Markdown Version | Session Recording

Session Date/Time: 24 Jul 2024 00:30

lake

Summary

The LAKE working group meeting at IETF 120 covered several key topics, including updates on the Lightweight Authorization using Ad-hoc (ALTS) draft, implementation considerations for EDOC, remote attestation over ad-hoc, and pre-shared key-based authentication methods. The group discussed potential privacy issues and debated the best approaches for advertising LAKE ALTS support. The meeting also included a discussion about pre-shared key authentication methods in ad-hoc.

Key Discussion Points

• Lightweight Authorization using Ad-hoc (ALTS):
  • Discussion on advertising support for LAKE ALTS, focusing on two approaches: layer 2 beacons and CoAP anycast responses.
  • Considerations around privacy implications and implementation complexities of each approach.
• Implementation Considerations for EDOC:
  • Updates on the implementation considerations draft, including the use of EDOC with CoAP and blockwise fragmentation.
  • Discussion on trust models for learning peer credentials, particularly in the context of ACE framework profiles.
• Remote Attestation over Ad-hoc:
  • Presentation on extending remote attestation capabilities, including reverse and mutual attestation flows.
  • Discussion on background check and passport models, as well as freshness of attestation results.
• Pre-shared Key-based Authentication Method:
  • Presentation of two variants for pre-shared key authentication in ad-hoc.
  • Trade-offs between privacy, security, and resource allocation in each variant.

Decisions and Action Items

• ALTS Advertisement: Start a thread on the mailing list to discuss and resolve the best approach for advertising LAKE ALTS support, considering the pros and cons of each method.
• Remote Attestation: Encourage the working group to review the remote attestation draft with the expectation of a call for adoption in the next month or two.
• Pre-shared Key Authentication: Send a mail to the list soliciting other drafts for consideration. If no others are offered, proceed with evaluating the current draft from Elsa and schedule an interim meeting on this topic.
• Ad-hoc standardization: Note the start of an IEEE project to standardize ad-hoc now in IEEE 154. Inform the list about the project.

Next Steps

• Continue discussions on the mailing list for ALTS advertisement and pre-shared key authentication.
• Schedule an interim meeting to discuss pre-shared key authentication in detail and conduct a security analysis of the proposed variants.
• Prepare for a call for adoption of the remote attestation draft, assuming positive feedback from the working group.