==
X-Gm-Message-State: AOJu0YzX8HwY5Tm05jBS+H+bWgCjSezXyJGjHKAgOkF0x0xvuCgbJo6R LVDw1QHYMz76NmjvNmyCUSoZWxzAgQYXrolLTSWTqEKW8kWpaX/eZYqAzbG/kl5FoXIVR9JcX7s GmSoAL5I5ba3MeMdStUqaqyyVIWbE7EBElxbqaUIjl6FlYCKZ4CI=
X-Google-Smtp-Source: AGHT+IECmyjVL/CzeZKICrvyVrY/YSG5rBn0bOG3vHoPXUPIOKPDXBO8AkIqR+mStQXyEH7U1+4XrmzYTOmJ4/SvHFE=
X-Received: by 2002:a05:6102:1247:b0:476:b0b4:32b2 with SMTP id p7-20020a056102124700b00476b0b432b2mr2324031vsg.8.1711637651814; Thu, 28 Mar 2024 07:54:11 -0700 (PDT)
MIME-Version: 1.0
References: <CAL96d55YSdEiiLuy5wTk1X=Lqh3SmiYsejjkc927kjDdV+hzfw@mail.gmail.com> <cfd6268aae4841babce83bb577861ae3@huawei.com>
In-Reply-To: <cfd6268aae4841babce83bb577861ae3@huawei.com>
From: Manfred von Willich <manfred.vonwillich@quantumbridge.io>
Date: Thu, 28 Mar 2024 10:53:36 -0400
Message-ID: <CAL96d57+-HS=79YYN_Jhyof5L7eC-45mvq7FGDW_4Aa18OyQow@mail.gmail.com>
To: "skex@ietf.org" <skex@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000038983b0614b9b21b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/skex/OUTNttIUJE-8TCW2ZEHzFkUPX6c>
Subject: Re: [skex] Naming: SKEX and DSKE
X-BeenThere: skex@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Symmetric Key Exchange <skex.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/skex>, <mailto:skex-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/skex/>
List-Post: <mailto:skex@ietf.org>
List-Help: <mailto:skex-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/skex>, <mailto:skex-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Mar 2024 14:54:16 -0000

> On Wed, Mar 27, 2024 at 6:57 AM Panwei (William) <william.panwei=
40huawei.com@dmarc.ietf.org> wrote:

> After thinking more, I think SKEX and QKD are somehow connected and have
the possibility of collaboration / integration. Using them together may be
good to provide a solution suitable for more scenarios.

DSKE is an example that would compete with QKD in QKD's use cases, but will
also address a much wider range of use cases.  Your observation about
combining them is valid: we have already found ways in which combining them
makes sense.

> I heard that the plan is to have a BoF in IETF 120. I think there are
still many things need to be prepared before the meeting to make it
successful.

Agreed.  You have pointed some out, but perhaps we should develop (specify
in more detail) this list of objectives of what we want to have ready
before IETF 120.  I get the impression that a draft WG charter would be one
of the first things to write.  Some of the objectives you mention might be
suitable for including in a charter.

> About what should be done in IETF, the first thing I think is to make the
use cases clear. Use cases and problem statement are always the most
important thing. Neither SKEX nor QKD is used to replace PQC, so it’s
necessary to make clear what kind of use cases are suitable for the use of
SKEX.

Agreed.  Let me start with a few overall cases.

   - Symmetric key agreement for assured quantum-safety in point-to-point
   network encryptor links, especially where the session keys may have a short
   cryptoperiod.  This is where QKD fits, but has disadvantages (cost,
   inflexibility, limited range and rate, etc.).  There are diverse industries
   where this applies: corporate, enterprise, governmental, financial, cloud
   infrastructure, etc.  This may be using MACsec keying, IPsec via RFC 8784,
   and others.
   - A symmetric key agreement for zero-trust application networks, either
   alone or in TLS/QUIC via RFC 8784.  This might cover IoT, and communication
   apps such as on mobile devices, for both corporate use and large
   communities.
   - A rather exceptional use case: allowing mutually distrustful
   organizations to communicate securely in a way that cannot be cheated by
   any single organization (negotiations come to mind).

> The second thing is to identify what the characteristics of these use
cases are and what security properties are needed. The purpose is to
identify what part are missing and can be done in IETF.

I tend to work backwards: from a protocol, I deduce what properties are
ensured by it, and then find supported use cases.  However, I agree that
being clear about required security properties for use cases is essential.
I would add to this point that an important part to consider in the SKEX
charter is whether there are interface aspects to be standardized, with a
view to interoperability and interchangeability.  IETF would probably not
deal with specific interfaces, but might more abstractly specify data to be
transferred via an API, sort of abstracting ETSI GS QKD 014 and adapting
it, including security requirements.  I think that this is going to be very
important to users, integrators and vendors, and will positively impact
adoption.

