File formats:

Also available: XML file for editing

 

Status:

PROPOSED STANDARD

Updates:

RFC 7252

Authors:

C. Amsüss
J. Preuß Mattsson
G. Selander

Stream:

IETF

Source:

core (wit)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC9175

Discuss this RFC: Send questions or comments to the mailing list core@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 9175

Abstract

This document specifies enhancements to the Constrained Application Protocol (CoAP) that mitigate security issues in particular use cases. The Echo option enables a CoAP server to verify the freshness of a request or to force a client to demonstrate reachability at its claimed network address. The Request-Tag option allows the CoAP server to match block-wise message fragments belonging to the same request. This document updates RFC 7252 with respect to the following: processing requirements for client Tokens, forbidding non-secure reuse of Tokens to ensure response-to-request binding when CoAP is used with a security protocol, and amplification mitigation (where the use of the Echo option is now recommended).

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.