OSCORE key derivation

[DurandA]

When reading draft-ietf-core-object-security-08, I noticed they settled on HKDF (RFC5869) — with HKDF SHA-256 being mandatory) for key derivation.

Should HKDF replace EDHOC? I also noticed that both draft-ietf-core-object-security-08 and draft-selander-ace-cose-ecdhe-07 are from the same authors.

[HappyEmu]

Not sure if I understand the question correctly.

HKDF is only used to derive keys from a previously established master secret. How this master secret is established is being left to the application to implement and it's exactly what EDHOC does:

After EDHOC, we end up with all the required parameters (master secret, master salt, recipient and sender IDs, HKDF, AEAD, etc...)

[HappyEmu]

The workflow implemented right now is the one described in Appendix B (and B.1) of https://www.ietf.org/id/draft-ietf-ace-oscore-profile-00.txt where we use the PoP key bound to the access token to authenticate the messages in EDHOC.

[DurandA]

Thanks for the clarification.