In most IoT deployments, intermediate entities are usually employed for efficiency and scalability reasons. These intermediate proxies break end-to-end security when using even the state-of-the-art transport layer security (TLS) solutions. In this direction, the recent Object Security for Constrained RESTful Environments (OSCORE) has been standardized to enable end-to-end security even in the presence of malicious proxies. In this work, we focus on the key establishment process based on application layer techniques. In particular, we evaluate the Ephemeral Diffie-Hellman over COSE (EDHOC), the de facto key establishment protocol for OSCORE. Based on EDHOC, we propose CompactEDHOC, as a lightweight alternative, in which negotiation of security parameters is extracted from the core protocol. In addition to providing end-to-end security properties, we perform extensive evaluation using real IoT hardware and simulation tools. Our evaluation results prove EDHOC-based proposals as an effective and efficient approach for the establishment of a security association in IoT constrained scenarios.