> The third thing is about the solution or protocol part. Firstly,
currently I don’t know whether an architecture is needed, this may depends
on how complex the use cases and solutions are. Secondly, I don’t think
currently it’s the right time to do the comparisons or decisions among
different symmetric key exchange solutions or protocols. I think it’s
better to discuss that after the working group created. I’m curious whether
DSKE is the only one that the proponents want to proceed with. It’s fine to
me if DSKE is the final winner of the competition among solutions. But I’m
not an symmetric key exchange expert. And I’d like to see more people
participate in, bring their solutions to IETF and share their ideas of why
they think their solution is good. At the end, there may be more than one
protocol that people want to standardize, maybe because the need and
appliance of different use cases.

For now, I would like to assume that a SKEX WG could accommodate several
protocols being considered for RFC/standardization.  Any "competition"
between protocols would arise as a result of IETF constraints.  For the
time being, DSKE is the only one I'm aware of that is on the table as a
published protocol, but that need not remain so.  This is for a BoF/WG to
debate.

> There is one more thing that I’m not clear now. If the working group
being successfully created and DSKE being chosen, should DSKE first go
through CFRG for security evaluation?

Before it goes too far in the process, I believe close analysis of any new
protocol is appropriate.  DSKE is new.  So I believe so, yes, as soon as
the SKEX BoF/WG has some consensus on the viability of DSKE.

Manfred


On Wed, Mar 27, 2024 at 6:57 AM Panwei (William) <william.panwei=
40huawei.com@dmarc.ietf.org> wrote:

> Hi,
>
>
>
> I’ve attended the side meeting and I’m interested in this topic.
>
>
>
> Previously, I only considered counteracting the quantum threat through PQC
> and QKD. I’m actually a fan of QKD.
>
> During the side meeting, I was impressed by listing the Symmetric Key
> Exchange (SKEX) as the third direction. But after the meeting, I feel this
> is reasonable.
>
> After thinking more, I think SKEX and QKD are somehow connected and have
> the possibility of collaboration / integration. Using them together may be
> good to provide a solution suitable for more scenarios.
>
>
>
> I heard that the plan is to have a BoF in IETF 120. I think there are
> still many things need to be prepared before the meeting to make it
> successful.
>
> About what should be done in IETF, the first thing I think is to make the
> use cases clear. Use cases and problem statement are always the most
> important thing. Neither SKEX nor QKD is used to replace PQC, so it’s
> necessary to make clear what kind of use cases are suitable for the use of
> SKEX.
>
> The second thing is to identify what the characteristics of these use
> cases are and what security properties are needed. The purpose is to
> identify what part are missing and can be done in IETF.
>
> The third thing is about the solution or protocol part. Firstly, currently
> I don’t know whether an architecture is needed, this may depends on how
> complex the use cases and solutions are. Secondly, I don’t think currently
> it’s the right time to do the comparisons or decisions among different
> symmetric key exchange solutions or protocols. I think it’s better to
> discuss that after the working group created. I’m curious whether DSKE is
> the only one that the proponents want to proceed with. It’s fine to me if
> DSKE is the final winner of the competition among solutions. But I’m not an
> symmetric key exchange expert. And I’d like to see more people participate
> in, bring their solutions to IETF and share their ideas of why they think
> their solution is good.
>
> At the end, there may be more than one protocol that people want to
> standardize, maybe because the need and appliance of different use cases.
>
>
>
> There is one more thing that I’m not clear now. If the working group being
> successfully created and DSKE being chosen, should DSKE first go through
> CFRG for security evaluation?
>
>
>
> Regards & Thanks!
>
> Wei PAN (潘伟)
>
>
>
> *From:* skex <skex-bounces@ietf.org> *On Behalf Of *Manfred von Willich
> *Sent:* Friday, March 22, 2024 4:34 PM
> *To:* skex@ietf.org
> *Subject:* [skex] Naming: SKEX and DSKE
>
>
>
> To avoid conflation/confusion, please note the following suggested naming:
>
>
>
> SKEX (Symmetric Key Exchange) refers to this mailing list and is a
> potential working group name.
>
>
>
> DSKE (Distributed Symmetric Key Exchange) is a specific key distribution
> protocol, the one we used as an example at the side meetings at IETF 119.
> This is an implemented protocol, and has a security proof (
> https://arxiv.org/abs/2304.13789).  This is only one of the potential
> RFCs that SKEX could discuss.  The group may choose to adapt this protocol,
> as well as rename it.
>
>
>
> Melchior, Mattia, Manfred
> --
> skex mailing list
> skex@ietf.org
> https://www.ietf.org/mailman/listinfo/skex
>

v2.23.0 | Report a Bug | By Email